A comprehensive guide to VMware Dynamic Environment Manager (DEM), a solution for managing end-user desktop experiences. It details the installation and initial configuration of DEM, including setting up Group Policy Objects (GPOs) and understanding the NoAD mode. The text explores various aspects of desktop management, such as user personalization for applications, configuring environment settings like drive mappings, application blocking, and printer mappings, and establishing condition sets to apply settings dynamically. Additionally, the book covers advanced topics like application migration, utilizing the Helpdesk Support Tool for profile management, and troubleshooting common issues encountered in a DEM environment, with an emphasis on log file analysis and performance optimization.
You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cyber_security_summary
Get the Book now from Amazon:
https://www.amazon.com/Implementing-VMware-Dynamic-Environment-Manager/dp/9390684676?&linkCode=ll1&tag=cvthunderx-20&linkId=1d874ab6c30affb4a8cc95f1a4f50b79&language=en_US&ref_=as_li_ss_tl
You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cyber_security_summary
Get the Book now from Amazon:
https://www.amazon.com/Implementing-VMware-Dynamic-Environment-Manager/dp/9390684676?&linkCode=ll1&tag=cvthunderx-20&linkId=1d874ab6c30affb4a8cc95f1a4f50b79&language=en_US&ref_=as_li_ss_tl
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
Okay, let's unpack this. You know that moment you log
into a new computer or maybe a virtual desktop, and
that sinking feeling hits. Oh yeah, all your personalized settings,
your desktop shortcuts, your app configurations just gone, like your
digital identity completely vanished, totally evaporates. Today we're diving deep
(00:21):
into the magic behind making sure your digital workspace actually
adapts to you no matter where or how you log in.
We're talking about delivering a consistent, personalized and seamless user
experience even in really complex IT setups.
Speaker 2 (00:35):
And what's truly fascinating if you think about it, is
how historically managing these user profiles, it's been such a
persistent headache for it, leading to slow logins and let's
be honest, really frustrated users definitely. But solutions like VMware
Dynamic Environment Manager DEM, they're fundamentally changing that whole landscape.
They let it deliver a truly just in time personalized desktop.
Speaker 1 (00:57):
And that's exactly our mission today, right to explore User
Environment Management UEM, specifically through DEM.
Speaker 2 (01:03):
YEP, trace the evolution of user profiles and really uncover
how this tool streamlines things for admins while making the
experience much better for you, the end user.
Speaker 1 (01:14):
Okay, so to really appreciate what DEM does, we probably
need to rewind a bit. Before these modern tools, managing
your digital identity was well a lot more basic.
Speaker 2 (01:23):
Oh absolutely.
Speaker 1 (01:24):
Can you walk us through how user profiles first really
took shape? Maybe starting with Windows NT.
Speaker 2 (01:30):
Sure? Yeah, Back then, your digital footprint on a machine
was pretty limited. Early program stuff was hard to reproduce consistently.
But Windows NT that's where we really saw the birth
of proper user profiles, and it all centered around that
end user dot.
Speaker 1 (01:44):
Dat filet user dot dat. I remember that exactly.
Speaker 2 (01:48):
It stored all those critical settings, configurations, preferences, everything specific
to your login.
Speaker 1 (01:53):
So that single file was basically the heart of your
personalized world on that machine. If it got deleted or corrupted,
puff poof is.
Speaker 2 (02:00):
Right back to square one. It's essentially a log file
of all your user specific changes. Delete it and everything
resets to default. It really shows how deep profile management
goes in Windows. And building on that, we then saw
different types of profiles pop up, each trying to follow
a problem, but each with its own set of issues.
Speaker 1 (02:20):
And the first simplest ones were just local profiles. Weren't
they your settings? Lived right there and the machine.
Speaker 2 (02:25):
You used yep, straightforward.
Speaker 1 (02:27):
Great if you only ever use one PC, But if
you move to a different.
Speaker 2 (02:30):
Desk, none of your settings followed you. You started completely
from scratch every single time.
Speaker 1 (02:35):
A nightmare for anyone who wasn't chained to one desk.
Speaker 2 (02:37):
It absolutely was, and that frustration directly led to the
idea of roaming profiles.
Speaker 1 (02:42):
Okay, so trying to make the profile roam with the.
Speaker 2 (02:45):
User exactly a significant step. Conceptually, your profile was stored
centrally on a server somewhere. It got copied down to
the local machine when you logged in, and then synced
back up when you logged off. The idea was well
brilliant on paper.
Speaker 1 (03:00):
I'm sensing a butt here. I can almost hear the
network traffic groaning. Slow logins.
Speaker 2 (03:06):
You are absolutely right connect that to the bigger picture. Yes,
they offered portability, but roaming profiles became notorious for slow
logins and logofs.
Speaker 1 (03:16):
Just copying huge files back and forth pretty much, especially
as profiles grew and they were often tied.
Speaker 2 (03:22):
To specific OS versions, making upgrades of pain. Plus they
were prone to corruption.
Speaker 1 (03:28):
Ah, the dreaded profile corruption, often leading to a full
reset right now cutently.
Speaker 2 (03:33):
So yeah, it was a step forward, but a pretty
clunky one.
Speaker 1 (03:36):
And then there were mandatory profiles, which sound restrictive.
Speaker 2 (03:40):
They were admins defined them read only any changes you
made gone when you logged off. Great for control like
for kioks or specific security needs. Okay, they even had regions.
Normal mandatory let you use a cashed copy if the
server was offline. Super mandatory wouldn't even let you log in.
Speaker 1 (03:55):
So control over personalization seems like all these early types
involved some kind of tref Definitely.
Speaker 2 (04:01):
They were all trying to fit, like you said, a
square peg into the round hole of increasingly dynamic IT environments.
