Home > Blogs > VMware End-User Computing Blog

VMware Horizon with View Now Compatible with SIGNificant E-Signature Solution from XYZMO

By Tony Huynh, Product Line Manager, End-User Computing, VMware

For the past several months, VMware has been working closely with XYZMO to enable SIGNificant—a cutting-edge e-signature solution—to work seamlessly with VMware Horizon with View virtual desktops.

Now, we are pleased to announce our hard work has finally paid off: The latest SIGNificant solution from XYZMO now supports VMware Horizon with View virtual desktops. This exciting development enables new use cases and deployment scenarios, especially for organizations with remote branch offices. Simply put, you can now use the SIGNificant solution with a variety of signature tablets remotely connected to View virtual desktops. Continue reading

Self-Help Resources for VMware End-User Computing

By Gina Daly, Technical Writer for Technical Marketing, End-User Computing, VMware

Are you making the most of the available online resources to find information about VMware End-User Computing products? Knowledge is power, as they say, and we are committed to bringing you knowledge. Whether you are new to VMware or a seasoned veteran, we hope this blog will be helpful. Continue reading

When Every Second Counts, Count on VMware

by Geoffrey Murase, Solutions Marketing, End-User Computing

I recently visited Tualatin Valley Fire and Rescue (TVFR) near Portland, Oregon to film a video case study documenting the innovative ways they’re using VMware desktop virtualization technology.  They had initially used desktop virtualization to simplify management of desktops in their office but they quickly found other use cases, as well.

The IT team at TVFR found that the device of choice for their fire chiefs are iPads which were being used primarily for email and web browsing. However, when it came to accessing the Computer Aided Dispatch (CAD) system which delivers information about emergency incidents, it was a Windows application which had to be run on a Windows computer. Fire Chief Michael Kinkade would often have to go to a fire truck or other apparatus to access the Windows laptop that was mounted on the dashboard in order to lookup the status of incidents. This was not only inconvenient, but also added precious time to his response to emergency situations.

geoffblog

Since adopting VMware desktop virtualization technology, he now accesses the CAD application at any location using his iPad or mobile phone to more quickly assign the right resources to emergency incidents. In addition to mobility, Fire Chief Kinkade and his team experience other benefits as well:

  • Cost savings: The old way of accessing information required that a Windows laptop be mounted on each emergency vehicle ranging from different size fire trucks, to boats, to helicopters, at a cost of six to eight thousand dollars per apparatus. Now, with mobile access to virtual desktops, each first responder has an iPad that they can just carry with them on the vehicle assigned to an emergency incident.
  • High availability: Fire Chief Kinkade also explained that with the old system, if his team was responding to an emergency situation and the laptop mounted on the apparatus failed (e.g., blue screen of death), by the time the laptop rebooted, they would be on scene already.  With iPads and virtual desktops, it’s a much shorter reboot time in order to get back up and running if a problem occurs.

Another important use case for TVFR is delivery of real-time information to public affairs officers. These public affairs officers are responsible for disseminating information to the public, the press, and government leaders. They are often on the scene of an incident and have to remotely access data and applications quickly in order to give out accurate real-time information (e.g., the status of a car accident that can affect a commute). Using a virtual desktop helps them get the right information more quickly in a more organized manner.

We thank TVFR for their hospitality during our video shoot and hope that sharing their story will encourage other first responder organizations to explore using technology to better serve and protect their citizens.

See the video case study here.

Did You Know? Newly Updated VMware Workspace Portal 2.1 Reviewer’s Guide is Now Available!

By Cindy Heyer, Technical Writer, Technical Marketing, End-User Computing at VMware

Did you know that there is a newly published Reviewer’s Guide for Workspace Portal 2.1?  The Reviewer’s Guide is aimed at IT professionals who are juggling the management of a wide range of applications, and an equally wide range of devices for their end users. If you are new to Workspace Portal and want to test it out, the Reviewer’s Guide can help you set up a basic, proof-of-concept deployment. To do this, you need VMware vSphere, and to test the services covered in the Reviewer’s Guide, you need VMware ThinApp, VMware Horizon With View, and Citrix XenApp deployments. Through a series of easy-to-follow exercises, the guide takes you on an exploration of some of the key capabilities of Workspace Portal. The final result is that you have hands-on experience with Workspace Portal 2.1. Continue reading

VMware Horizon Air – Leading the Pack in Desktop-as-a-Service

By Josue Fontanez, product line marketing manager, End-User Computing, VMware

When VMware acquired Desktone last year, many people wrote that 2014 would be the year of DaaS. As we get closer to wrapping up the calendar year, I thought I’d look back at what we’ve accomplished and highlight our progress this year.

We’ve been moving at a rapid pace since the acquisition of Desktone in late 2013. We have innovated quickly based on what we’ve heard from our customers and unlike other vendors stuck in never-ending tech previews, we haven’t stood still since then.

