Re:We've been doing this for 5+ years now (Score 1)

Way easier... thin clients and fat servers. Citrix, Terminal Services, UNIX, or whatever the hell you like. If no data is ever on the end machine its a hell of a lot harder to pull it out. Security can be controlled way easier, backups are consolidated, redundancy is way easier, just make sure you get a backup internet line. Even you want to push it a little further, you can go so far as to point push thin client applications using citrix or 2x's product, thereby only thin-clienting the applications that actually need it and let the user still browse the web, get viruses, Trojans, watch some porn, or whatever on their local computer; the data is not exposed. This frees up way more server resources anyway, and provides a much better user experience. Hell most of our clients on this don't even realize whats going on. Now that you can trap the data inside your data center you can safely control how data is allowed in an out of the organization (email being the main pipe here). Enforce a good email encryption product and make sure to examine every piece of software you pinpoint thin client on the ways it allows information in and out, shore up those. Finally, if you do let users on full blown virtual desktops, for the love of god don't give them permissions to run any form of executables on the servers, and hire some amazing IT pros to help you build an awesome server image. Finally, to really make all this work perfect... install QOS switches at the branches, QOS routers (Mikrotiks are AMAZING!!!) prioritize traffic, implement queue trees, keeping your bandwidth clean and optimized is the key to making all this work really well. Encrypting the whole hard drive to me seems like a bullshit solution full of holes. The data shouldn't even be allowed on end user machines in the first place. I am sure you guys will tear this apart, but I can tell you from experience this system can work wonders. Oh yeah, and now that you have all that lovely bandwidth control, you might as well start dropping in Voip since you should be able to maintain great quality. While your at it start taking vacations as your cost devoted to desktop support just plummeted. - "oops" means it's fixable. "oh shit" does not.