What is Private Cloud?

Private cloud differs from “public” cloud in that it’s design is to provide access only to ‘authorized’ users.  It still delivers the flexibility and scalability of cloud architecture but in a more secure manner. Private Cloud is the usual choice of business to deliver a more reassured secure method of Cloud deployment.

Private cloud can be delivered in two main ways:-

Externally hosted – provisioned from a cloud service provider by means of an accessible virtualized storage server(s), off the network domain.
Internal Provisioning – Deployed virtualized server within the organizations domain network, delivered via HyperV, Oracle’s Virtual Box

Either method deployed delivers a service that end users generally access it through web based panels and local applications access it through API integration. The large difference is that there is some form of additional security so that the server service is not directly accessible to all and sundry via the internet.

For external hosting a dedicated line via encrypted VPN or SSL connects the cluster(s) to the client network. There is no direct method of accessing the private cloud over the internet without the additional security level of the connection.

Internal provisioning relies on the domain link network, and the virtualized server is access via internal IP address or machine reference. End users access can be limited from access via the virtualized server OS security (validating users)


Domain vs Local (The tale of the home/remote user)

There are several releases of Windows but all have a Home version and a Pro(fessional) version. The overall concept is a Pro version has more features to make the computer easier to use in a business/enterprise environment, while the home version has the basic core features providing an operating system that works fine for the individual.

The Home version although cheaper, does not come with the domain features built in, which is underlying problem from a remote user and IT person’s viewpoint. Extra work has to be done to allow the user access to the company network facilities (more rightly the domain).

Unless you have a grasp of the concepts between local and domain user, things can start to get confusing for the user, not only remembering different passwords and becomes a security nightmare for IT and so on.  I could cut this article down by ending it here, saying only purchase Pro versions, but going against “golden rules” it is possible to use local computing within a domain. PROVIDED THE USER AND YOU KNOW THE CONSEQUENCES.


The perfect scenario

The company domain requires that the person accessing the domain is recognised. This is done by the bouncer of the domain the domain controller, quite simply if your name is not on the list, you’re not coming in. The user is listed on that domain controller and provided a password, which they can use to get by the bouncer.

The domain controller also has other skills which soften its role to the wedding usher, in that once you’re in it will control (to a degree) where you are allowed to sit in the congregation. Or, more correctly what can and cannot have access to (note there are other factors that can govern this).

Generically there are two base types of domain users:-

Domain admin: These logins are the security pass of the domain, when you log in you have control and the ability to change settings within the domain, this can be to allow access privileges, add devices etc.etc. It makes sense you don’t give domain admin access to lots of folks, simply because they could go around changing settings, without immediately letting other users what they’ve done. It’s an access level that should be held by trusted competent staff.

Domain user: This user is a worker, and therefore has to be given the right tools for the job. The concept being is that they are wrapped in cotton wool to degree, given the access to what they need to complete the task. For example, a production user doesn’t need management or finance information, so they can’t access that information. While a management user may need access to finance to check budgets, so they must cross over into other territory. This can be done easily under a domain.

Control over the domain user allows that user to safely wander about the company network and never into an area they are not supposed to be in. Should they need access to a restricted area it can be requested and provided by the domain admin. This ensure the smooth and safe running of the network domain overall.




The home user ‘threat’.

Although a home version of windows doesn’t come with domain features as standard, it does not prevent that machine from being used on a domain.

And here’s the first disadvantage: The journey through the domain is not a smooth one, unlike a domain account they won’t be presented with the drives that they can access, instead they will have to reference them, and then provide their domain identity, to “prove” they can access.

But certain features will still be unavailable, such as network printers, as they never checked in but sneaked around the DC it never gave them full domain access via policy. The immediate good news security wise is the DC is still the governor and won’t let them wander where they’re not supposed to, provided that their access isn’t domain admin.

