MED-V v1

Contents
1 Introduction to Microsoft Enterprise Desktop Virtualization (MED-V) ........................................... 3
1.1 Terminology ...........................................................................................................................4
1.2 Key Capabilities.......................................................................................................................4

2 High-level Architecture ......................................................................................................... 6

2.1 System Requirements for MED-V v1 .........................................................................................7

3 Virtual Image Overview ........................................................................................................ 8

3.1 Managing a virtual machine ................................................................................................... 10

4 The MED-V Client ................................................................................................................ 11

4.1 Authentication and Policy Enforcement ................................................................................... 11
4.2 Virtual Machine Operation ..................................................................................................... 11
4.3 Virtual Image Encryption ....................................................................................................... 12
4.4 Offline Mode ......................................................................................................................... 12
4.5 Published Applications and Menus – Single Desktop User Experience .......................................... 13
4.6 Web Browser Redirection ...................................................................................................... 13
4.7 Printing ................................................................................................................................ 14
4.8 File Transfer ......................................................................................................................... 14
4.9 Copy and Paste Control ......................................................................................................... 14

5 MED-V Client Deployment................................................................................................... 15

5.1 Client Deployment and Image Delivery Methods ..................................................................... 15
5.2 Customized, First-time Setup ................................................................................................. 15

6 MED-V Image Delivery and Update .................................................................................... 16

6.1 MED-V Trim Transfer Technology ........................................................................................... 17

7 MED-V Management Server ................................................................................................ 18

7.1 Workspace Policy .................................................................................................................. 18
7.2 Events Database and the MED-V Dashboard ........................................................................... 18

8 MED-V Enterprise Architecture ........................................................................................... 19

8.1 Scalability and Multi-Locations ............................................................................................... 19
8.2 High Availability .................................................................................................................... 19

MICROSOFT DESKTOP OPTIMIZATION PACK

1 Introduction to Microsoft Enterprise Desktop Virtualization (MED-V)
®
Microsoft Enterprise Desktop Virtualization (MED-V), a core component of the Microsoft Desktop
Optimization Pack (MDOP)for Software Assurance, enables deployment and management of Microsoft
virtual PC Windows desktops to enable key enterprise scenarios. Primarily, MED-V helps enterprises
upgrade to the latest version of Windows even when some applications are not yet functional or
supported.

MED-V builds on top of Virtual PC to

run two operating systems on one
device, adding virtual image delivery,
policy-based provisioning, and
centralized management.

With MED-V, you can easily create,

deliver and manage corporate Virtual
PC images on any Windows®-based
desktop.

Enable legacy applications and accelerate upgrades to new operating systems

Incompatibility of applications with newer versions
of Microsoft Windows can delay enterprise
operating system (OS) upgrades. Testing and
migrating applications can be time-consuming, and
meanwhile users are unable to take advantage of
the new capabilities and enhancements offered by
the new OS.

By delivering applications in a Virtual PC that runs

a previous version of the OS (e.g., Windows XP or
Windows 2000), MED-V removes the barriers to
OS upgrades), MED-V removes the barriers to
operating system upgrades and allows
administrators to complete testing and to deal with
incompatible applications after the upgrade.

From the user’s perspective, these applications are accessible from the standard desktop Start menu and
appear side-by-side with native applications—so there is minimal change to the user experience.

MICROSOFT DESKTOP OPTIMIZATION PACK

3
1.1 Terminology
Host—The operating system instance installed on the end-user’s physical device.

Virtual PC / Machine—An additional instance of an operating system running concurrently with the
host on the same physical device using virtualization software (such as, Microsoft Virtual PC).

Guest—The operating system installed on a virtual machine.

Virtual image—A file that represents the file system of a virtual machine and can be delivered to
multiple endpoints independent of their hardware or software.

1.2 Key Capabilities

MED-V adds the following additional layers to Microsoft Virtual PC to enable enterprise deployment of
desktop virtualization:

 Virtual images repository and delivery—MED-V provides the following mechanisms for simplifying
the process of creating, testing, delivering, and maintaining virtual images from a central location:

 Administrator console for virtual image creation and testing.

 Centralized virtual images repository for image storage, versioning, and delivery based on
Microsoft IIS web servers.

 A client component (standard MSI installation) that automatically retrieves virtual images from the
centralized repository.

 Auto-installation package for self-deployment of the client component and the virtual images via
removable media (such as DVD) or from a website.