Speaker 1 (04:07):
So with all those historical hurdles and compromises, what does
this mean for today for our dynamic, often virtualized desktops.
How do we escape those limitations?
Speaker 2 (04:19):
Well, this is exactly where User Environment Management, and specifically
VMware Dynamic Environment Manager DEM, really enters the scene and
changes the game.
Speaker 1 (04:27):
Okay.
Speaker 2 (04:28):
What DEM does fundamentally is it abstracts your user specific settings,
you know, application settings, OS, preferences, your data, pulls them
away from the underlying operating system itself.
Speaker 1 (04:38):
It separates them out precisely.
Speaker 2 (04:40):
Yeah, this user personality is then delivered on demand. Just
in time is the term often used right as you
log in.
Speaker 1 (04:46):
So it's like your personalized identity is assembled instantly every time,
even on a fresh machine.
Speaker 2 (04:52):
That's the core idea. It makes it happen.
Speaker 1 (04:54):
That sounds incredibly powerful. It can deploy standard clean desktops.
You the users, still get your familiar setup. That must
simplify things hugely for IT.
Speaker 2 (05:04):
Admins immensely for IT. It means centralized management. It means
reduced infrastructure costs because you can use those stateless virtual
desktops h.
Speaker 1 (05:13):
Because the personality isn't tied to the machine.
Speaker 2 (05:15):
State exactly, simplified deployment, incredibly granular control over what gets
delivered and when, and for you the end user, a
consistent personalized experience any device, physical, virtual cloud, and.
Speaker 1 (05:29):
Fast logins, presumably without copying huge roaming profiles.
Speaker 2 (05:33):
Fast logins, fast log offs, your setting's actually roam with you,
but without all those traditional headaches we just talked about.
It's consistency without compromise.
Speaker 1 (05:41):
That's a compelling vision, but it brings up a really
key question for it. How do you actually guarantee that
consistent personal experience in say a VDI environment where desktops
are built and torn down constantly.
Speaker 2 (05:55):
Right, and DEM provides that critical missing piece. It enables
what's often called the composite desktop model. It's built on layers, layers.
Speaker 1 (06:01):
Okay, so what are they?
Speaker 2 (06:02):
Three distinct layers working together. First the OS layer, that's
your optimized operating system, maybe some core apps everyone needs.
It's like a clean base.
Speaker 1 (06:09):
Image, got it, the foundation.
Speaker 2 (06:11):
Then you have the applications layer, apps delivered on demand,
maybe through layering tech like app volumes or virtualization added
as needed.
Speaker 1 (06:19):
Okay, OS, then apps.
Speaker 2 (06:21):
And finally layer three where DEM really does its work,
the user profile layer. This is your abstracted on demand
settings and data.
Speaker 1 (06:31):
The user personality layer.
Speaker 2 (06:32):
Exactly. It's the magic that makes that generic base OS
and those added apps suddenly feel like your desktop instantly.
It brings your personality to the digital space.
Speaker 1 (06:42):
Okay, so how does DEM actually make this happen? What
are the nuts and bolts, the core components.
Speaker 2 (06:47):
It boils down to a few key building blocks. First,
there's the flex engine. Think of it as the agent.
Speaker 1 (06:53):
The agent so it runs on the user's machine.
Speaker 2 (06:55):
Correct, It's a lightweight agent installed on every desktop, physical
or virtual. That dem manages. It's the part that actually
applies the policies and delivers the settings it has configured
the worker be basically.
Speaker 1 (07:07):
Okay, flex engine on the endpoint. And for IP to
manage all this, there must be a central control panel,
the management console.
Speaker 2 (07:14):
That's right. The management console is the main interface for
IT admins. That's where they configure all the personalization, the
application settings, everything.
Speaker 1 (07:22):
And it's flexible, like multiple admins can use it.
Speaker 2 (07:25):
Yeah, it can be installed on multiple admin machines, so
different team members can manage the environment. Avoids bottlemes.
Speaker 1 (07:32):
Okay, so flex Engine on the user side, management console
for it. But where do all these settings, the configurations,
the user's actual data, where does it all live?
Speaker 2 (07:43):
Good question. Critical to the whole thing are two central
shared folders, usually on a file server. The first is
the Configuration Share.
Speaker 1 (07:51):
Configuration Share.
Speaker 2 (07:52):
This is where it stores all the blueprints for your workspace.
We call them flex configuration files.
Speaker 1 (07:56):
Blueprints like instruction manuals for apps kind of.
Speaker 2 (08:00):
Each one tells them how a specific application or Windows
setting should behave for you. Users just need read access here.
Admin's need full control needs about a gigabyte minimum usually.
Speaker 1 (08:10):
Okay, so that's the instructions and the second share, the
profile archive share. That sounds like where my personal stuff goes.
Speaker 2 (08:16):
Precisely, This is where your individual customizations, your settings changes
are kept, usually as zip files.
Speaker 1 (08:24):
Zip files.
Speaker 2 (08:26):
Interesting, Yeah, flex engine reads from here. When you log
in or launch an app, pulls down your settings than
any changes you make get written back here when you
log off or close the app.
Speaker 1 (08:35):
And permissions here. Users need to write back right yep.
Speaker 2 (08:38):
Users need create folders and a pen data admins need
full control. You should plan for at least one hundred
milibi per user. Here roughly stores unique user data.
Speaker 1 (08:50):
Got it? And I think you mentioned a couple of
other tools for specific jobs.
Speaker 2 (08:54):
Yes, there's the Application profiler tool. It uses this to
create those flex configuration files. It captures and apps registry settings,
filesystem stuff. Basically, reverse engineer is how an app stores its.
