What is your current desktop strategy? part 2 – VDI strategy

Following from my previous post I wanted to cover some of the areas / themes that should be included or at least considered when creating your virtual desktop (VDI or vDesktop) strategy.

There are currently a variety of drivers for virtual desktops ensuring that this topic remains one of the key discussion points when ICT departments and C-levels talk about IT strategy.  These drivers range from data security and centralised management to the increasing prevalence of BYOD (Bring your own Device), and are aided by the increasing flexibility and maturity of the technical VDI solutions.  As such, even if you don’t yet plan to implement this technology you should be very aware of it and be formulating your strategy.  If you are already have implemented, or are planning to implement, a VDI solution then you should already have a firm strategy, and vision, in place.  Either way I hope this proves to be a useful reference.

The below list is likely not exhaustive, and includes both very high level strategic considerations, along with some more technical concerns.

1. What are you trying to achieve?

–         Ensure the goals are clearly articulated, such as cost reduction, business enabler, improved security, and centralisation.

2. Clearly define use cases

–         Is VDI critical to achieve these or just one option?

–         Is this a tactical or overall strategic solution?

3. How does this align with other plans / strategies

–         Plans to roll out or upgrade to Windows 7 and 8

–         Plans to enable remote / mobile working

–         Support of BYOD initiatives

4. What is the wider business case / benefit of the strategy?

–         User satisfaction

–         ROI (Return On Investment)

5. What is the endpoint strategy

–         Thick clients

–         Thin Clients

–         Mobile Clients

–         BYOD

–         Do the proposed solutions have clients for all supported endpoints?  Can access be provided via a browser?

–         What are the plans for managing the endpoints?

6. Do the users require the ability to be able to work offline?

7. How will images be managed?

–         Single or multiple images?

–         Maintaining ‘gold’ images?

8. How will profiles be manages?

–         Do users require individual and persistent profiles / workspaces?

–         Can static / mandatory profiles be used in some / all instances?

9. How do currently deployed technologies match up with those required to deploy and manage the VDI solution?

–         Propose transition plans

10. How do current skill sets match up to those required to support and manage the VDI solution?

–         Propose training plans

11. What are the impacts to;

–         Storage

–         Network – LAN / WAN

–         Do these impact cost and business case?

12. Are the vendors being considered suitable partners?

–         Do they design for and target businesses of your size and in your segment

–         Are they healthy financially?

–         Do they have strategic, long term plans?

–         Is there a healthy ‘eco system’ of applications and other vendors around the solution?

13. How available and resilient will the solution be?

–         Resilient infrastructure?

–         Multi-site?

–         Backed up?

14. Scalability and flexibility

–         How does the solution scale?

–         What operating systems do you require it to support?

–         Are 64 as well as 32-bit operating systems supported?

15. What are the licensing implications of virtualising your current operating system and application estate?

16. What are the user and business expectations around areas such as;

–         Multi media

–         3d

–         Audio

–         Telecoms

–         Unified communications

–         Video conferencing

17. Will supporting technologies such as application virtualisation be part of the strategy?

18. How compatibility issues such as requirement for local licensing dongles will be dealt with.

19. …

As a final note, it is a common issue in VDI plans and deployments for organisations to focus on the technology, features, and products in the market without first having a clear vision and defined strategy.

Remember – vision and strategy first for any large programs of work!

K

What is your current Desktop strategy? part 1 – VDI options compared

If you are currently evaluating or planning to evaluate VDI (Virtual Desktop Infrastructure) solutions for your businesses it can be hard to know where to start, with various vendors currently offering mature solutions that will all meet the majority of businesses VDI requirements.  These include;

– Citrix Xendesktop

– Citrix VDI in a box

– VMware View

– Microsoft VDI

– Quest vWorkspace

When tasked with looking for a VDI solution for your company the first thing you should do, indeed the first thing you should do for most if not all projects, is understand the requirements from the solution.  For something like this that may be adding quite a lot of new functionality and future options to the business, this is likely to incorporate some of the usual solid requirements such as;

–         Number of users

–         Performance and scalability

–         Ease of management

–         Interoperability with existing user and management applications

–         Integration with existing infrastructure

–         …

In addition to the ‘solid’ requirements there will likely be a lot of potential ‘requirements’ that are effectively potential benefits the solution could bring to the business such as;

–         Improved data security

–         Improved resilience of the workstation environment

–         Improved agility of the workstation environment

–         Enabling BYOD

–         Improved productivity

–         Enabling ‘work from anywhere’

–         …

The next thing to do is to assess the various VDI products on the market in order to choose the best one for your environment.  Given the variety of solutions available, some Hypervisor independent, some dependant, some easier to manage and deploy, some with lower costs it can be a daunting and more importantly resource intensive task to assess and test all of the viable options.