 An efficient, bandwidth-conserving, Trim Transfer mechanism for delivering and updating virtual
images over the network.

 Support for image delivery through standard enterprise content distribution systems.

 Centralized management and monitoring—MED-V helps administrators manage the entire life-
cycle of virtual machines deployed on desktops throughout the enterprise. The centralized
management and monitoring capabilities MED-V provides include:

 A central management server that controls all deployed virtual machines.

 Integration with Microsoft Active Directory® Domain Services to enable provisioning of virtual
images based on group membership or user identity.

 User authentication prior to accessing the virtual image (whether the host is online or offline).

MICROSOFT DESKTOP OPTIMIZATION PACK

4
  A mechanism for automating the first-time setup of virtual machines at the endpoint, including
assignment of a unique computer name, performing initial network setup, and joining the virtual
machine to a corporate domain.

 Support for deployment throughout a heterogeneous environment, adjusting memory allocation

for the virtual PC according to the available RAM of the endpoint, and changing network settings
according to the local network.

 A central database of client activity and events facilitating monitoring and remote troubleshooting.

 Usage policy and data transfer control—MED-V client enforces the following user or group usage
policies, access permissions to virtual images, and data transfer permissions:

 Virtual image protection that prevents unauthorized execution.

 A configurable expiration for the virtual image or a time limit for offline use (to force the user to re-
authorize before continuing to work offline).

 The ability to allow or block data transfer between the virtual machine and the endpoint, via copy
and paste, file transfer, or printing.

 Web browser redirection of administrator-defined domains (such as the corporate intranet or sites
that require an older version of the browser) from the endpoint browser, to a browser within the
virtual machine.

Seamless end-user experience—The following can be configured in MED-V to provide a seamless

experience, making users unaware of the virtual machines running in the background. It reduces the
training required for deploying virtualization to non-technical users:

 Invisible virtual machine—A simplified work process for operating virtual machines through a
user-friendly tray menu. The user is not required to learn the principles of virtualization or view an
additional desktop as is usually required when running a virtual PC.

 Published applications—Applications installed on the virtual machine are available through the
standard desktop Start menu. These applications run in Virtual PC, but are seamlessly integrated
into the user desktop and appear side-by-side with native applications.

 Power user mode—Technical users and administrators can view the virtual machine loading
processes and desktop if required.

MICROSOFT DESKTOP OPTIMIZATION PACK

5
2 High-level Architecture

The MED-V solution comprises the following elements:

 Administrator-defined virtual machine—Encapsulates a full desktop environment, including an

operating system, applications and optional management and security tools.

 Image repository—Stores all virtual images on a standard IIS server and enables virtual images
version management, client-authenticated image retrieval, and efficient download (of a new image or
updates) via Trim Transfer technology.

 Management server—Associates virtual images from the image repository along with administrator
usage policies to Active Directory® users or groups. The Management Server also aggregates
clients' events, and stores them in an external database (Microsoft SQL Server®) for monitoring and
reporting purposes.

 Management console—Enables administrators to control the management server and the image
repository.

MICROSOFT DESKTOP OPTIMIZATION PACK

6
 End-user client

1. Virtual image life-cycle—Authentication, image retrieval, enforcement of usage policies.

2. Virtual machine session management—Start, stop, lock the virtual machine.

3. Single desktop experience—Applications installed in the virtual machine seamlessly available

through the standard desktop Start menu and integrated with other applications on the user
desktop.

All communication between the client and the servers (management server and image repository) is
carried on top of a standard HTTP or HTTPs channel.

2.1 System Requirements for MED-V v1

Management Server

 Operating system: Windows Server 2008 Standard/Enterprise Edition x86 & 64-bit
 Recommended hardware: Dual Processor (2.8 GHz), 4GB RAM

®
Active-directory : Management server should be joined to a domain
 Scale: The setup above was tested with 5000 concurrent active clients. Other setups can scale to
support larger number of users.

Additional Server Components
 Image repository: Web server(s) based on Microsoft IIS
 Reporting database (optional): Microsoft SQL Server 2005 SP2 Enterprise Edition SP2 or
Microsoft SQL Server 2008 Express/Standard/Enterprise editions

Client
 Operating system:
®
o Windows Vista SP1 (Enterprise, Home Basic, Home Premium, Business, Ultimate) —
32-bit (2GB RAM Recommended)
o Windows XP SP2 or SP3 (Professional, Home)—32bit (1GB RAM Recommended)
 Languages: The user interface is only available in English. Support is available for a localized
Western-European operating system.
 Virtual PC: Microsoft Virtual PC 2007 SP1 with KB958162 (or newer) is required

Note: MED-V v1 is supported on managed desktops only.