Speaker 1 (09:04):
Setting ah okay to build the blueprints exactly.
Speaker 2 (09:07):
And then there's the demsync tool. This is handy for
users who might be remote, maybe with body internet or
work offline.
Speaker 1 (09:13):
A lot for offline scenarios, right.
Speaker 2 (09:15):
It lets them manage their profile settings locally, then sync
everything up when they reconnect.
Speaker 1 (09:20):
Makes sense now, deploying this across an organization. How does
it actually plug DEM into everything? Does it need active directory?
Speaker 2 (09:30):
It often uses it. The traditional way is via active
directory Group Policy AD GPO. DEM comes with its own
ADMX templates you load.
Speaker 1 (09:38):
In so standard GPO management.
Speaker 2 (09:40):
But there's also no AD mode. This is great for
environments without AD which you see sometimes with cloud desktops
or specific setups.
Speaker 1 (09:49):
No AD how does that work?
Speaker 2 (09:50):
Then it uses a noad dot xml file for configuration instead,
bypasses GPOs login scripts entirely. You just have to make
sure the flex engine agent is installed and no AD
mode offers good flexibility.
Speaker 1 (10:02):
That flexibility is good, but it does raise a big question,
especially for larger companies, how do you make sure these
profiles are always available consistent across different sites. What if
a file server goes down.
Speaker 2 (10:11):
Reliability is key, absolutely critical point, and DEM's architecture is
designed with this in mind. It supports multiple configuration shares,
multiple profile archive shares, so you can.
Speaker 1 (10:21):
Have different ones for different locations or departments exactly.
Speaker 2 (10:24):
And then you use replication. That's the key. Maybe software
replication like DFSN for the configuration files, or hardware sand
replication for the user profile data.
Speaker 1 (10:34):
Ah so standard high availability techniques right.
Speaker 2 (10:36):
That ensures scalability, high availability and lets users roams seamlessly
between sites. Your profile's there even if one server has
an issue business continuity okay, And.
Speaker 1 (10:47):
What about the management console server itself? The one it
uses is that a single point of failure.
Speaker 2 (10:53):
No, not really. If a management server fails, you can
just reinstall it quickly and point it back to those
replicated shares. All the critical and FIG and user data
lives on those shares, safe and sound. The system's pretty resilient.
Speaker 1 (11:05):
Okay. Understanding the pieces is one thing, but the real power,
what it gets creative is on the configuration, right, putting
it all together to shape that dynamic environment.
Speaker 2 (11:14):
Absolutely. The initial setup is pretty standard GPO stuff copy
the ADMX ADML templates, create a link of GPO. Then
in that GPO you set the core paths, can fig
share profile, archive, share where backups go, log file locations,
and you enable the Flex Engine, logan and log off scripts.
Speaker 1 (11:33):
The flex engine, dot ex e I R and a
less commands.
Speaker 2 (11:36):
Exactly coe er for refreshed logan, a lag us for
stable golf. And the first time you launched a management console,
it asks you about enabling personalization, maybe extra features like
app V support. It's about getting the basic plumbing in place.
Speaker 1 (11:51):
So beyond that initial setup, where does the really fine
grained control come in tailoring the experience.
Speaker 2 (11:57):
That's where dem gets really powerful with advance personalization. The
core of it is the flex.
Speaker 1 (12:02):
Now, the thing that sounds really cool for the user
experience is directflex. Can you explain that again? How does
it speed things up so much?
Speaker 2 (12:10):
Right? Directflex it's a massive optimization. Instead of loading all
the settings for all your applications when.
Speaker 1 (12:15):
You log in, which could take ages.
Speaker 2 (12:17):
Exactly, directflex only processes and applications settings when you actually
launch that specific application.
Speaker 1 (12:23):
Ah, just in time for apps too, not just.
Speaker 2 (12:25):
Log in precisely. It makes logins way faster because it's
not doing all that work up front. It delivers just
what's needed right when it's needed. Big performance boost makes
total sense. Plus you can set up robust backups for
the profile archives, define specific conditions based on OSIP range
ad group, even time of day for when certain setting
(12:47):
should apply. Context is everything, so it's really.
Speaker 1 (12:50):
About managing the whole user environment, not just profiles and isolation.
What else falls under that on.
Speaker 2 (12:55):
Broad Oh, it's incredibly comprehensive. You can pull in traditional
ADMX based settings, group policy settings, but apply them contextually
through DEM, making them dynamic.
Speaker 1 (13:05):
So more targeted than regular GPOs much more.
Speaker 2 (13:08):
There's app of volumes integration to optimize things like outlook
ost files on writable volumes. You can do application blocking,
stop specific apps from running globally or based on conditions
with custom messages.
Speaker 1 (13:21):
And the one I really like the sound of privileged elevation.
Speaker 2 (13:25):
Yes, huge security win grant elevated rights for just one
specific app or installer without making the user a full
local admin.
Speaker 1 (13:34):
That's fantastic. No more over privileged users just for one
annoying app exactly.
Speaker 2 (13:39):
And think about all the routine stuff, drive mappings, environment variables,
file type associations, folder redirection, running log on, log off tasks,
mapping printers, creating shortcuts, even Windows settings like display language
or hiding drive.
Speaker 1 (13:52):
All managed centrally and contextually.
Speaker 2 (13:54):
All centrally defined, managed and applied based on those conditions.
Through DEM. It turns what used to be manual SS
scripting or static GPOs into an automated, dynamic process.
Speaker 1 (14:03):
Okay, one really powerful thing we haven't dug into yet
is application upgrades. I mean, everyone dreads migrating user settings
from say Office twenty ten to Office three sixty five.
How does DEM handle that pain point?
