A VDI environment can run in the following modes:
Non-Persistent VDI Mode
In non-persistent VDI mode, each session is temporary. When a user accesses a non-persistent virtual desktop and logs out at the end of the day, none of their settings or data—including desktop shortcuts, backgrounds, or new applications—are preserved. At the end of a session, the virtual desktop is wiped clean and reverts back to the original pristine state of the master image. The next time the user logs in, they receive a fresh image.
When you install Traps in non-persistent VDI mode, the machine exhibits the following behavior:
- Licensing—With non-persistent virtual desktops, the Traps agent receives a licenses from the pool of available endpoint licenses. The ESM automatically revokes the license when the user logs off, the agent is uninstalled, the session ends, or when the VDI is inactive for two consecutive heartbeats plus 25 minutes. Revoking the license frees it up for use by another Traps agent.
- Connectivity—When the user logs on to the VDI machine, the Traps agent connects to the ESM Server to receive the license and to obtain the relevant updates. The Traps agent continues to communicate with the ESM Server throughout the life cycle of the VDI instance. The Traps agent only protects the machine when a user is logged in. When the user is logged out, the Traps agent disconnects from the ESM Server. During this time, Traps does not receive updated policies or verdicts, and does not send heartbeat communication to the ESM Server.
- Verdict updates—When you identify the master image as a VDI, the ESM tracks all VDI machines that are spawned from the master image. When a verdict for a file that was seen on the master image changes in the ESM Server cache, the ESM Server sends the changed verdict to all machines that were spawned by the original VDI machine, regardless of whether these machines opened the relevant file or not.
- Storage—With non-persistent VDI, many VDI solutions allow you to choose either non-persistent or persistent storage. With non-persistent storage, the user settings and data are stored for the length of the session and are wiped clean when the session ends or a user logs out. With persistent storage, you can select folders or specific locations that persist after the session ends.
Persistent VDI Mode
A persistent virtual desktop is a one-to-one mapping of a virtual machine to a user and each virtual desktop stores and operates using its own disk image. In this model, a persistent desktop keeps all configuration changes and personalization settings a user makes during a session (such as, background changes, saved shortcuts, and newly installed applications).
When the user ends a session and logs out of the virtual desktop, the virtual machine preserves any and all changes and the next time the user logs on to the desktop, those changes are still in effect.
The process of deploying Traps in persistent VDI mode is very similar to deploying Traps on a standard server or workstation. To install the Traps agent, you install the Traps software on the master image and run it on the virtual desktop the same as any other VDI application. When you install Traps in persistent VDI mode, the machine exhibits the following behavior:
- Licensing—Just as in a standard deployment, Traps receives an agent license from the available pool of licenses. Traps retains the license throughout the life cycle of the VDI instance, however, if the VDI instance is inactive for the length of time specified by the License Revocation Period (by default 90 days), the ESM Server automatically revokes the license thereby freeing it up for use by another Traps agent.
- Connectivity—When the user logs on to the VDI instance, the Traps agent connects to the ESM Server to receive the license and to obtain the relevant updates. The Traps agent continues to communicate with the ESM Server throughout the life cycle of the VDI instance and continues to protect the machine when a user logs out. During this time, Traps continues to receive updated policies or verdicts, and sends heartbeat communications to the ESM Server.
- Verdict updates—As with a standard (non-VDI) endpoint, the ESM Server sends verdict updates to machines in persistent VDI mode only if the file ran on the endpoint previously.
- Storage—With a persistent VDI, each user runs a desktop session independently. The settings for users are typically saved to the logical desktop while the user data is stored on a separate logical drive. Both the settings and data remain after the user session ends.
VDI Installation Considerations
VDI Installation Considerations Optimize the default session policy on the VDI test pool to assure stable session spawning when the VDI is recompiled. Every new ...
Tune and Test the VDI Policy
Tune and Test the VDI Policy After you configure the golden image, tune and test the policy using the following workflow. Fine-tune the exploit and ...
Configure the Golden Image for Non-Persistent VDI
Configure the Golden Image for Non-Persistent VDI To avoid starting your VDI with a cache of unknown executable files, you can use the Traps VDI ...
Install the Traps Agent for Windows
Use the following workflows to install the Traps agent 4.2 on Windows endpoints. This topic provides options to use the MSI, Msiexec, and how to ...
Configure Storage for a VDI
Configure Storage for a VDI With a persistent VDI, each user runs a desktop session independently. The settings for users are typically saved to the ...
Set Up Traps in a VDI Environment
Set Up Traps in a VDI Environment Use the following workflow to set up Traps in a VDI environment. Review the installation considerations and prerequisites ...
Set Up a Non-Persistent VDI
Set Up a Non-Persistent VDI To set up a non-persistent virtual machine, you must configure a template policy known as a golden image. The settings ...
VDI Overview Your rapidly changing business environment demands a flexible infrastructure to support the evolving desktop, application, and data access requirements of your staff. By ...
Upgrade to Traps 4.2
Upgrade to Traps 4.2 The Traps™ 4.2 release comprises the Endpoint Security Manager (ESM) Server, the ESM Console, and the Traps agent. Use the following ...