There are a number of technologies available for developing and managing virtual Windows computing environments. We decided to focus initially on products available from Microsoft and will then compare against the benefits of alternatives such as Citrix and VMWare.
The design we are considering would leverage the University of Michigan Active Directory (AD) infrastructure for user and computer account management. Residing in the cloud would be a public facing Remote Desktop (RD) Gateway through which users of this system would access their research group's ACI. Each ACI would be a Remote Desktop Services (RDS) server, formerly known as Terminal Server, configured based on the information provided by their PI through the ACI Chooser. The RD Gateway would validate the users credentials and redirect them to their assigned ACI.
This approach allows us to managed a single entry point for access to the cloud based resources and utilizing AD permits policy based management of the configuration of the Windows ACIs and associated user accounts. However a requirement of this approach is that a connection must be permitted to the UM network for the RD Gateway residing in the cloud. In the short term we are working with University engineers to permit this connection. Long term we will evaluate alternative approaches to facilitate this design, such as: using dedicated VPN appliance gateways to establish the connection; foregoing the connection to the UM AD and instead create an AD infrastructure in the cloud; and determine whether we should setup a Virtual Private Cloud (VPC) in the EC2 as an added layer for security. Right now our focus is on developing a working prototype RDS that can be tested by our PI and the ICPSR staff.
My next few blog posts will drill down in the merits of this design, its components and their roles, and the decisions required if we were to proceed with a production implementation of this approach.
Monday, March 8, 2010
Subscribe to:
Posts (Atom)