Speaker 2 (14:15):
Ah? Yes, that's a classic challenge, right, making sure all
the users' personal tweaks and settings move smoothly from the
old version to the new one without breaking anything.
Speaker 1 (14:24):
Yeah, you don't want users complaining their customizations are gone
after an upgrade.
Speaker 2 (14:28):
Exactly. Dem has a dedicated application migration feature for this.
It lets it define a very precise automated process to handle.
Speaker 1 (14:36):
That transition automated. How does that work? Is it complex
to set up?
Speaker 2 (14:40):
It uses a special XML file, you tell dem okay,
here's the flexiconfig file for the old app version, the source,
and here's the one for the new version, the target,
tours and target. Then the migration XML file itself contains
the detailed instructions. You define granular actions for the registry
and file system, things like create this registry key, rename
(15:00):
that value, delete this old file, copy these settings files,
move this directory.
Speaker 1 (15:05):
So it's like a step by step script for transforming
the settings very much.
Speaker 2 (15:08):
It's a transformation map.
Speaker 1 (15:10):
And I guess the order you define those steps in
the XML is crucial. Get it wrong and you could
mess things up.
Speaker 2 (15:16):
Absolutely critical thinking is needed there. The order of operations
can definitely make or break the migration. You're effectively scripting
the update of the user's digital footprint for that app.
Speaker 1 (15:27):
But done right, it means a seamless transition for the user.
They just launched the new version and their settings are there.
Speaker 2 (15:34):
That's the goal, completely automated maintaining user productivity, avoiding manual
reconfiguration or data loss. Very powerful for application life cycle management.
Speaker 1 (15:44):
Now, even with the best planning, things inevitably go sideways.
Sometimes support and troubleshooting are always necessary. What tools does
DEM offer for it when issues pop up?
Speaker 2 (15:55):
For that frontline support? There's the help Desk Support tool.
It's an optional component but really useful.
Speaker 1 (16:01):
What does it let support staff do?
Speaker 2 (16:02):
It allows authorized IT admins or help desk operators to
view user profile archives, look at backups, edit settings if needed,
reset profiles or restore them from backup.
Speaker 1 (16:13):
Okay, direct access to the user's profile data exactly.
Speaker 2 (16:16):
And it has a built in viewer for the Flex
Engine log files, which makes analyzing those logs much much
easier than digging through text files.
Speaker 1 (16:23):
Nice log viewing built.
Speaker 2 (16:24):
In Yeah, and you can configure it with paths and
labels for different environments too, which helps streamline support in
bigger organizations.
Speaker 1 (16:31):
And when things do go wrong, what are some common
scenarios it might run into when troubleshooting DEM.
Speaker 2 (16:38):
Well, one you might see is direct flex conflicts. An
application won't launch or it fails because its hooks are
interfering with another app hooks. Yeah, how it integrates. The
fix often involves blacklisting certain apps from direct Flex or
using some advanced config settings. Another huge one anti virus exclusions.
Speaker 1 (16:57):
Ah AV getting in the way.
Speaker 2 (16:59):
Always classic, Always, you absolutely must exclude the dems, shared
folders and the local paths and executables like flexengine dot
ex and Flexservice dot ex from eighty scans, otherwise you
risk major performance hits or even profile corruption.
Speaker 1 (17:14):
Right critical configuration. What else you might see?
Speaker 2 (17:17):
Folder redirection loops That happens if you accidentally redirect files
inside a folder that's already redirected. The log files are
key here check the redirected folders section.
Speaker 1 (17:26):
Okay, logs are your.
Speaker 2 (17:26):
Friend there Always if the configuration share is unavailable when
a user logs in, they might just get logged right
back out could be network problems or maybe a GPO setting.
There's a policy paths unavailable at logga that you can
set to skip import instead of logoff, which can sometimes.
Speaker 1 (17:42):
Help at least lets them get to a desktop, maybe
without full personalization exactly.
Speaker 2 (17:46):
And if a user logs off and finds their Windows
settings didn't.
Speaker 1 (17:50):
Save, oh, what's usually the cause there?
Speaker 2 (17:52):
Typically it means the logoff commands aren't running. You need
to double check that the Flexengine dot ex s command
is correctly set up in a log off script or policy. Gotcha,
And this really highlights a core belief. You know, knowledge
is great, but it's most valuable when you can actually
apply it. Learning to read those Flex Engine log files,
Theflex Engine dot log it's like having a direct line
(18:14):
into what dem is doing.
Speaker 1 (18:16):
What kind of details can you see in there?
Speaker 2 (18:17):
Oh? Everything successful logins, user and computer details, the state
of the profile, which config files got processed, which direct
Flex apps launched, how long things took, GPO processing times,
compression status, how it handled unavailable shares. It's your number
one tool for debugging.
Speaker 1 (18:33):
Wow. Okay, we have certainly covered a lot of ground
today from the history and the headaches of old school user.
Speaker 2 (18:41):
Profiles the battle days.
Speaker 1 (18:43):
To the really sophisticated capabilities of VMware Dynamic Environment Manager.
I think anyone listening now has a really solid grasp
on how DEM tackles the complexity of managing personalized digital workspaces.
Speaker 2 (18:56):
Absolutely, and it's important to see DEM as more than
just a profile tool, really a strategic piece for any
organization moving towards dynamic, virtualized or cloud based desktops. It
ensures that end user experience stays consistent, secure, and importantly productive.
Speaker 1 (19:11):
Yeah, it's about making sure your digital workspace actually works
for you, not against you, every single time you log in,
precisely so. Looking ahead, as digital workspaces keep evolving, blending physical,
virtual cloud maybe even more, what new challenges do you
see coming up for maintaining that truly personal, agile user
experience and how might tools like DAM need to keep adapting.
Speaker 2 (19:34):
That's the big question.
