How to deal with Mixed Desktop Environments
Transcription
How to deal with Mixed Desktop Environments
How to deal with Mixed Desktop Environments Different business needs and changing IT strategies have created heterogeneous desktop environments that combine PCs, thin clients, laptops and other mobile devices. The right computing and management strategy is key to a permanent reduction in administrative overhead. way of providing IT users with data and applications has The classic desktop PC is losing substantial market share Consistent Management Strategy due to high operating and security costs. By contrast, note- Although it may appear worthwhile to equip all IT workplaces books and thin clients are on a growth curve. At present, with thin clients, many mobile users still rely on laptops. To the commercial share of these two device types matches the frustration of administrators, there is currently no that of classic desktop PCs. According to an IDC analysis, in management solution that is equally suitable for thin clients, 2007 the thin client share of corporate desktops was 5.4% PCs, and laptops. Typical PC management tools, such as in the US and 4.8% worldwide. The current mix of desktop Altiris, are of very limited use for thin clients. Special soft- devices calls for IT managers to adopt a clear strategy. In the ware is needed to fully exploit, in cost terms, the strengths of absence of a sound concept to manage and align desktop thin client-based desktop environments. This software per- environments, the risks go beyond an explosion in IT costs. mits group-based management of device profiles, supports If companies miss the opportunity to simplify the desktop systematic remote administration of all functions, and management jungle, they may put their data and the future delivers secure and efficient mechanisms to update thin of their IT infrastructure at risk. client firmware. Added benefits of thin client-specific emerged: desktop virtualization, which has opened up a relatively new field of application for thin clients. In this concept, servers on which operating systems and applications are installed simulate standard PC hardware. As in serverbased computing, users access the servers from thin clients and see on their monitors the usual graphical user interface of (virtual) PCs. administration solutions are automated functions which, Data and Application Strategy for example, switch terminal devices on and off remotely at IT workspaces cannot be seen in isolation from general specific times. corporate computing strategy. This fundamental issue must therefore be addressed as part of the infrastructure strategy. Currently, there are three basic ways of providing data and Abb. 1: Management model for heterogeneous desktop structures applications company-wide. In the ‘80s, the client/server principle took hold. This involved connecting full PCs with hard disks and locally installed applications like Microsoft® ient n Cl Thi Office, email, Internet, etc. to data servers via a network. much simpler and much more secure administration. In line with this concept, all files began to be stored centrally and Manag em tool ent and public agencies from the mid ‘90s onward supported M Mana ge too men l t Active Directory (user profile) , PDA one, etc. h rtp computing paradigm that spread through private companies ment age an tool a Sm ement n ag Ma tool USB-attached storage media. However, the server-based PC / La pto p Files were also saved locally on the PC hard disk or on Virtual ma chi ne the applications would run on “terminal servers” located in computer centres. Although this concept has permitted Joint Basis for Best-of-Breed Management continued use of PCs, thin clients are typically deployed. The use of a joint profile database is recommended to Because thin clients dispense with mechanical components minimise administration costs for heterogeneous desk- such as fans and hard disks, they are more reliable, but they top environments without surrendering the advantages of do not allow for local data storage. What’s more, thin clients specialized management solutions. A suitable option in the consume no more than half the power of PCs and Windows® environment is Active Directory (AD), which has support full remote administration. More recently, a third been an integral part of Microsoft’s® server operating system 2/6 since Windows® 2000 was introduced, and is therefore sup- a VPN connection when working directly on the server and ported by all leading vendors. In the thin client environment, they should not be allowed to save data locally. mention should be made of the IGEL Remote Management Suite from the German vendor IGEL Technology. This software, which comes bundled with all IGEL thin clients, Abb. 2: Security model for heterogeneous desktop structures is a solution that supports not only Active Directory, but also a wide range of database formats for better integration n Thi en ti Aut h Users, application and data ,K er .) Update and Partial Update, updating is faster and minimises urity policies S ec etc user service. Thanks to innovative methods such as Buddy martcard acc yer (s ess s, ro PC / Lap top n la be tive overhead (time and costs) and an improved level of c io at etc. nes, pho art Sm A, PD ment console is programmed in Java and is not tied to a management strategy are reflected in reduced administra- ) nection layer (VPN Con ) into legacy IT environments. Appropriately, the managespecific platform. The virtues of an Active Directory-based (stationary, mo bile Clients network load. With Buddy Update, a thin client in the cluster assumes the role of an update server; with Partial Update, only new firmware files are transferred to the thin clients. Further benefits of special management solutions are integrated standard queries that keep IT managers informed of the current status of the thin client pool at all times. A mouse click is all that is needed to filter and display a list of nonactive devices. User Strategy: Universal Mapping of User Scenarios In terms of operating costs, stationary thin clients generate savings of 75% compared to PCs. This is confirmed by the Economic Evaluation of the Fraunhofer Institute UMSICHT (http://it.umsicht.fraunhofer.de/PCvsTC/). Therefore, a logical conclusion would be to target maximum use of thin clients in companies, and to use notebooks only in mobile scenarios where there is no permanent connection to the corporate Security Strategy: Enhanced Data Security The growing demand for thin clients is also a consequence of rising security costs. A cross-desktop strategy is strongly recommended in this area, too. Market analysts at