If you want to implement virtual desktops there are a few factors that I recommend you look into. I have listed three of them below that I think are important:
1. Choose your preferred desktop virtualization vendor.
2. Consider a technology agnostic profile management solution.
3. The move from physical to virtual desktops must be close to seamless from an end user perspective.
If you do the above, I believe the project will have greater success potential at lowest possible cost and highest user satisfaction.
How do I select virtual desktop technology?
If you leave out profile management and instead focus on who is best at delivering a virtual desktop, the choice becomes a bit easier. Look at what you already have in place in regards to virtualization technologies and decide to either stick with it (maybe due to competence) or consider another vendor if they provide business critical features as availability, security or performance. What we already know is that the virtualization area is rapidly evolving and new vendors appear providing new and better ways to virtualize your infrastructure. This rapid development makes it almost impossible to do a strategic choice on how to deliver the virtual desktop. You should be able to adapt to changes and use whatever technology is best and most cost effective at any time.
Profile management is a big problem but is not the only user challenge.
Desktop virtualization vendors often have their own way of dealing with profile issues. They usually are focused on their own technology and dependant on Windows roaming profiles to work. What you need is a solution that is technology agnostic meaning that you can choose whatever delivery mechanism for both the desktop and the application without having to manage everything in silo´s. But there are other things that need to be managed besides the user profile! How about login scripts or group policies? The management of these items is also silo based and challenging, especially in a dynamic virtual environments with frequent changes.
If IT is broken down and managed in these defined parts; hardware, software and service, separated by virtualization techniques, the dynamic enterprise are within reach! A bonus feature that comes with the technology is user based security. The context of the user logging on a desktop (virtual, streamed or physical) will decide how security is handled.
A seamless move from physical to virtual desktops.
This might sound like nirvana, but is actually achievable if the service layer is virtualized. This technique breaks down the complex desktop into simpler pieces that can be managed without dependencies and complex scripting.
To get there you need to gather existing configuration about what your users currently are receiving as services. By services I refer to what is exposed to the users on their desktop. It is important to gather information such as where the users are physically located, what applications they are using, printers and drives being mapped and last but not least - settings stored in their existing profile.
With this collected, managed and 'virtualized', IT is free to change the way services are delivered to the user; physical to virtual, XP to Windows 7 or fat to thin, anytime, back and forth and as often as needed.
Make a small step towards a big goal with workspace virtualization.
Many companies strive to implement Self Service (service orchestration) in order to streamline IT and give a better service to the end-users. This way the IT services can be delivered consistent, secure and automatic. The I and T of IT is put back in order. Information is the responsibility of the organisation and the IT department is responsible for the Technology.
In order to be able to implement any kind of self service system, there has to be task automation in place. Daily routine tasks such as adding an Active Directory account, creating an Exchange mailbox, changing a phone number or installing an application must be automated and delegated back to the organisation. Without automation, no self-service!
The basic concept of a self service solution consists of three elements:
A user qualifies for a service based on categories such as an identification. There should also be restrictions and dependencies tied to any service. A user allowed to create purchase orders should not be able to approve them i.e. a restriction. In order to have a mailbox you have to have an user account i.e. a dependency.
When a user qualifies for a service the delivery of the service is initiated either automatically or triggered by the user.
And when the user no longer qualifies, the service is returned.
Delivery of a service might also involve manual tasks such as order a new laptop or purchase an additional application license or an approval process, showing a message or asking for input.
Service orchestration is very useful for self service but also for employee onboarding and offboarding. Other areas of use is employee role change, application decommissioning, self paced migration and requesting a service for someone else.
You get better control, lower TCO, increased security and more productive users.
So if you are thinking of self service - make sure you start with automating your daily IT tasks!
User Profiles in Microsoft Windows environments causes a lot of headaches. Why? In short, user profiles are device and OS dependent and grow large.
Zero Profile Technology from RES Software takes care of any profile problem by simply copying user specific settings out of the user profile.
The first time a user starts an application Zero Profile Technology will grab the current application settings, copy it outside of the profile, and subsequently only specific changes are managed.
By doing this, a user can move between any computer and OS (Windows of course) and all settings will be preserved. IT will have control of the profile size and content. No more silo management of policy's. Only happy users and drastically simplified management.
