Desktop Virtualization and Secure Collaboration
By Donald Naglich, Corporate Director of IT, Franciscan Ministries
Collaboration tools are all the rage nowadays. Technology is the great enabler, and certainly one of the best uses of it is the ability to easily collaborate. Former barriers are gone, yet there are times that collaboration is neither as easy nor as secure as it should be. Using various versions of a particular software package along with different hardware platforms can hinder effective collaboration.
"Desktop virtualization is the key to achieve easy collaboration across all platforms securely"
This is particularly true as companies adopt a BYOD model (Bring Your Own Device). It is gaining momentum as more millennials enter the workforce. However, BYOD introduces its own set of challenges relative to application compatibility and data security.
Our organization faced the same collaboration problems everyone eventually faces. Our particular concern was enabling mobile device usage, but doing it in a secure way that enabled any user to be part of any team instantly as the need arose.
We had many tools at our disposal, including Dropbox, Google Apps, Google Hangouts, etc. However, we also had several teams using different versions of the same software on different computing platforms, and requirements for associates to be mobile with full functionality. Since we operate in a regulated industry, we also had to ensure tight data security for all of this.
Desktop virtualization is the key to achieve easy collaboration across all platforms securely. We could solve all of the issues we faced, and more with little to no downside. Since we had already virtualized our servers, we were comfortable with the technology. However, implementation at the desktop level involves understanding the interrelationships of several intertwined technologies to ensure a positive, all too important first impression.
We did not have experience with architecting a proper environment for a desktop virtualization environment, so we brought in a knowledgeable consultant to help us setup a proper technical environment and design a solution that is fast, stable, and secure.
There are several things to be aware when implementing VDI. First, our experience has been in running applications that require a database do not perform well as a ‘Thin App’. Applications that require a database perform much better when installed to the ‘gold’ image.
Second, the old cliché about appropriate bandwidth should be mentioned. We had one facility where performance was dreadful. After confirming the settings on the application and database servers, network switches, etc. were correct with no errors, we found out the connectivity was saturated. It was saturated to the point that after installing a fourfold increase in bandwidth, we were operating that link at 80 percent usage. Screen refresh times went from over 1 minute to less than a second. We have since then reconfigured the WAN with a new provider and much more bandwidth to support new services.
Third, consider using a solid state device to host the virtual desktops. We use terabyte size mezzanine cards in our each of our VDI servers, while data files are kept on the SAN.
A major benefit of using a solid state architecture, besides the superior desktop performance, is the elimination of ‘boot storms’ that could occur daily when everyone logs in at the same general time. Remember that first impressions go a long way to a successful rollout.
Once VDI was fully installed and the bugs ironed out, we experienced many positive benefits that now serve to make collaboration effortless. Benefits include:
– Application performance is much enhanced, since everything runs from a server with its superior computing architecture and resources.
– Since PC’s are no longer necessary, there is no reason to periodically refresh them. Existing PC’s (for the most part) run the virtual desktop just fine. However, due to security concerns, we reconfigured the old PC’s to boot directly into the virtual desktop environment.
– Easy maintainability. All applications and services run from the servers, so there is only one or two ‘Gold’ image to maintain. Application updates and patches are done in only one or two images, not hundreds or thousands. Since virtualization eliminates local PC applications, there are no system-wide updates to push out to end users (except for OS updates).
– You can create ‘application packages’. A major issue occurs with what we call ‘helper software’ (Java, Flash, I.E. versions, etc.). Certain enterprise applications require certain versions of these helper apps to work correctly. And all too often, one version of a helper app will not work with a different enterprise app.
This benefit cannot be overstated in practice. In fact, this was a major benefit of the VDI implementation. Prior to VDI, maintaining the proper version of these helper applications was a nightmare.
– Everyone uses the exact same version of an enterprise or desktop app (on premise or cloud). There are no longer any incompatibilities between enterprise application versions or helper app versions. There are also no incompatibilities saving spreadsheets that utilize advanced features.
– When new enterprise or desktop software needs to be evaluated, it can be done side by side with existing software. This is not possible on a PC.
– There is much reduced vulnerability for end-users to inadvertently introduce viruses and malware.
– We can control downloading and printing of clinical and intellectual data. For instance, if a user is working at home, we can restrict printing to LAN printers only. Users cannot download anything to their local PC hard drive.
– VDI enabled the entire enterprise to work securely from home, on home PC’s or other devices, in the event of inclement weather. This also enabled new work from home opportunities previously available only to users with company laptops.
– Enables the organization to easily and quickly add new facilities with no increase in IT staff. Support for a zero client is trivial.
– Provides the only absolute data security for mobile devices. Other than having a security chip installed on mobile devices that the good guys get to first, there is simply no other method other than streaming data to fully secure mobile devices. Streaming data is inherently secure because all that is moving between the server and the device are screen pixels. No data is ever transferred to an end device.
– Enabled the ability to work on any PC/Mac, laptop, tablet, or mobile device. All services and access to all files are delivered exactly the same way to any device anywhere. This was the key functionality to enabling simple and easy collaboration. Our users, from the CEO on down, can now work securely anywhere, anytime, on any device.
While there are increased software costs to purchase VDI, the added cost is offset in several ways. We no longer need to add additional IT staff to support more users. We now purchase zero clients instead of PC’s at 1/3 the cost. A nice feature is if an end user device fails, the power goes out while working or connectivity is lost, the user can go to any other device anywhere, login securely, and return to the exact same sport they were at when things ground to a halt. power goes out while working or connectivity is lost, the user can go to any other device anywhere, login securely, and return to the exact same sport they were at when things ground to a halt.