And that’s where the problems start users get frustrated and have to start remembering that the document drive P: for example, is actually a directory share off a domain device and is referenced something like


Although it’s not rocket science, users won’t care that the document drive is really called 192.168.xxx.xxx\finance_documents they just want to access P: drive. Yes, you can create a shortcuts to make it easy to remember, but IT have to provide the name if it’s not known by the user, the link only works when you user is connected to the domain via the company Wi-Fi or remotely by VPN.

The real issue is….

I used the word “threat” in the previous section, at most so far things are a minor irritation to IT and user. But here’s the serious stuff.

When the local machine is set up it’s configured with a local administrator access, and rightly so, as you must install the OS and any applications that you use locally, and here starts the problem.

Unwittingly, let’s say that the user requires a program they need to use (it may well be for business purposes) being a local admin they can download for example adobe pdf reader, but instead of going to the official site, they take one of the many other links that are available, yes the download the application, but they also risk inheriting a load of malware/virus extra’s that they’ve gladly given their permission to as administrator.

AV is not a bullet proof jacket, it can stop most but not all things, and the user allowing things thro as administrator of their own machine as just opened the door to unwelcome quests on their own machine.

Which as we’ve just explained can hop onto the domain, opens up P: drive on the network and your local malware/virus has a whole new section of the menu to start considering to gorge on.

Yes, the domain will have AV, but you’ve forced your way into the domain you’ve possibly sneaked past the protection, and now are running the risk of infecting others, simply by saving files back to the network drives. IT IS THIS THAT IS THE REAL ISSUE


Should local machines be allowed?

The scenario above is not limited to enterprise, it’s a serious threat to your company network and others is if you’re a remote user. Although without shadow of a doubt the answer is YES don’t use home versions within a company it’s a sledgehammer to crack a nut solution.

I would put forward that you can safely use home versions within a company, BUT (it’s a big but) you educate and enforce users, it should not be an option to all, and it will create extra work for IT in maintaining such users but here’s the general rules.

Always use a strong AV and scan for infections

Goes without saying, ideally with any BYOD it should be checked by the company IT first to ensure is clean and safe enough to use for company business.

UAC a work account

If you have a local machine, that you need to use for work DON’T USE THE ADMINISTRATOR account. But create a second user account on that machine. Stop and think about what you need for that account and ensure that its loaded/configured by qualified staff, if you’re uncertain ask.

Never store passwords

Two good reasons for this, first one being loss of the machine, or leaving the system accessible, risks others being able to access domain features. The next reason is cached credentials; your local version will remember your domain password. A good network forces users to change the password periodically, so a time will come when you suddenly click on a mapped share you created and you’re asked for your password, you type it in and you’re not allowed access as the domain knows you need to change your password, but your local copy has the old one stored.

‘Fun’ begins and I use the word in inverted commas, as the user doesn’t know what’s going on and IT now have to start unlocking your domain login as the attempted entry with wrong password has locked you out. ! The problem magnifies itself if users start using phones to access email on another device that constantly checks the passwords

The problem can be rectified switching off other devices firstly and with clearing cached credentials on the local machine, so start googling and learning how to do that!


Safest option is to use the local machine as a simple terminal for office work, don’t use the machine at all for directly working on, but remote desktop to, or call on a remote desktop service to provide you with a domain registered system. There are advantages to this in that a cheap machine can be used as a terminal (so there’s hardware cost savings) which can access a more powerful desktop

Everything is done on the remote machine (be it physical/virtual) and is covered by the network protection. In the case of RDS the VM’s they can be destroyed after their use, so the possible risk of infecting the word macro on that machine is eliminated as its never saved for another user to make use of (again not a bullet proof jacket but a definite extra layer of protection

Linx8 affordable mobile computing

A small bargain price tablet with big value uses.

linx8There are some folks that will snort at the prospect of cheap hardware, and to a degree they’re right! “You get what you pay for”, is a reasonably accurate phrase when buying hardware. Also, there are some “poor quality” devices on the market that really relegate devices to the “toy” section rather then practical for home and work.  But, do you always really need a V8 muscle car as a town run about? Or for the school run? A small budget tablet may not be for everyone with regards to a business machine requirement, but it’s worth taking a look for some business work, especially if you’re a mobile worker,  and you take advantage of Cloud based software, trust me.

