Windows User State Virtualization - Part 2: Scenarios

by [Published on 31 Aug. 2010 / Last Updated on 31 Aug. 2010]

This article describes the different business scenarios for implementing Windows User State Virtualization (USV) technologies and how USV can benefit both users and IT.

If you would like to read the other parts in this series please go to:

Before you begin planning a USV strategy for your organization, you need to ask yourself some hard questions. The first and most important question is this: Does your business need a USV solution? Identifying the ways USV can benefit your organization is an essential preliminary step before you go any further. After all, why should you bother adding a technology or solution if your business has no need for it?

A good way to identify possible benefits that USV can bring to your business is to consider the various scenarios USV can support. Once you've identified the USV scenarios that match your business needs, you can make a case for implementing a USV solution. Let's describe some of these scenarios now, in no particular order. We'll be focusing here on five common scenarios where USV can provide benefits:

  • Centralized backup of user data
  • Replaceable PCs
  • Desktop migration
  • Occasional roaming
  • Hot desking

Centralized Backup of User Data

Is the data that your users create and work with important to your business? If your answer is Yes, then USV can bring benefits to your organization. Business users typically work with many different kinds of data including Word documents, Excel spreadsheets, PowerPoint presentations, PDF files, image files, video files, and so on. These data files are usually saved in user profile folders such as My Documents, My Pictures, and so on. Sometimes users even save these files directly on their desktops so they can open them quickly when required. If a user is saving all his work files on his local machine and the machine's hard drive fails, all their work will be lost unless it's been backed up. The problem is that most businesses don't back up files stored on client computers. There are several reasons for this:

  • Licensing costs for software that can back up hundreds or thousands of client computers can be prohibitively expensive.
  • Backing up hundreds or thousands of client computers over the network can only be done once a day during off-hours because of the huge amount of data involved. It can even saturate the network and create a bottleneck that prevents other network services from functioning properly.
  • If management tells users to save files to the network but they fail to do so, the users may get reprimanded. Your business on the other hand may fail and go bankrupt if critical business data is lost.

If you use Folder Redirection (FR) however to redirect each user's My Documents and Desktop folders to a file server on your network, you'll only need to back up that server and not each and every client machine. And because your servers are located in your datacenter (or server room) and are connected to your high-speed network backbone, you can back them up several times a day if needed without interruption to users working with the data. This is a much more reliable approach to safeguarding your business data than trying to educate users to always save files to mapped drives or network shares.

If image, music and video files can also be work-related types of files in your environment, you can also redirect the My Pictures, My Music and My Videos folders using FR. On the other hand, if your users tend to store their own personal music files on their machines (possibly in clear violation of company policy) then you may want to avoid redirecting My Music in order to save disk storage space on your file servers—and to be able to say "Told-ya!" when someone's computer crashes and all their music is lost.

Of course, regardless of what you tell them some users may decide to save important files outside their user profile, for example in the root of their C: drive, and this means such files won't be backed up. But the vast majority of files should be able to be backed up when FR is implemented together with centralized backup of file servers, and the stubborn users that present the few edge cases can be dealt with administratively by Human Resources.

In summary, here are some recommendations if centralizing backup of user data is important for your business:

  • Always implement FR of the My Documents and My Desktop folders even if your users never roam between computers. In other words, even if each user is assigned their own computer and it's the only computer they ever use at work, you should still implement FR as it lets centralize user data on network file servers instead of on each user's computer. Then regularly back up the file server where these redirected folders reside.

  • Be sure to also enable Offline Files (OF) so that users can still work on their documents if the file server or network goes down. OF will maintain a local cache of files in redirected folders on each user's computer so they can still do their job even if they can't get to the data stored on the servers. Note that OF is enabled by default in Windows Vista and later, so you don't have to do anything more to gain the benefits of OF once you've implemented FR.

  • Don't redirect My Pictures, My Music or My Videos unless users have a specific business need for working with image, music or video files as part of their job.

As a side benefit, this kind of scenario also works well with mobile users who use laptops as it lets them work with business data while disconnected from the company network. Then when they connect in using a VPN connection, the changes they've made to files in redirected folders are synced up to the company file server using OF. So if you're organization has users who regularly travel and take their laptops off-site, the above recommendations for implementing FR and OF apply too. Finally, this scenario also helps users who regularly work from more than one computer, for example a user who has both a desktop PC and an employee-issued laptop, as it enables them to access their data files from either computer when they need them (and to use Sync Center to resolve any conflicts that might occur should they edit the same document from both computers).

