Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Network segmentation VDI

Posted on 2014-01-29
3
Medium Priority
?
774 Views
Last Modified: 2014-03-23
Hi

I want to know best practices of segmenting user vlans in a virtual desktop platform.
Say I have a user department of 1000 users and they use same golden image...should I keep them in single vlan..subnet or multiple.

Second scenario is I have one golden image used by three departments..some of applications used by one department should not be accessible to other department although it's there in golden image..I don't want to maintain multiple images..for those few web apps..currently in physical desktops since these departments sit in different vlans ..we have firewall rule which prevents traffic from that particular vlan...what I want to know in VDI scenario,what's best way to do this segregation...
0
Comment
Question by:Sukku13
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 6

Expert Comment

by:Brainstormer
ID: 39818692
Using vLANs will add complexity in a PVS environment. PVS servers using option 66/67 will not be redundant during TFTP/PXE because you can only add 1 server in that field. Additionally you have to worry about DHCP IP helpers configured for each network segment. Instead use PXE broadcast, and have all VMs in same subnet as PVS servers. I don't see a reason why separate the users, since they are sharing a single image.

Sharing apps in single image can be prevented using MS AppLocker policies at a minimum, there are other 3rd party solutions like AppSense as well.
0
 

Author Comment

by:Sukku13
ID: 39819770
brainstomer...we are a financial institution and as per current security guidelines..even though if some users share same golden image..we would need to prevent some user groups from accessing certain web based applications used by other departments..currently in physical desktops its done by having firewall rules from a particular floor VLAN to the app servers of the application etc...Also we don't want to have a flat network so we don't want all vm's to have a single subnet and instead prefer to have vm pools having different..because in case of a security threat we don't impact all desktops at once and also to avoid broadcast storm
0
 
LVL 6

Accepted Solution

by:
Brainstormer earned 1500 total points
ID: 39820675
In that case I would recommend a pair of PVS servers for redundancy on each vLAN, setup as sites under the same PVS farm. The same gold image can be shared among all PVS servers.
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question