Look at this video from RES Software Support to get a glimpse on how it works:
Four out of ten are delivering migration projects on time and on budget
A survey of close to 1000 IT professionals in the Nordics conducted by software company RES Software shows that eight out of ten businesses have decided to roll out Windows 7, and almost half will roll out virtual workspaces by the end of the year. Migrating user profiles is considered the biggest challenge.
The survey shows that almost eight out of ten companies are planning to migrate to Windows 7 (W7), with the same amount having purchased licenses already. 34 percent have already rolled it out, and almost four in ten indicate that they have a few selected users up and running the operating system. 65 percent do not have any tools or procedures to migrate back from W7 on challenges arise.
“According to IDC over half of all businesses will migrate to W7 at the end of the year. The big challenge is that user settings and preferences disappear unless procedures are in place. This leads to large additional charges," said Ole-Kristian Sivertsen at RES Software.
Eight out of ten believe analysis and design of the platform will take up to six months, with the remaining using more time. For application testing, 75 percent believe that this will also take the same amount – up to six months. 40 percent indicated that they will spend more than six months on the actual roll-out. Migrating user profiles, downtime and lost productivity, lack of knowledge of the user environment and potentially disgruntled users are the biggest concerns.
“To deliver the same desktop environment is a necessity for a migration. We want to make it easier, safer and cheaper to manage users' desktop environments. Migrations are not difficult if you have the right tools. The process should take place without the users being affected, "says Sivertsen.
50% have decided to roll out virtual workspaces from Citrix or VMware. 45 percent by the end of the year, another 20 percent set in 2011.
"This confirms what many people know. Virtual workspaces are one of the biggest growth rockets in the market. The results show that customers have realized the many advantages of the concept. It is positively surprising that so many say they should have it in place during the fall, " says Sivertsen.
The survey was also conducted in the Swedish and Danish market. Number of respondents in these two markets were almost 300 in total. Although the answers to a large extent aligned, there are also some interesting differences:
The Swedes are on top in the decision to roll out W7 (85 percent)Four out of ten Danish companies have rolled out W7, compared with three out of ten Norwegian and Swedish
50 percent of Norwegian companies have taken the decision to roll out virtual workspaces. In Sweden and Denmark four out of ten have made the decision
Four out of ten Danish companies have not decided when the deployment of virtual workspaces to happen (six out of ten will be in place by the end of next year s). Just over half of Swedish companies will have it in place by the end of 2011
Half of the Swedish migration projects are delivered on time and on budget. Similarly, Norway and Denmark were ten percent lower
The Danes set a higher degree of planning for emergency preparedness plans / tools for the transition back from W7 (rollback)
Norwegian companies will use the shortest time on analysis and design of W7, the Swedes the most
Danes calculated shortest time to application and functionality testing (55 percent in under three months)
Half of Danish enterprises will have deployed the W7 to all users within three months. The Swedes will take the best time, probably because they have many special adaptations and tailoring to the user environment
Danish and Norwegian companies believed that the migration of user profiles will provide them with as many challenges. The Swedes were most worried about downtime and lost productivity. Other special concerns across the region were: Many tedious manual processes, dissatisfied users, the migration at the expense of more strategic initiatives and whether users would have the same permissions, the rights and programs as they had before migration
When asked about their thoughts on migrations, most respondents emphasized strongly that it is mission critical. About 15 per cent in each country believed migrations are fun. Between ten and 20 percent thought it was a necessary evil
About the Survey The web-based survey was conducted from Nordic end-users in July 2010 with nearly a thousand answers. 676 people answered the survey in Norway. Seven out of ten worked in the private sector. More than half had more than 500 IT users in the business. Half were architects or IT consultants. 20 percent were IT or operations manager. In Sweden, 179 people answered the survey. Seven out of ten came from the private sector. 55 percent from businesses with fewer than 1,000 IT users. In Denmark, there was 111 responses. Eight out of ten from the private sector, and seven out of ten had fewer than a thousand users in the IT environment.
