Response to the working from home challenge
Since the UK went into lockdown two months ago, businesses have had to overcome significant challenges and have made extraordinary efforts to adapt and maintain their operations by enabling their employees to work remotely wherever possible.
Technology has played a key role in keeping businesses afloat during these unprecedented times and IT teams have responded rapidly in various ways to meet the challenges and provide users with a suitable digital workspace from which to perform their roles away from the office.
Organisations have faced their own unique challenges, but some common themes of IT adaptation have been:
- Increased distribution and usage of corporate issued end user devices such as laptops, surface devices, tablets and smartphones
- A rise in bring your own device (BYOD), users using their personal devices for work tasks
- Introducing or extending the use of virtual desktops and applications
- Greater reliance on remote access solutions for users
- Repurposing existing infrastructure and even datacentres to cope with increased back end compute demands
- Onboarding of cloud-based platforms such as Infrastructure as a Service (IaaS) and Software as a Service (SaaS) applications
- Enablement and usage of collaboration suites for virtual meetings and content sharing
Due to the nature and progression of the Coronavirus pandemic these new and adapted systems have been rolled out at such high speeds in order for businesses to maintain their operations effectively, that there has been little time for IT departments to step back and take stock of their updated estates.
Quick-fix remote working solutions will now be under scrutiny
As businesses start to look ahead and some even start to plan to bring staff back to the workplace, these tactical or ‘quick-fix’ remote working solutions will now be under scrutiny and businesses will be asking themselves, should we be future-proofing the digital workspace for beyond Covid-19?
Do the solutions that your business have in place deliver the secure, scalable and compliant digital workspace that it needs for the longer term?
Adding new IT capability has been crucial for many businesses in their bid to operate during this crisis, but with new capability comes new considerations and challenges.
End User Devices – More end user devices out in the field means there are more devices to be managed, updated and patched to maintain company standards, prevent compromise and attack. These devices may not have accessed your internal networks for weeks or months now, how are you enforcing policies and updates in the new way of working, such as Windows 10 patches for example? Or how are new applications being deployed?
Increased Mobile Device Usage – The increase in mobile device usage such as tablets and smartphones can bring with it a mix of operating systems. Can you manage and secure Android and IOS platforms effectively now that they are accessing more of your corporate resources? What mobile apps are permitted on devices and how is this managed and enforced? Can you wipe and disable devices that are lost or stolen?
Data loss prevention – Is your business adequately protected against data loss? If you are offering more access to corporate information, such as email for example – does this need to be containerised and secured?
Bring your own devices (BYOD) – How are non-corporate BYOD to be handled? What access level should be allowed? Does this align to corporate policies?
It would make sense that access to company resources should be conditional, depending on the type of device being used and its compliance status, is this something that you can offer?
Are virtual desktops and applications performing efficiently and delivered in line with best practice?
A large number of business’s IT teams will have introduced some form of virtual desktop or application solution, from anything as basic as users running a remote desktop connection accessing their physical office PC to full blown Virtual Desktop Infrastructure (VDI) solutions.
Those that already had a VDI capability have no doubt seen a sharp upturn in usage and will have likely expanded the solution in some way to introduce more capacity by repurposing existing server infrastructure, scaling out into DR datacentres and even expanding out into public cloud.
In terms of the applications that businesses are using, there is likely to have been a shift in usage (whether slight or dramatic) towards SaaS or online based platforms such as the likes of Microsoft Office 365, Salesforce and DropBox. Company specific line of business applications, traditionally only available inside their own networks, are now being re-invented and presented remotely over the internet.
Now that IT teams can reflect, are these new and updated solutions fit for purpose longer term, are virtual desktops and applications performing efficiently and delivered in line with best practice? Are they secure enough given that they are being accessed primarily from the outside? Has configuration drifted to meet the new demands? How is the updated application landscape going to be integrated and managed properly?
Have infrastructure and access changes introduced security vulnerabilities?
In order to support the remote digital workspace, IT teams have needed to make the necessary changes and additions to their infrastructure estate, whether it’s meant increasing compute and storage capacity, deploying new access solutions or extending VPN capabilities.
Increased infrastructure footprint and improving remote connectivity increases your security perimeter, particularly if you are bringing public cloud integration into the mix.
It is a given in these times that more remote access will have been granted by IT, how has this been delivered and is it suitable longer term? Is user authentication strong enough and is their information kept secure?
Are you still in control of costs?
Companies that have expanded their use of cloud platforms must ensure that solutions are configured properly in line with their on-premises principles and sized carefully to avoid ‘bursting’ and spiralling costs.
It’s important now more than ever that all of these systems and processes are still maintaining your company standards for configuration and security posture, particularly for companies operating in regulated industries or requiring compliance with recognised standards, such as PCI DSS for example.
As we take a look forward it’s crucial that these systems are managed effectively, providing as few new headaches for the IT admins as possible whilst continuing to align to industry best practices, security standards and compliance frameworks.
VMware’s Digital Workspace Solutions
VMware have a portfolio of technologies in the digital workspace arena that can help you come to terms with some of these new challenges and considerations.
Their flagship offering in this area is Workspace ONE, a suite of capabilities delivered primarily from two key components -Workspace ONE UEM (previously VMware AirWatch) and Workspace ONE Access (previously VMware Identity Manager), those are the base components but in my opinion to make the solution complete you should strongly consider integrating a third – VMware Horizon, which I will come to shortly.
