Showing results for 
Search instead for 
Did you mean: 

MA deployment to thin clients

Hi all, got a quick query.

We're trialling IGEL thin clients on our estate, and the question has been raised of whether we can deploy an AV solution to them, i.e. MA and VSE

I've not seen any guides or comments on the IGEL site regarding Linux-based app pushing to the thins, and given the fact that you can completely lock down the end-user interface it does raise the question as to whether any AV is even needed, but I was wondering if anyone had experience of this?


3 Replies

Re: MA deployment to thin clients

Obviously you need to make sure the server serving the thin clients have protection first off. If your running windows thin clients then yes, use VSE or see if MOVE supports the infrastructure. Linux could benefit from VSEL as well. I guess you would also have to factor in the overhead of running an antivirus solution on thin clients, to make sure you have enough resources.

I know if you are in the DoD environment it is required to meet DISA requirements, and I believe in the healthcare industry required to meet HIPAA.

Re: MA deployment to thin clients

The server already is - just a Win2012R2 box, so takes MA/VSE and is happily managed from ePO. 

Dont know if you're familiar with IGEL OS; the thins are not-really-thins, as they boot a linux install that is managed from the management console on the server.  EVERYTHING on them is configured via the management console, to the point where you can't even install or run anything from the endpoints without it being specifically allowed and configured.

Ultimately the only use of the thin clients is to boot straight into an RDP session as soon as it logs in, so in the end, the user may not even be able to use the igel desktop at all (or even see it, after I've finished configuration).  But I've been tasked from on-high to ask the question and test, so that's what I'll do!

Re: MA deployment to thin clients

Yeah, never heard of or used IGEL, we use citrix xendesktop with MOVE doing the AV. It sounds like your thin clients are more of read only so it would be a lot harder to get infected, but if they are still able to use iexplore.exe I am sure there is some way it could be exploited down to the server.