2
Oct
2009
The Changing Face of Infrastructure Part 1
This will be a series of posts in which I will explore the benefits and misconceptions of the changing Infrastructure and Services model we are experiencing today in IT. I will cover a number of topics including Cloud Concepts, Server and Desktop Virtualisation and try and connect the business drivers with the technical advantages that each can offer the Enterprise.
Whilst I’m only young I do remember the days of Mainframe computing. Where the dumb terminals sat on the floor and the grunt processing is performed in the Datacentre. In this post I will cover desktop virtualisation, the idea of the dump terminal or uncontrolled laptop on the floor either hosting a virtual machine locally or connecting to one in the hosted in the Datacentre.
One of the concepts being floated today is that of removing the end computing IT costs and risks from the Enterprise’s responsibility to the employee. Here is the example. I start work at Company Inc. On my first day my boss and I head down to the local computer retailer with $2000 to spend. With the $2000 I can buy which ever computer I wish and if I want to put some money in myself and buy a $3000 computer no worries. Likewise if I already have a computer that meets the minimum requirements I can simply bring that along and pocket my $2000 computer allowance. The asset as it stands is now mine, not my companies. I am responsible for the host operating system, it’s updating, anti virus, applications and all data on the host. Remember these responsibilities as I’ll reference them frequently.
Example 1 – Distributed Virtualisation
Upon returning to the office with my computer I’m provided with VMWare Player and an ACE image. VMWare ACE essentially wraps some additional security and policy around images built with VMware Workstation. I fire up the image on my workstation and the image is domain joined, connects to the corpnet and off I go.
Advantages :
There is never a need to update this image with new drivers as the drivers are all VMWare specific, so whilst ever I’m using the same version of VMware there is no need to update, unlike laptop and desktop models which change processors etc.. every couple of months.
The image is contained and I can give the employee all the tools required to perform their job, whilst still allowing them to control the host operating system. They can install software, personalise it etc..
Any data not contained within the VMware image is not a Corporate responsibility, want to put music and movies on the Hard Disk?? No problems the employee owns the asset.
Portability, with VMWare ACE I can put the image on a thumb drive and run it on my home pc at night without having to carry my laptop around.
Disadvantages :
Today there are no real options when we start talking about parent partition separation or a desktop Hypervisor. What this means is that data from the hosts, including Trojans etc.. can slip onto the virtual image.
If the host is unprotected and connected to my corpnet I need to ensure I have measures in place to prevent the host operating system from connecting to my resources. This will mean require something like Cisco NAC or IPSEC. I will also need measures to ensure that an infected host can’t cause an outage through a Denial of Service Attack preventing my Virtual guests or other clients from network access.
If the hosts is compromised I have no control over it and it becomes the employees responsibility to resolve the issue.
Hardware failures are not the problem of the employer, excepting when we start to think about the decline in productivity because there are is no spares pool and each employee needs to wait individually for their asset to be repaired and returned.
When an employee calls the service desk because they either have a problem with the hosts, or require a password reset the Service Desk will simply state it’s not covered by SLA and won’t be able to assist.
Example 2 – Centralised Virtualisation.
In this case the employee will still own the asset but rather then host the Desktop image it will be accessed from the data centre. In this way we have a few options, we can either provide the employee with a full desktop environment or published applications. With Windows Server 2008 R2 we can also determine whether each employee will be given a VM from a pool or they will have their own that is simply hosted in the Datacentre.
Advantages :
Unlike the previous example where I had two operating systems on the one piece of desktop hardware and had to allow the guest to access my servers whilst blocking the host, here I can simply block all connections from everybody and simply allow through port 443 to the Remote Desktop Web Server.
There is no data on the desktop it is 100% hosted in the Datacentre which removes any chance of data loss through lost or stolen laptops.
I can easily backup all of my users data, including that data hosted on their hosted desktop computer.
Requires a lower spec machine as all the processing power is performed on servers in the Datacentre. This could assist in a migration to an x64 platform.
Disadvantages :
Storage. I need to keep a copy of all of my virtual desktops on fast, highly available and expensive storage. Technologies such as de-duplication will assist in lowering this requirement.
If my employees need to work outside the office there is no way for them to maintain a local copy of their applications without purchasing a licensing.
Again, the employee is owning the hardware so there is no support or spares available.
Of course both of these examples could be changed slightly if the employer owns the hardware. Then we have support, spares and regain some of that lost productivity. Let’s quickly review both examples again in the Employer Owned scenario.
Example 1 – Distributed Virtualisation
Advantages
None, that really stand out above those already mentioned.
Disadvantages
I need to support, maintain and license two copies of the operating system.
Example 2 – Centralised Virtualisation
Advantages
The refresh cycle can be extended as the local computer only needs to run a remote desktop session.
Provisioning mean time is lowered as the images are simply cloned on the server and applied to the users. To upgrade the client operating system I can create the new images, USMT the settings across and then the next morning present Windows 7 instead of Vista to my users. To roll back simply present Vista again.
Disadvantages
Again, there are no additional disadvantages then those mentioned previously.
Of course there is always the alternative. Stay the way we are or select a mixture. There are a number of technologies which can provide just as much control to the physical hardware as their virtualised partners, group policy, my document redirection, offline files, Bitlocker drive encryption, direct access, WSUS and System Centre Configuration Manager, Altiris, CA Unicenter or similar to deploy and control software. Additionally MED-V can provide distributed desktop virtualisation for specific application compatibility issues.
In summary there is no silver bullet and the requirements of the SME compared with a large enterprise, government or academia will be different. There are clear advantages to moving some applications into the Datacentre and “presenting” (to use an old Citrix term) them to the user through RDS or Xen.
In the next post I will cover Server Virtualisation and the role it plays in the changing face of Infrastructure, it’s effects on Disaster Recovery and advantages it can present as a stepping stone towards cloud computing.