Workspace ONE UEM, or Unified Endpoint Management to give it its full title, provides mobility and endpoint device management capabilities for:
- Desktop and Laptop PC’s such as Windows, Mac and Chromebook devices
- Corporate mobile devices such as IOS and Android based smartphones and tablets
- Rugged devices like kiosks and handhelds
- Wearables and IoT
Workspace ONE Access handles the intelligent access management including:
- Secure presentation of Workspace ONE portal and application catalog
- Brokering between identity stores and providers including AD, Azure AD, Okta, Ping, LDAP
- Multi factor authentication, conditional access and single sign-on for mobile, web, SaaS and virtualised apps
The components of Workspace ONE are available as SaaS offerings, where VMware manage and maintain the underlying platform for you or as traditional on-premises deployments.
By adding and integrating VMware Horizon technology you are able to create a first-rate virtual desktop and applications capability for your business. The latest iteration is Horizon 7, which provides a collective suite of technologies offering a far greater array of functionality and features when compared to previous versions of the product known as VMware View.
This will allow your business to rapidly build and deploy virtual desktops, such as Windows 10 machines, with all your corporate applications, systems and data accessible then deliver this out securely over the internet to wherever your users are. In addition to virtual desktops, ‘Horizon Apps’ can be installed and published individually from shared server environments (RDSH) for those specific use cases not requiring a full desktop.
Much like the deployment options available for Workspace ONE’s UEM and Access components, VMware Horizon can be deployed on premises or via a variety of cloud-based solutions such as Horizon Cloud on IBM, Horizon Cloud on Azure and Horizon in VMware Cloud on AWS.
For those businesses that already have existing Horizon environments, or in fact other virtual desktop platforms such as Citrix can directly integrate them into Workspace ONE.
By delivering this in conjunction with Workspace ONE you will get the added benefits of centralised conditional access controls and endpoint management as outlined above.
Whilst the components of Workspace ONE can be acquired as a bundle it is worth pointing out that it can also be purchased separately so its worthwhile to understand and define your use cases and requirements before deciding the option that is right for you.
Supporting IT infrastructure
Whilst this article focuses primarily on the digital workspace some of the topics covered naturally lead off into other areas, particularly when looking further ahead on improving these solutions in line with corporate strategies.
For example, addressing configuration drift in virtual infrastructure against best practise and compliance frameworks. This will probably not have been in the forefront of IT departments minds when deploying tactical solutions in response to the current crisis but will be a must going forward.
Maybe you’re focus is next on improving networking security posture through micro-segmentation of your new environments, or a greater protection against threats and attacks – I’m pretty sure this will be on the radar of your security teams and CISO shortly if it isn’t already.
We’ve mentioned the uptake of moving operations to cloud platforms, how are you going to ensure that the costs are controlled and standards are maintained in your IaaS and PaaS solutions?
Well, again for all of the above there are processes and technologies that can help you and I’m going to touch on what some of these are from within the VMware family.
- VMware Virtualisation Health Check – a partner led assessment utilising the VMware Health Analyser tool, deployed into your environment to report on the health and compliance of your vSphere and Horizon platforms against best practice as well as your chosen security frameworks (such as PCI DSS)
- VMware vSphere Optimised Assessment (VOA) – another toolset led assessment that utilises VMware vRealize Operations to report on vSphere based environments, typically deployed over a longer time frame this assessment can report on not only current configuration but also usage metrics enabling you to quickly identify trends, improvements and savings such as oversized virtual machines or redundant storage snapshots
- VMware Networking Assessment (VNA) – again, a valuable assessment, this time utilising VMware vRealize Network Insight to report on network traffic flows within your datacentre. This enables you to build up a picture of east-west traffic between virtual machines and network endpoints to identify permitted communication rules and group known applications together, this is often used as a pre-cursor to network virtualisation and micro-segmentation
- VMware NSX – a powerful solution providing network virtualisation functionality such as micro-segmentation, automated networking and network extension across multiple on-premise and cloud-based environments
- VMware Carbon Black – a recent addition to VMware, it’s a cloud native managed platform delivering next-generation antivirus, endpoint threat detection and response at scale
- VMware CloudHealth– another VMware acquisition, this cloud-based offering provides resource visibility, cost management and configuration compliance centrally for your cloud- based environments such as AWS, Azure and VMware Cloud
Starting your project
With any of the above, as with the digital workspace technologies it is critical to approach the journey to enabling this capability in a well planned and structured way. Starting with clearly defining your business objectives, use cases, requirements, and constraints before embarking on your next projects.
This stage along with assessing your environments is an important step in determining the feasibility of the project, your readiness and business impact before aligning any technologies and committing to purchases.
This is something that Xtravirt have performed hundreds of times for our customers and are well versed in the process. We can assist with this initial discovery phase as well as throughout your project lifecycle with expert level consulting services through phases such as design, deployment, transition and managed services.
Accelerate Digital Workspace success with Xtravirt
Xtravirt are one of VMware’s top tier service delivery partners. Our proven expertise and track record of success has meant we have attained all 5 VMware Master Services Competencies and are one of a handful of Principal Partners for Digital Workspace and VMware Cloud on AWS in the UK.
Xtravirt have been deploying Digital Workspace projects for over a decade and are the service partner of choice for Workspace ONE and Horizon technologies. Our deployment of the largest VMware on AWS environment in EMEA to date, even won us our most recent VMware award.
Xtravirt have a range of packaged services designed to enable your digital workspace transformation projects happen faster, more effectively and without risk, including:
- Workspace ONE Jumpstart
- VMware Horizon Planning service
- Horizon PoC for VMware Cloud on AWS
- Horizon Cloud PoC on Microsoft Azure
To request more information about our packages of support, simply email email@example.com
As well as our packaged services we also deliver highly tailored engagements which can be customised to your exact requirements by our Technical Pre-Sales team.
Request a virtual meeting
If you would like the opportunity to discuss your organisation’s unique challenges with one of our specialists, why not request a free one-hour virtual meeting? Simply drop us an email to firstname.lastname@example.org and we’ll set up a call.