It is recommended to install the end user client within IT-managed desktop environments on desktops
that are members of a Microsoft Active Directory Domain.

Guest Operating System

 Windows XP SP2 or SP3—32bit
 Windows 2000 SP4—32bit

MICROSOFT DESKTOP OPTIMIZATION PACK

7
3 Virtual Image Overview
The following describes the typical process of creating, deploying, and utilizing a MED-V virtual image:

 Create a virtual image within Microsoft Virtual PC.

 Define a MED-V workspace.

 Create a list of applications installed in the virtual image, which are to be made available to end
users through their standard desktop Start menu.

 Define Web sites that should be viewed inside or outside the virtual machine browser and that are
redirected to the appropriate location by MED-V client.

 Provision the MED-V workspace to Active Directory users and groups.

 Set usage policy (such as expiration, permission to work offline) and data transfer permissions
(such as file transfer, copy andpaste, and printing) to the various users and groups.

 Test the Image through the MED-V management console, and load it to the MED-V Image
Repository.

 Deploy the MED-V client via one of the following methods:

 Enterprise software distribution tools—The MED-V client and Virtual PC software can be
deployed as standard Windows Installer files.

 Self-install package—Deliver a MED-V installation package, which includes MED-V client

installation and Virtual PC software using one of the following:

o A self-service Website.

o Removeable media for example, CD, DVD).

The installation process is automated, silent and easy for end users. .

MICROSOFT DESKTOP OPTIMIZATION PACK

8
 Deliver the virtual image:

 Over the network—After the MED-V Client is installed, the virtual image can be retrieved over
the network using standard HTTP or HTTPs tunnel. Trim Transfer technology will accelerate
download speed and reduce required bandwidth, as described in a following section.

 Using enterprise distribution mechanisms—Administrators may choose to deliver packaged

virtual PC images (created by the MED-V management console) by using existing systems. The
MED-V Client will look for the package in a pre-defined path, and extract the image.

 Via removable media (for example, DVD) —When delivering removable media to the end user,
it is possible to add the virtual image to the self-install package. As part of the installation, the
virtual image is copied to the local drive.

 End-users start working—Users authenticate against the MED-V management server and they are
ready to work within the virtual machine. After the first online authentication, offline work is also
supported, if permitted by the administrator.

 Manage and update the MED-V workspace—The management console enables administrators to
easily update usage policies, provision MED-V workspaces to additional users, deprovision existing
users, and update the virtual images. All updates are automatically distributed to relevant users when
they work online.

 Monitoring clients—The MED-V management console presents an updated report of all the users. It
provides detailed information on all client events, and when an error occurs, it can help the
administrator understand the source of the problem remotely and instruct the user on how to solve it.
The MED-V diagnostic tool runs automatically when client installation fails, and can be executed
manually in other cases of malfunction. The report can assist Microsoft support in understanding the
cause of the problem and recommending the administrator on how to fix it.

MICROSOFT DESKTOP OPTIMIZATION PACK

9
3.1 Managing a virtual machine
After the first version of a virtual image is deployed, it becomes a desktop operating system that requires
corporate IT management. This includes delivering new applications, patching, updating security
definitions and policies, and more.

Administrators can choose one of the following two methods of virtual machine management:

 Domain-managed virtual machine—Manage virtual machines just like physical corporate devices.
MED-V provides a first-time customization process for every deployed virtual image, where the
administrator can choose to join the virtual machine to an Active Directory domain. This way,
administrators can patch, update, deliver applications, and apply policies using existing tools.

 Self-cleaning (revertible) virtual machine—MED-V offers a unique method for managing an easy
to support virtual desktop environment. It takes advantage of hardware independence enabled by
virtualization, and maintains the exact same image across multiple endpoints. All user changes to
applications or the OS are discarded once the virtual PC session ends, and the virtual machine
reverts to the original image, as packaged and delivered by the administrator. This can significantly
simplify management, support, and troubleshooting for virtual machines.

Updates, patches, new applications, and settings changes are applied to the master virtual image,
tested by the administrator, and uploaded as a new version of the virtual image to the MED-V image
repository. The new version is delivered to all endpoints using Trim Transfer technology, removing
the need to update each endpoint separately.