Well it was a while ago I ‘won’ in a competition from the very nice folks @microsoftsb a Linx 8 tablet, which I was pleased with, but never really got around to using other than install the OS and my Microsoft account (Truth be known was already using the Toshiba Encore 8 for home and work). But a few weeks ago the need for a spare tablet arose for a work project, and remembering the Linx I dug it out and was highly pleased with the end results with the devices performance , and with the results I obtain in using it.

Although superseded now by a newer larger models, both in screen size and memory, and even OS, the Linx8 is still available to buy, and the OS is upgradeable (if you should so wish) and as I’ll explain quite a handy device to make use of.

Build Quality

First to impress is the feel and look of the device. Yes, it’s a plastic case, but the rubberised edge and back allow for a good hold on the device (and without leaving paw marks!), it’s also a boon if you rest the tablet on your knees and lean to pick something up, the rubberised grip surface on the rear, stops your investment launching to oblivion from your lap like so many other shiny models.

A nice professional black matt finish and incredibily light to hold for any duration of time, the Linx is light, slim and comfortable to work with on the move. At only 8mm thick, its thin but sturdy enough to resist any twist, creaks and groans. I still personally prefer the 8 inch screen over 10 on a tablet when used whilst you’re running about, as its easy to hold in the one hand.

Under the hood

The Linx 8 is a comes with built 1GB memory non expandable, and 32 gb storage the Windows 8.1 with Bing, so you don’t have a Pro operating system but that’s what keeps the price down. There’s ways and means of accessing domain level stuff if you do so need, so missing out on Pro is not as big a problem as it first appears. It’s also 32bit on a x64 processor a slight shame but, the processor is a 1.33Ghz Atom processor the Z3735F which in honesty is quite impressive, and for a small machine allows adequate multitasking of a few tasks without grinding to a halt.

Although you can upgrade the machine to Windows10 the base unit does not hold up well to moving the OS (as Windows10 base requirements have increased since 1067 release). To be honest and as I’ll explain you still can do an awful lot with the machine in its native 8.1 operating system still.

There is an expandable Micro SD slot which on my model has a 64GB card, on which I store the apps, data etc. Leaving the 32gb onboard for the essential OS and occasion apps which fuss about not being on c: drives!

The model also comes with a 12month Office 365 subscription the older Personal version, so an additional £60 worth of software thrown in, adds to the bargain. I’ve since upgraded this to my own Office 365 account, and all of the mainstay applications Outlook, Word, Excel work well even with a small screen, and are responsive enough to do some serious work with. Keeping in touch with the office, being able to work on reports and financial submissions on the go is a distinct advantage.


Again, in keeping with the price it was never going to be a 4k special. But, the 800 x 1280 TFT LCD provides a high enough quality display for work, and as a switch off it’s a great little screen for watching Netflix  with the addition of the mini HDMI port you can output to a larger screen if you do so wish for presentations etc, and still get a good quality display.

The touch screen is 10 touch points and very responsive, you won’t find yourself jabbing your finger repetitively to get a response form the device. Some may find the screen a tad small for desktop precision, if you have problems I’d suggest you use a touch screen wand/pen as an alternative which  works fine.


If you’re desperate for a physical keyboard, instead of the three onscreen varieties that Windows 8.1 provides, the Linx8 has Bluetooth  to allow you to connect a keyboard, leaving the mini USB free for a mouse should you so wish (or visa versa).


The device has a front and rear facing camera, each of which is only 2MP, again can’t expect miracles for the price. But, the camera is fine for holding skype calls, and as I found out great to use with Office Lens to get default images such as receipts, documents etc with all without getting eye strain!