Speaker 1 (19:35):
Isn't it something for you to think about? Is you
consider how these ideas might apply in your own digital environment,
Okay, let's unpack this. You know that moment you log
into a new computer or maybe a virtual desktop, and
that sinking feeling hits. Oh yeah, all your personalized settings,
your desktop shortcuts, your app configurations just gone, like your
digital identity completely vanished, totally evaporates. Today we're diving deep
(00:21):
into the magic behind making sure your digital workspace actually
adapts to you no matter where or how you log in.
We're talking about delivering a consistent, personalized and seamless user
experience even in really complex IT setups.
Speaker 2 (00:35):
And what's truly fascinating if you think about it, is
how historically managing these user profiles, it's been such a
persistent headache for it, leading to slow logins and let's
be honest, really frustrated users definitely. But solutions like VMware
Dynamic Environment Manager DEM, they're fundamentally changing that whole landscape.
They let it deliver a truly just in time personalized desktop.
Speaker 1 (00:57):
And that's exactly our mission today, right to explore User
Environment Management UEM, specifically through DEM.
Speaker 2 (01:03):
YEP, trace the evolution of user profiles and really uncover
how this tool streamlines things for admins while making the
experience much better for you, the end user.
Speaker 1 (01:14):
Okay, so to really appreciate what DEM does, we probably
need to rewind a bit. Before these modern tools, managing
your digital identity was well a lot more basic.
Speaker 2 (01:23):
Oh absolutely.
Speaker 1 (01:24):
Can you walk us through how user profiles first really
took shape? Maybe starting with Windows NT.
Speaker 2 (01:30):
Sure? Yeah, Back then, your digital footprint on a machine
was pretty limited. Early program stuff was hard to reproduce consistently.
But Windows NT that's where we really saw the birth
of proper user profiles, and it all centered around that
end user dot.
Speaker 1 (01:44):
Dat filet user dot dat. I remember that exactly.
Speaker 2 (01:48):
It stored all those critical settings, configurations, preferences, everything specific
to your login.
Speaker 1 (01:53):
So that single file was basically the heart of your
personalized world on that machine. If it got deleted or corrupted,
puff poof is.
Speaker 2 (02:00):
Right back to square one. It's essentially a log file
of all your user specific changes. Delete it and everything
resets to default. It really shows how deep profile management
goes in Windows. And building on that, we then saw
different types of profiles pop up, each trying to follow
a problem, but each with its own set of issues.
Speaker 1 (02:20):
And the first simplest ones were just local profiles. Weren't
they your settings? Lived right there and the machine.
Speaker 2 (02:25):
You used yep, straightforward.
Speaker 1 (02:27):
Great if you only ever use one PC, But if
you move to a different.
Speaker 2 (02:30):
Desk, none of your settings followed you. You started completely
from scratch every single time.
Speaker 1 (02:35):
A nightmare for anyone who wasn't chained to one desk.
Speaker 2 (02:37):
It absolutely was, and that frustration directly led to the
idea of roaming profiles.
Speaker 1 (02:42):
Okay, so trying to make the profile roam with the.
Speaker 2 (02:45):
User exactly a significant step. Conceptually, your profile was stored
centrally on a server somewhere. It got copied down to
the local machine when you logged in, and then synced
back up when you logged off. The idea was well
brilliant on paper.
Speaker 1 (03:00):
I'm sensing a butt here. I can almost hear the
network traffic groaning. Slow logins.
Speaker 2 (03:06):
You are absolutely right connect that to the bigger picture. Yes,
they offered portability, but roaming profiles became notorious for slow
logins and logofs.
Speaker 1 (03:16):
Just copying huge files back and forth pretty much, especially
as profiles grew and they were often tied.
Speaker 2 (03:22):
To specific OS versions, making upgrades of pain. Plus they
were prone to corruption.
Speaker 1 (03:28):
Ah, the dreaded profile corruption, often leading to a full
reset right now cutently.
Speaker 2 (03:33):
So yeah, it was a step forward, but a pretty
clunky one.
Speaker 1 (03:36):
And then there were mandatory profiles, which sound restrictive.
Speaker 2 (03:40):
They were admins defined them read only any changes you
made gone when you logged off. Great for control like
for kioks or specific security needs. Okay, they even had regions.
Normal mandatory let you use a cashed copy if the
server was offline. Super mandatory wouldn't even let you log in.
Speaker 1 (03:55):
So control over personalization seems like all these early types
involved some kind of tref Definitely.
Speaker 2 (04:01):
They were all trying to fit, like you said, a
square peg into the round hole of increasingly dynamic IT environments.
Speaker 1 (04:07):
So with all those historical hurdles and compromises, what does
this mean for today for our dynamic, often virtualized desktops.
How do we escape those limitations?
Speaker 2 (04:19):
Well, this is exactly where User Environment Management, and specifically
VMware Dynamic Environment Manager DEM, really enters the scene and
changes the game.
Speaker 1 (04:27):
Okay.
Speaker 2 (04:28):
What DEM does fundamentally is it abstracts your user specific settings,
you know, application settings, OS, preferences, your data, pulls them
away from the underlying operating system itself.
Speaker 1 (04:38):
It separates them out precisely.
Speaker 2 (04:40):
Yeah, this user personality is then delivered on demand. Just
in time is the term often used right as you
log in.
Speaker 1 (04:46):
So it's like your personalized identity is assembled instantly every time,
even on a fresh machine.
Speaker 2 (04:52):
That's the core idea. It makes it happen.
Speaker 1 (04:54):
That sounds incredibly powerful. It can deploy standard clean desktops.
You the users, still get your familiar setup. That must
simplify things hugely for IT.
