Category Archives: Desktop Support-Virtual Desktops-Backup & Storage

Use of Non-Network Storage

Local Storage

The use of local hard drive storage is highly discouraged on physical and virtual machines! Information stored on local hard drives is not backed up by automated backup systems. Local hard drive storage is subject to failure and corruption and should not be used to store any information that is essential to business operations. This drive is considered a temporary storage location. By default, many applications and browsers download directly to the C:\Downloads folder. The desktop and any documents and data on the desktop are saved under the user profile, which is on the C drive. Deletion of the user profile, which often is done to remove malware will remove data stored on the Desktop and in the Downloads folder. Virtual machines have a limited amount of C drive space which can impact performance. Windows Explorer can be used to assess the amount of available space on the C drive and also to move files that are important to other more suitable storage locations.

Sensitive data should not be stored on local storage unless there is a documented business need to do so and approval has been granted by the college Chief Information Security Officer or designee. Encryption should be used to protect the data from disclosure. Any backup media and encryption techniques used to make backups of local data must meet standards and be approved by IET before use.

Portable Storage

Portable storage, while very convenient, provides a particularly easy opportunity to transport malicious software, including programs capable of logging keystrokes, installing hidden Trojan programs and other software that can introduce problems for the college. Non Commonwealth of Virginia storage of this type is expressly prohibited from being used on computers in the college system unless these systems are part of a segregated guest network. Administrative computer systems may only use storage devices that were purchased by the college and are used in systems owned by the college. One particularly simple method of breaking in to computer systems is to leave portable storage devices around a work area or congregating place, knowing that many users will take them back to their systems to see what is stored there. The user of the computer system bears responsible for violation of this guideline in the event of an incident, so please do not use non-COV devices in your computers!

CDs, DVDs or other media are never to be used to store and transport sensitive information in an unencrypted form!

Cloud Based Storage

Many cloud storage options are available. Google Drive, Microsoft One Drive, Sky Drive, Drop Box are all examples of this type of storage. Each of these presents advantages and offers challenges that are dependent on specific configuration choices. Providers offer attractive cloud storage entry points. Cloud storage is ideal for storing and sharing cross platform data that is of a non-sensitive nature. Care must be exercised when utilizing cloud storage options. Many cloud storage solutions can be configured to synchronize back to college local storage space and may create issues with storage quotas or fill up drives. The college is tasked with maintaining an efficient and secure storage infrastructure, which creates the need to ensure compliance to a level of standards that allows flexibility while effectively managing resources. Cloud storage options are never to be used to store and transport sensitive information in an unencrypted form!

Backups

Backups are done, at minimum, on a daily basis. Restoration of files is guaranteed after one backup cycle occurs at the end of the day. Tapes are archived for one month. Data is available for restoration for a maximum of 30 days. At this point the tapes are rotated back into the next backup cycle and overwritten. If files are deleted and need to be restored, a request should be submitted to the Help Desk to perform a restore operation.

Network Storage & Data Responsibilities

Information and Educational Technologies provides network storage to ensure that all work related, commonly accessed and modified files are backed up and available for restoration.

High speed, high availability storage, such as our network storage systems, carry a high cost of ownership and must be managed properly. Efficient and careful allocation of resources is requisite to the college mission.  Central storage management is a balance between providing a safe solution to hold essential work related data and becoming a repository for large amounts of rarely, if ever, accessed information.

Each system user is allocated 3.5 GB of network I: drive space and unlimited U: (utility) drive space upon initial account creation. The limit can and shall be increased where the business need exists. Mission critical, business related data is required to be stored on the network storage systems!

A review of the user’s storage requirements will be conducted when the limit is reached.  If data is not within the guidelines for appropriate network storage use, it can be migrated to another media or deleted at the discretion of the end user. This should be done promptly. Limits can be raised to allow for this process, but will be returned to normal when it is completed. Periodic internal audits of storage use may be performed to ensure compliance with guidelines.

