Adventures in home working

I picked up a few useful bits of information during iForum this week:

1. Citrix predict that between 30 and 50% of people will be mobile by 2010
2. Some form of rights management is required when delivering to unmanaged PCs.  For example XenApp has a type of rights management, ie it can disable cut and paste, save to local PC disk, Print etc based on the results of a NAC check.  Microsoft have a much richer rights management solution, but its not currently integrated with NAC, nor can it be applied to all applications.  My thought perhaps SoftGrid execution environment could be NAC and rights management enabled, and therefore prevent certain things on unmanaged PCs
3. 10% of people poled in a couple of sessions had increasing IT budgets
4. 60% of people are expected to be working either from home or in branch offices by 2010
5. There were 1.2B mobile phones in 2007, expected to be 1B SmartPhones by 2010
6. 47% of companies now consider data protection now more important than perimeter security, again another hint at the potential growth of rights management if it could be made seamless enough for people who have rights!
7. An IDC study was quoted that predicted that knowledge workers would be working with 60% of their information sourced from outside the company within 5 years.  I can really relate to this, I think I’m way beyond that ratio already and this >60% is part of my personal knowledge management system, not my companies, although some small part of it is relevant to share.

Delivered by Steve Maytum – VP – End user platforms

1. Today
1. 54,000 managed XP desktop, two builds.  Modified the Gina to add a “borrow” button to RDP to a CPS environment or RDP to the users desktop PC,  this is similar to what CSC have done, but my modifying the GINA they have a solution that doesn’t force a locked session to logoff – nice!
2. 15,000 managed laptops
3. 4,500 applications
2. Investing in
1. 50 unmanaged PCs
2. 300 thin client devices
3. 3,200 virtual workstations
4. 700 seamless published applications, 4,500 concurrent users
5. 70 streamed apps
6. Lots of Blackberries
3. Investment banking is all about agility and power and speed of delivery, 140 changes a week
4. Private banking is about protection of data and stability, 2 big changes a year
5. Drivers
1. Cost reduction
2. Strategic sourcing
3. Increasing remote offices
4. Mobile and nomadic users
5. Home working
6. Availability of power and heat, green – in some building they are not able to deliver any more power to the buildings
7. Business continuity
8. Regulatory requirements
9. What their peers are doing
10. Consumer experience & user capability is driving a need to raise the bar
11. Increase in technology capability
6. Remote access security framework
1. A NAC check provides control over what you have access to, using an SSL VPN –
2. EPA Factory is used for the end point analysis
1. Service pack
2. AV running and have a signature that’s less than 2 weeks old
3. Personal firewall running
4. New version being developed to provide information on geographical location, whether they are at the PC console or remoting to it, checking for password protected screen savers
3. Pass
1. Access to your PC via RDP
2. Local printing
3. Line of business apps
4. Long inactivity timer
4. Fail
1. Just access to email and office apps, plus a softphone
2. Short inactivity timer
5. Citrix Access Gateway – Advanced Edition sits behind an SSL VPN
6. RSA SecureID
7. Citrix web interface used
8. Most users just use Citrix to provide access to their existing desktop PCs using RDP tunnelled through ICA
9. They have lots of users apparently who bring in their personal laptops and rdp to their desktops
7. Success so far
1. 8,738 user connections a day
2. After 6PM 1.26 years of work gets done every night
3. At the weekend 3.33 years or work gets done
4. Total of 500 years of productivity
5. Peak usage is 9PM and 7000 users on a sunday
6. Number 1 requested service
8. End state
1. Citrix PS desktop – 112 sessions per blade
2. VDI desktop – 40 desktops per HP C Class blade
3. Trader private blades
4. SoftGrid for application streaming
5. IGEL thin clients
6. Traditional PCs with app streaming
7. Thin offices
8. Remote users
9. Considering putting all the clients on a “dirty” network and do all client – data centre access over an SSL VPN
9. Interesting point that I’ve made myself many times
1. yesterday – business demand outstripped technology opportunity
2. now – technology opportunity has exploded, way beyond business demand or even businesses availability to keep up

1. XenDesktop running Vista
2. Client is running XPe
3. Showed AutoCad, great 3D model rotation using 5mb/sec
4. Vista 3D flip worked fine
5. WPF 3D app – patient records system – worked fine
6. Call of duty game – worked ok
7. Full screen video worked well too
8. Still working on high quality audio
9. Works on Citrix desktop spec appliance