Continue reading

VMware Horizon 6 + Dell XC: Delivering New Economics and Simplicity for Desktop and Application Virtualization

By Tony Paikeday, Product Marketing, End-User Computing, VMware

As organizations seek to deliver greater agility in support of an increasingly mobile workforce and escalating business demands, the transformation of traditional desktop environments into mobile workspaces becomes a strategic, competitive differentiator.

Traditional approaches to desktop virtualization, often built on rigid, inflexible solution stacks, have made it difficult for organizations to quickly and efficiently size their storage, networking and compute.  For many organizations, the end-result has been the over-provisioning of infrastructure to ensure available capacity and performance, making the TCO/ROI equation for desktop virtualization almost untenable for IT.  These limitations typically negate the business advantage that organizations seek when embarking on a desktop transformation initiative.  Well, for these customers things have just gotten a whole lot better.  VMware and Dell have partnered to deliver a hyper-converged infrastructure solution that offers predictable performance with scale, faster time-to-value, and simplified management, built on VMware Horizon, with the Dell XC Web Scale Appliance architecture.

So what makes this solution better than the alternatives?  VMware and Dell enjoy an extensive track record of collaborating and innovating in desktop virtualization.  Dell XC hyper-converged solutions that are built on VMware uniquely benefit from:

  • The world’s most widely deployed, feature-rich, software-defined platform for server, network and storage virtualization
  • A unified, single platform for virtual desktops and apps of every type: VDI desktops, RDS hosted apps, RDS shared desktop sessions, ThinApp packaged apps
  • Dramatically simplified provisioning with unified management leveraging VMware’s closed loop management and automation capabilities, including image management, policy management, analytics and operations management, and orchestration
  • A unified workspace for end users, that brings together virtualized desktops and apps (including Citrix XenApps), along with web and SaaS based apps, all accessible with single login, and an exceptional user experience from any device

The end result for organizations and their users is a more rapid, cost-effective, high-performance platform for transforming desktops into mobile workspaces that offer:

  • Predictable performance with scale, as deployments grow from small to very large, with right-sized units of infrastructure that don’t create a CAPEX hurdle each time the business needs to grow
  • Faster time to value, with a streamlined process, from design, to ordering, to install/provision
  • Simplified, unified manageability across every layer in the solution, spanning data center to end-point

Learn more in this solutions architecture white paper.

How Bad Is BadUSB with USB Redirection in VMware Horizon with View?

By Peter Brown, Senior Research & Development Manager, VMware, London, United Kingdom

BadUSB has been getting a lot of press lately. For those of you who have not heard, this is a new security threat in which the firmware on some USB devices can be hijacked and replaced with malware. For example, a device can be made to redirect network traffic, or emulate a keyboard and capture keystrokes, or worse. A number of Web pages are talking about BadUSB, for example When Good USB Devices Go Bad, The Unpatchable Malware That Infects USBs Is Now on the Loose, and the original Blackhat presentation, BadUSB—On accessories that turn evil.

Scary stuff, and unfortunately we have no magic cure. We have all been using USB devices for years, and we all probably have many such devices at home and in the office. So how can an enterprise using VMware Horizon with View for VDI protect itself, or what can it do to minimize the risk? This blog post aims to answer those questions!

Disabling All USB Devices

For the ultimate protection, all USB devices should be disabled. This is quite hard to do on desktop machines, especially if the enterprise has a desktop machine on every user’s desk. However, when using View, this is relatively easy to achieve in one of three ways.

Do Not Install the USB Component on the View Agent

You can configure the desktop guest image (in the data center) so that the View Agent has the USB component “not installed.” This entirely prevents USB devices from being used in that desktop image. Then refresh all your desktop images so that the USB component is removed.

Disable USB Devices for Specific Desktop Pools

If you do not want to change the desktop image, from the View Administrator UI, navigate to Desktop Pools and select a specific pool. Next, select Policies within that pool. Finally, select Desktop Pool Policies and click Edit Policies, and disable USB redirection for a specific pool or pools.

VMware_Horizon_View_Administrator_Disable_USB_Devices

You can also apply user overrides to enable or disable USB redirection on a per user basis in a specific pool. This is also done by way of the same View Administrator window, with the User Overrides choice (next to Desktop Pool Policies in the window).

Use GPOs to Disable All USB Devices on the View Agent

Alternatively, you can apply the ExcludeAllDevices configuration option on the View Agent by way of GPO configuration to prevent any devices from being forwarded.

Disabling Specific USB Devices

Disabling USB devices entirely is certainly the best way to completely avoid the risk of BadUSB. In some cases, however, disabling USB devices entirely might not be feasible because you may need specific USB devices to function for your use cases; an example might be doctors using Dictaphone-type USB devices to record patients’ records. In this case, it is not possible to entirely block USB devices, and so the following strategies should be employed to help mitigate the risk.

