Kiosk users might include customers at airline check-in stations, students in classrooms or libraries, medical personnel at medical data entry workstations, or customers at self-service points. Accounts associated with client devices rather than users are entitled to use these desktop pools because users do not need to log in to use the client device or the remote desktop. Users can still be required to provide authentication credentials for some applications.
Virtual machine desktops that are set to run in kiosk mode use stateless desktop images because user data does not need to be preserved in the operating system disk. Kiosk mode desktops are used with thin client devices or locked-down PCs. You must ensure that the desktop application implements authentication mechanisms for secure transactions, that the physical network is secure against tampering and snooping, and that all devices connected to the network are trusted.
As a best practice, use dedicated Connection Server instances to handle clients in kiosk mode, and create dedicated organizational units and groups in Active Directory for the accounts of these clients. This practice not only partitions these systems against unwarranted intrusion, but also makes it easier to configure and administer the clients.
To set up kiosk mode, you must use the vdmadmin command-line interface and perform several procedures documented in the topics about kiosk mode in the VMware Horizon Console Administration document.
As part of this setup, you can use the following instant-clone desktop pool settings.
- If you are using instant clone desktop pools, Horizon 7 automatically deletes the instant clone whenever a user logs out. A new instant clone is created and ready for the next user to log in, thus effectively refreshing the desktop on every log out.
As part of this setup, you can use the following View Composer linked-clone desktop pool settings.
- If you are using View Composer linked-clone desktops, institute a refresh policy so that the desktop is refreshed frequently, such as at every user logoff.
- If applicable, consider storing desktops on local ESXi datastores. This strategy can offer advantages such as inexpensive hardware, fast virtual-machine provisioning, high-performance power operations, and simple management. For a list of the limitations, see Storing Composer Linked Clones on Local Datastores. Instant clone pools are not supported on local data stores.
Note: For information about other types of storage options, see Reducing and Managing Storage Requirements.
As part of this setup, you can use the following general settings for all desktop pools.
- Create an automated pool so that desktops can be created when the pool is created or can be generated on demand based on pool usage.
- Use floating assignment so that users can access any available desktop in the pool.
- Create instant-clone or linked-clone desktops so that desktops share the same base image and use less storage space in the data center than full virtual machines.
- Use an Active Directory GPO (group policy object) to configure location-based printing, so that the desktop uses the nearest printer. For a complete list and description of the settings available through Group Policy administrative (ADMX) templates, see Configuring Remote Desktop Features in Horizon 7.
- Use a GPO or Smart Policies to control whether local USB devices are connected to the desktop when the desktop is launched or when USB devices are plugged in to the client computer.