Speaker 2 (05:04):
Admins immensely for IT. It means centralized management. It means
reduced infrastructure costs because you can use those stateless virtual
desktops h.
Speaker 1 (05:13):
Because the personality isn't tied to the machine.
Speaker 2 (05:15):
State exactly, simplified deployment, incredibly granular control over what gets
delivered and when, and for you the end user, a
consistent personalized experience any device, physical, virtual cloud, and.
Speaker 1 (05:29):
Fast logins, presumably without copying huge roaming profiles.
Speaker 2 (05:33):
Fast logins, fast log offs, your setting's actually roam with you,
but without all those traditional headaches we just talked about.
It's consistency without compromise.
Speaker 1 (05:41):
That's a compelling vision, but it brings up a really
key question for it. How do you actually guarantee that
consistent personal experience in say a VDI environment where desktops
are built and torn down constantly.
Speaker 2 (05:55):
Right, and DEM provides that critical missing piece. It enables
what's often called the composite desktop model. It's built on layers, layers.
Speaker 1 (06:01):
Okay, so what are they?
Speaker 2 (06:02):
Three distinct layers working together. First the OS layer, that's
your optimized operating system, maybe some core apps everyone needs.
It's like a clean base.
Speaker 1 (06:09):
Image, got it, the foundation.
Speaker 2 (06:11):
Then you have the applications layer, apps delivered on demand,
maybe through layering tech like app volumes or virtualization added
as needed.
Speaker 1 (06:19):
Okay, OS, then apps.
Speaker 2 (06:21):
And finally layer three where DEM really does its work,
the user profile layer. This is your abstracted on demand
settings and data.
Speaker 1 (06:31):
The user personality layer.
Speaker 2 (06:32):
Exactly. It's the magic that makes that generic base OS
and those added apps suddenly feel like your desktop instantly.
It brings your personality to the digital space.
Speaker 1 (06:42):
Okay, so how does DEM actually make this happen? What
are the nuts and bolts, the core components.
Speaker 2 (06:47):
It boils down to a few key building blocks. First,
there's the flex engine. Think of it as the agent.
Speaker 1 (06:53):
The agent so it runs on the user's machine.
Speaker 2 (06:55):
Correct, It's a lightweight agent installed on every desktop, physical
or virtual. That dem manages. It's the part that actually
applies the policies and delivers the settings it has configured
the worker be basically.
Speaker 1 (07:07):
Okay, flex engine on the endpoint. And for IP to
manage all this, there must be a central control panel,
the management console.
Speaker 2 (07:14):
That's right. The management console is the main interface for
IT admins. That's where they configure all the personalization, the
application settings, everything.
Speaker 1 (07:22):
And it's flexible, like multiple admins can use it.
Speaker 2 (07:25):
Yeah, it can be installed on multiple admin machines, so
different team members can manage the environment. Avoids bottlemes.
Speaker 1 (07:32):
Okay, so flex Engine on the user side, management console
for it. But where do all these settings, the configurations,
the user's actual data, where does it all live?
Speaker 2 (07:43):
Good question. Critical to the whole thing are two central
shared folders, usually on a file server. The first is
the Configuration Share.
Speaker 1 (07:51):
Configuration Share.
Speaker 2 (07:52):
This is where it stores all the blueprints for your workspace.
We call them flex configuration files.
Speaker 1 (07:56):
Blueprints like instruction manuals for apps kind of.
Speaker 2 (08:00):
Each one tells them how a specific application or Windows
setting should behave for you. Users just need read access here.
Admin's need full control needs about a gigabyte minimum usually.
Speaker 1 (08:10):
Okay, so that's the instructions and the second share, the
profile archive share. That sounds like where my personal stuff goes.
Speaker 2 (08:16):
Precisely, This is where your individual customizations, your settings changes
are kept, usually as zip files.
Speaker 1 (08:24):
Zip files.
Speaker 2 (08:26):
Interesting, Yeah, flex engine reads from here. When you log
in or launch an app, pulls down your settings than
any changes you make get written back here when you
log off or close the app.
Speaker 1 (08:35):
And permissions here. Users need to write back right yep.
Speaker 2 (08:38):
Users need create folders and a pen data admins need
full control. You should plan for at least one hundred
milibi per user. Here roughly stores unique user data.
Speaker 1 (08:50):
Got it? And I think you mentioned a couple of
other tools for specific jobs.
Speaker 2 (08:54):
Yes, there's the Application profiler tool. It uses this to
create those flex configuration files. It captures and apps registry settings,
filesystem stuff. Basically, reverse engineer is how an app stores its.
Speaker 1 (09:04):
Setting ah okay to build the blueprints exactly.
Speaker 2 (09:07):
And then there's the demsync tool. This is handy for
users who might be remote, maybe with body internet or
work offline.
Speaker 1 (09:13):
A lot for offline scenarios, right.
Speaker 2 (09:15):
It lets them manage their profile settings locally, then sync
everything up when they reconnect.
Speaker 1 (09:20):
Makes sense now, deploying this across an organization. How does
it actually plug DEM into everything? Does it need active directory?
Speaker 2 (09:30):
It often uses it. The traditional way is via active
directory Group Policy AD GPO. DEM comes with its own
ADMX templates you load.
Speaker 1 (09:38):
In so standard GPO management.
Speaker 2 (09:40):
But there's also no AD mode. This is great for
environments without AD which you see sometimes with cloud desktops
or specific setups.
Speaker 1 (09:49):
No AD how does that work?
Speaker 2 (09:50):
Then it uses a noad dot xml file for configuration instead,
bypasses GPOs login scripts entirely. You just have to make
sure the flex engine agent is installed and no AD
mode offers good flexibility.
