latoga labs

Technology of Business & Business of Technology

© 2006–2023 · Log in

Employee Owned IT – Security Holds it Back

Leave a Comment

Yesterday was the VMware Community Roundtable discussion on View which featured VMware’s own John Dodge.  If you haven’t participated or listened into one of the roundtables, this is a great one for those who are doing or thinking about virtual desktops.

At one point the discussion turned to Employee Owned IT (EOIT) and offline desktops within View.  It was great to hear all the different individuals whose companies are thinking or implementing EOIT in some form or fashion.  One aspect of EOIT which I have touched on in the past, is security.  Security has come up with multiple of my clients when discussion desktop virtualization and EOIT; I was a bit shocked that the topic didn’t come up yesterday during the roundtable.

When you start letting employees bring in their own computers, connect to the corporate network, and then run a corporate supplied desktop VM locally (or connect to a corporate supplied virtual desktop remotely) to do their work there are still some security risks to keep in mind.  Namely, the uncontrolled operating system attached to your corporate network.

Corporate IT may have locked down the VM the employee is using, but more times than not there are not adequate security mechanisms in place to protect the network from the EOIT OS that is running on that EOIT laptop.  What sites were the employee’s children looking at last night?  What malware might be lurking on the EOIT laptop?  And that employee just plugged their laptop into your corporate network.

Walk into most large enterprises (and many smaller ones too), plug your computer to the physical network and you probably are now behind the firewall.  Many companies don’t have any security in place to prevent outside computers from getting an IP address and instant network access–I know this because I’ve had this discussion with my clients when discussing EOIT and I’ve done it myself in the past.  Most companies setup their wireless network to require authentication, and if it doesn’t require authentication it only gives you guest access to the Internet only.  But this is not the case for the physical networks because the assumption is that those inside the building should have full access.

For EOIT to really take off in enterprises, this existing security mindset needs to be addressed.  Either at the physical network level or at the local computer level.  Since the entire idea of EOIT is to not need to manage the computer, it puts us in a tough spot.  Most large enterprises would take years of time and lots of money to update the security on their network to a level that would enable EOIT for wide spread use.  Many smaller companies would do it much faster and cheaper where the cost savings of EOIT far out ways the security measures needed to be installed.

But how do you solve this problem for the large enterprise?

Desktop Virtualization Sizing & Scoping

2 Comments

I have been doing quite a bit of work lately on Desktop Virtualization, obviously with VMware View.  As a number of analysts and non-analysts had predicted, 2009 is definitely the year that desktop virtualization is taking off.  Partially because of the technology has reach a level of maturity where it is usable for most use cases and partially driven by the cost savings potential that it can provide.  As I have indicated in previous posts, there are real conversations happening within corporate desktop IT discussing getting rid of corporate owned laptops or desktops all together.

While reading Chris Wolf’s descriptiong of the demo he saw of PCoIP at VMworld in Europe, it struck me that the sizing metrics used to describe dekstop virtualization tend to vary.  Chris mentioned in his post:

“…with a virtual desktop consolidation density ranging from 30-60 VMs (densities commonly found by our clients piloting or running VDI today).”

While there are times when we need to simplify measurements to keep complexity in check, it can be misleading to talk about virtualization densities without mentioning the units for that density.  I’m assuming that Chris was referring to VMs per Server, that would make sense given the number.

I would have to argue that this is the wrong unit to use for desktop virtualization, the proper unit that should be used for desktop virtualization density is VMs per Core. As the number of Core’s per CPU socket keep increasing and as the size of servers, measured in number of sockets, keep increasing in the data center we should be measuring virtualization density in VMs per Core.   This is the best metric to guage technology advancements against.

When talking with my customers about VMware View deployments, we are always talking about the density in VMs per Core and cost of solution per desktop for a given use case (common population).  The cost can be impacted by playing around with how you package those cores in the data center. As long as the server can contain as much memory as needed by the total number of VMs your golden.  And the memory limitations won’t be as great of a limitation for much longer.

The use case is the other key aspect.  When looking at a desktop virtualization solution, I have found that you need to keep the solution contained to a single use case which describes a single virtual desktop size.  Call center desktops have their own unique size (hard drive space, memory, and hard drive usage) while a knowledge worker desktop has a different unique size.  Each use case’s different size will impact the costs and ROI/TCO model.

So, when analyzing virtual desktop solutions, keep in mind your sizing metrics and keep your use case scopes focused.  Like any solution, desktop virtualization should be taken in bites and these two suggestions will help keep in that task.

VMware View 3 Released

1 Comment

Today VMware announced the general availability of VMware View 3.  VMware View is more than just the next release and rebranding of VMware’s VDI solution, it is the first step in the vClient initiative that was announced at VMworld 2008.

VMware View 3 is the solution that allow corporate desktops to be centrally managed and run from within the data center.  VMware View consists of the following pieces:

  • VMware View Composer – utilizes Linked Clone technology to speed the creation of virtual desktops while reducing the operating cost of the desktops through utilizing less storage
  • VMware ThinApp – enables simplified application packaging and deployment to virtual desktops and allows the application layer to be separated from the Operating System layer
  • Offline Desktop – provides the flexibility to intelligently and securely move virtual desktops between the data center and a local laptop or desktop (experimental mode only)
  • Unified Access – provides end users with a single point of access to seamlessly connect to their desktop environment and administrators with a single point of administration
  • Virtual Printing – enables end users to print to any local or network printer without installing specific printer drivers
  • Multimedia Redirection – improves the user experience with rich multimedia playback capabilities processed remotely in the data center and delivered to the end user’s device

In the past few weeks I have been briefing a number of my Fortune 500 clients on the VMware View solution for managing their desktops.  VMware View allows them to reduce not only their capital expenditures but also their operational expenditures while providing a much more secure and robust desktop experience to their end users.  These same benefits can be applied to companies large and small.  VMware even provides a TCO/ROI calculator that incorporates all the new benefits of VMware View 3, so you can measure the benefits yourself.

I’ll be sharing more of my experiences working with these customers and VMware View in the comming months.