pressmaster - stock.adobe.com
The coronavirus lockdown has made everyone a mobile worker. IT strategies and policies relating to mobile working, laptops, security and mobile network access have had to scale across every business. Approaches that have worked well in the past, when a small proportion of employees needed mobile connectivity, have often proved lacking when IT departments try to scale up remote working to support the majority of employees.
For years, IT departments have relied on virtual private networks (VPNs) to provide remote access to the corporate network for remote workers. But when measures to contain the coronavirus resulted in many businesses switching from office-based work to remote working, every employee became a mobile worker and VPNs proved woefully inadequate.
Along with providing secure networking, IT managers have also needed to consider how to deliver access to line-of-business applications to employees to enable them to work from home long term.
While a VPN provides a secure point-to-point connection between a remote worker’s device and the corporate network, it does not offer direct access to any cloud-based applications. Every single packet of network traffic needs to be routed through the VPN servers, which makes connectivity to internet-hosted business applications very inefficient.
Enterprise-grade connectivity for home workers
In a recent blog post, Agus Abdullah, chief of product and services office at Telkomtelstra, discussed why software-defined wide-area networks (SD-WANs) have become a key component in providing remote access.
Given that systems and business applications for remote work systems require good network resilience, Abdullah wrote that unlike VPNs, which are not designed for peak capacity when there is a surge in network traffic, SD-WANs are scalable, especially during periods of high surges in network traffic.
“If a company only relies on local VPN servers, these tend to become overloaded with the number of connections and the amount of traffic needed to support a very large increase in workload,” he wrote. “Of course, this causes the network to become slow and less than optimal, which then negatively impacts employee performance and business productivity. This is even more apparent with video-conferencing and cloud-based video collaboration platforms that require large networks and capacities to reach dozens of people in real time.”
In another blog, Silver Peak warned that a VPN’s most significant shortcoming is that it does not provide adequate quality of service (QoS) controls.
“Which is more important: your Zoom conference with a client or your teenager’s Ariana Grande infatuation? Business use of your limited internet resource are clearly more important. But what about your kids’ schoolwork? Now it’s a balancing act,” Silver Peak noted in the blog post.
As Computer Weekly has previously reported, IT departments have been increasingly looking at using SD-WANs to provide remote access during the Covid-19 crisis.
Gartner describes an SD-WAN as edge infrastructure, which provides network connectivity from distributed enterprise locations to access resources in both private and public datacentres, as well as the cloud, via infrastructure as a service (IaaS) and software as a service (SaaS).
In its Magic quadrant for WAN edge infrastructure report, published in November 2019, Gartner forecast that by 2024, to enhance agility and support for cloud applications, 60% of enterprises will have implemented SD-WAN, compared with fewer than 20% in 2019.
The SD-WAN is seen as the best way to deliver network connectivity to branch offices. Now, with the coronavirus, every home worker has required a micro branch office with access to the corporate network, which has led to growing interest in using SD-WANs to support remote workers.
According to analyst firm Forrester, most organisations do not have the skills to deliver an SD-WAN across the business. It often makes sense to use a managed service provider (MSP) instead. Forrester recommends that such a contract needs to be considered more like a SaaS agreement than a traditional networking contract.
As part of any evaluation of an SD-WAN MSP, Forrester advises IT departments to evaluate the bandwidth requirements and security needs of business applications.
In the Forrester report, Evaluate SD-WAN services based on branch office goals, not hardware data sheets, Forrester principal analyst Andre Kindness wrote: “You need to identify your line-of-business applications and traffic patterns. This will help you set the right security levels and architecture while ensuring that application performance isn’t affected. On-site versus cloud-based security can affect applications in different ways. The decision to use security features within SD-WAN can play a role in this as well.”
Delivering desktop IT
Beyond network connectivity, IT managers must also provide a working desktop environment for remote and mobile workers. The usual way this is achieved is by supplying employees with corporate laptops, but it is not the only approach. Some IT departments deploy virtual desktop environments using on-premise servers running Citrix, VMware View or Parallels to stream applications to a user’s device.
There is also growing interest in cloud-hosted desktop virtualisation – desktop as a service (DaaS) – particularly for those organisations that do not have the expertise to run in-house virtual desktop infrastructure (VDI), or want the flexibility and agility that the public cloud providers can offer.