Educate Employees About Types of USB Devices to Connect

It is important that you completely trust any device connected to your enterprise, regardless of settings, and that includes trusting your supply chain and ideally having some sort of chain of custody as well. You should educate your employees to ensure that they do not connect devices from unknown sources. If possible, try to restrict the devices used in the environment to devices that accept only signed firmware updates, are ideally FIPS 140-3 Level 3-certified, and do not support any kind of field-updatable firmware. These types of USB devices are definitely hard to source and, depending on your specific device requirements, may be impossible to find. This may not be a practical solution to the problem, but certainly worth considering.

Exclude Some Devices Through the Group Policy Editor

You can allow only specific USB devices to be used. Each USB device has its own vendor and product ID that uniquely identifies it to the computer. Rather than allowing View to forward any USB device into the guest virtual machine, you set an Include policy for known device types. Then you can remove the risk of unknown devices being inserted, which might compromise the system. Of course, there will be ways around this, but you do reduce that risk.

Here is an example of how you can configure View to block all devices from being forwarded to the View virtual desktop, except for a known device vendor and product ID (vid/pid = 0123/abcd in this case):

ExcludeAllDevices   Enabled

IncludeVidPid       o:vid-0123_pid-abcd

Note: We should point out that while this sample configuration provides some protection, a compromised device can report any vid/pid, and so there is still a possible attack vector here.

You set these Global Policy Object (GPO) values in the View Agent Group Policy editor.

Note: By default, View blocks certain device families from being forwarded to the View desktop, for example, HID (human interface devices) and keyboards. So with the default filter policy enabled in View, such keyboard devices would be automatically blocked from appearing in the guest. Some of the released BadUSB code targets USB keyboard devices, and this default in View already protects these devices from the malware.

Specific device families can instead be blocked if required. For example, the following GPO value would block all video, audio, and mass storage devices:

ExcludeDeviceFamily o:video;audio;storage

Another configuration example is to block all devices, but only allow a specific device family (whitelist). For example, block all devices, but enable storage devices. This could be done as follows:

ExcludeAllDevices       Enabled

IncludeDeviceFamily     o:storage

Another risk might be someone from outside your office logging in to a desktop and infecting it. Again, this cannot be seen as a complete mitigation, but you can block USB access completely to any View connections that originate from outside the company firewall. The USB device could be used internally, but not externally.

To do this, block the TCP port 32111 from the View security server to the View desktops. Zero clients are slightly different, as the USB traffic for those is embedded inside a virtual channel on UDP port 4172. Because port 4172 is not used only for USB (it also carries the display protocol), it is not possible to block that port. You can disable USB on zero clients if required. Look at the zero client product literature or contact the zero client vendor for specific details.

Blocking certain device families or specific devices can help to mitigate the risk of BadUSB malware, but not completely solve it.

If you want to know more about USB redirection in View, check out my white paper USB Device Redirection, Configuration, and Usage in VMware Horizon with View.

Image Management with VMware Mirage: The Wednesday Morning Cure for Patch Tuesday

By Stephane Asselin, End-User Computing Architect, VMware

You have all had that knot in the pit of your stomach. If you, like me, have ever managed an IT environment, you know what I mean. It happens every Wednesday morning after the 2nd Tuesday of the month. What patches did Microsoft release this time? How will it impact your environment? Will you be spending the next few days and nights testing and deploying patches, keeping your fingers crossed that the patches do not break anything?

What IT administrator would not want to manage only one or two Windows images? Everybody would like that, and let me tell you, it is possible!

Utilizing VMware Mirage, you can reduce the number of Windows images you need to manage, with an end goal of managing one image, or two at most (x32 and x64). Before you use Mirage, however, you have some work to do! You need clear processes, a well-defined management and update cycle, and people who can properly assess the level of urgency and relevance of those updates or patches. If you have those in place, then you are ready to implement a technology solution that will support a simplified image management solution. Continue reading

Extending the Power of Mobility to Linux Users

By Victor Thu, Director of Product Marketing, End-User Computing, VMware

Today at vForum China, VMware announced that it is beginning to work on a VDI solution for enterprise Linux desktops.

Depending on which analyst report you read, most estimate that Linux desktops as an everyday go-to system for users is a small percentage of the total desktop market share. So why we are actively working on supporting Linux as a VDI workload?

Continue reading

Calling All Citrix XenApp Customers! Make the Move to VMware Horizon 6

By Mark Ewert, End-User Computing Solutions Architect, VMware

This summer we released VMware Horizon 6, the latest version of our leading end-user computing platform. Perhaps the most exciting feature of Horizon 6 is its expanded support for Microsoft Remote Desktop Services, including hosted applications. Whether users need virtual desktops, hosted apps, or shared desktop sessions, VMware Horizon is the only platform you need. This means it is now possible to migrate off your Citrix XenApp infrastructure! Summer 2015 marks both the termination of support for Microsoft Windows Server 2003 and the end of life for XenApp 5.0. If you are still running XenApp 5 on Windows 2003, the timing is perfect for a migration to VMware Horizon. And we are working feverishly to release tools, guidance, and services to provide what you need to make your migration a success. Continue reading