The amount of data on the server is proportional to the time needed to back up and restore the information.  In the event of a server failure, it is important to return to normal operations as quickly as possible, which is expedited by conservative storage management policies.

Compression

Compression of data on the network drives is not supported or needed. Users are asked not to turn on compression. Turning compression on will not technically harm the system, but it will slow access time.

Data Ownership Responsibilities

System users are the custodians and owners of data that they store on the network, local drives and any other form of media including, but not limited to DVDR, CDR and CDRW, Disk on Key, external USB or firewire drives, as well as Internet storage resources. As custodians of this data, they are held responsible for compliance with Commonwealth of Virginia, the Virginia Community College System and Virginia Western policies and guidelines regarding data storage practices.  As a data owner, you must know what you are storing, why you are storing it and where it is being stored.  You should understand the risk of disclosure and the impact of loss of this data to your business unit!

Encryption

Information of a sensitive nature should only be encrypted using encryption techniques provided by the college’s computer systems. Use of encryption technologies on college business data that are not capable of being reversed by administrative processes authorized by IET is strictly prohibited. 

How to Access Your Virtual Desktop from Off-Campus

VWCC secures sensitive data accessed from off-campus locations for all users using two-factor authentication.  This secures access to sensitive data from off-campus, and you need to ensure that you are setup for authentication via your Office365 account credentials on your desktop or mobile device of choice.  Please contact the Help Desk if you have problems following the instructions below.

Microsoft Azure Multi Factor Authentication

Multi Factor Authentication (MFA) ensures that you are who you claim to be by requiring multiple credentials from you before you are given access to software and/or resources. Microsoft Azure MFA integrates this authentication with your Offce365 login so you can also use it for access to your VDI desktop with minimum interactions. One of the biggest advantages of this process is that you do not have to login to your VDI a second time as you are pre-authenticated with your Microsoft account for Office365.  If you are unsure if you have been enabled to use this, please contact the VWCC Help Desk.

Accessing your Virtual Desktop

All off-campus access uses the secure gateway at remote.virginiawestern.edu using Microsoft MFA.  If you are not able to use this gateway, please contact the Help Desk.

To Access Your Virtual Desktop with VMWare Horizon

VMware Horizon download
  1. The instructions assume that you are off-campus and are using a computer or laptop or some other device which you will use to access your remote VDI desktop and do not already have the VMware client installed.  If you already have the client, skip to the next step.  Open your web browser of choice and go to https://remote.virginiawestern.edu.  You should see a screen like the one on the right.  Click on the option to Install VMware Horizon Client.  This will take you to the VMware software download page with options to install the VMware Horizon client on your computer.  Pick the one appropriate for your computer (i.e. Windows or Mac) and download and run the software to install it on the computer.  You might have to reboot the computer to complete the install.
  2. Once the Horizon Desktop client or iOS app is installed, open it by clicking on the icon on your desktop.
    VMware Horizon Add a server
  3. If this is the first time you are using it, the empty Horizon client screen will open up.
    If, however, you have used the Horizon Client before, you will have other server icons on the window and need to click on the New Server option on the top left and add the entry for the remote.virginiawestern.edu server.  If you had been using any other server, you must switch to the one noted above (remote.virginiawestern.edu) before you log in.  Please contact the VWCC Help Desk if you need assistance with this.
    vmware horizon settings
  4. Click on the Add Server icon and type in remote.virginiawestern.edu and click on Connect.  Your default browser window will open up, ask you to accept the disclaimer and ask you if you want to open the connection using the Horizon client.  Click accept and check the box saying that you want this to be the default, so it will not ask you the next time.  That’s all you need to do as the VDI client will use your Office 365 credentials to log you in, as you normally do when using the other Office applications. You can close the browser window once you are connected.  That’s it, you should now have access to your VDI desktop.

