- Departmentalized IT services in a single enterprise. Different organizations (Marketing, Engineering, Sales), geographies, and business units may have their own set of users and requirements. IT services can create organizations based on functional or geographical business requirements.
- Managed service providers (MSPs) with multiple customers and solution sets. For security, manageability, and licensing reasons, customer deployments must be managed separately. Separate administration, separate physical VDI servers, and separate logical networks can be managed and maintained with organizations. Services can be offered as:
- Private Desktop Cloud. Servers are assigned to organizations and each organization can manage its own desktops and policies through delegated administration functions.
- Desktop as a Service (Public or Private Cloud). Service provider provisions desktops directly to organizations and performs all management on their behalf, while organizations get personalized SLAs and VERDE User Console portal.
Managed service providers should understand the licensing restrictions of each Windows operating system offered. Certain license types are required for service providers and virtual desktops depending on how infrastructure resources are assigned. See the Microsoft site for details.
Organization Management
Organizations can be managed in several ways, but some general rules apply:
- Each organization manages its own set of Gold Images and Application Layers. For MSPs, the organizational administrator can be part of the MSP staff, or the customer's IT staff, depending on the service model.
- Each organization must be assigned to one or more servers to run guest sessions, including the global (first created after installation) organization.
- The creator of an organization automatically becomes the first administrator for that organization, with a master administrator role for that organization. Additional administrators can be defined for the organization. An administrator can be limited to manage one or more organizations.
- A Management Console Master Administrator can manage all settings in all organizations, including defining new organizations and delegating administrative privileges to manage organizations.
- Each organization has full control over the assignment of Gold Images to users.
- Each organization controls Session Settings relevant to its users' sessions.
- An organizational administrator can create an image by cloning a Gold Image that was created at the global level in the VERDE Management Console.
- An organizational administrator can provision Gold Images, Application Layers, and Session Settings all created at the global level to end users.
All organizations, including the global organization, must have server resources assigned before running desktop sessions.
User Separation
User separation is achieved by defining different authentication realms (LDAP directories) for different organizations. To achieve the same for users belonging to different units within the same organization, VERDE enables the administrator to specify multiple authentication providers (LDAP connectors) to the same directory but differentiated by the Base DNs.
Local users cannot be created within a tenant organization. New users must be LDAP users.
Network Separation
Organizations rely on the resources in a single enterprise. To ensure the security of organizational access and user data, networks and resources can be defined and allocated in the following ways:
- Network separation can be achieved through VLANs, or each server can have its own network configuration where networks on the host are on different physical topologies.
- Resource separation is achieved through the ability to designate different servers for different organizations.