Okay here’s the one minor grumble I found with the device. The device has a single channel Wi-Fi in some circumstances it’s not that great at distance, or pick up on some available Wi-Fi. Again with working here and there I get to notice this, but at home or in the office its solid. When I travel, personally I use my Lumia phone as a Wi-Fi hotspot, and the two are a match made in heaven (time to thank BT for the generous 20gb 4G data allowance!)

So what business can you do with it?

The Linx8 can be a useful piece of equipment for work, granted you’re never going to be rendering 3D or CAD images on it, but is a great little workhorse in that like every tablet, the device is brilliant when you need a computer with you when you’re away from your office desk and usual device. It’s light to carry and it allows you both the tile and desktop interfaces of Windows 8.1

With tablets and no keyboard I’ve a preference for the app over the full blown application, but with the cheap and reliable machine you have the advantage of both

I mentioned the Office365 which comes into its own on long bus/train rides home allowing you the full features to draft documents, produce worksheet reports, catch up with mail and attachments all in a well sized workable screen. My colleagues at another company utilise the Linx 8 with the Access database and have the tablet as a jotter and  terminal for stock control and job checking checking purposes.

Using features such as the RDP app available from the store, it’s a perfect portable terminal/console to use when your away from the desk or machine room, able to connect to the AD, Exchange server what have you, so as to be able to make changes at the location, rather than having to run back to the desk/machine room. When floor walking at work, the tablet is ideal for remotely changing settings for other users (Teamviewer is a great and free app).

The 1GB memory is more than adequate to run an office style VM’s delivered by RDS, so in the event of a laptop failure it can be used as a temporary device delivering an office virtual desktop to work with, or if you need to access your main system from home or other site.

With regards the IT side of its use, I also use two great apps Remote Terminal and Metro Putty for work where  cloud based servers run DMBS, allowing you to work with the TCL /management studio  with great ease, again allowing you to check status’s of servers even correct issues within the DBMS. So again the Linx has a use as a potable terminal/console to work from.

Educational equipment

Let’s face it schools budgets are restrictive on equipment, the Linx is an ideal device for education, cheap, affordable and useful. My colleagues company went and bought 10 of these tablets for the local village school (where his wife works). The budget model gives the school now the ability to teach business computing practices, and let the students explore via the web aiding in delivering education and at a low price.

The USB port and on board Bluetooth will allow keyboard and mouse to be added to make a mini PC as said previously. Or can be used for other connectivity to devices external DVD for loading software for example.

What’s so good about the Linx ?

I never over expected from tablet computing, which is more than likely why the tablet evolved into the two in one, for other people’s requirement for a little more room for more oomph with screen real estate, memory and disk storage, and of course the keyboard. To me tablet computing is on the fly/move work, its short bursts of work needed there and then, not always long arduous sessions. Although with a battery life of approx. 6+ hours that is possible with this tablet.

Like most computer geeks I have a collection of devices, but the Linx is the weekend weapon of choice, when I’m not out and about in at home on the sofa too . I can carry it easily in a coat pocket, and when called on I can work from where ever at weekends provided there’s Wi-Fi  or the trusted hotspot available (including a restaurant with my partner once during an ‘emergency’ (sorry to Louise my other half))

Budget tablets are aimed at the domestic market and its size makes it comfortable as a companion for social media, the skype call to colleagues and friends, perfect for watching the match, a film etc. But the Linx has proven itself in the work environment, and is a fraction of the cost of big brand names like DELL smaller tablets.

As said the Linx8 and the updated Linx810 is been superceeded by newer models introduced this year making use of Windows 10 and having higher 2/4GB RAM and  more 64K storage. Coming in at £200 they’re still cheap and  may be worth your glance, I know I was tempted. But, I can’t really fault the device that I obtained for free from a contest, and now retails for under £99. It’s a perfect tool for mobile SMB use, and thanks again @microsoftSB for opening my eyes to true mobile computing.

