Feeds

User data: Where the profiles roam

Keeping track ain't so easy

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

Blog Trying to write an article concerning actual real world implementation of technologies like roaming profiles and folder redirection has proven surprisingly difficult.

At first blush it would appear to be a straightforward project: distil the research I have done on the subject over the past few weeks, combine it with several years of experience in the area and produce a 'how to'. Hopefully I can even throw in a bit of levity and a tone that makes the subject approachable by systems administrators who have only been ever so briefly introduced to the topic before it was on to the next chapter.

The reality of the situation has proven to be quite different.

Of all the things that have caused friction in my career, ensuring that user data is put in the right place so that it can be made redundant and backed up is the big one. It ties into other things, such as VPN versus VDI, network bandwidth and limits of local storage. There are liability concerns regarding the confidentiality of synchronised data, what should be locally cached, what shouldn’t. Most importantly perhaps, things like offline document availability are a huge concern for my travelling users. Since the topic is so vast and interconnected, I find it impossible to simply spit out raw information without context.

The problem is that when dealing with technologies designed to copy, redirect or in any way change the default storage behaviour of user data, the context is absolutely critical. Blindly implementing any of these technologies is one of the biggest (and sometimes last) mistakes that a systems administrator can make at any company.

So instead of an article that simply lists the click-by-click details of how to administrate these technologies, I am going to take the opportunity to have a frank discussion about the different scenarios you are likely to encounter. I leave it up to you to Google the actual implementation details.

The first scenario, and possibly the easiest, is one in which all your users are local or 'on net' all the time. Every single user you have is connected to the corporate network in one way or another, no exceptions. These could be folks on a VPN link, site-to-site links, RDPed into virtual machines, or even sitting in the same building as the servers themselves. Let’s dispense with the formalities and just outright say this folder redirection is the way to go here. Unless your users are hoteling (more on that later) roaming profiles is simply a bad plan. With folder redirection you don’t need to copy the whole profile over to the server every logon, you can simply redirect Application Data, Desktop, My Documents, and Start Menu to the server via group policy.

This is quite simply the quickest and most robust way to deal with this problem. The data is simply stored on the server, and since your users are required to be connected to the network at all times, then that data never has to be replicated anywhere. A VPN user (say teleworking from home) would not have a local copy of these folders, and would therefore have reduced liability exposure. The caveat of course is that you have to have wide enough network pipes between your users and your server, and the server itself needs to be fast enough to serve the data to users at something more than a glacial pace.

There are a couple of things to bear in mind about folder redirection. If you are implementing folder redirection for branch offices, you might consider plunking a file server in each branch, and using a combination of distributed file system (DFS) and distributed file system replication (DFSR) in tandem with folder redirection. DFS and DFSR can take care of replicating the data from the branch back to head office for you, and your users would have access to a higher-speed local copy of their data. All while still being stored on RAIDed and backed-up servers.

Also bear in mind that folder redirection is designed to work in tandem with offline files and folders. In order to store the user data on the server, but prevent long, tedious and unnecessary synchronization, make sure that offline files and folders is either disabled by group policy, or that the relevant folders are excluded individually on each machine.

Of course, even with all users being on net, there are still usage scenarios that can throw roaming profiles or folder redirection for a loop. In my previous article I mentioned users that log onto more than one machine (hoteling). If the user expects their 'user experience' to be the same on each PC, (ie their settings for various programs go with them from computer to computer) you may not be able to get away with just folder redirection.

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
IT crisis looming: 'What if AWS goes pop, runs out of cash?'
Public IaaS... something's gotta give - and it may be AWS
Linux? Bah! Red Hat has its eye on the CLOUD – and it wants to own it
CEO says it will be 'undisputed leader' in enterprise cloud tech
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
Hey, what's a STORAGE company doing working on Internet-of-Cars?
Boo - it's not a terabyte car, it's just predictive maintenance and that
Troll hunter Rackspace turns Rotatable's bizarro patent to stone
News of the Weird: Screen-rotating technology declared unpatentable
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.