If you're intimidated by BYOD and new device onslaughts, centralising storage and server-based computing as well...
as a security-focused VDI strategy will help you give BYOD a positive spin.
Many IT pros in the UK and Europe are still scared by bring your own device (BYOD) and IT consumerisation trends. IT pros are still seeing desktop migrations as costly and of dubious value to the organisation. But preparing an enterprise’s IT to face the onslaught of new mobile devices and IT consumerisation has become an inevitable task for these professionals.
Previously I have argued how organisations should prepare to deal with the rise in BYOD by moving away from a “one-size-fits-all” device strategy and by using certain server-side technologies such as data loss prevention (DLP) and digital rights management (DRM). But as more and more devices hit the markets, it is worth looking at what further server-side technologies could make BYOD not only less scary, but also something that an organisation can embrace and use to its own benefit.
Users’ mobile devices and corporate IT interaction
One way IT pros can easily minimise security issues is by turning users’ mobile devices or smartphones into little more than an intelligent access mechanism. The capability needs to be in the device itself; however, abstracting the way the device interacts with corporate systems can be a good start. Companies such as Centrix Software and RES Software provide tools that can help IT pros achieve this.
Working in conjunction with virtual desktop infrastructure (VDI) vendors such as Citrix and VMware, Centrix and RES have a seamless desktop that a user can access from most devices. And even through iPad, Android and other devices, the desktop that the user sees can look and behave as a pure Windows environment or can be implemented in a more tablet-oriented manner.
The desktop itself is a sandboxed environment, so nothing running natively on the device can interact with the corporate desktop and use corporate data -- unless a security policy is set up to specifically allow this. As the user device, IT systems interaction is not default and requires IT pros’ intervention, such as closing security loopholes.
For example, in many instances, IT admins have set up VDI desktops, and they believe they have implemented suitable information security. But they've overlooked how easy it is for a user to copy information from the corporate environment and paste it onto their consumer environment -- opening up major security loopholes. Controlling VDI activity with approaches such as disabling cut-and-paste and email forwarding to the device’s own system and even disabling local printing helps IT embrace BYOD trends while safeguarding mission-critical business apps.
The way applications and services are provisioned on the devices can be mixed. Some could be served via pure VDI, while some could be streamed to run in the sandbox or natively on the device; others could be taken as services from the public cloud. However, admins can still keep the total interface seamless to the user. Furthermore, the desktop can become a self-service application: If users need a specific application on their personal mobile device and they can justify its use, then it can be selected and provisioned to them rapidly and efficiently.
But what does all this mean for the data centre? At the basic level, it is very similar to just going for a simple VDI implementation. The main desktops will now be run in the data centre, so a suitable server implementation will be required with good levels of availability, load management and so on.
Apart from efforts on the server and storage fronts, IT admins need to look at the data centre infrastructure, too, in order to implement sound BYOD IT policies.
How to make the data centre ready for BYOD
The systems for the base desktops (for example, Citrix XenDesktop and VMware View) need to be provisioned. Both Centrix and RES have tools that can audit an existing client-based system, catalogue software and provide information about how much the software is used. On its own, organisations can reap costs savings by identifying “orphan” licenses -- where users have applications installed but have not used them for some time. IT can then make decisions on which application and product licences it needs to cancel, downgrade or postpone for a later purchase -- and bring home cost efficiencies.
These audit tools can provide direct advice on what base desktop images should be created. For example, a general employee may need a desktop with Windows 7, Microsoft Office, Google Chrome and Microsoft Lync. By creating a single image for supporting this, IT pros can manage desktops more easily as only this “golden” image needs to be patched and updated. In cases where a user needs a specific extra application, it can be provisioned alongside the base image as well.
IT admins can also group image tasks in cases where a group of workers need different images from another group. For instance, a design department may need Adobe Creative Suite, but accountants and bookkeepers may need the Sage Accounts application. Each group can have its own base image which can be personalised for each employee as required.
Data storage approaches that help IT stay safe
Data storage can be managed in various ways. It can all be central, ensuring maximum information security if data streamed to a user device is encrypted over VPNs or by other means. But, in this case access will only be available when the device is online.
Another approach is to store data without persistence, using an abstraction of the storage capability of the device itself. Here, local storage using encrypted cache storage is used that will over-write itself once the data has been committed to a central store when the device makes a connection to the central data store.
The organisation receives multiple benefits from centralised storage and server-based computing:
- All data is stored in a data centre where security and backup can be managed to enterprise levels.
- Those leaving the company take nothing with them in the way of stored information even though they keep their device.
- Anyone who loses a device or has it stolen can rapidly be back up and running again just by buying a new device and re-accessing the system with necessary security credentials.
- Software licences are under control, and maintaining the patching and update levels of the operating systems and applications is easier.
- The desktop is completely abstracted from the device, so if the user chooses a relatively standard device, he will get a fully functional experience. And IT staff do not have to bother with providing support for the devices themselves -- only for the applications that the user can access.
For the data centre manager, it does involve some serious planning on a new server topology to support the move of the desktop logic from the device to the server. But server-based computing has proven itself in many organisations now, and this should not be an overwhelming problem.
With Windows 8 and new tablets and other devices coming towards the end of 2012, now is the time to prepare for those future technologies. So, be ready to welcome BYOD trends with a new access device strategy.
Clive Longbottom is a Service Director at UK analyst Quocirca Ltd and a Contributor to SearchVirtualDataCentre.co.uk.