How to Access Your Virtual Desktop on campus

Access your virtual desktop with VMware Horizon

VMware Horizon download
  1. The instructions assume that you are on-campus and are using a computer or laptop or some other device which you will use to access your remote VDI desktop and do not already have the VMware client installed.  If you already have the client, skip to the next step.  Open your web browser of choice and go to https://campusview.vw.edu.  You should see a screen like the one on the right.  If you get a warning regarding the security on the certificates, accept the warnings and proceed to the page. Click on the option to Install VMware Horizon Client.  This will take you to the VMware software download page with options to install the VMware Horizon client on your computer.  Pick the one appropriate for your computer (i.e. Windows or Mac) and download and run the software to install it on the computer.  You might have to reboot the computer to complete the install.  If you have problems with the install, please contact the Help Desk for assistance.
  2. Once the Horizon Desktop client or iOS app is installed, open it by clicking on the icon on your desktop.
    VMware Horizon Add a server
  3. If this is the first time you are using it, the empty Horizon client screen will open up as shown on the right.  If, however, you have used the Horizon Client before, you will have other server icons on the window and need to click on the New Server option on the top left and add a new entry for the campusview.vw.edu server.  If you had been using any other server, you must switch to the one noted above (campusview.vw.edu) before you log in.  As always, please contact the VWCC Help Desk if you need assistance with this.

Access your virtual desktop with a web browser (single display only)

NOTE: If you are on a public workstation, or on a device where you cannot install software:

  1. Go to https://remote.virginiawestern.edu.
  2. Click the large VMware Horizon HTML Access button on the right (see the screen shot for item 1 in the previous section).
  3. Click the green Accept button to continue.
  4. Enter your VWCC email and password and click Login. You will be asked to verify the login using your previously configured 2-Factor authentication method, and once authenticated you will be able to access your VDI. For more details on 2-Factor Authentication, check this page.
  5. Click the computer icon to open your virtual desktop within your browser.

Network Drive Mappings & Best Practices

IET presents multiple drive letters to each user. The intention is to enable each user to organize data and segregate it onto the appropriate storage. This practice enables the college to maximize its investment in storage and backup systems. Space is not limited, it is managed. Users are provided with as much space as necessary to contain all data needed to perform their job function.

H: Drive

Each user gets an H: drive that provides access to an area that holds application install points. This area is also used as a location for applications that are being distributed using either Desktop Authority or Microsoft Configuration Manager.

I: Drive

Each user gets an I: drive for data that is for the sole use of that person. This is protected by security restrictions to allow access by the user and no others. The I: drive is for important data that is not to be shared with others. Quota limits are in place for this drive. There is no limit on the amount of data that can be stored on this drive. The My Documents folder, Desktop, Pictures, Downloads,  is redirected to the network I: drive to prevent loss of data in the event of a failure of a local C: drive which is the default location for My Documents on Windows systems.

J: Drive

The J: drive is a departmental shared drive to hold data that needs to be accessible to others in the department. All departmental faculty and staff have full access to this location unless restrictions have been implemented at the request of the head of the department. This is also the location for the departmental “scan” folder where all documents scanned from the department’s printer/copier are temporarily placed. This drive also counts against the file owner’s disk quota.

K: Drive

The K: drive is for Faculty to place documents that need to be accessible to students from any Academic lab. The owner of the drive has full access to place, modify and delete files in their own personal folder. All others have read-only access.

L: Drive

The L: drive is a special shared drive. This location is for documents that need to be accessible across departments. Many special functional groups/committees exist that require collaboration on documents. By default, all faculty/staff have read-only access to this structure, with full access controlled by membership of specific groups (i.e. Budget Committee, Campus Safety and Security).  This access level is granted through request of the respective committee chair. This drive also counts against the file owner’s disk quota.

N: Drive

The N: drive is for Faculty to place documents that need to be accessible to students from any Academic lab. Anyone who can access this location has full access to view, modify or delete any files located here. This was originally created to allow students to store “work in progress” class work if they did not have a flash drive to store their work.

U: Drive

The U: drive is storage for utility data. This can be used for large data that is needed for special departmental needs. Examples are graphics, archival of data, videos and other data that is large in nature and could adversely affect disk quotas.