This method is applicable only where no user data or settings need to be kept in the virtual image (for
instance, when all user data and settings are stored on a network location). Also when using the
revertible method, the virtual machine should not be part of an Active Directory domain.

MICROSOFT DESKTOP OPTIMIZATION PACK

10
4 The MED-V Client

4.1 Authentication and Policy Enforcement

The MED-V client requires authentication to ensure that only authorized users access the MED-V virtual
images. This verification is performed against the management server, which queries Active Directory for
user and group information. Therefore, the management server must be part of the domain to which the
user is trying to authenticate.

MED-V leverages Active Directory security policies. When an account is disabled or locked in Active
Directory (for instance, if the user typed a wrong password three times), the user is not allowed to tart the
MED-V workspace. In addition, if the password is about to expire, the user is offered to change the
password before completing the MED-V authentication.

Once the authentication process is complete, the MED-V client queries the MED-V management server
for the most recent policies and settings. This action ensures that the endpoint is using the most updated
MED-V workspaces and allows administrators to control and monitor active users, as described in
following sections.

The domain credentials used for authenticating the MED-V client are also used to login to the Windows
instance inside the virtual machine, so that the user is not required to type the domain credentials twice.
The user may choose to save the credentials for future sessions of the same user, so that they are
automatically used by MED-V client the next time the user attempts to start a MED-V workspace. Note
that the user is required to authenticate by the MED-V client, even if the host and the guest operating
system use the same credentials.

When the virtual machine is running in a MED-V session, it is locked after a predefined idle time or when
the physical device enters hibernation or sleep mode. The authenticated user is required to type his
password to unlock the virtual machine and continue working.

MED-V v1 only supports authentication based on Active Directory domain credentials (username and
password). Future releases may include two-factor authentication (such as smart card certificates).

4.2 Virtual Machine Operation

MED-V uses Microsoft Virtual PC to run a virtual machine locally on the endpoint. The MED-V client
controls all aspects of virtual machine management, including retrieving or updating a virtual image,
customizing the virtual machine for the specific user or device, initiating, suspending or terminating a
virtual machine session, and monitoring the virtualization engine for malfunctions (watchdog).
End users remain unaware that a virtual machine is running in the background.

The MED-V client can be configured to take a snapshot of the virtual machine (similar to a laptop sleep
mode) at the end of each work session or when the user logs off the host workstation. This reduces the
time required for re-initiating the virtual machine.

When a virtual machine is suspended, and a different, authorized user attempts to use it, the virtual
machine shuts down first (pending user confirmation). The existing session is lost, similar to Windows
behavior when an authorized user attempts to access a locked device.

MICROSOFT DESKTOP OPTIMIZATION PACK

11
4.3 Virtual Image Encryption
Virtual images are encrypted by the management console when packaged for distribution (over the
network or media) to protect the virtual image from unauthorized use (such as, unauthenticated users, on
users not complying with the administrator-defined usage policies). For each image, encryption keys are
generated on the server and are securely transferred to clients authorized to work with the specific image.
The virtual images remain encrypted on the endpoint local drive, and decryption is completed on the fly
when the virtual machine is running. Any new data is saved encrypted.

4.4 Offline Mode

If users are authorized to work with the virtual machine offline, the policy files and encryption keys are
cached locally after a first successful online authentication.

If there are multiple authentication failures, further attempts will be delayed (similar to Windows login).
Additionally, if the user account is disabled, locked, expired in Active Directory, or if the account password
has changed, MED-V client deletes the locally cached credentials when connecting to the management
server.

Offline work permissions may be limited by the administrator to a predefined period of time, after which
the user must reconnect to the management server and re-authenticate. This ensures users are kept up
to date with the most recent policy and permissions, and enforces expiration and de-provisioning settings
on end users.

MICROSOFT DESKTOP OPTIMIZATION PACK

12
4.5 Published Applications and Menus – Single Desktop User Experience
Administrators may publish applications or submenus installed on the virtual machine, making them
available to end users through the host Start menu. The applications launch from the Start menu or
desktop shortcuts and appear side-by-side with native applications on the user desktop, optionally
differentiated by a colored frame. The virtual machine desktop is not visible, simplifying user experience
and avoiding changes to user workflows.

The single desktop mode simplifies training and work processes and is therefore recommended for most
users. However, administrators can set the virtual machine to work in a full desktop mode, when
advanced users prefer to view the whole virtual machine. In this mode users have to manually toggle
between their physical desktop and the virtual machine desktop.

