Using Imprivata on VMWare View VDIs

WCHAdmin · ‎04-14-2009

Hi Everyone,

I have my VDI environment almost set... I can use my Security Server to connect into the desktops, all seems well.... but we use Imprivata SSO to access our desktops. These desktops login to AD upon startup using an autologin account, which then is controlled by the Imprivata Gina hooks which allows for fast user switching, showing the same desktop to all users, yet filling in their credentials for access to applications. My basic problems are these:

The Imprivata GINA hooks don't work with the VMWare VDIs, they receive a GINA error on boot, then ask to revert to the MSGINA.DLL, which causes trouble. Is anyone else successfully using Imprivata with VMWare VDIs?

If we choose not to use the Imprivata piece, we need to be able to control the account the VDI logs on with, either through Group Policy, etc... so that users can get on and get their standardized desktop, without having every user having to wait on every machine to allow for the reconfigure of Internet Explorer, etc... this login takes about two minutes per user for the first time on a machine, is there a way to reduce that?

I am having some other issues with group policy software installs, but I can get around those if needed...

Thanks in advance for any info,

Ken

kombi · ‎05-06-2009

Wchadmin , how do you autologin in VDI's images? When i set the autologin the vmclient says no images available (all are busy).

We use Imprivata here and i'm having a couple of issues.

1. the hotkey Alt-Q (which we use to log off of imprivata) doesn't work with either Wyse V10L/90L or View Client.

2. After login into Vclient and imprivata is installed i can't seem to pass uid or pwd to imprivata version of "MSgina"

if i change the imprivata msgina back to msgina then imprivata fails to work correctly. I know i didn't answer your question.

WCHAdmin · ‎05-06-2009

Well, I was able to get Imprivata to work.

We cannot use a type 2 workstation successfully on a VDI. Type one though works. I loaded Imprivata from the appliance then manually entered the PrimxServer (spelling?) Key in myself. It works. BUT... we really want to use it as type 2.

We use CTRL-K for our lock key (CTRL-K and walk away) which works fine that way...

kombi · ‎05-07-2009

I can get the Imprivata type2 to work but not seemless. The Wyse 10L will SSO your id and pwd all the way to the desktop but with imprivata installed it stops at the Windows gina. Once you put in your information it works fine (except the walk away feature).

Are you able to autologin VDI images without Imprivata? Whenever i put in uid and pwd in the registery (winlogin) and the images are powered on, i can not connected to a image in that pool. How did you do it?

WCHAdmin · ‎05-07-2009

Well, I'm not doing it really. I use the registry keys, and the machines boot and login, but when connected by the view portal via RDP, they re-login as whomever enters their credentials, just like a type 1 machine. I really want to get back to type 2's but it doesn't look possible.

I'm working now on passing credentials from view portal into the login screen so that they only login once...

kombi · ‎05-07-2009

Are you using vmware "composer" feature and non-persistent image pool?

WCHAdmin · ‎05-07-2009

No, we do not use the composer. We are using automated images, with them being built as soon as the policy was created, then verified settings on each of them and renamed them in windows, then non-persistent mapping for the users. This is VMWare View 3.

kombi · ‎05-15-2009

One of VMware's SE gave provided me with a solution that worked for me (but it's not vm supported).

HKey_Local_Machine\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon

GinaDLL: "C:\Program Files\VMware\VMware View\Agent\bin\wsgina.dll"

VdmGinaChainDLL: C:\program files\imprivata\onesign agent\SGlaunch.dll <-- this gina will be the imprivata gina..

All

Using Imprivata on VMWare View VDIs