About RES Software RES Software is the market leader in solutions for the management of Microsoft-based user groups. The company operates development in administration of physical and virtual client solutions, and supports all types of customers of all sizes to reduce costs associated with the operation and management of desktop environment. Customers get a better ability to manage complex client and user groups more easily, and simultaneously meet demands from users who need personal and dynamic desktop environment regardless of time and place. RES Software supports both physical and virtual desktop solutions, and our patented technology makes it easier to manage, automate and deliver secure, personalized and innovative user experiences. For more information, follow us on Twitter @ RES Software and visit our website: www.ressoftware.com
How do you manage security in a virtual desktop environment? Mixed with traditional desktops?
Traditional security comes short when you start thinking about delivering the desktop virtually from the data center. Installing antivirus and firewall is not enough.
Well, everybody now run their personal desktop from within the data center. The network is shared with mission critical servers. Of course you can segment your network, install gateways etc etc. This will increase complexity, will be difficult to maintain, difficult to document, inflexible and expensive. A much easier way is to protect the sensitive infrastructure from the users. Security should be based on the user session instead of on the device itself, as traditional security does. What we want is context based security!
What will this actually mean to me?
You do not have to create a complex infrastructure if security is tied to the user sessions. After user authentication, the user session will be locked down and external access will be limited. Access to USB drives, CD/DVD (yes even from a virtual desktop) and network can be limited and/or prohibited. No complex scripting adapted to each and every OS/application is required. Security is maintained independently if the user logs on to Windows XP, Windows Vista, Windows 7 or Windows Server 200x. No need for complex firewall rules or locking down local drives with NTFS. One golden stateless image is possible.
RES PowerFuse solves all your headaches!
The user context (id, role, location, device and time) will continously be evaluated and a limited content will be composed. The composition can consist of access to applications, data, printers and of course the users personal settings. You will get a dynamic User Workspace where applications and resources only are available to the right user at the right time at the correct location. This applies even if other applications are installed - they will not be available to the user if security policys apply. Unauthorized processes will not be able to execute in the user session. RES PowerFuse will allow you to use white listing on application level.
What happens if a user disconnects from the session and move to another location?
What security policys apply in this new location? Is access to all applications and data allowed according to regulations? What if the application where running in the session? Applications will be terminated if the applications are not allowed in the new location - without having to log out and back in again! Security rules are evaluated in real time based on the user´s context and the corresponding content is composed. In this above scenario the physical location of the user is used as a contex evaluator. Not the location of the virtual desktop - which is in the data center.
You will, quite simply, get a very secure zone in the data center wher users intentionally or unintentionally can make a mess.
Contact RES Software if you want to know more about how to secure you virtual desktop infrastructure. This way of securing your infrastructure based on user sessions is also applicable to traditional desktops and central published desktops. One way to rule them all!
Focus on what to deliver to the users instead of how!
When I am listening to customers they tell me that when they migrate to Windows 7 they will reassess their desktop strategy - in part or completely.
Before I continue let's just make one thing clear. The choice of a new operating system, like Windows 7, is not a strategy. It is simply a technology choice. A strategy typically spans over period longer than 3-5 years. This is by itself a big challenge. How can you tell what will be the best IT delivery vehicle in 5 or more years?
Why reassess your desktop strategy?
The biggest reason for reassessment, as I see it, is that a migration always is a very big change for IT and even more so for the end-users. The IT-department look at changing the way users use their desktop as it is going to be a big change for them anyway. A new way might be using more laptops, virtual desktops (VDI), maybe thin clients and published desktops?
Most of us have been through an occasional OS migration or reinstallation for that matter. This migration always result in a 'new' desktop and maybe also a new computer. What it did not result in was continuity. All my personal settings where either lost completely or moved to a backup location for me to restore myself. No favorites, no desktop icons, no printers, my background picture gone, application settings lost. The list can be made very long and the user satisfaction and productivity is low. IT is not seen as delivering services but instead always changing things - disruptive.
What are the problems associated with a migration?
Some of the problems are tied to the fact that most personal settings are tightly coupled with the physical computer I as a user log on to. The settings I make as well as the settings IT manages.
On a Windows OS there is a personal profile associated with every individual user as well as scripts to tie resources to the user: such as printers and drives. On top of that Group Policys are also used to control and configure the user desktop. All are tied to the specfic OS. Point solutions.
