Browse Docs
Deployment to VDI Environments
DNS and VDI
DNS based solutions have some limits when used in a Virtual Desktop Infrastructure like Terminal Server, Azure Virtual Desktop Pool, Amazon Workspaces or Citrix CDI.
The main problem is that VDI solutions try to be used by multiple users at the same time on a given instance. But, just as it is not possible to set different DNS servers for different users, it is also not possible to provide different policies to logged-in users. Every logged-in user will start to get the same policies, which makes it impossible to solve the need for multiple policies based on the user’s groups.
DefensX solution for VDI
At DefensX, we have both of the Operating System DNS Agent and browser extensions.
When DefensX was installed on a VDI environment, every logged in users will get same policies in their fat clients other than the browsers like usual. But, at the same time, with the help of DefensX Browser Extensions, logged-in users use their own policies based on their group memberships while they are using the browsers.
The administrators manage the used software in a typical VDI environment. So, it is possible to have multiple browsers in a VDI system (like Chrome, Edge, Firefox) or it may be limited to only one browser. In both cases, the DefensX Browser Extensions turned the browser into an active endpoint for the logged-in user. With this method, every user starts using their own browsers with custom policies based on their user groups. And custom policies are not limited to just the web filters; you can attach different file transfer or credential exposure policies as well.
Selecting deployment parameters
It is no different from when DefensX is installed on a single machine. If you intend to use Active Directory or Azure AD integration, ensure that the Enable LOGON User feature on the MSI deployment and the Sync User’s Group Memberships From Active Directory or Azure AD checkboxes are checked in the deployment settings. Both options are also the default values when they’re not specified, and they can be changed on the DefensX backend later without needing to reinstall the agent.
When using golden image templates
If you’re planning to use DefensX in an environment where servers are provisioned automatically based on a golden image (like Azure Virtual Desktop Pool), DefensX has a very handy method to simplify the whole process for you.
You can install the DefensX Agent in the golden image using our standard methods. When new server instances, which are created based on the golden image, try to access the DefensX Backend, they are automatically detected, and a new agent with a unique key is created in our platform. When you look at the installed agents in the backend, you’ll notice that each instance has its own computer name and agent key.
If your solution also de-allocates the newly created instances after some period of time, they will also be removed from the DefensX backend after one month of inactivity.