Using Quick Assist in Windows10

We’ve all been there whether you’re a support analyst or not, you’re home, comfy and the phone rings with a friend or relative calling to say they have a problem with the computer. Instead of having to call around or do the dreaded talking down a passenger trying to land a 747, as the pilot has passed out. You can put yourself in front of the computer remotely with a built in easy to use feature of Windows10.
This secure connection feature the other person must assist in the initiation. It’s not possible to remote control without their input. Also both machines should be running Windows 10 as Quick Assist in a new take on the older Remote Assistance, if the other persons running an older version of Windows, I’m afraid you’ll have to use that.
Offering assistance
Either using Cortana search or navigating the menu you need to run Quick Assist.
To initiate the connection by wantin to help someone else by remotely accessing their computer, click “Give Assistance”.


You’ll then have to sign in with your Microsoft account. After you do, you’ll receive a security code/pin of six digits


This code need to be sent to the person requiring assistance, you can tell them over the phone, or as you can see copy and paste it into an email which you can send them ..
Receiving Assistance

The person requiring assistance needs to run Quick Assist, with one important difference they’ll then need to click “Get Assistance” in the Quick Assist window that appears.


At this point, they’ll be prompted to enter the security code you received. When this is submitted the other person will then see a confirmation prompt,usually detailing that you (your name is displayed from your Microsoft account) what to remote in, and they’ll have to agree to give you access to their PC.

Once Connected

After confirming the remote the connection will now established, give it some time as your home broadband speed may be better or worst than the person you’re connecting to.

Once remoted you have full access to their computer as if you were sitting in front of it, so you can launch any programs or access any files they could. You’ll have all the privileges the computer’s owner has, so you won’t be restricted from changing any system settings. You can now tinker way to look at the issue….

The person wanting assistance will see everything that you’re doing, and can snatch back control at any time (typing in passwords) or even terminating the connection once completed

At the top right corner of the window, you’ll see icons that let draw on the screen (handy for the big red arrow!), change the size of the window, remotely restart the computer, open the task manager, or pause or end the Quick Assist connection.

This can be done by the either user by closing the application from the “Quick Assist” bar at the top of the screen.
The “remote reboot” option is designed to reboot the remote computer and immediately resume the Quick Assist session without any further input. This may not always work properly, however. Be prepared to talk the other person through signing back into their PC and re-initiating the Quick Assist session if there’s problem and this doesn’t happen automatically.

The computing world is flat

As the deadline for the Windows 10 update looms quickly upon users, there are still a lot of users that are declining the upgrade.

Folks and companies declining the offer may have good reason to, but in my opinion there’s a few that are creating a “the world is flat” camp, and that by not moving to Windows 10 either by upgrading, or dare I say it buying a new device, will miss out on an awful lot of improvements.

When I say improvements, I don’t just mean the new features such as Cortana (nice as it is). Computing needs have moved on, and Windows 10 is the OS that works well with the needs in my opinion, computing isn’t chained to a desk anymore  (office or dining room) it’s now flexible, the ability to work anywhere is important not just for office work but for the home too.

For example, a touch screen interface instead of a keyboard. Perfect input method for being out and about, or lounging on the sofa. Windows 10 has a native tablet mode to allow you to take advantage of this interface (hardware allowing obviously). Although it’s not impossible in Windows 7 you can use touch if you don’t mind squinting one eye, sticking your tongue out of the corner of mouth as you line up the aim of your finger for just the exact point on the screen.

Mobile computing has rapidly becoming more and more a requirement, Windows 10 caters for it well, offering a linked OS across devices, from the home PC to the tablet/2 in 1 and even on the mobile phone. The ability to convert the phone to a full PC via continuum feature another work anywhere advantage.

But it’s not just new shiny methods of working that that Windows 10 improves on. Work wise Windows 10 offers better ways to perform standard computing.

For example the multiple desktop, allows users to section off areas of work, in that you can have desktop screen open with applications for one customer, and another screen with the same or different applications open for another. This tidy method means that you don’t have a tool bar cluttered with icons, and reduce the chance of losing that open document/file  you’ve been working on by closing the wrong one!

