That ‘browse down’ idea sounds great, on paper. My biggest gripe with this type of writers/ papers is that they don’t seem based in reality.
If anyone here actually deploys at scale a VM solution like the one described, I’d love to hear more about it. Specifically, if in Windows for end-users, please elaborate on how that licensing pain plays out. In general, you’re doubling the amount of licensing for patching, AV, OS licensing. And your Admins will still browse out on the ‘secure’ system. Additionally, would you do this to devs, Tier II/ anyone that touches servers?
Again, I may be wrong, but this sounds like the wet dream of a professor that is out of touch with the state of the industry.
I had to laugh out loud. I’ve never even worked at a company that would’ve paid for a second system for any administrator to work on that was not “potentially contaminated” by browsing the web for normal work.