This is where the very helpful and impartial ‘VDI smackdown’ from the guys at PQR comes in.  This document is kept reasonably up to date with version 1.3 released earlier this year.  This can be found here;

http://www.pqr.com/images/stories/Downloads/whitepapers/vdi%20smackdown.pdf

Note – free registration may be required to download the PDF.

The white paper covers topics including;

–         Desktop virtualisation concepts

–         Pros and cons of VDI (virtual desktop infrastructure)

–         Comparison of the different VDI vendors solutions and their features.

Overall this document is well worth a read if you are planning to embark on a new or upgrade VDI project or indeed if you just wish to learn more about VDI and the features currently available.

An upcoming post will cover some of the areas I think need to be considered when creating you virtual desktop strategy.

K

Handling perimeter expansion and disintegration

One of the most common themes over the last few years in IT security discussions has been the de-perimiterisation of the corporate network.  The term was originally coined by the Jericho Forum and refers to the greying of the split between the internal trusted network and the wider world.

This is briefly described here;

http://en.wikipedia.org/wiki/De-perimeterisation

Traditionally there has been strict demarcation, maintained by devices such as firewalls, between the untrusted outside world, the semi trusted DMZs (De-Militarised Zones), and the trusted internal network.  As more and more business functions require interactions between intenal users and external customers, suppliers, remote users, home workers and other third parties these strict zones of demarcation have become considerably more porous.

This has lead to some people proposing the removal of this network boundary concept and for securing of data and systems to be achieved with encryption, host and network based IPS (Intrusion Prevention Systems), and AV etc.  With the view that data and systems can be kept secure while facilitating easier and more efficient business with customers, partners and other third parties.  Taken to it’s extreme, this is the paradigm of the ‘perimeterless’ network.

If you are faced with dealing with this ever more porous network perimeter while still maintaining the security of the systems you are responsible for, or you just want to read more about how security and this issues raised by the muddying of internal and external network boundaries, Sophos have produced a simple and easy to read guide in their naked security blog titled;

Practical IT: handling perimeter expansion and disintegration

This can be found here;

http://nakedsecurity.sophos.com/2012/07/13/perimeter-security-expansion-disintegration/

Have a read, and let me know what you think.  If there is any interest I’ll write a more in depth post on the topic.

K

Consumerism of IT 2..

Following from my previous post covering briefly what consumerism of IT and Bring Your Own Device (BYOD) are, I’ll now cover some of the things these trend mean for ICT departments.

For any IT business or IT department that thinks they do not need to consider the impacts of consumerism and BYOD – Think again!  Regardless of perceived business benefits such as cost savings or flexibility, or even the side benefits around the improved security and management of utilising VDI to centralise business owned user computing resources, as BYOD becomes more mainstream it will become and expected benefit / perk rather than the exception.

As an example of how this is already becoming more mainstream; several large companies such as IBM and Citrix are embracing this trend and have well established BYOD programs.

Ask yourself, do you want to attract the best talent? If the answer is yes then you need to ensure the working environment you offer is up there with the best of your competitors.  This includes offering things like BYOD programs across mobiles, tablets, laptops etc. and / or offering a wider variety of consumer type devices such as tablets and smartphones.

The challenge, as is often the case, will be to understand how these changes and trends can be harnessed to provide both business benefits and create an attractive working environment while still ensuring the security of your and your customers data and maintaining a stable and manageable ICT estate.

BOYD and consumerism of IT can and will make sweeping changes to how IT departments manage and provision user devices.  Whether this is due to supporting a wider variety of devices directly, or from relinquishing some control and embarking on a BYOD program, there will be changes.  What they are will depend on the route your company takes and how mature your company currently regarding technology such as desktop virtualisation and offering functionality via web services.  If you currently have little or no VDI type solution and most of your application access is via thick or dedicated client software the changes are likely to prove very challenging.  On the other hand, if you are at the other end of the scale with a large and mature VDI (Virtual Desktop Infrastructure) deployment along with most applications and processes being accessed via a browser, then the transition to more consumer or BYOD focussed end user IT will likely be relatively straight forward from a technical standpoint.

Without sounding like a broken record (well hopefully) the first thing you need to do before embarking on any sort of BYOD program is to get the right policies and procedures in place to ensure company data remains safe and that there are clear and agreed rules for how any devices can be used, how they can access data, how access, authentication and authorisation are managed, along with the companies requirements around things like encryption and remote wipe capabilities.

