Transcript
How to deal with Mixed Desktop Environments
Different business needs and changing IT strategies have created heterogeneous desktop environments that combine PCs, thin clients, laptops and other mobile devices. The right computing and management strategy is key to a permanent reduction in administrative overhead.
way of providing IT users with data and applications has
The classic desktop PC is losing substantial market share
Consistent Management Strategy
due to high operating and security costs. By contrast, note-
Although it may appear worthwhile to equip all IT workplaces
books and thin clients are on a growth curve. At present,
with thin clients, many mobile users still rely on laptops. To
the commercial share of these two device types matches
the frustration of administrators, there is currently no
that of classic desktop PCs. According to an IDC analysis, in
management solution that is equally suitable for thin clients,
2007 the thin client share of corporate desktops was 5.4%
PCs, and laptops. Typical PC management tools, such as
in the US and 4.8% worldwide. The current mix of desktop
Altiris, are of very limited use for thin clients. Special soft-
devices calls for IT managers to adopt a clear strategy. In the
ware is needed to fully exploit, in cost terms, the strengths of
absence of a sound concept to manage and align desktop
thin client-based desktop environments. This software per-
environments, the risks go beyond an explosion in IT costs.
mits group-based management of device profiles, supports
If companies miss the opportunity to simplify the desktop
systematic remote administration of all functions, and
management jungle, they may put their data and the future
delivers secure and efficient mechanisms to update thin
of their IT infrastructure at risk.
client firmware. Added benefits of thin client-specific
emerged: desktop virtualization, which has opened up a relatively new field of application for thin clients. In this concept, servers on which operating systems and applications are installed simulate standard PC hardware. As in serverbased computing, users access the servers from thin clients and see on their monitors the usual graphical user interface of (virtual) PCs.
administration solutions are automated functions which, Data and Application Strategy
for example, switch terminal devices on and off remotely at
IT workspaces cannot be seen in isolation from general
specific times.
corporate computing strategy. This fundamental issue must therefore be addressed as part of the infrastructure strategy. Currently, there are three basic ways of providing data and
Abb. 1: Management model for heterogeneous desktop structures
applications company-wide. In the ‘80s, the client/server principle took hold. This involved connecting full PCs with hard disks and locally installed applications like Microsoft®
ient n Cl Thi
Office, email, Internet, etc. to data servers via a network.
much simpler and much more secure administration. In line with this concept, all files began to be stored centrally and
Manag em tool ent
and public agencies from the mid ‘90s onward supported
M
Mana ge too men l t
Active Directory (user profile)
, PDA one, etc. h rtp
computing paradigm that spread through private companies
ment age an tool
a Sm ement n ag Ma tool
USB-attached storage media. However, the server-based
PC / La pto p
Files were also saved locally on the PC hard disk or on
Virtual ma chi ne
the applications would run on “terminal servers” located in computer centres. Although this concept has permitted
Joint Basis for Best-of-Breed Management
continued use of PCs, thin clients are typically deployed.
The use of a joint profile database is recommended to
Because thin clients dispense with mechanical components
minimise administration costs for heterogeneous desk-
such as fans and hard disks, they are more reliable, but they
top environments without surrendering the advantages of
do not allow for local data storage. What’s more, thin clients
specialized management solutions. A suitable option in the
consume no more than half the power of PCs and
Windows® environment is Active Directory (AD), which has
support full remote administration. More recently, a third
been an integral part of Microsoft’s® server operating system 2/6
since Windows® 2000 was introduced, and is therefore sup-
a VPN connection when working directly on the server and
ported by all leading vendors. In the thin client environment,
they should not be allowed to save data locally.
mention should be made of the IGEL Remote Management Suite from the German vendor IGEL Technology. This software, which comes bundled with all IGEL thin clients,
Abb. 2: Security model for heterogeneous desktop structures
is a solution that supports not only Active Directory, but also a wide range of database formats for better integration
n Thi
en ti Aut h
Users, application and data
,K er
.)
Update and Partial Update, updating is faster and minimises
urity policies S ec
etc
user service. Thanks to innovative methods such as Buddy
martcard acc yer (s ess
s, ro
PC / Lap top
n la
be
tive overhead (time and costs) and an improved level of
c
io at
etc. nes, pho art Sm A, PD
ment console is programmed in Java and is not tied to a management strategy are reflected in reduced administra-
)
nection layer (VPN Con )
into legacy IT environments. Appropriately, the managespecific platform. The virtues of an Active Directory-based
(stationary, mo bile Clients
network load. With Buddy Update, a thin client in the cluster assumes the role of an update server; with Partial Update, only new firmware files are transferred to the thin clients. Further benefits of special management solutions are integrated standard queries that keep IT managers informed of the current status of the thin client pool at all times. A mouse click is all that is needed to filter and display a list of nonactive devices.