Create a Shortcut to a File on the Network

Do you save files to your workstation desktop? Are these files safe and secure?

The desktop on your computer should only be used for shortcuts to documents you have already saved on the Virginia Western network. Files saved to your desktop could be lost if your computer has to be reimaged, and these files are not backed up.

When using a networked Virginia Western computer, you should always save your files to your I: drive or your shared departmental J: drive. Each employee who has requested access to Virginia Western’s network is given network storage space. This space is backed up nightly.

To create a shortcut to a saved network file:

  1.  In Windows, right-click on the Start button and choose Open Windows Explorer.
  2. Locate the file, which should be on your I: or J: drive.
  3. Right-click on the file, then choose Send To and then Desktop (create shortcut).

A shortcut icon for the file will now be on your desktop, but the file itself will still be saved on your networked drive.

Virtual Machines/Hosted Desktops

In addition to physical desktops and laptops, the college offers virtual machines/hosted desktops through our private cloud.

Jump to: 

About Virtual Machines/Hosted Desktops

What is a virtual machine?

A virtual machine is a Windows computer, just like a dedicated laptop or desktop, but it is running on a shared hardware platform. This “computer” is actually located in the college data center, hosted on a cluster of servers.

What benefits come from using a virtual machine?

When you access your virtual machine, you are technically connecting to a computer that is internal to the college network. The enhanced security measures in place on the virtual machine offer better protection from malware and other security risks. Virtual machines are expendable and facilitate quick recovery if there is any issue in the computer. If there is a problem, it can be replaced quickly without an office visit from a technician. There is no physical PC hardware to fail in the office. The biggest benefit is Access Anywhere!

What is Access Anywhere?

As long as you have a device with access to the internet and that is: capable of running a web browser; a thin client; or a PC with the VMWare Horizon Client installed, you can access your virtual machine. Excellent performance is available with the lowest cost cable and DSL options as well as MiFi hotspots. There is no need to worry about security when connecting from an open wifi network like that provided at a conference, hotel, or other convenience location, as the connection back to the college is fully encrypted and secured using SSL.

Why does the college use virtual desktops?

There are several reasons why virtual desktops are used at VWCC. Management of the large group of computers needed by the campus community is more efficient using the virtual desktop system. Pooled resources are available to the user community as a whole, facilitating sharing of resources. Improved security, faster problem resolution, energy efficiency, flexibility and audit compliance are all factors in the decision to use virtual systems. Office relocations are able to be done without moving computer equipment. The ability to access the hosted desktop from anywhere on or off campus allows end user mobility with minimal expenditure of resources. Another key benefit is that the virtual systems have a small carbon footprint and generate minimal eWaste demonstrating the college’s regard for the environment. Since there is no actual data residing on the thin client and it is not functional without connection to the college network, theft and data security are not concerns. Access to multiple virtual machines can be provided to facilitate transition from one version of Windows to another.

What is the benefit of connecting at home?

By connecting to your virtual machine from home, you will have access to all resources internal to VWCC. The desktop is the same as the one you use every day. All applications, documents, and your recent work history are all in that machine. You can simply disconnect at work, leaving the machine where you were working, go home, and resume at the same place where you left off. Disconnect from home and when you return to work, the machine is right where you left off. For those with older, lower powered computers, remote access to a powerful virtual machine eliminates the need to upgrade. The browser or Horizon Client provides remote control over the virtual machine in the same manner as the thin client.

Note: This option is only available for exempt personnel unless specifically approved through your supervisor and Human Resources.

How much disk space does a virtual machine have?

Virtual machines are configured with 60GB of hard drive space for the C: drive. This can be increased if needed. Note: Best practice is to store important data on network drives or in My Documents, which is redirected to a network location. Storing data on the local drive creates multiple problems and is not supported.