NIST (National Institute of Standards and Technology) have recently released an updated draft policy around the managing and securing mobile devices such as smartphones and tablets.  This policy covers both company owned (Consumerism) and user owned (BYOD) devices.  This can be used as a great starting point for the creation of your own policies.  It’s worth noting that NIST highlights BYOD as being more risky than company owned devices even when the devices are the same.  The policy draft can be found here;

http://csrc.nist.gov/publications/drafts/800-124r1/draft_sp800-124-rev1.pdf

Once you have the policies in place you will need to assess the breadth of the program, this must include areas such as;

–         Will you allow BYOD, or only company supplied and owned equipment

–         Which devices are allowed

–         Which O/Ss and applications are permitted; this should include details of O/S minor versions and patch levels etc.

–         How will patching of devices and applications be managed and monitored

–         What levels of access will the users and devices be permitted

–         What architectural changes are required to the environment in order to manage and support the program

–         How will licenses be managed and accounted for

–         What are the impacts to everything from the network (LAN, WAN and internet access) to applications and storage to desk space (will users have more or less devices on their desks) to the provision of power (will there be more devices and chargers etc. on the floors)

This is by NO means an exhaustive list, the point of these posts is to get you thinking about what is coming along, and whether your company will embrace BYOD and the consumerism of IT.

CIO.com recently ran an article titled ‘7 Tips for Establishing a Successful BYOD Policy’ that covers some similar points and is worth a read;

http://www.cio.com/article/706560/7_Tips_for_Establishing_a_Successful_BYOD_Policy

There are several useful links from the CIO article that are also worth following.

It would be great to hear your thoughts and experiences on the impacts of consumerism and BYOD.

K

In the cloud contracts are key..

I have mentioned in previous posts that when it comes to moving systems into the cloud, one of the key areas to ensure is covered is that of the contract.  As you move systems to the cloud type model, you as a business or IT department become more and more abstracted from the underlying architecture and rely on the CSP (Cloud Service Provider) to have the architecture covered.

While in many ways this is great as the CSP will have considerably better infrastructure and a larger IT department than you as the customer so not only do you need to worry less about the services that support your systems, they are likely better set up and managed than if you tried to do so in house.

However the downside of this is that you are very much more beholden to contracts and service level agreements.  As such ensuring the you completely understand the terms of the contract you sign with the CSP, including SLAs, where your data is, how it is handled, what levels of performance, scale, DR etc. you are entitled to is critical.

To help with this CloudPro have recently published a couple of articles on what should be in the contract (part 1) and what to look out for in the fine print (part 2).

These can be found at the below URLs;

Part 1 – http://www.cloudpro.co.uk/iaas/cloud-hosting/3895/hosting-cloud-what-should-be-contract

Part 2 – http://www.cloudpro.co.uk/cloud-essentials/3951/fine-print-further-things-look-out-cloud-contract

K

Amazon cloud outage knocks out Netflix Pinterest and Instagram, or does it?

While the report here;

http://www.cloudpro.co.uk/cloud-essentials/3993/amazon-outage-knocks-out-netflix-pinterest-and-instagram?utm_campaign=itpro_newsletter&utm_medium=email&utm_source=newsletter

is undoubtedly true and factually correct, in that recent storms caused issues with Amazon’s data centre in Ohio, and previously they have had issues when their data centre in Ireland was damaged by lightening, the question should be what could be done differently, rather than ‘cloud services are not robust / safe.

I am a firm advocate for insuring you understand your contract with your cloud provider with and that you pay great attention to things like SLAs and guaranteed uptime.  This is especially true if you are using SaaS or PaaS type services that may in turn rely on another vendors IaaS service – you need to understand the layers to ensure your provider is not offering SLAs that it cannot meet due to them being more stringent than those of the providers of the services on which it relies.

However I question why this is considered an issue particular to ‘cloud’ based services.  These same issues could happen to any co-location / data centre hosting solution, and these along with many more minor issues are likely to cause disruption to anything you host locally in your server room no matter how grand a name you give it.  Sorry that’s one of my other pet hates, businesses with small server rooms that insist on calling them ‘data centres’ or other grandiose names and talking about them as if they are a large and resilient as actual Data Centres etc.

Anyway, back on topic, obviously when a cloud service provider has an issue it is likely to affect many customers so will be news worth, but before you worry too much or begin to dismiss the idea of moving some or all of your service to the cloud, ask yourself is it likely to be more or less robust than hosting things yourself?

Take the necessary precautions;

-Understand the offering you are purchasing, the SLAs and guaranteed uptime in the contract,

-Build BC and DR into your service; ensure it is replicated to multiple servers and disks locally, and to another geographically disparate data centres and you can host a hugely robust solution in the cloud.

K