With this blog post I am continuing my EUC Layers series. As I didn’t know that I started one there is no real order to follow. Other that it seems to be somewhat from the user perspective, as that seems a big part in End User Computing. But I cannot guarantee that will be the right order at the end of things.
If you would like to read back the other parts you can find them here:
For this part I would like to ramble on and sing my song about an important part for the user experience, User Environment Management.
Organisations will grant its users access to certain workspaces, an application, a desktop and or parts of data required or supporting the users role within the business processes. With that these users are granted access to one or more operating systems below that workspace or application. This organization would also like to apply some kind of corporate policy to ensure the user works with the appropriate level(s) of access for doing their job and keeping organizations data secure. Or in some cases to comply with rules and regulations and thus making the users job a bit difficult at the same time.
On the other side of the force, each user will have a preferred way of using the workspace and will tend to make all sorts of changes that enable these users to work efficiently as human possible. An example of these changes are look and feel options and e-mail signatures.
The combination of the organization policy and the user preferences is the User Environment Layer, also called persona also called user personality.
Whether a user is accessing a virtual desktop or a published application, the requirement for a consistent experience for users across all resources is one of the essential objectives and requirements for End User Computing solutions. If you don’t have a way of managing the UE, you will have disgruntled users and not much of a productive solution.
Managing the User Environment
Managing the User Environment is complicated as there are a lot of factors and variables in the End User environment. Further complexity is added by what will be needed to be managed from the organization perspective and what does your users expect.
Next to this yet an other layer is added to this complexity, the workspaces are often not just one dominating technology, but a combination of several pooled technologies. Physical desktops pools, Virtual desktops pools, 3D engineering pools, application pools and so on.
That means that a user does not always log on to the same virtual desktop each time, or log on to a published application on another device still wanting to have the same settings to the application and the application on the virtual desktop. A common factor is that the operating system layer is a Windows-based OS. Downside is, several versions and a lot of application options. We should make sure that user profiles are portable in one way or another from one session to the next one.
It is absolutely necessary that using different versions pooled workspaces that the method of deploying applications and settings to users is fast, robust and automated. From the user context and operational management.
User Environment Managers
And cue the software solutions that will abstract the user data and the corporate policies from the delivered operating system and applications. And manage centrally.
The are a lot of solutions that provide a part of the puzzle with profile management and such. And some will provide a more complete UEM solution like:
- RES ONE Workspace (previously known as RES Workspace Manager),
- Ivanti Environment Manager (previously known as AppSense Environment Manager),
- LiquidLabs Profile Unity,
- VMware User Environment Manager (previously known as Immidio).
And probably some more…
Which one works best is up to your requirements and the fit with the rest of the used solution components. Use the one the fits the bill for your organisation now and in a future interaction. And look for some guidance and experience from the field via the community or the Intarweb.
User Profile Strategy
All the UEM solutions offer an abstraction for the Windows User Profile. The data and settings normally in the Windows User Profile are captured and saved to a central location. When the user session is started on the desktop, context changes, application starts or stops, or sessions are stopped, interaction between (parts of) the central location and the Windows Profile is done to maintain a consistent user experience across any desktop. Just in the time when they are needed, and not bulk loaded on startup.
The Windows Profile itself comes in following flavours:
- Roaming. Settings and data is saved to a network location. Default the complete profile is copied at log in and log out to any computer the user starts the session. The bits that will be copied or not can be tweaked with policies.
- Local. Settings and data is saved locally to the desktop. This remains on the desktop. When roaming settings and data are not copied and a new profile is created with a new session.
- Mandatory. All user sessions use a prepared user profile. All user changes done to the profile are delete when user session are logged off.
- Temporary. Something fubarred. This profile only comes in to play when an error condition prevents the user’s profile from loading. Temporary profiles are deleted at the end of each session, and changes made by the user to desktop settings and files are lost when the user logs off. Not using this with UEM.
The choice of Windows profile used with(in) the UEM solution often depends on to be architecture and the phase you are doing, starting point and where to go. For example starting with the bloating and error prone roaming profiles, UEM side-by-side for capturing the current settings and moving to clean mandatory profiles. Folder Redirection in the mix for centralized user data and presto.
Use mandatory as de facto wherever possible, it is a great fit for virtual desktops, published applications and host/terminal servers in combination with a UEM solution.
The User Profile strategy should also include something to mitigate against the Windows Profile versions. OS versions are incorporated with different profile versions. Without some UEM solution you cannot roam settings between a V2 and V3 profile. So when migrating or moving between different versions is not possible without tooling. The following table is created with the information from TechNet about User Profiles.
|Windows OS||User Profile Version|
|Windows XP and Windows Server 2003||First version without .|
|Windows Vista and Windows Server 2008||.V2|
|Windows 7 and Windows Server 2008 R2||.V2|
|Windows 8 and Windows Server 2012||.V3 (after the software update and registry key are applied)
.V2 (before the software update and registry key are applied)
|Windows 8.1 and Windows Server 2012 R2||.V4 (after the software update and registry key are applied)
.V2 (before the software update and registry key are applied)
|Windows 10, 1703 and 1607||.V6|
Next to that UEM offers to move settings for the user context from Group Policies and login/logoff scripts, again lowering the amount of policies and scripts at login and logoff. And improving the user experience by lowering those waiting times to actually having what you need just in the time you need it.
And what your organization user environment strategy is, what do you want to manage and control, what to capture for users and applications, and what not.
VMware User Environment Manager
With VMware Horizon often VMware UEM will be used. And what do we need for VMware UEM?
In short VMware UEM is a Windows-based application, which consists of the following main components:
- Active Directory Group Policy for configuration of the VMware User Environment Manager.
- UEM configuration share on a file repository.
- UEM User Profile Archives share on a file repository.
- The UEM agent or FlexEngine in the Windows Guest OS where the settings are to be applied or captured.
- For using UEM in offline conditions and synchronizing when a the device connects to the network again.
- UEM Management Console for centralized management of settings, policies, profiles and config files.
- The Self-Support or Helpdesk Tool. For resetting to a previous settings state or troubleshooting for level 1 support.
- The Application Profiler for creating application profile templates., Just run your application with Appliction profiler and Application Profiler automatically analyzes where it stores its file and registry configuration. The analysis results in an optimized Flex config file, which can then be edited in the Application Profiler or used as is in the UEM environment.
UEM will work with the UEM shares and engine components available to the environment. With the latest release Active Directory isn’t a required dependency with the alternative NoAD mode. The last three are for management purposes.
All coming together in the following architecture diagram:
That’s it, no need for further redundant application managers and database requirements. In fact UEM will utilize components that organization already have in place. Pretty awesomesauce.
I am not going to cover installation and configuration of UEM, there are already a lot of resources available on the big bad web. Two excellent resources are http://www.carlstalhood.com/vmware-user-environment-manager/ or https://chrisdhalstead.net/2015/04/23/vmware-user-environment-manager-uem-part-1-overview-installation/. And of course VMware blogs and documentation center.
Important for the correct usage of UEM is to keep in mind that the solution works in the user context. Pre-Windows Session settings or computer settings will not be in UEM. And it will not solve application architecture misbehaviour. It can help with some duct tape, but it wont solve an application architecture changes from version 1 to version 4.
VMware UEM continually evolves with even tighter integration with EUC using VMware Horizon Smart Policies, Application Provisioning integrations, Application authorizations, new templates and so on.
Happy Managing the User Environment!
Sources: vmware.com, microsoft.com, res.com, ivanti.com, liquidwarelabs.com