Remote desktop availability via a simple app, a straight forward create and record details allows you to easily build a library of rdp links you connect to via a simple click, no remembering login details/ dns names or ip addresses.

If you’re not a home user, then the availability to run virtual PC’s via the included Hyper-V is an option allowing your computer to become multiple computers, the list can go on and on.

Windows 7 is clocking on for being 8 years old, already there are no new developments on that platform, just updates to attempt to keep away security issues, so with no new features being added, it’s started to get long in the tooth.

At the end of the day some machines just won’t cut it old architecture and hardware has Windows 10 at a disadvantage. (That’s why there’s an update tool I recommend you run first to ensure that the machine will update, not just do it blindly and moan in the forums). Along with older software too it has to be said. But, that’s down to the user and the person/company who built the machine.

When other goods become long in the tooth, you replace them, it may well be time you need to consider hardware replacement if you wish to keep up with changes, and meet the requirements of a changing computing environment.

P2V easy as ABC (with Hyper-V)

Having discovered just how easy it is to deploy a DaaS server setup, thanks for Server 2012’s RDS Roles, the next big issue is the putting meat on the bones. In that the creation of Virtual machines for the broker server to work with.

When I completed the pet project, I basically started from the ground up. In that the VM’s were created from scratch, and just the additional required apps were added. But what if you need to virtualise an existing system ?

Luckily, there’s a dead handy application, available from Microsoft that allows you to convert both physical and existing virtuals to virtual disks, that a Hyper V server can utilise.

Say hello to the sysadmin’s new friend in VM construction for HyperV disk2vhd.exe


Converting Physical to Virtual machines under Hyper V

Having migrated manually physical servers into virtual hosting on the cloud, the task can be a long and laborious one, ensuring that the initial configuration is right, then applying the applications and data, then looking at the security on top.

The ability to convert a system and just drop it onto the virtual hosting is a god send to say the least. In this article I’m focusing on virtualizing PC’s as VM for RDS, as a follow on to the RDS article, but the following exact same procedure can be used for servers too, just add a little more disk space for storage and a hint more time to prep the VM disk. 

What shouldn’t you virtualize

Hyper V has a “limit” of 127GB, so anything larger than that is a no- no I’m afraid. Also certain server roles such as a domain controller, are better suited to being built from scratch and then let the new server synch with the main DC, rather than duplicate and let the ensuing chaos of sync to matched servers battle it out.

 Obtain the Utility

The application is available from the Windows Sysinternals page so that you can download the program utility. The facility also existed to run the utility from the web page at the time of writing, so if you have a fast internet connection and cloud storage you can run the utility from the cloud.


Using disk2vhd.exe

The utility is downloaded as a zip file. You need extract the utility on the machine that you wish to convert from Physical to Virtual.

Tip always check the Use Vhdx box to create the disk this newer new disk format that was introduced in Windows Server 2012. Compared to traditional VHD, VHDX has several improvements, including a special internal log to reduce the chances of data corruption, a bigger capacity (up to 64 TB) and other great features. It’s worth using!

The Filename allows a path to store the virtual hard disk you’re going to create, its much betters to create the virtual disk on a separate disk to that of what you’re virtualizing (avoid the black hols scenario and copying the copy you’re creating!). Remember to include any disk/volume you want to virtualize. If you want it to be a bootable disk, then include a system disk plus boot area (tick System Reserved label). Click Create to start the process.


 Convert disk(s) to VHDX format and copy it to Hyper-V host

Once the conversion is running, you’ll see the estimated time of its completion, displayed:-


This screen shot shows the VM being copied to a new local drive, but as said you can copy to accessible server drives, or the cloud if required

As a result of the operation, you’ll get a VHDX file/disk, which you can now copy to your Hyper-V server and place in the folder where you have the VM disks.