Replaceable PCs

If the hard drive on a user's PC fails, all user data and settings stored on the PC is lost. Unless of course there is a recent system image backup of the user's PC, in which case they can replace the failed drive and restore their PC to the way it was before it crashed. Most businesses don't do system image backups of desktop PCs because of the huge amount of disk space that would be required for storing hundreds or thousands of multi-gigabyte backups. Instead, most businesses concentrate on making sure data stored on business-critical servers is backed up regularly. And if you're already implementing FR to centralize backup of user data as described above, user data shouldn't be lost when a user's PC fails.

But user settings can be important too, especially if the user has customized her applications to make herself more productive. So if her PC fails and you provide her with a new one with all the pre-installed applications the user needs to perform her work, she may still have to spend several hours or more customizing the applications on her computer, downloading templates, and performing various operating system personalizations such as redefining libraries, configuring taskbar properties, and so on. And some items such as custom dictionaries that were created over time may need to be built up again from scratch. Time spent doing these sorts of things is not only frustrating to the user but is also lost productivity for your business.

Fortunately, by implementing Roaming User Profiles (RUP) together with FR and OF you can store the entire user state—both user data and user settings—on your file servers. The net effect of doing this is to be able to provide your users with "replaceable PCs" which works like this:

  1. Hard drive on user's PC fails.
  2. User calls Helpdesk.
  3. Technician arrives with a PC that has Windows and necessary line of business (LOB) applications pre-installed.
  4. Technician removes failed PC and connects replacement PC.
  5. User boots new PC, logs on, downloads their roaming profile and immediately has access to all of user data and user settings including personalizations, customizations, templates, toolbars, custom dictionaries, and so on.
  6. Happy user immediately gets back to work; boss happy too—end of story

Of course, happy endings aren't all that common in the real world, and there are a couple of things that can go wrong with this scenario:

  • Users who choose to store files outside their user profile will lose those files forever if their hard drive crashes. As indicated earlier, user education is the answer here.
  • Applications that store per-user customization settings in the wrong place (outside either the HKCU registry hive or the AppData\Roaming profile folder) will lose such user settings forever if the hard drive fails in the user's PC. We'll talk more about this problem in the next article of this series.

If you absolutely must centralize all user settings and data to enable replaceable PCs, you might want to look at using Remote Desktop Services (formerly Terminal Services) to do this. You can either provide users with session-based desktops using RD Session Host servers (formerly terminal servers) or with personal virtual desktops running on RD Virtualization Host servers (Microsoft's Virtual Desktop Infrastructure solution). Either way, users will have fully replaceable "desktops" they can access from any PC on the network. But these approaches might be overkill for smaller organizations. On the other hand, implementing RUP brings its own headaches which you'll see in later articles of this series, so many businesses may want to be satisfied with "semi-replaceable PCs" where FR is used to centralize user data but user settings are not centralized. Then when the user's PC fails and you bring them a new one and they complain they've lost their custom dictionary and toolbar preferences, tell them not to complain and be happy they have a brand new PC instead of the old clunker they were using before.

Desktop Migration

Every once in a while a new version of Windows comes along and it's time to begin the migration dance. If your desktop computers are still running Windows XP then it's time to consider migrating to Windows 7 since Windows XP is nearing the end of its support lifetime. The thing to understand is that implementing a USV solution can simplify the desktop migration process. This is because in most cases migrating users from Windows XP to Windows 7 involves using the User State Migration Tool (USMT) which migrates user accounts, operating system and application settings from the old system to the new one. Small Office / Home Office (SOHO) businesses can use Windows Easy Transfer instead, but most mid- and large-sized businesses will want to use USMT because it's more powerful, customizable and scriptable.

By implementing FR to redirect My Documents and similar profile folders where users store their data, you can speed up the desktop migration process because user data won't need to be migrated, only user settings will. It will also reduce the risk of data loss occurring should something go wrong during the migration process because all business data is stored on central file servers, not on end-user computers. This desktop migration scenario is another compelling reason why you should implement FR in your environment if you haven't already done so.

