Recently whilst working on a project with a school it highlighted a perfect example of an advanced feature of Wyse vWorkspace. The school needed to adhere to their licensing and other preferences when it came to publishing desktops to their users, they were looking to handle the following scenarios:
Students connecting from within the school and from their thin client device can only access a Windows 7 virtual desktop.
Students connecting from outside the school can access a RDSH desktop (shared desktop).
Students connecting from inside or outside via a mobile device, for example an iPad or Android device will only have access to published applications hosted again from a RDSH.
Staff connecting internally or externally have access to a Windows 7 virtual desktop.
To achieve this I used the Advanced Targeting in vWorkspace. Targeting is the term we give to how we assigned desktops, applications, polices and other environment management features to users. Traditionally we can target on the following:
Active Directory Groups
These have served us well over the years allowing us to achieve such things like location based printer assignment (using Device Address) or defining the users Start Menu based on Group membership. However, in a recent release and updated further in Wyse vWorkspace 8.5 we have Advanced Targets that allow us to use logic to build more intelligent rules. We can now use any combination of:
User Group (Active Directory)
Computer (The desktop or server host)
Trusted Entry Point (The last hop of the end user and the secure gateway for example)
Connector Type (iOS, Android, Windows, ThinOS etc.)
Launched Apps Using (e.g. Windows AppPortal, iOS App)
Web Browser (the end users browser, e.g. Internet Explorer, Chrome)
Connector Version (The version of the vWorkspace Connector)
Two-factor Authentication (Has the user been authentication using 2FA)
Day of the Week
Time of day
Web Access Site
We can create and/or logic with any number of the criteria here and once selected we have further options we can use:
Is equal to
Is not equal to
Is greater than
Is greater than or equal to
Is less than
Is less than or equal to
Is in the list
Is not in the list
Is in the range
Is not in the range
So to create the rules for my staff and students in the school I navigated to the targets > Advanced in the vWorkspace console. Example below:
I then created a number of rules starting with, (Students External) and added the following statements to the rule:
For students connecting from an iPad I created:
For Students connecting internally I created:
For the staff I created similar rules, but hopefully this give you an idea of how powerful the advanced targeting in Wyse vWorkspace are and how they can help enhance security.
great article Paul thanks for sharing!