 Create a new VM on a Hyper-V host

Having created your disk, you should create a VM first. Run the New Virtual Machine wizard in Hyper-V Manager and configure it according to your needs. Configuration options are straight forward



NOTE: Choose your VM generation carefully. Starting with Windows 2012 R2, Hyper-V has a new option:

Generation 2 Virtual machines. This is a second generation firmware for VMs is a revised set of virtual hardware and new opportunities for users, such as a boot from an SCSI device. There’s limitations in that only newer machines Windows 8 + are gen2 compliant, so if you’re virtualizing older machines take care in your choice. Gen 2 really is best suited to 64 bit builds, I’ve used them for Windows 10 and 2012 Server VM’s for which they’re fine, if you’re not 100% sure stick to Generation 1.


Connecting up the vdhx disk

 While creating the virtual machine you also have to configure the virtual hard disk, so then pick a disk you already have created with the utility and complete the rest of the steps in the wizard.



After completing the wizard you should be able to run the VM , simply by right-click on a VM, select Run, then right-click again and connect to it.

If the hardware configuration of the VM is different to the one being run on the VM host it may take some time for the VM to boot up. However, in a few minutes you’ll see the welcome screen and be ready to log in to the system. Presto as simple as that



VDI Session reliability

No matter how utopian the idea of VDI, the harsh reality of remote users, and the networks they are working on, can cause issues for VDI delivery and use. Taking into consideration the real world, should be part of your VDI delivery plan, when implementing a solution.

VDI Clients working on overloaded networks, or remotely on WiFi will be prone to dropouts. So how does the drop out issue get handled by VDI? It’s worth knowing, one of the biggest issues, I’ve come across is multiple sessions in use, usually caused by data packet loss, and high latency due to inferior speed connections to the server, a recipe for creating bottlenecking processes. All of which lead to server overload in that, excessive use of server system memory, and CPU by the ghost/dead sessions.

For that reason I’m more in favour of RDWeb RDS service, as it restricts what remote users can actually do to harm your VDI operation in such events.

The advantage of the RDS 2012 system, is that it uses Microsoft’s remote desktop standard technology to connect the VDI client to the server(s) and services.

This means that when a disconnection occurs. The system gives the reconnection up to a max of 20 attempts so as to establish the connection, the user cannot attempt another connection until the reconnection attempts succeed or fail.

There’s a visual warning and display of the reconnection attempts while the “dropped” session awaits reconnection. Should all 20 attempts fail, then the session is flagged as disconnected, and the server housekeeping removes the dead session in the back ground.
At that point the user can pick up another session from the broker server.


Citrix deals with drop outs differently. XenApp/XenDesktop are controlled by the receiver which will basically keep on trying to reconnect the session, no matter how long it’s been disconnected. But, that is where the issue lies with using Citrix ‘without a leash’.

A user may experience a drop out, working remotely, they’d be tempted to fire up another session to continue working, whilst ‘in the background’ the receiver is wrestling to re-establish back the lost connection, when that connection is established it’s presented back to the originating user.

The issue is that if the VDI is being used to address other software on servers, the user has kicked off multiple sessions in other software, loss of the client on their side may not terminate the back ground session on other servers, leaving dead sessions that could be utilising high resource of the other server. So again the latency build up becomes an issue.

Depending on user stubbornness, this could actually easily lead to a crippling overload a server, if session drop outs are frequent. Although Citrix utilises thin wire technology to improve issues on high latency networks, it can cause “nasty side effects” over the network if not configured appropriately.

A correct Citrix setup/configuration should by policy/rules have timeout disconnects set for situations like these, also idle timeouts are recommended. Also raise users awareness of drop outs and what to do, so that the don’t end up causing your IT more issues

RDS makes for an easier solution, without as much configuration for the drop out handling, waiting for the green light from the server before proceeding helps to eliminate problems with dropped connections. While Citrix on the other had requires some consideration in handling such events.

Not that Citrix has inherent issues. I’ve seen customer set ups where Citrix is as solid as a rock within their own network, perfect for delivering a standard painted desktop solution, the issue lies with not planning for remote workers on external networks.