1. The network load balancer is going through a period of change
2. The concept of a load balancer is still relevant
3. However load balancers need to do more to earn their living, reducing cost, increasing security and optimising traffic
4. The load balancer of the future is best thought of as an Application Delivery Controller
5. Traditional role
   1. better utilisation of data centre resources
   2. high availability when front ending replicated application resources
   3. typically passive from the perspective of the application
6. Why the change
   1. 9 out 10 apps rolled out in 2008 are web based or have a significant web component
   2. My note – compare this with the number of apps used/installed by end users – I think we will see continued high use of client apps, trivial to the enterprise but important to the user
   3. often web apps are very network intensive, often 3x the bandwidth of the client server apps they replace
   4. facebook alone consumed more bandwidth in 2007 than the whole of the internet in 2000
   5. A 30 minute streamed video uses more bandwidth than 100 emails a day for a year
   6. Users are being pulled further away to their applications
      1. globalization, flexi working, branch expansion, mobility, web 2 etc
      2. security, compliance, consolidation …
7. Future role
   1. needs to understand applications, user usage patterns and network traffic
   2. they need to optimise performance, security and cost
   3. application functionality
      1. Load balancing, to minimise latency, distribute load, direct users to where capacity is available, to provide disaster recovery
      2. Content switching
      3. Attack protection, for example resisting a DOS attack, whilst still servicing real traffic
      4. Surge protection, prioritisation of traffic – for example checkout is prioritised above browsing
   4. application performance
      1. enabling compression, which browsers support but many applications don’t
      2. content caching, can often increase performance by a factor of 10 or more depending on app of course
      3. TCP optimisation, buffering, keep alive
      4. performance monitoring, edge sight for netscaler
   5. cost reduction
      1. TCP connection offloading
      2. SSL offloading, hardware SSL offloading reduces web server load by generally a factor of 3
      3. Content caching
      4. Example they reduced the number of web servers MSN europe had serving adverts from 80 to 8
8. 75% of investment is focussed on network security
9. 75% of attacks are at applications
   1. Cross sight scripting, SQL injection etc
   2. An application firewall is mandatory for PCI, ie credit card handling, Payment Card Handling Data Security Standard

Delivered by Sumit Dhawan – Senior Director – Desktop Virtualization Group

Key points:

1. Current desktop process is slow, complex, insecure and costly to maintain
2. Task workers 30%, Office workers 55%, Mobile workers 15%
   1. Office workers seems to me to be way to broad a classification
   2. Office workers are characterised as needing a “personalized” environment
3. Task workers
   1. Standard work environment
   2. Fast startup/low cost
   3. Data security
   4. Compliance and control
   5. XenApp is a great solution for these users
   6. Seems to me that this description above does apply to lots of office workers as well, even consumerized use cases.  In my case for example for enterprise applications – I would be happy with the above, so long as my client was a non locked down laptop
4. Mobile workers
   1. Frequent travel and offline work
   2. Unmanaged or lightly managed laptop
   3. XenApp is a great solution for these users
5. Office workers
   1. Mainly work in the office
   2. Inter office roaming
   3. Office day extenders
   4. Assumption that XenDesktop is the solution for these users
   5. Citrix believes XenApp is the way to deliver the apps to these users
   6. My concern over this positioning is that it also kind of assumes a person works at a desk, rather than someone else’s desk (shoulder to shoulder) or in a conference room or some other collaborative space
   7. 1st generation VDI – which maps to my maturity level 1 – has mainly been for customers who wanted to solve mainly security related issues, at least these were the projects that succeeded
   8. Lots of talk about the ability for users to personalise, for example installing Active X controls.  But no explanation as to where these personalisations get persisted if you are using provisioning server!
      1. Given this lack of a persistence solution, its unclear to me how XenDesktop differs from XenApp Presentation Virtualization
   9. Discussion of the slow degradation of windows desktops over time.  Its not clear what causes this, however does it automatically follow that the same issues won’t occur when a PC is assembled every day from components, perhaps even worse if the components are virtualized (ie multiple copies of dependant components).  However using XenApp published applications would be cleaner.
      1. However if XenApp published applications are being used how does a user add their own apps or add active x controls, or outlook add-ins etc.
   10. Repeated the benefits of using XenApp published apps, ie you can get up to twice as many XenDesktop users per server.
6. Customer example
   1. Collier County public school
   2. 10,000 students, 1000+ staff, about 9,000 remote students
   3. Early adopter of desktop virtualization
   4. A customer that was caught in the “hype cycle”
   5. Deployed maturity level 1, didn’t get beyond the pilot
   6. Rolling out to about 50% of users
   7. Key message – use cases are key!!
7. Costs
   1. Will this cut costs?
   2. For procurement costs Citrix believe PC is $1100 VDI is $1400, but by extending the life of the PC this cost increase will be reduced
   3. Lots of other cost discussion didn’t get covered, although they believe that TCO saving is 40%

These are the key things that I took away from the iForum keynote by : Mark Templeton at Edinburgh.