4.6 Web Browser Redirection

For Web applications, administrators can define a set of Websites (based on allow or deny lists of domain
suffixes or IP prefixes) to be launched in a browser running on the virtual machine. Corporate Websites or
incompatible Web applications can start in the virtual machine, while all other sites still work in the host
browser normally. The MED-V client manages the browser redirection automatically, providing a
seamless browsing experience for the end user.

MICROSOFT DESKTOP OPTIMIZATION PACK

13
4.7 Printing
When a MED-V policy allows printing from MED-V workspace applications (in the guest operating system)
to locally installed printers, no driver needs to be installed for locally attached or network printers inside
the virtual machine.

4.8 File Transfer

Files can be transferred between the virtual machine and the endpoint or vice versa, according to
administrator-defined permissions. File transfers are subject to centrally defined filters that allow inbound
and outbound transfer of specific file types and may be pending on anti-virus scanning upon their
destination.

4.9 Copy and Paste Control

Copy and paste operations between a MED-V workspace and native applications can be allowed or
denied based on administrator policies. All copy and paste operations inside the virtual machine (between
guest applications), and between endpoint host applications, are always allowed; the MED-V Client does
not interfere with existing copy and paste behavior.

MICROSOFT DESKTOP OPTIMIZATION PACK

14
5 MED-V Client Deployment

5.1 Client Deployment and Image Delivery Methods

MED-V can be deployed in the following ways:

 Software distribution system—The MED-V client installation is based on a standard Windows .msi
package. Therefore, when deploying MED-V, administrators can use any existing software
distribution system. The MED-V .msi package does not include Virtual PC software that should
separately be deployed to all endpoints.

When installing MED_V through a distribution system, administrators may choose to let the MED-V
client retrieve the virtual image from the image repository according to the user policy, or deliver the
virtual image package using other methods to a pre-defined location, so that MED-V client will use it
and not download it from the repository.

 "MED-V deployment package—Administrators can provide end users with an installation package
that includes the MED-V client, Microsoft Virtual PC, and optionally, the virtual image. The process
requires almost no user interference, and automatically installs everything required for MED-V
operation on the local drive. The package can be delivered on a removable media (such as CD or
DVD), or downloaded from a self-service Web server by the end-user.

5.2 Customized, First-time Setup

MED-V allows administrators to customize every deployment of a virtual image. This procedure can
include allocating a unique computer name for the virtual image (according to user name, endpoint
parameters, or a random ID) so that, for instance, administrators can assign the virtual machine an
identifier that is based on the host computer name, and therefore easily identify this virtual machine in
software management systems. Other customizations include Sysprep to allocate a unique SID for the
virtual machine, joining the virtual machine to the corporate Active Directory domain, or running an
administrator script.

The MED-V Client handles first time setup automatically and transparently for the end user, including
repeating failed steps or the whole process, and reporting back to the management server in case
troubleshooting is required.

MICROSOFT DESKTOP OPTIMIZATION PACK

15
6 MED-V Image Delivery and Update
The MED-V images repository contains all available virtual machine images. The MED-V management
console provides an easy way to create, manage, update or delete images from the MED-V images
repository.

Whenever administrators provision a new virtual machine or update an existing one, the MED-V
management server detects the change in the image repository and notifies MED-V clients on their next
policy query, referring them to the most recent virtual machine from the respective images repository.

Delivery is implemented using MED-V Trim Transfer technology over the network. Alternatively, virtual
machines can be delivered via removable media (such as DVDs) or by other preferred methods of
network delivery.

The images repository is based on Microsoft IIS Web servers. Therefore when using Trim Transfer
delivery, organizations may leverage standard Web scalability and high availability infrastructure. To
improve download performance, organizations can create images repository replicas at branch offices or
remote geographic locations. Administrators can choose whether the download is done over a standard
HTTP or HTTPs session.