How to Access Your Virtual Machine

Your virtual machine can be accessed from any thin client on campus, a VWCC desktop or laptop PC, from home via web browser on another computer, or by using the VMWare Horizon Client on another computer (even a Mac!). The virtual PC actually works like an application when it is accessed from another computer, and can be minimized like any other application. It can also be accessed from an Android tablet, iPad, or phone (though it may be cumbersome due to the screen size). Special keys and tools allow replication of the mouse on devices that don’t have one.

How to Access Your Virtual Desktop on campus

How to Access Your Virtual Desktop from Off-Campus

What is a thin client?

A thin client is a device that provides a remote connection to the virtual desktop. The device is designed to communicate with the virtual computer using specialized protocols that make the thin client appear to be a fully functional computer. In the vast majority of cases, thin clients meet the needs of information work tasks, saving the college money and reducing energy costs as well as eWaste.

Is a thin client slower than a regular computer?

A thin client is not a computer, but a device that remotely accesses the virtual machine so speed is not comparable. A standard template is used to build a machine for a typical knowledge worker using Office applications, web browsing, and email. Performance problems are not typical and should be reported to the Help Desk for analysis. In some cases, the virtual machine needs to be given more resources to match the applications in use by the system user.

Using & Troubleshooting Your Virtual Machine

On Mondays, my virtual machine always has to boot up. Why?

Each weekend, all virtual machines are shut down and restarted. This sets them up to get updates and forces a complete login process, which is used to deliver configuration changes.

Why does it take a long time for a virtual machine to boot up?

The virtual desktop boots like any other desktop. The typical boot time is under 2 minutes for Windows 7 machines. Physical machines have a comparable boot time. The virtual desktop does not need to be shut down every day. Powering all the virtual machines in the system all the time takes resources, so the option to boot them up was chosen to conserve power when the machines are not in use.

Note: To avoid having to boot up each morning, simply disconnect rather than shut down at the end of the day.

Can I use a USB stick on a virtual machine?

Yes, you can. On a thin client this is natively supported as it would be on any PC. Virtual machines will connect to the USB stick or any USB device. Note: If you are accessing a virtual machine from home, formatting the stick with the FAT32 filesystem will make it work faster.

Are the drive mappings the same on a virtual PC, laptop, and full desktop?

Drives are mapped based on user id and department as well as participation in special collaboration groups. Open Windows Explorer or My Computer and review your drive mappings. You will see your normal drive configuration as well as additional drives that appear with a number in the description (the ID number of your campus workstation, or some other nomenclature if accessing from a home PC). The local computer name is attached to the drive description to show you where the drive resides. As you look at the drives and explore the content, you will be able to see the additional resources that are available.

What is the recommended way to end a virtual session?

  • Disconnect and log off each day — this closes all files in an orderly fashion.
  • If you use the virtual machine frequently (daily Monday to Thursday) you may also disconnect. It will be ready to go when you sign back in without a reboot. It is recommended that you save files in any open application such as Excel or Word to make sure you saved your work.
  • On Friday, disconnect and log off or shut down.

Can I use my thin client to charge my phone?

Technically, yes. Practically, this is not recommended. The thin client is a computing device designed to consume a low amount of power. It was not designed to be a phone charger. Charging high power consumption devices or using a USB hub to plug multiple devices into the unit will create an under voltage problem on the thin client.

I have used a dual monitor configuration before, can I use 2 monitors on a thin client?

Yes, you can. Dual monitors are available for thin clients.

When I do a CTRL-ALT-DEL while in the hosted desktop connected from a PC or laptop, it prompts me to use CTRL-ALT-INS instead. Why?

This only happens when you use the VMWare Horizon Client on a PC to access your virtual machine.  This does not happen on a thin client. The virtual machine uses CTRL-ALT-INS instead of CTRL-ALT-DEL to distinguish between what this key combination does in each computer. It is cumbersome and a bit confusing, but using the incorrect combination results in a prompt telling the user what to do, so there is no problem if the wrong sequence is entered.

If I have question about using a virtual machine or have an issue with my present configuration, what do I do?

Open a work request with IET through the Help Desk. An analyst will be happy to work with you to obtain a solution.