User Strategy: Universal Mapping of User Scenarios In terms of operating costs, stationary thin clients generate savings of 75% compared to PCs. This is confirmed by the Economic Evaluation of the Fraunhofer Institute UMSICHT (http://it.umsicht.fraunhofer.de/PCvsTC/). Therefore, a logical conclusion would be to target maximum use of thin clients in companies, and to use notebooks only in mobile scenarios where there is no permanent connection to the corporate
Security Strategy: Enhanced Data Security The growing demand for thin clients is also a consequence of rising security costs. A cross-desktop strategy is strongly recommended in this area, too. Market analysts at Gartner forecast that theft of desktop devices with local storage will result in a 20% rise in operational security costs. There is less incentive to steal thin clients as they have no local file storage. And even though every attempt should be made to protect them against unauthorized use, security issues are more serious for laptops, on which data can be stored locally. Instead of the relatively insecure login process with user name and password, it is advisable to implement uniform, enterprise-wide two-factor authentication across all
network. On company premises, mobile thin clients may also be deployed with a WLAN or UMTS connection. If it is necessary to reduce costs per IT workspace even further, multi-user scenarios with a shared pool of laptops and thin clients are an alternative option. If notebooks are used primarily in home offices, they can likewise be replaced with thin clients that feature an integrated Cisco VPN client. This also permits central management of home-based workplaces. Even an ISDN connection is sufficient to facilitate remote work on the corporate server. All types of IT needs can be meaningfully supported with the help of a central profile database, such as Active Directory, as the smallest common denominator.
desktop devices. For this purpose, many thin client models already have a built-in smartcard reader or support USBbased authentication solutions. To reduce administration effort, authentication scenarios of this kind may also be based on Active Directory. As a further guideline, local data storage should be kept to a minimum in companies. With this in mind, laptops can be set to access a server-based computing environment in the company, and to permit automatic synchronization of only a limited selection of folders for offline operation. If a permanent mobile Internet connection is available outside company premises, users should prefer
Hardware Strategy: Consolidating Terminal Devices Few companies are in the fortunate position that their staff uses only standard applications and hardware, all of which can be centrally provisioned. Despite the individual nature of requirements, there are universal solution concepts to support centralisation with thin clients and, in spite of the need for uniform management, various use cases can be implemented. For example, the Universal Desktop approach adopted by IGEL, the German market leader, provides vari3/6
ous cross-model access paths (known as Digital Services)
Keeping Technology Options Open
to central IT infrastructures, and also offers a wide variety
Regardless of whether companies opt for a virtual desktop
of support technologies such as WLAN, smartcard, roam-
or a server-based computing environment, if they want the
ing and single-sign-on. These options ensure that even user
best of each provisioning technology without losing their way
scenarios with several monitors, widescreen, touchscreen
in the management jungle created by the diverse software
support, and IP telephony can be implemented. More
and hardware solutions, they must adopt a sound desktop
examples are direct Internet, host and SAP access, PDA
management strategy with a joint user profile database. An
synchronization, and vertical solutions such as card reader
overarching user authentication strategy also helps keep
support for health insurance cards. The purpose of universal
security costs under control. Given the newness of current
solution approaches is to fully take advantage of consolida-
desktop virtualization solutions, it is important not to take
tion potential and, at the same time, to largely dispense with
a short-term view when selecting thin client models and
server-based middleware. The Universal Desktop models
vendors as this could close the door on future technology
are even able to replace IP phones and print servers. They
options. Modern thin clients with universal firmware minimise
also permit access to virtual desktop environments such as
this risk. Their broad standardised range of access
®
®
VMware VDI and Citrix XenDesktop.
protocols and supplementary technologies ensure that company employees are able to use the applications they
Migration Strategy: Focusing on the Future
need to perform their specific tasks cost-effectively, securely,
Heterogeneous desktop environments are becoming
reliably, and long into the future.
more and more standard due to the increasing pressure to improve management, security and total costs. However, until these improvements are meaningfully made, it is a question of finding the ideal mix of thin clients and notebooks. This depends both on the consolidation effects that can be achieved and on the improvements in productivity. Basically, desktop PCs should be reserved for specific use cases, or better still, they should be virtualized. Once server-side preparations have been made, all stationary workplaces can be migrated affordably to thin clients. The thin client device profiles are defined prior to actual rollout in the management solution. The terminal devices are readyto-run once physically connected. This means that several hundred thin clients can be rolled out every day. From an entrepreneurial point of view, an interesting benefit of rapid migration is the ability to better plan and implement organizational changes such as data recovery, emergency and crisis scenarios, and corporate mergers. New and replacement investments in thin clients generally pay for themselves quickly due to the long lifecycles and low TCO. Investment in virtual desktops is especially worthwhile where there is a large proportion of specialized PC-based applications (graphical or CAD workstations, for instance) that can likewise be provisioned using a standardised thin client environment.
4/6
Germany (HQ)
United Kingdom
United States
Singapore
Hong Kong
IGEL Technology GmbH Schlachte 39/40 28195 Bremen Germany Tel +49 (0) 421 1769 240 Fax +49 (0) 421 1769 302
IGEL Technology Ltd 1210 Parkview Arlington Business Park Theale · Reading · Berkshire RG7 4TY · UK Tel +44 (0) 118 340 3400 Fax +44 (0) 118 340 3411
IGEL Technology Inc. 5353 NW 35th Avenue Fort Lauderdale FL 33309 · USA Tel +1 954 739 9990 Fax +1 954 739 9991 Toll Free (US only): +1 877 GET IGEL
IGEL Technology Care of: C. Melchers GmbH & Co. Singapore Branch 101 Thomson Road # 24-01/05 United Square Singapore 307591 Tel +65 6259 9288 Fax +65 6259 9111
IGEL Technology Care of: Melchers (H.K.) Ltd. 1210 Shun Tak Centre West Tower 168-200 Connaught Road C. Hong Kong Tel +852 2546 9069 Fax +852 2559 6552
www.igel.com
Errors and omissions excepted. Subject to change without notice. ©2008 IGEL Technology A member of the Melchers group.
[email protected] 98-EN-8-1
