Feeds

User data: Where the profiles roam

Keeping track ain't so easy

  • alert
  • submit to reddit

Internet Security Threat Report 2014

Blog Trying to write an article concerning actual real world implementation of technologies like roaming profiles and folder redirection has proven surprisingly difficult.

At first blush it would appear to be a straightforward project: distil the research I have done on the subject over the past few weeks, combine it with several years of experience in the area and produce a 'how to'. Hopefully I can even throw in a bit of levity and a tone that makes the subject approachable by systems administrators who have only been ever so briefly introduced to the topic before it was on to the next chapter.

The reality of the situation has proven to be quite different.

Of all the things that have caused friction in my career, ensuring that user data is put in the right place so that it can be made redundant and backed up is the big one. It ties into other things, such as VPN versus VDI, network bandwidth and limits of local storage. There are liability concerns regarding the confidentiality of synchronised data, what should be locally cached, what shouldn’t. Most importantly perhaps, things like offline document availability are a huge concern for my travelling users. Since the topic is so vast and interconnected, I find it impossible to simply spit out raw information without context.

The problem is that when dealing with technologies designed to copy, redirect or in any way change the default storage behaviour of user data, the context is absolutely critical. Blindly implementing any of these technologies is one of the biggest (and sometimes last) mistakes that a systems administrator can make at any company.

So instead of an article that simply lists the click-by-click details of how to administrate these technologies, I am going to take the opportunity to have a frank discussion about the different scenarios you are likely to encounter. I leave it up to you to Google the actual implementation details.

The first scenario, and possibly the easiest, is one in which all your users are local or 'on net' all the time. Every single user you have is connected to the corporate network in one way or another, no exceptions. These could be folks on a VPN link, site-to-site links, RDPed into virtual machines, or even sitting in the same building as the servers themselves. Let’s dispense with the formalities and just outright say this folder redirection is the way to go here. Unless your users are hoteling (more on that later) roaming profiles is simply a bad plan. With folder redirection you don’t need to copy the whole profile over to the server every logon, you can simply redirect Application Data, Desktop, My Documents, and Start Menu to the server via group policy.

This is quite simply the quickest and most robust way to deal with this problem. The data is simply stored on the server, and since your users are required to be connected to the network at all times, then that data never has to be replicated anywhere. A VPN user (say teleworking from home) would not have a local copy of these folders, and would therefore have reduced liability exposure. The caveat of course is that you have to have wide enough network pipes between your users and your server, and the server itself needs to be fast enough to serve the data to users at something more than a glacial pace.

There are a couple of things to bear in mind about folder redirection. If you are implementing folder redirection for branch offices, you might consider plunking a file server in each branch, and using a combination of distributed file system (DFS) and distributed file system replication (DFSR) in tandem with folder redirection. DFS and DFSR can take care of replicating the data from the branch back to head office for you, and your users would have access to a higher-speed local copy of their data. All while still being stored on RAIDed and backed-up servers.

Also bear in mind that folder redirection is designed to work in tandem with offline files and folders. In order to store the user data on the server, but prevent long, tedious and unnecessary synchronization, make sure that offline files and folders is either disabled by group policy, or that the relevant folders are excluded individually on each machine.

Of course, even with all users being on net, there are still usage scenarios that can throw roaming profiles or folder redirection for a loop. In my previous article I mentioned users that log onto more than one machine (hoteling). If the user expects their 'user experience' to be the same on each PC, (ie their settings for various programs go with them from computer to computer) you may not be able to get away with just folder redirection.

Beginner's guide to SSL certificates

More from The Register

next story
Docker's app containers are coming to Windows Server, says Microsoft
MS chases app deployment speeds already enjoyed by Linux devs
'Hmm, why CAN'T I run a water pipe through that rack of media servers?'
Leaving Las Vegas for Armenia kludging and Dubai dune bashing
'Urika': Cray unveils new 1,500-core big data crunching monster
6TB of DRAM, 38TB of SSD flash and 120TB of disk storage
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
SDI wars: WTF is software defined infrastructure?
This time we play for ALL the marbles
Windows 10: Forget Cloudobile, put Security and Privacy First
But - dammit - It would be insane to say 'don't collect, because NSA'
Oracle hires former SAP exec for cloudy push
'We know Larry said cloud was gibberish, and insane, and idiotic, but...'
Symantec backs out of Backup Exec: Plans to can appliance in Jan
Will still provide support to existing customers
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.