This article aims to establish the recommended practices while deploying Seclore desktop clients across various virtualized platforms.
The agent of choice for virtualized environments is the Seclore Desktop Client. Seclore Lite is not recommended in the case of application virtualization based implementations. This article has been created based on common implementations of virtualization from the leading OEMs such as VMWare & Citrix and is not intended to cover every possible architecture & technology.
Screen Capture privilege must be granted to all users of Seclore in the virtual environments. Failure to do so will lead to users not being able to view Seclore protected documents.
The stringent security configurations that are incompatible on standalone Windows machines are equally applicable on virtual environments. For instance, restrictions that prevent Windows startup items from being launched on user login hinder the functionalities of the Seclore desktop client in either case.
It is often observed that additional security restrictions are deployed on virtual environments and these need to be dealt with on a case to case basis.
In implementations wherein the virtualization does not occur at the application level, the Seclore desktop client is known to work flawlessly out of the box unless additional security configurations are discussed above.
Seclore recommends following the vendor-specific guidelines to publish desktop clients and make it available for virtual environment users. It might not be necessary to publish all Seclore .exe files for the user although it is essential to allow the following exe files to run at user login.
There are multiple means to implement application virtualization and some of them entail serving applications in a distributed manner, i.e. explorer.exe is available from Server 1, winword.exe from Server 2, AcroRd32.exe from Server 3 etc. In such cases, it is essential to install Seclore desktop client on each of these servers.
It is expected that the virtualization provider addresses the user sessions and the processes within the user session appropriately. It is essential that all processes initiated in the context of the user session are terminated on user logoff. In case they are still running post user logoff, additional action such as a logoff script to terminate those processes may be required.
It is technically not feasible to deploy Seclore desktop client as a packaged application and utilize it from within a single directory. Seclore is however compatible with packaged applications, which may at times require additional actions. For instance, a ThinApp packaged MS Excel application will be Seclore compatible once the Seclore add-ins are enabled as part of the package.
Need more help?
Contact Seclore Support