MICROSOFT DESKTOP OPTIMIZATION PACK

16
6.1 MED-V Trim Transfer Technology
The MED-V advanced Trim Transfer de-duplication technology accelerates the download of
initial and updated virtual machine images over the LAN or WAN, thereby reducing the
network bandwidth needed to transport a MED-V workspace virtual machine to multiple end
users. This technology uses existing local data to build the virtual machine image,
leveraging the fact that in many cases, much of the virtual machine (for example, system
and application files) already exists on the end user's disk. For example, if a virtual machine
containing Windows XP is delivered to a client running a local copy of Windows XP, MED-V
will automatically remove the redundant Windows XP elements from the transfer. To ensure
a valid and functional workspace, the MED-V client cryptographically verifies the integrity of
local data before it is utilized, guaranteeing that the local blocks of data are absolutely bit-
by-bit identical to those in the desired virtual machine image. Blocks that do not match are
not used.
The process is bandwidth-efficient and transparent, and transfers run in the background,
utilizing unused network and CPU resources.
When updating to a new image version (for example, when administrators want to distribute a new
application or patch), only the elements that have changed ("deltas") are downloaded, and not the entire
virtual machine, significantly reducing the required network bandwidth and delivery time.

MICROSOFT DESKTOP OPTIMIZATION PACK

17
7 MED-V Management Server
The MED-V management server stores and manages all MED-V configurations including user policies. It
can be installed on top of Microsoft Windows Server (see system requirements). All server functionality
can be controlled from the MED-V management console, which is a standalone client application.

All MED-V Clients connect to the MED-V management server, authenticate and retrieve the most updated
policy. All sessions (from MED-V clients or management consoles) are carried over HTTP or HTTPS
(according to server configuration).

7.1 Workspace Policy

Using the MED-V management console, administrators can create a new policy or change existing
policies stored on the MED-V management server. Any change is automatically detected and updated by
all online clients. Offline clients are updated once they connect. All policies are signed by a private key,
generated upon server installation; the MED-V client verifies the authenticity and integrity of every policy it
retrieves using a public key it retrieves in its first communication with the server.

7.2 Events Database and the MED-V Dashboard

The MED-V management server aggregates events from all MED-V clients. The events include system
notifications and MED-V workspace monitoring (Workspace started, stop, failed to start due to lack of
memory, etc).

All events are stored in an external Microsoft SQL Server (see system requirements) that can be installed
on the same server or separately.

The MED-V management console provides a report generator that filters events according to date and
users. In addition, a dashboard status report enables monitoring of all installed clients including machine
name, user name, offline and online indication, client version, image name, image version, etc.

The client status enables administrators to monitor virtual image downloads or update progress in real
time.

MICROSOFT DESKTOP OPTIMIZATION PACK

18
8 MED-V Enterprise Architecture

8.1 Scalability and Multi-Locations

A typical MED-V management server can support thousands of users, depending on its hardware. The
client-server communication is lightweight. Clients are normally configured to poll the server for a policy
every 15 minutes and for image updates every 4 hours. If the policy polling time is increased, the server
should be able to increase its scale.

The only client-server heavy-duty operation occurs when a new image is available, and multiple clients
retrieve hundreds of megabytes from the images repository. Since the images repository is a standard
Microsoft IIS Web server, it is possible to scale the image delivery based on IIS capabilities.

To improve the download rate, optimize bandwidth efficiently, and further balance the load, the image
delivery servers can be placed in multiple geographic locations. DNS resolution can be used to direct the
MED-V client to the best available location.

Alternatively, a separate distribution mechanism can be used to deliver the virtual images to the
endpoints. The MED-V client looks for the image in a pre-defined location, and removes the need for
image download and MED-V image delivery Web infrastructure.

8.2 High Availability

The MED-V client operates independently of MED-V servers. If the management server is malfunctioning
or has stopped responding, all clients already running a MED-V workspace may continue working. New
attempts to start a MED-V workspace will run in offline mode. Only online authentication, policy changes,
and image updates are unavailable, and client events are aggregated at the client side until the server is
available again.

However, to ensure fast recovery of a server failure, MED-V supports a failover structure, where two
identical management servers are placed behind a third-party high-availability cluster: one is active, the
other is passive. Once the active server fails, the cluster automatically shifts to the passive server. In this
setup, all server resources -- policy files, settings, virtual machine images, and reports database are
separated from the management servers to an external highly available, clustered file system.

MICROSOFT DESKTOP OPTIMIZATION PACK

19
This is a preliminary document and may be changed substantially prior to final commercial release of the software described herein.
The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of
publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of
Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.
This White Paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS
TO THE INFORMATION IN THIS DOCUMENT.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this
document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic,
mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this
document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you
any license to these patents, trademarks, copyrights, or other intellectual property.

 2008 Microsoft Corporation. All rights reserved.

Microsoft, Windows, Windows Vista, Active Directory, Microsoft SQL Server are either registered trademarks or trademarks of Microsoft
Corporation in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

20