Dell Data Protection | Endpoint Security Suite Enterprise Endpoint Security Suite Enterprise Support for VDI v1.
Legend CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed. WARNING: A WARNING icon indicates a potential for property damage, personal injury, or death. IMPORTANT, NOTE, TIP, MOBILE, or VIDEO: An information icon indicates supporting information. © 2016 Dell Inc. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be trademarks of their respective owners.
Contents 1 Introduction....................................................................................................................................................4 VDI Deployment Models....................................................................................................................................................4 Supported Features......................................................................................................................................................
1 Introduction There are two main Virtual Desktop Infrastructure (VDI) architectures used by the Dell Cloud Client-Computing (CCC) team: VMware and Citrix. Endpoint Security Suite Enterprise - Support for VDI integrates the Citrix architecture and Endpoint Security Suite Enterprise. It also includes support for Endpoint Security Suite Enterprise in VMware VDI environments. VDI Deployment Models There are two models for Virtual Desktop Infrastructure (VDI) deployment: Persistent and Non-Persistent.
Advanced Threat Prevention The Advanced Threat Prevention feature protects the VDI Virtual Machine clones from malware and virus attacks. The Dell Enterprise Server architecture is based on Microsoft Windows Server 2012 R2. Virtual Desktop Infrastructure architecture uses the Virtual Edition architecture because it is based on the Microsoft Windows Server 2012 R2 with Hyper-V as the hypervisor.
2 Requirements The following components are required to run Endpoint Security Suite Enterprise - Support for VDI. Required Components • Virtual Desktop Infrastructure Thin Clients (for example, Wyse 7020) on standard endpoints NOTE: Protection of Virtual Desktop Infrastructure Thin Clients will be handled in future releases.
Software Prerequisites (VMware VDI) • Dell Enterprise Server v9.6 • or Virtual Edition v9.6 • Endpoint Security Suite Enterprise v1.3 • Certificates supported by the operating system For more information, see "Software Inventory" in the document, Dell Data Protection | Endpoint Security Suite Enterprise for VMware.
3 Dell Server Policy and Configuration Requirements Before deployment, follow VDI Endpoint Group and User policy and configuration requirements explained in this section: VDI Endpoint Group Policy VDI User Policy Enable Activations When logging into the VDI master template, user accounts will be non-domain. Use only local administrator accounts to prevent Endpoint Security Suite Enterprise activations.
Windows Encryption Hardware Crypto Accelerator (HCA) Hardware Crypto Accelerator (HCA) Off Off Windows Encryption Policy-Based Encryption SDE Encryption Enabled Not Selected Not Selected Windows Encryption Policy-Based Encryption Common Encrypted Folders Windows Encryption Policy-Based Encryption Encrypt Windows Paging File Not Selected Not Selected Windows Encryption Policy-Based Encryption Secure Windows Credentials Not Selected N
Windows Encryption Policy-Based Encryption Encrypt Outlook Personal Not Selected Folders Not Selected Windows Encryption Policy-Based Encryption Encrypt Temporary Files Not Selected Not Selected Windows Encryption Policy-Based Encryption Encrypt Temporary Internet Files Not Selected Not Selected Windows Encryption Policy-Based Encryption Encrypt User Profile Documents Not Selected Not Selected Windows Encryption Policy-Based Encryption Secure Post-Encryption Cleanup Single-pass Overwri
4 Provision the VMware VDI Clone Pool To allow client activation on a refreshed non-persistent image, the image must be refreshed immediately after logoff. To refresh the image after logoff: 1 In Horizon View, under Catalog, click Desktop Pools. 2 Select the clone pool, and then click Edit. 3 Set the Delete or refresh the machine on logoff parameter to Refresh Immediately. 4 Save the edits.
5 Provision the Citrix VDI Clone Pool This section describes how to provision a VDI Clone Pool in a Citrix environment. External Media Shield To use External Media Shield, configure USB redirection not to use the network share model. In Citrix Studio, enable the USB Redirection policy or add to the existing policy. NOTE: This policy must be enabled for External Media Shield for encryption of removable media to work.
6 Prepare VMware Removable Media Refer to Removable Media Encryption (EMS) Install in the document, Dell Data Protection | Endpoint Security Suite Enterprise for VMware.
7 Licensing Considerations Persistent VDI Client Access Licenses are associated with Virtual Machines in a VDI clone pool. VDI clone pools are often created, torn down, and rebuilt, which causes artificially high usage of Client Access Licenses. Returning the Client Access Licenses to the license pool helps to alleviate this issue. Currently, the process to return Client Access Licenses is based on removal of the device.
2017-01-09 08:21:40,617 INFO com.dell.scheduled.jobs.NonPersistentVdiLicenceExpirationJob [jobsScheduler-15] - Expired 3 non persistent VDI device(s) 2017-01-09 08:21:40,617 INFO com.dell.scheduled.jobs.NonPersistentVdiLicenceExpirationJob [jobsScheduler-15] - NonPersistentVdiLicenseExpirationJob finished Change lease expiration values To change the default device lease expiration values, open application.properties from the appropriate path: Dell Enterprise Server: Program Files\Dell\Enterprise Edition\Sec