Speaker 1 (10:02):
That flexibility is good, but it does raise a big question,
especially for larger companies, how do you make sure these
profiles are always available consistent across different sites. What if
a file server goes down.
Speaker 2 (10:11):
Reliability is key, absolutely critical point, and DEM's architecture is
designed with this in mind. It supports multiple configuration shares,
multiple profile archive shares, so you can.
Speaker 1 (10:21):
Have different ones for different locations or departments exactly.
Speaker 2 (10:24):
And then you use replication. That's the key. Maybe software
replication like DFSN for the configuration files, or hardware sand
replication for the user profile data.
Speaker 1 (10:34):
Ah so standard high availability techniques right.
Speaker 2 (10:36):
That ensures scalability, high availability and lets users roams seamlessly
between sites. Your profile's there even if one server has
an issue business continuity okay, And.
Speaker 1 (10:47):
What about the management console server itself? The one it
uses is that a single point of failure.
Speaker 2 (10:53):
No, not really. If a management server fails, you can
just reinstall it quickly and point it back to those
replicated shares. All the critical and FIG and user data
lives on those shares, safe and sound. The system's pretty resilient.
Speaker 1 (11:05):
Okay. Understanding the pieces is one thing, but the real power,
what it gets creative is on the configuration, right, putting
it all together to shape that dynamic environment.
Speaker 2 (11:14):
Absolutely. The initial setup is pretty standard GPO stuff copy
the ADMX ADML templates, create a link of GPO. Then
in that GPO you set the core paths, can fig
share profile, archive, share where backups go, log file locations,
and you enable the Flex Engine, logan and log off scripts.
Speaker 1 (11:33):
The flex engine, dot ex e I R and a
less commands.
Speaker 2 (11:36):
Exactly coe er for refreshed logan, a lag us for
stable golf. And the first time you launched a management console,
it asks you about enabling personalization, maybe extra features like
app V support. It's about getting the basic plumbing in place.
Speaker 1 (11:51):
So beyond that initial setup, where does the really fine
grained control come in tailoring the experience.
Speaker 2 (11:57):
That's where dem gets really powerful with advance personalization. The
core of it is the flex.
Speaker 1 (12:02):
Now, the thing that sounds really cool for the user
experience is directflex. Can you explain that again? How does
it speed things up so much?
Speaker 2 (12:10):
Right? Directflex it's a massive optimization. Instead of loading all
the settings for all your applications when.
Speaker 1 (12:15):
You log in, which could take ages.
Speaker 2 (12:17):
Exactly, directflex only processes and applications settings when you actually
launch that specific application.
Speaker 1 (12:23):
Ah, just in time for apps too, not just.
Speaker 2 (12:25):
Log in precisely. It makes logins way faster because it's
not doing all that work up front. It delivers just
what's needed right when it's needed. Big performance boost makes
total sense. Plus you can set up robust backups for
the profile archives, define specific conditions based on OSIP range
ad group, even time of day for when certain setting
(12:47):
should apply. Context is everything, so it's really.
Speaker 1 (12:50):
About managing the whole user environment, not just profiles and isolation.
What else falls under that on.
Speaker 2 (12:55):
Broad Oh, it's incredibly comprehensive. You can pull in traditional
ADMX based settings, group policy settings, but apply them contextually
through DEM, making them dynamic.
Speaker 1 (13:05):
So more targeted than regular GPOs much more.
Speaker 2 (13:08):
There's app of volumes integration to optimize things like outlook
ost files on writable volumes. You can do application blocking,
stop specific apps from running globally or based on conditions
with custom messages.
Speaker 1 (13:21):
And the one I really like the sound of privileged elevation.
Speaker 2 (13:25):
Yes, huge security win grant elevated rights for just one
specific app or installer without making the user a full
local admin.
Speaker 1 (13:34):
That's fantastic. No more over privileged users just for one
annoying app exactly.
Speaker 2 (13:39):
And think about all the routine stuff, drive mappings, environment variables,
file type associations, folder redirection, running log on, log off tasks,
mapping printers, creating shortcuts, even Windows settings like display language
or hiding drive.
Speaker 1 (13:52):
All managed centrally and contextually.
Speaker 2 (13:54):
All centrally defined, managed and applied based on those conditions.
Through DEM. It turns what used to be manual SS
scripting or static GPOs into an automated, dynamic process.
Speaker 1 (14:03):
Okay, one really powerful thing we haven't dug into yet
is application upgrades. I mean, everyone dreads migrating user settings
from say Office twenty ten to Office three sixty five.
How does DEM handle that pain point?
Speaker 2 (14:15):
Ah? Yes, that's a classic challenge, right, making sure all
the users' personal tweaks and settings move smoothly from the
old version to the new one without breaking anything.
Speaker 1 (14:24):
Yeah, you don't want users complaining their customizations are gone
after an upgrade.
Speaker 2 (14:28):
Exactly. Dem has a dedicated application migration feature for this.
It lets it define a very precise automated process to handle.
Speaker 1 (14:36):
That transition automated. How does that work? Is it complex
to set up?
Speaker 2 (14:40):
It uses a special XML file, you tell dem okay,
here's the flexiconfig file for the old app version, the source,
and here's the one for the new version, the target,
tours and target. Then the migration XML file itself contains
the detailed instructions. You define granular actions for the registry
and file system, things like create this registry key, rename
(15:00):
that value, delete this old file, copy these settings files,
move this directory.
Speaker 1 (15:05):
So it's like a step by step script for transforming
the settings very much.
Speaker 2 (15:08):
It's a transformation map.
Speaker 1 (15:10):
And I guess the order you define those steps in
the XML is crucial. Get it wrong and you could
mess things up.