You can choose from a wide array of custom made tools to help you migrate from Windows XP or Vista to Windows 7. Or why not your Citrix Farm from Windows Server 2003 to Windows Server 2008. What I hear from my customers is that they work, but not 100%!
So in reality this is not something you can rely a migration on. Not if you want it to be successful, risk free and performed at a low cost. Not without disrupting end-user productivity.
What if you did not have to take into account all those ways of delivering configuration to the user and retaining their settings? Life would be so much easier; both from an IT perspective and from an end-user perspective.
How do you succeed?
By separating the user and its settings from the underlaying infrastructure it does not matter how IT services are delivered to them; OS or application delivery infrastructure. Local, published, streamed, virtual...it does not matter!
The User Workspace (this is what you get when with the separation) is created by constantly evaluating the user Context (ID/role, device, location and time) and your security policys and will compose a dynamic content. The content can consist of access to applications, printers, data and the users personal settings.
So what is in it for you?
With a User Workspace you will never have a high cost and high risk migration project. We all know that after Windows 7 there will be a new OS with a new migration project. They will keep coming. Technology changes like this are unavoidable. High cost. High risk. By transforming your traditional desktop into a User Workspace you minimize the risk by taking control of the existing infrastructure and, step-by-step, perform the transformation. You can make an analysis of real settings in the existing environment such as application usage, drive connections, printer connections, location & devices etc - instead of making qualified guesses. With this information, rules are automatically created to replicate or optimize the delivery. This is called Desktop Transformation. When you have proceeded with Desktop Transformation then you can migrate.
You will have total control of your Windows clients and users. You can change the way the traditional desktop and applications are delivered to the end-user. No need for complex scripting or application packaging. These settings are also separated. You will get one place for all configuration, administration and trouble shooting, totally independant on the underlaying infrastructure.
What will the result be?
The user can log on anywhere and always have access to the right applications, right settings and right configuration. One minute they can work from a laptop running Windows XP, the next move to a stationary running Windows 7, and then move back again. IT can implement virtual desktops and the users can instantly log on to that environment be productive. Some applications being streamed to the current desktop, others published and some locally installed. IT can replace the OS with Windows 7, the users will continue to recieve a non disruptive service and they will be productive and happy. Beside all of this you can create a very secure user environment since security is user based, not device based. When the user is in a non-secure location, do not give access to sensitive data or applications. Some companies would 'kill' for that kind of security enforcement!
Difficult choices made simple!
You do not have to spend countless of hours trying to find the best desktop strategy just because you want or have to move to Windows 7. Today you might be struggling choosing between Citrix XenDesktop or VMware View. Maybe Double-Take? What about Med-V? Application Virtualization? ThinApp? InstallFree? Citrix Streaming? There is no lack of choices! What you should focus on is who or what is best at delivering that kind of technology at that time, without having to think about the fact that users have to access it and retain their settings. Minimize the risk involved in a technology change and at the same time drastically reduce the operational costs. You will get a well managed, secure desktop environment.
I know this might sound a bit too good to be true, but it isn't. This concept is nothing new, but still revolutionary. The solution is fantastic and revolving. Change the way you manage your clients forever.
You can get the best of two worlds. You get a:
Centralized and Standardized heterogenious desktop environment
that at the same time is:
Dynamic, Personal and Technology Agnostic
The strategy you should think about is how to transform you traditional desktop environment to User Workspaces.
Below you will find a short movie explaining some of what I covered in this article.
Do not let the choice of technology turn into strategy!
When you deliver a desktop to a user the essence of the delivery is the content i.e. the service i.e. the customer need. The delivery vehicle of the service, such as desktop and application, must be a temporary technology choice, simply due to the fact that the evolution pace within this space is rapid. If you make technologies like Windows 7 or a specific VDI vendor your strategy, you will decrease business agility, increase complexity, create point solutions and focus on technology instead of service delivery. You will also be less competitive.
RES Software will make service delivery technology agnostic in a Microsoft Windows environment. This will strongly contribute to decreased complexity, minimized risk when making technology changes, lower TCO and above all increase end user productivity and satisfaction.
So think again, look in the rear mirror and learn from your experiences.
What we without a doubt know will not change - is that things will change!