A look at multi-user scenarios in MED-V

  • Article

image In many Enterprise environments, there are multiple users logging onto a single workstation. What happens when multiple users use a workstation that has a MED-V Workspace? When managed properly, each user will be able to use the MED-V workspace and their assigned applications.

There are two multi-user scenarios to consider for domain-joined workspaces:

Scenario 1: Roaming users that sometimes log onto Computer A and sometimes log on to Computer B and each is assigned different workspaces.

In this scenario, when User A logs into the workstation for the first time, their MED-V workspace will download. When User B logs in for the first time and is assigned a different workspace, their workspace will download as well.

clip_image002

The MED-V Workspaces do not have to be deployed to a specific user and computer scenario. The workspace will download to whichever workstation the user logs on to, but changes or preferences set in each workspace will stay on that computer since that image resides on that computer if it is a persistent workspace. For example, if User A modified the toolbar layout in MS Word on Computer A, that change would not be in the workspace on Computer B. If it is a revertible workspace any changes will be discarded once the user logs stops the workspace.

An important point to remember about MED-V is that separate Workspaces are not necessarily needed for separate applications or groups of users. Applications can reside inside the workspace and different combinations of those applications can be assigned to different groups via the Policy settings in the MED-V Management console. For more information, watch Video #4 on the MED-V Administration Video Series or the MED-V Documentation on Technet.

Scenario 2: Users A and B logging onto Computer A using the same workspace.

clip_image004

Typically, a persistent Workspace is used by the same one user. When that happens the Workspace is put into a custom save-state when it is shutdown. When the MED-V session is resumed for that user, the save-state never really logged them off, so now that user does not have to log into the Workspace OS again. If a second user logged on at this point they would receive a warning that the workspace failed to start and the details saying “The image has been downloaded or imported by a different Windows User.”

The permissions can be manually adjusted on the image file post initial deployment which works out great for User B, but not so great for our first user, User A. The dialog box text spells out the consequences pretty clearly: “This workspace was last accessed by a different user. If you continue, the Workspace will be restarted, losing the machine state that was saved by the last user.”

clip_image006

To allow multiple-users to have access to a domain-joined Workspace, the Policy for the persistent machine needs to be modified. In the MED-V Management Console on the Virtual Machines tab, “Shut down the VM when stopping the Workspace” needs to be checked. It is unchecked by default.

clip_image008

Now that a full shutdown of the VM is enabled, each user that logs into MED-V will also perform a fresh login to the Workspace VM as well.

Specific ACLs are applied to “C:\MED-V Images” when a user activates and extracts the MED-V Workspace image to the local host. The activating user is the only user that can use that workspace. For multiple users to have access to the same MED-V VM, the ACLS need to be modified for “C:\MED-V Images”. On the Security tab, add READ and WRITE permissions for your users or Active Directory Group that contains the users. Ideally, workspaces should be assigned to groups of users instead of individual users per Active Directory best practices.

clip_image010

Steve Bucci | Senior Support Engineer

clip_image001 clip_image002

Bookmark and Share