Occasional Roaming

Some organizations set up shared "kiosk" PCs in semi-public places like the reception area or cafeteria so that employees can use these computers when they have need of doing so. You can think of this as an "occasional roaming" scenario because users generally work from their assigned PCs and only occasionally roam to these shared computers.

In this case, the best approach is to do the following:

  • Use FR to redirect My Documents, Desktop and other folders where users store business data. This way users will be able to access their data from both their assigned PCs and from the shared kiosk computers located in public places.
  • Disable OF on the shared kiosk computers so that the hard drives of these computers won't get filled up with locally cached copies of user data (and because it's not a good idea to cache sensitive business data on computers located in semi-public places). This is one of the few cases in which you will want to disable OF in your environment, and you can do so on a per-machine basis by using Group Policy.

If you also happen to be using RUP in your environment, you can also use Group Policy to delete cached copies of roaming profiles on the shared kiosk computers when users log off from these machines. That way the hard drives of these machines won't get filled up with user profiles (plus the added security benefit of not leaving user profiles on the machines). But most organizations don't use RUP and it's really not needed to support the kind of occasional roaming described in the above scenario.

Hot Desking

Call centers, helpdesks and similar environments often implement hot desking where employees don't have their own assigned computers. Instead, employees share a common pool of computers and use whichever one is available at the time to do their work. Remote Desktop Services (either session-based desktops or pooled virtual desktops) is really the best solution for such environments, but smaller organizations can use a custom USV strategy tailored to the needs of such environments as follows:

  • Use FR to redirect My Documents, Desktop and other folders where users store business data.
  • Disable OF so that the hard drives of the computers won't get filled up with locally cached copies of user data.
  • Enable indexing on the file servers so that users will be able to search for files and file content within redirected folders. By default, when OF is enabled it lets you search for files and file content within the redirected folders by performing the query locally against the OF cache on the user's computer. But in hot desktop environments you don't want to have OF enabled for the same reasons as the Occasional Roaming scenario described previously. So you want to disable OF on computers used for hot desking, but you want users to be able to take advantage of the powerful search capabilities of Windows 7. The solution is to make sure your file servers are running Windows Server 2008 and enable the Windows Search (WSearch) service on these servers by adding the File Services role together with the Windows Search role service. Then make sure the shared folder used for FR is included in the indexed scope on the remote computer. Doing this will enable remote search whereby queries issued by users' computers will be performed against the indexes on the file servers. For more information on remote search, see Chapter 19 of the Windows 7 Resource Kit (Microsoft Press, 2010).

What about RUP? Well, you can use RUP if users need access to their personalized Windows desktop when they log onto a computer in the shared pool, but in this kind of scenario RUP just complicates things. That's because call center / helpdesk workers typically use only a small set of standard applications and it's probably better if you use Group Policy to lock down the desktop environment for these workers instead of providing them with roaming desktops they can personalize.

Conclusion

The following table summarizes a recommended USV strategy for each of the five scenarios described in detail above:

Scenario

Folder Redirection

Offline Files

Roaming User Profiles

Centralized Backup of User Data

YES for My Documents and Desktop folders

MAYBE for My Pictures and other folders

NO for AppData\Roaming folder

YES

NO

Replaceable PCs

YES for My Documents and Desktop folders

MAYBE for My Pictures and other folders

MAYBE for AppData\Roaming folder

YES

YES

Desktop Migration

YES for My Documents and Desktop folders

MAYBE for My Pictures and other folders

NO for AppData\Roaming folder

YES

NO

Occasional Roaming

YES for My Documents and Desktop folders

MAYBE for My Pictures and other folders

NO for AppData\Roaming folder

NO – disable OF on kiosk computers

NO

Hot Desking

YES for My Documents and Desktop folders

MAYBE for My Pictures and other folders

NO for AppData\Roaming folder

NO – disable OF on shared computers but enable indexing on file servers to enable remote search

NO –use Group Policy instead to lock down the desktop environment for users

 As the above table suggests, one redirectable folder that deserves further discussion is the AppData\Roaming folder on Windows Vista and Windows 7. In the next article of this series we'll see why redirecting this particular folder requires special consideration when planning a USV strategy for your business.

If you would like to read the other parts in this series please go to:

Featured Links