1. It’s started late!
2. 1 Million Citrix servers currently in operation, in 200,000 companies
3. Citrix NetScaler sits in front of many large scale web sites today, 75% of Internet users touch NetScaler every day
4. Citrix are pushing support for Apple products going forward
5. Nice slide – you are here, your apps are there, and your users are somewhere else
6. Business issues
   1. Globalization
   2. Offshoring
   3. tele-working
   4. Mobility
   5. Green
7. IT issues
   1. Consolidation
   2. Security
   3. Compliance
   4. Business continuity
   5. Green
8. Not just think different – DO different
9. Citrix takes inspiration from TV
   1. Simple, fast and on demand
   2. Device, network and application independence
   3. Content security and access control
   4. Dynamic capacity
   5. Predictable operating and capital costs
10. However I would make the point that even with all the above, there are still:
    1. PVR’s
    2. youtube
    3. DVD’s
    4. BBC iPlayer
    5. etc
11. Doesn’t change my view that one solution will not meet all requirements, and to be fair Citrix understand that in their model of Controllers, gateways, repeaters and receivers
12. Citrix are promoting a move from the DATA centre to a DELIVERY centre, not sure myself that much changes, data centres have always been delivery centric.
13. Citrix approach – follow the users and the applications —> the web is number 1 for new applications
    1. This means put lots of effort into application layer network services – Citrix NetScaler, 20,000 enterprise deployments so date.  5x (10x for MPX) performance improvement, with increased security and lower server load
14. Relationship with Microsoft stronger than ever
15. The end user experience, requires a lot of focus on the delivery network and associated services
    1. Single signon
    2. Security
    3. Appsharing and collaboration
    4. Integrated telephony
    5. performance monitoring
    6. …
16. Over 50% of employees are in branch office
    1. Citrix branch office repeater
       1. Application delivery staging, for virtualized streamed applications
       2. Windows branch services, file, print, DNS, AD
       3. WAN optimisation
       4. Ok – but where is Citrix provisioning server branch repeater services!
       5. This is a nice integrated appliance, but how does it compete with Cisco WAAS or Riverbed?
17. Citrix app receiver
    1. A universal software client, everything else is a plugin
       1. acceleration, security, virtualization, monitoring, web collaboration, technology, user support, third party extensibility
       2. This is a trend I am seeing everywhere, including Symantec/Altiris and VMware, Firefox
18. Citrix workflow studio
    1. Works within a single Citrix product, between Citrix products and because its Microsoft Windows Workflow Foundation it can orchestrate Citrix and third party products
19. Xen Desktop
    1. A Xen desktop with no applications – ie all apps delivered by XenApp uses half the resources of XenDesktop with apps.  ie twice the users per server.
    2. Upgrade from XenApp to add XenDesktop license for 95$ (enterprise or platinum?)
    3. Not clear what advantage XenDesktop gives over XenApp other than “personalization” also not clear what the real cost difference is.

I’ve been trying to work through the key questions that need to be answered about VDI by anyone comparing it to the obvious alternatives, these being:

1. A laptop
2. A physical desktop
3. A client side virtual machine, copied or streamed to the PC
4. A web application portal
5. A server hosted desktop

Whilst I can see use cases where all of the above are great solutions, it’s not immediately obvious how the decision making process should work in the enterprise.  To start off here’s a short discussion of the  alternatives:

1. A laptop’s a great solution for someone who doesn’t want to work a fixed work locations, but rather wants the flexibility to work shoulder to shoulder with a colleague, work in conference rooms, hotels, the back garden etc.  Clearly it’s also the only solution for people working with unreliable or no network connection.  I see this workstyle being pretty standard for many knowledge workers going forward.
2. A physical desktop seems most at threat from VDI, it doesn’t offer any particularly compelling attributes, until you start to think about the future of the desktop.  Practically unlimited encrypted storage, low power consumption, support for operating system streaming or iSCSI boot, massive computational capacity.  If someone could figure out how to drive real productivity improvements by using all that storage and processing power then we might easily see the desktop swing back into favour.  Even if the desktop PC continues to be used pretty much as it is today It’s not unreasonable to consider the desktop as essentially a VDI client, streaming OS, Apps and Environment on demand in a very VDI like way but just without all of that server and storage infrastructure.
3. I’ve used client side virtual PCs for years, but I wouldn’t want to do all my work on one.  My gut feel is that this will change by 2009 when we will see client side hypervisors readily available and these hosting one or more personal VMs and an enterprise VM thats either streamed to the client, along with streamed apps and environment or just managed as if it were a physical PC, just easier to fix.
4. A web application portal is my favourite way to get at all the “enterprise” applications that I use.  I have no desire to go back to using an enterprise desktop.  Just give me my personal laptop and Internet access and I’m away.  CSC provides me with a portal that fronts expenses, procurement, email, collaborative services etc, and I get a backup solution for my PC that provides an Internet accessible web site for me to access/recover all my documents in the event of a hardware failure or loss/theft of my laptop.
5. A server hosted desktop, most often XenApp provides a locked down environment that meets the needs of many users, and at a price point that VDI can’t reach.  Of course for enterprises that just want to publish applications, it provides a great solution for that too.

Ok after rambling through the alternatives I think I’m ready with my list of key questions:

1. Do you need a solution that costs less than the money you will save by replacing desktop PCs?  If yes then it’s unlikely that VDI is for you unless the desktop PCs are particularly difficult to support, like those in remote branch offices or home locations.  The marginal saving of removing a PC is pretty low when automated tools are used for management.
2. Do your users really want a desktop?  Lots of users who are using a PC as their client device don’t want another desktop, they just want the applications published to them and integrated into their desktop experience.  Microsoft recently ran a trial of their Server 2008 product which offers secure Internet access to applications with “seamless windows” and a full published desktop.  Most users just wanted to use seamless applications.  As I explained above in CSC we just publish web applications.  As consumerization takes hold expect lots of users to prefer to use their own PC for access and look to the enterprise just for the apps they need.  Of course publishing a full desktop costs more, but it does offer a more secure environment and a more controlled end to end user experience.
3. Do you really want windows applications?, if your users needs are simple – and many people looking at VDI keep saying all my users need is email and Office – then perhaps all they really need is a good web email and a well integrated web office suite, and that’s way cheaper than any virtual desktop solution.
4. Do you already have a well managed desktop environment in place?  if you do it’s fairly easy to just deploy a VDI environment to essentially just “provision virtual machines” from that point onwards you might well find it’s cheaper to manage them like every other PC on your network.  You can’t do this with XenApp so unless you already have a well managed XenApp environment in place you will probably find that XenApps infrastructure cost advantage is written off by increased OS and Application management costs.
5. Do your users need to personalise their desktop?  lots of people seem to think that users want VDI because they want to “personalise” their desktop.  Well by personalise most people mean installing applications and many enterprises frown on that.  It might be better to provide two environments,  one that’s locked down and includes enterprise applications and another that’s essentially personal.   This is expensive if you use VDI to provide both of these, or use VDI for one and XenApp for the other, but its not too bad if you provide your users with an allowance to go buy their own laptop and then provide them with VDI, a client side VM, XenApp or a web portal.
6. What are your availability needs? An office full of desktops and laptops can offer a very high level of aggregate availability (for example 95% of an offices PCs might reasonably be available 99.999% of the time) but a VDI or Server hosted desktop environment won’t deliver this level of availability to the desk without a lot of investment.  Not many people need this level of availability, but if you do it’s an important consideration.
7. When does VDI make sense?  Even if VDI isn’t the right solution today, its going to get cheaper – of course PC’s are going to get cheaper – or at least use less power – and more secure and easier to manage as well.

Ok so I’ve rambled on a bit more,  if you answered the questions above and still want VDI it’s likely that you have a lot of expensive desktop PCs to replace and/or you want to increase security, flexibility and agility and you want to do it now.