Gartner forecast that theft of desktop devices with local storage will result in a 20% rise in operational security costs. There is less incentive to steal thin clients as they have no local file storage. And even though every attempt should be made to protect them against unauthorized use, security issues are more serious for laptops, on which data can be stored locally. Instead of the relatively insecure login process with user name and password, it is advisable to implement uniform, enterprise-wide two-factor authentication across all network. On company premises, mobile thin clients may also be deployed with a WLAN or UMTS connection. If it is necessary to reduce costs per IT workspace even further, multi-user scenarios with a shared pool of laptops and thin clients are an alternative option. If notebooks are used primarily in home offices, they can likewise be replaced with thin clients that feature an integrated Cisco VPN client. This also permits central management of home-based workplaces. Even an ISDN connection is sufficient to facilitate remote work on the corporate server. All types of IT needs can be meaningfully supported with the help of a central profile database, such as Active Directory, as the smallest common denominator. desktop devices. For this purpose, many thin client models already have a built-in smartcard reader or support USBbased authentication solutions. To reduce administration effort, authentication scenarios of this kind may also be based on Active Directory. As a further guideline, local data storage should be kept to a minimum in companies. With this in mind, laptops can be set to access a server-based computing environment in the company, and to permit automatic synchronization of only a limited selection of folders for offline operation. If a permanent mobile Internet connection is available outside company premises, users should prefer Hardware Strategy: Consolidating Terminal Devices Few companies are in the fortunate position that their staff uses only standard applications and hardware, all of which can be centrally provisioned. Despite the individual nature of requirements, there are universal solution concepts to support centralisation with thin clients and, in spite of the need for uniform management, various use cases can be implemented. For example, the Universal Desktop approach adopted by IGEL, the German market leader, provides vari3/6 ous cross-model access paths (known as Digital Services) Keeping Technology Options Open to central IT infrastructures, and also offers a wide variety Regardless of whether companies opt for a virtual desktop of support technologies such as WLAN, smartcard, roam- or a server-based computing environment, if they want the ing and single-sign-on. These options ensure that even user best of each provisioning technology without losing their way scenarios with several monitors, widescreen, touchscreen in the management jungle created by the diverse software support, and IP telephony can be implemented. More and hardware solutions, they must adopt a sound desktop examples are direct Internet, host and SAP access, PDA management strategy with a joint user profile database. An synchronization, and vertical solutions such as card reader overarching user authentication strategy also helps keep support for health insurance cards. The purpose of universal security costs under control. Given the newness of current solution approaches is to fully take advantage of consolida- desktop virtualization solutions, it is important not to take tion potential and, at the same time, to largely dispense with a short-term view when selecting thin client models and server-based middleware. The Universal Desktop models vendors as this could close the door on future technology are even able to replace IP phones and print servers. They options. Modern thin clients with universal firmware minimise also permit access to virtual desktop environments such as this risk. Their broad standardised range of access ® ® VMware VDI and Citrix XenDesktop. protocols and supplementary technologies ensure that company employees are able to use the applications they Migration Strategy: Focusing on the Future need to perform their specific tasks cost-effectively, securely, Heterogeneous desktop environments are becoming reliably, and long into the future. more and more standard due to the increasing pressure to improve management, security and total costs. However, until these improvements are meaningfully made, it is a question of finding the ideal mix of thin clients and notebooks. This depends both on the consolidation effects that can be achieved and on the improvements in productivity. Basically, desktop PCs should be reserved for specific use cases, or better still, they should be virtualized. Once server-side preparations have been made, all stationary workplaces can be migrated affordably to thin clients. The thin client device profiles are defined prior to actual rollout in the management solution. The terminal devices are readyto-run once physically connected. This means that several hundred thin clients can be rolled out every day. From an entrepreneurial point of view, an interesting benefit of rapid migration is the ability to better plan and implement organizational changes such as data recovery, emergency and crisis scenarios, and corporate mergers. New and replacement investments in thin clients generally pay for themselves quickly due to the long lifecycles and low TCO. Investment in virtual desktops is especially worthwhile where there is a large proportion of specialized PC-based applications (graphical or CAD workstations, for instance) that can likewise be provisioned using a standardised thin client environment. 4/6 Germany (HQ) United Kingdom United States Singapore Hong Kong IGEL Technology GmbH Schlachte 39/40 28195 Bremen Germany Tel +49 (0) 421 1769 240 Fax +49 (0) 421 1769 302 IGEL Technology Ltd 1210 Parkview Arlington Business Park Theale · Reading · Berkshire RG7 4TY · UK Tel +44 (0) 118 340 3400 Fax +44 (0) 118 340 3411 IGEL Technology Inc. 5353 NW 35th Avenue Fort Lauderdale FL 33309 · USA Tel +1 954 739 9990 Fax +1 954 739 9991 Toll Free (US only): +1 877 GET IGEL IGEL Technology Care of: C. Melchers GmbH & Co. Singapore Branch 101 Thomson Road # 24-01/05 United Square Singapore 307591 Tel +65 6259 9288 Fax +65 6259 9111 IGEL Technology Care of: Melchers (H.K.) Ltd. 1210 Shun Tak Centre West Tower 168-200 Connaught Road C. Hong Kong Tel +852 2546 9069 Fax +852 2559 6552 www.igel.com Errors and omissions excepted. Subject to change without notice. ©2008 IGEL Technology A member of the Melchers group. [email protected] 98-EN-8-1