Written by Simon Bisson
Information management is as much about people as it is about process and managing users can be as important as locking down servers and networks. One tool that can help any IT manager is a managed desktop environment, which can be tailored to support both information and task workers.
Built on top of existing directory services, managed desktops let you define and deploy policies that control a users’ ability to customise their desktop environments. You can also use them to centrally deploy applications and document templates, using set policies to determine where users store files.
The same tools can also set up retention rules and ensure that information security standards (such as encryption) are correctly used. IT managers can also use a managed desktop environment to enforce security policies, such as whole disk encryption, for mobile users.
Managed desktops are secure desktops
One advantage of a managed desktop environment is its simplified security model. Instead of having to protect data on many machines, folder redirection means that all your user data is stored on a single central system – so it can be backed up at any time, immediately making user data part of any business continuity plan. Centralised information stores like this can also be part of an enterprise document management system, supporting document versioning as well as giving you a framework that can be used to handle audits.
Implementing a managed desktop environment can help with other IT functions too. It can ensure licence compliance, as well as reducing maintenance overheads and simplifying support. Support teams can also use common images to quickly provision new users and handle operating system and software updates, while making it easier to qualify and deploy security patches.
Managing desktops need not mean completely locking down users’ systems either. Many users, especially information workers, are used to working with a wide selection of software tools, and expect to be able to install applications as and when they need them. Application management makes sure IT managers retain control by restricting users to only install approved applications – or at the very least use one to blacklist specific applications that may impact system stability or user productivity.
Getting started with application management
A good starting point is the application management tools built into modern operating systems, like Microsoft Windows 7’s AppLocker, to deliver basic white- and blacklists. If you use these with a policy-based approach, specific applications can be approved or denied for specific classes of user, varying the rules for individuals or groups. You’re more likely to give task workers blanket blacklists, ensuring that only the software needed to handle their tasks can be installed.
Alternatively you can use application virtualisation tools to maintain a library of approved tools that can be delivered to user desktops on-demand, from your very own app store. Policy-based management tools will ensure users only see the tools they’re authorised to use and single central images simplify patching and updates.
Managed desktops and application virtualisation can also be part of a migration to a virtual desktop infrastructure, getting you ready for the future.
Six questions to ask
The following six questions should be considered before you implement a managed desktop environment:
- Are directory services currently in use to manage user roles and groups?
- What is the balance of information, task and mobile workers?
- Can a centralised information store be used as part of security and regulatory compliance?
- Is it possible to produce a software and hardware audit?
- What applications are currently approved for use, and what are currently banned?
- Can the current suite of applications be virtualised?