Speaker 2 (15:16):
Absolutely critical thinking is needed there. The order of operations
can definitely make or break the migration. You're effectively scripting
the update of the user's digital footprint for that app.
Speaker 1 (15:27):
But done right, it means a seamless transition for the user.
They just launched the new version and their settings are there.
Speaker 2 (15:34):
That's the goal, completely automated maintaining user productivity, avoiding manual
reconfiguration or data loss. Very powerful for application life cycle management.
Speaker 1 (15:44):
Now, even with the best planning, things inevitably go sideways.
Sometimes support and troubleshooting are always necessary. What tools does
DEM offer for it when issues pop up?
Speaker 2 (15:55):
For that frontline support? There's the help Desk Support tool.
It's an optional component but really useful.
Speaker 1 (16:01):
What does it let support staff do?
Speaker 2 (16:02):
It allows authorized IT admins or help desk operators to
view user profile archives, look at backups, edit settings if needed,
reset profiles or restore them from backup.
Speaker 1 (16:13):
Okay, direct access to the user's profile data exactly.
Speaker 2 (16:16):
And it has a built in viewer for the Flex
Engine log files, which makes analyzing those logs much much
easier than digging through text files.
Speaker 1 (16:23):
Nice log viewing built.
Speaker 2 (16:24):
In Yeah, and you can configure it with paths and
labels for different environments too, which helps streamline support in
bigger organizations.
Speaker 1 (16:31):
And when things do go wrong, what are some common
scenarios it might run into when troubleshooting DEM.
Speaker 2 (16:38):
Well, one you might see is direct flex conflicts. An
application won't launch or it fails because its hooks are
interfering with another app hooks. Yeah, how it integrates. The
fix often involves blacklisting certain apps from direct Flex or
using some advanced config settings. Another huge one anti virus exclusions.
Speaker 1 (16:57):
Ah AV getting in the way.
Speaker 2 (16:59):
Always classic, Always, you absolutely must exclude the dems, shared
folders and the local paths and executables like flexengine dot
ex and Flexservice dot ex from eighty scans, otherwise you
risk major performance hits or even profile corruption.
Speaker 1 (17:14):
Right critical configuration. What else you might see?
Speaker 2 (17:17):
Folder redirection loops That happens if you accidentally redirect files
inside a folder that's already redirected. The log files are
key here check the redirected folders section.
Speaker 1 (17:26):
Okay, logs are your.
Speaker 2 (17:26):
Friend there Always if the configuration share is unavailable when
a user logs in, they might just get logged right
back out could be network problems or maybe a GPO setting.
There's a policy paths unavailable at logga that you can
set to skip import instead of logoff, which can sometimes.
Speaker 1 (17:42):
Help at least lets them get to a desktop, maybe
without full personalization exactly.
Speaker 2 (17:46):
And if a user logs off and finds their Windows
settings didn't.
Speaker 1 (17:50):
Save, oh, what's usually the cause there?
Speaker 2 (17:52):
Typically it means the logoff commands aren't running. You need
to double check that the Flexengine dot ex s command
is correctly set up in a log off script or policy. Gotcha,
And this really highlights a core belief. You know, knowledge
is great, but it's most valuable when you can actually
apply it. Learning to read those Flex Engine log files,
Theflex Engine dot log it's like having a direct line
(18:14):
into what dem is doing.
Speaker 1 (18:16):
What kind of details can you see in there?
Speaker 2 (18:17):
Oh? Everything successful logins, user and computer details, the state
of the profile, which config files got processed, which direct
Flex apps launched, how long things took, GPO processing times,
compression status, how it handled unavailable shares. It's your number
one tool for debugging.
Speaker 1 (18:33):
Wow. Okay, we have certainly covered a lot of ground
today from the history and the headaches of old school user.
Speaker 2 (18:41):
Profiles the battle days.
Speaker 1 (18:43):
To the really sophisticated capabilities of VMware Dynamic Environment Manager.
I think anyone listening now has a really solid grasp
on how DEM tackles the complexity of managing personalized digital workspaces.
Speaker 2 (18:56):
Absolutely, and it's important to see DEM as more than
just a profile tool, really a strategic piece for any
organization moving towards dynamic, virtualized or cloud based desktops. It
ensures that end user experience stays consistent, secure, and importantly productive.
Speaker 1 (19:11):
Yeah, it's about making sure your digital workspace actually works
for you, not against you, every single time you log in,
precisely so. Looking ahead, as digital workspaces keep evolving, blending physical,
virtual cloud maybe even more, what new challenges do you
see coming up for maintaining that truly personal, agile user
experience and how might tools like DAM need to keep adapting.
Speaker 2 (19:34):
That's the big question.
Speaker 1 (19:35):
Isn't it something for you to think about? Is you
consider how these ideas might apply in your own digital environment,
Popular Podcasts
My Favorite Murder with Karen Kilgariff and Georgia Hardstark
My Favorite Murder is a true crime comedy podcast hosted by Karen Kilgariff and Georgia Hardstark. Each week, Karen and Georgia share compelling true crimes and hometown stories from friends and listeners. Since MFM launched in January of 2016, Karen and Georgia have shared their lifelong interest in true crime and have covered stories of infamous serial killers like the Night Stalker, mysterious cold cases, captivating cults, incredible survivor stories and important events from history like the Tulsa race massacre of 1921. My Favorite Murder is part of the Exactly Right podcast network that provides a platform for bold, creative voices to bring to life provocative, entertaining and relatable stories for audiences everywhere. The Exactly Right roster of podcasts covers a variety of topics including historic true crime, comedic interviews and news, science, pop culture and more. Podcasts on the network include Buried Bones with Kate Winkler Dawson and Paul Holes, That's Messed Up: An SVU Podcast, This Podcast Will Kill You, Bananas and more.
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com