In its The future of VDI is cloud report, published in July 2019, analyst house Forrester wrote that the ability to spin up desktops quickly in the cloud makes them an excellent fit for employees who need temporary access to a desktop, especially if the organisation cannot manage the person’s physical PC.
It said DaaS was also a good fit for geographically distributed workforces. “The global availability of cloud datacentres means cloud desktops are an ideal fit for organisations that have employees in multiple geographies, provided the workspace provider has a datacentre close to the branch office,” the report’s authors wrote.
According to Forrester, DaaS is also a good fit for employees who need a secondary mode of access in the event that they cannot use their primary PC.
DaaS has provided a viable approach to delivering desktop IT during lockdown, where people do not have access to corporate laptops. But it is not the only option available to IT managers looking to deliver applications to users.
As in a branch office connection, when working from home the weakest link is the last mile and the local area network Wi-Fi. Unlike branches, home workers have to connect their corporate devices to networks that may also be used for streaming games, videos and music.
The quality of service available from the home router may not be sufficient to run unified communications services like Microsoft Teams or to enable employees to participate effectively in Zoom calls.
The simplest way to overcome this bottleneck is for home workers to connect their laptop directly to the router using an Ethernet cable. This eliminates network contention on the Wi-Fi network, but does not improve the quality of service, if bandwidth-heavy services are being run by other members of the household while a business conference call is taking place.
Some businesses, such as those operating in regulated industries, have gone as far as providing separate broadband networks for home workers. Depending on mobile data reception, a corporate mobile phone could also be used to provide a decent wireless hotspot for corporate laptops.
It is amazing how quickly video conferencing has been accepted as part of the daily routine. Such is the success of services like Zoom that CIOs need to reassess priorities. In a workforce where people are working from home regularly, remote access is not limited to a few, but must be available to all.
Mobile access and connectivity for the mobile workforce needs to extend to employees’ homes. Traditional VPN access has scalability limitations and is inefficient when used to provide access to modern SaaS-based enterprise applications. To reach all home workers, some organisations are replacing their VPNs with SD-WANs.
There is also an opportunity to revisit bring-your-own-device (BYOD) policies. If people have access to computing at home and their devices can be secured, then CIOs should question the need to push out corporate laptops to home workers.
While IT departments may have traditionally deployed virtual desktop infrastructure (VDI) to stream business applications to thin client devices, desktop as a service (DaaS) is a natural choice to delivering a managed desktop environment to home workers. For those organisations that are reluctant to use DaaS in the public cloud, as Oxford University Social Sciences Division (OSSD) has found (see below), desktop software can easily be delivered in a secure and manageable way using containers.
Case Study: Containerising applications at Oxford University
Oxford University Social Sciences Division (OSSD) needed a way to provide students with access to Stata, a statistical software for data science; ArcGIS, a desktop geographic information system; the NVivo qualitative data analysis tool; and IBM SPSS Statistics for interactive statistical analysis. It previously used desktop virtualisation to provide a Windows environment on which these applications could then run.
“The students didn’t want another Windows or Linux desktop,” says Richard Kimble, IT manager at OSSD. “They just needed the applications to do their coursework.”
In Kimble’s experience, there is a considerable overhead, in terms of IT infrastructure, required to support a virtual desktop environment. “We wanted to easily manage and control applications that require high resources, without the extra baggage of a full virtual desktop,” he says.
OSSD needed a way to deliver the applications that could support a more mobile, flexible working model and enable students to use their own devices. It also wanted to decrease the admin overhead of supporting these applications across multiple operating systems. Kimble says OSSD was looking for an approach that would enable the IT team to manage applications in a way that is independent of hardware and does not require a managed desktop environment.
Working with MSS UK, OSSD decided to deploy a proof-of-concept environment based on containerised applications using Droplet Computing containers. This has enabled OSSD to create one delivery mechanism to deliver the applications via MobileIron.
By containerising the applications, OSSD has also been able to ensure it provides a consistent Windows environment to any device that requires access to the applications.
“The fact that we no longer have to script each individual application for each single device our students may, or may not, bring to class is a huge benefit to us. Plus, I no longer need to know, or care, what those devices are,” says Kimble.