Time for me to offer up what I thinks going to happen:

1. A lot more laptops,  I think perhaps 30-50% in many enterprises
2. Initially a lot of edge cases where VDI makes really good sense, you might say “the places that traditional desktops and laptops find hard to reach”
3. Some enterprises that have very large desktop user populations today, who don’t have a rich mobility requirement, but do have a large and complex legacy application portfolio will be tempted to move to VDI now
4. Users who do get VDI will get a smartphone as well, or at least get access to email, presence, IM etc on their own smartphones.  perhaps the smartphone will have a bunch of virtualized client applications on its USB drive that can be accessed from any PC, including the VDI client software
5. Within a year VDI costs will have fallen a bit, but not enough.  Desktop PC TCO will have fallen as well and security and manageability will have increased making VDI more expensive again, but with fewer advantages.
6. The app streaming, environment streaming and OS streaming infrastructure that represents the most sophisticated VDI implementations today, will support desktop PCs and ultimately portables as well.  At this point client device choice matters a lot less, and of course it’s then not either or.  It’s simply a matter of right device, anytime, any place.  if I’m a laptop user but I need to quickly access a large file I can run up a VDI environment on demand, laptop gets stolen no problem, just spin up a VDI session for a week and then stream everything back to my new laptop when it arrives.

I’m at Citrix iForum in Edinburgh today,  the conference starts tomorrow and lasts for two days.  There are a couple of CSC people giving talks.  I’m not speaking but I will definitely be listening.  I’ve got a few objectives from the next two days:

1. I want to get a general update on the Citrix portfolio, especially the edge appliances
2. I want to get a broader perspective on VDI, listening to the perspectives of RES, Appsense, the thin client hardware vendors and Citrix themselves.  I have a pretty clear view already, but I want to test it
3. I want to spend some time writing a couple of blog posts, thinking a bit and structuring my thoughts
4. I want to have a rest, and get some walking in – I’ve been over worked for the last few months and I can feel it!

I’ve been experimenting with desktop video conferencing for years, but my enthusiasm never persists for more than a few days because the experience is just too unpredictable.  Sometimes it’s a image quality issue, sometimes it’s firewalls, right now it’s unstable drivers and poor lip synch.  It’s not far away though, in theory Skype and Logitech already offers HD conferencing (not reliably for me due to driver issues on Vista 64), and there are several high quality – but too expensive – desktop HD solutions (LifeSize for example), but it’s still not quite real for me – what will it take?

1. Good multi-party video support in web conferencing systems
2. Multiple screens and multi-screen support in the software, you need at least 2 screens and maybe three to have a multi-party web conference with video
3. Faster home networking or perhaps just more consistent bandwidth (most people are not going to video conference in an open office)
4. Better camera’s that offer an optical zoom so that it’s possible to really see expressions and lip synch
5. A price point that’s viable for the enterprise, less than £150.

The recent announcement that Microsoft is working with Tandberg to deliver a $300 high-definition video camera by next year is a good early indicator that maybe we are approaching a tipping point.  That said the first step is to win the ongoing battle to convince enterprises to invest in multiple monitors.

VDI is a pretty cool for a whole host of use cases, but what we really need is a single infrastructure for virtual and physical PCs.  We are nearly there:

1. Citrix provisioning server can stream a base operating system to virtual and physical PCs
2. Application virtualization and streaming can stream the applications into this base operating system to customize it for the user
3. User environment “virtualization” can deliver the users profile and other per user or per group customizations

All of the above are key to VDI, but also not far away from being viable for physical desktops and portables.  Microsoft’s acquisition of Kidaro points the way to how some of the gaps might be filled since Kidaro includes:

1. Kidaro vDNA : to “save” all of the user specific data when the user logs off the VM
2. Kidaro TrimTransfer : optimising the transfer of the virtual image by doing a block level compare and only sending the delta’s or the stuff that is not there yet.

For those of us like me who want to deliver their enterprise desktop experience integrated with their personal desktop and laptop experience they add:

1. Kidaro ToGo : which allows you to run everything from removable media like a iPod or USB drive
2. “Workspace”: that allows you to have “published” applications from a VM. This means that if you run Lotus Notes from a VM you can only show only Notes instead of the whole VM.  VMware 6.5 will have this feature on Windows and VMWare and Parallels already do it on the Mac.

Finally Intel with their vPro capabilities greatly reduce the need to visit the desk for support. 

Within a couple of years – once Solid State Disks are cost effective and encryption routine – we should expect to see physical desktops and laptops that have all of the desirable flexibility, management and security characteristics of VDI/Thin clients, supported by the same infrastructure. 

At that point just choose the client device that suits your workstyle and get productive.