Kiosk users might include customers at airline check-in stations, students in classrooms or libraries, medical personnel at medical data entry workstations, or customers at self-service points. Accounts associated with client devices rather than users are entitled to use these desktop pools because users do not need to log in to use the client device or the remote desktop. Users can still be required to provide authentication credentials for some applications.
Virtual machine desktops that are set to run in kiosk mode use stateless desktop images because user data does not need to be preserved in the operating system disk. Kiosk mode desktops are used with thin client devices or locked-down PCs. You must ensure that the desktop application implements authentication mechanisms for secure transactions, that the physical network is secure against tampering and snooping, and that all devices connected to the network are trusted.
As a best practice, use dedicated View Connection Server instances to handle clients in kiosk mode, and create dedicated organizational units and groups in Active Directory for the accounts of these clients. This practice not only partitions these systems against unwarranted intrusion, but also makes it easier to configure and administer the clients.
To set up kiosk mode, you must use the vdmadmin command-line interface and perform several procedures documented in the topics about kiosk mode in the View Administration document. As part of this setup, you can use the following pool settings.
Create an automated pool so that desktops can be created when the pool is created or can be generated on demand based on pool usage.
Use floating assignment so that users can access any available desktop in the pool.
Create View Composer linked-clone desktops so that desktops share the same base image and use less storage space in the datacenter than full virtual machines.
Institute a refresh policy so that the desktop is refreshed frequently, such as at every user logoff.
If applicable, consider storing desktops on local ESXi datastores. This strategy can offer advantages such as inexpensive hardware, fast virtual-machine provisioning, high-performance power operations, and simple management. For a list of the limitations, see Storing Linked Clones on Local Datastores.Note:
For information about other types of storage options, see Reducing and Managing Storage Requirements.
Use an Active Directory GPO (group policy object) to configure location-based printing, so that the desktop uses the nearest printer. For a complete list and description of the settings available through Group Policy administrative (ADM) templates, see Configuring Policies for Desktop and Application Pools.
Use a GPO if you want to override the default policy that enables connecting local USB devices to the desktop when the desktop is launched or when USB devices are plugged in to the client computer.