Feature Spotlight – Dell Wyse vWorkspace Advanced Targeting

Feature Spotlight – Dell Wyse vWorkspace Advanced Targeting

Feature Spotlight – Dell Wyse vWorkspace Advanced Targeting

Recently whilst working on a project with a school it highlighted a perfect example of an advanced feature of Wyse vWorkspace.  The school needed to adhere to their licensing and other preferences when it came to publishing desktops to their users, they were looking to handle the following scenarios:

  • Students connecting from within the school and from their thin client device can only access a Windows 7 virtual desktop.

  • Students connecting from outside the school can access a RDSH desktop (shared desktop).

  • Students connecting from inside or outside via a mobile device, for example an iPad or Android device will only have access to published applications hosted again from a RDSH.

  • Staff connecting internally or externally have access to a Windows 7 virtual desktop.

To achieve this I used the Advanced Targeting in vWorkspace. Targeting is the term we give to how we assigned desktops, applications, polices and other environment management features to users. Traditionally we can target on the following:

  • User Accounts

  • Active Directory Groups

  • Device Addresses

  • Device Names

These have served us well over the years allowing us to achieve such things like location based printer assignment (using Device Address) or defining the users Start Menu based on Group membership.  However, in a recent release and updated further in Wyse vWorkspace 8.5 we have Advanced Targets that allow us to use logic to build more intelligent rules.  We can now use any combination of:

  • User Account

  • User Group (Active Directory)

  • Computer (The desktop or server host)

  • Computer Group

  • Organisational Unit

  • Device Address

  • Trusted Entry Point (The last hop of the end user and the secure gateway for example)

  • Device Name

  • Connector Type (iOS, Android, Windows, ThinOS etc.)

  • Launched Apps Using (e.g. Windows AppPortal, iOS App)

  • Web Browser (the end users browser, e.g. Internet Explorer, Chrome)

  • Connector Version (The version of the vWorkspace Connector)

  • Two-factor Authentication (Has the user been authentication using 2FA)

  • Day of the Week

  • Time of day

  • Date

  • Web Access Site

  • Operating system

We can create and/or logic with any number of the criteria here and once selected we have further options we can use:

  • Is equal to

  • Is not equal to

  • Is greater than

  • Is greater than or equal to

  • Is less than

  • Is less than or equal to

  • Is in the list

  • Is not in the list

  • Is in the range

  • Is not in the range

So to create the rules for my staff and students in the school I navigated to the targets > Advanced in the vWorkspace console. Example below:



I then created a number of rules starting with, (Students External) and added the following statements to the rule:

  • User Group is equal to [Students]
  • Web Site Access is equal to [vPortal]
  • Operating System is not equal [iOS]

For students connecting from an iPad I created:

  • User Group is equal to [Students]
  • Operating System is equal to [iOS]

For Students connecting internally I created:

  • User Group is equal to [Students]
  • Devices Address in Range [X to X]
  • Operating System is not equal to [iOS]

For the staff I created similar rules, but hopefully this give you an idea of how powerful the advanced targeting in Wyse vWorkspace are and how they can help enhance security.

 

3