Chris White, Senior Data Center Engineer
Advanced Logic Industries
As governments around the world are struggling to get ahead of the COVID-19 pandemic, businesses are trying to figure out the best way to empower their employees to work from home and give them the best tools to maintain their productivity. Unfortunately, often enough, these tools, while easy to implement quickly, often fall short of keeping data secure.
Employees are frequently using personal devices to access corporate data and, even if they bring their work devices home with them, their personal home network has not been secured like the corporate network. End user computing (EUC) solutions offer an answer to this problem by ensuring the corporate data never leaves the corporate datacenter, while delivering a great experience to the end user.
A Little Background
EUC solutions, or more commonly referred to, virtual desktop infrastructure (VDI) solutions, can deliver individual applications to a user; such as Microsoft Office suite, an ERP application, or a complete virtual Windows or Linux desktop. Because these applications or virtual desktops are run from the datacenter, and only streamed to the end user over a proprietary and encrypted protocol, the corporate data remains in the datacenter.
VMware Horizon is a suite of products that deliver these services (published applications and virtual desktops) to your end-users securely and performantly. These services are also delivered to virtually any device (phone, tablet, thin client, browser, or computer). If your users require 3D graphics capabilities, Horizon can offer that too, through integrations with nVidia or AMD. This allows your users to use graphics-intense applications from vendors, like Autodesk and Adobe, as a published application or in a virtual desktop. Additionally, Horizon will integrate with third-party multi-factor authentication vendors for additional security measures.
Finally, by streaming published applications, your users can use whichever desktop environment (Windows, macOS, or Linux) they would prefer and still use the same applications. This means a user with a macOS laptop could run an ERP app that normally would require a Windows desktop. By utilizing Horizon in your environment, not only are you allowing the greatest work flexibility to your users, but you’re also ensuring the preservation of your corporate data.
VPN vs. VDI, Which is Right for Your Users?
Many businesses were caught off-guard when the guidance came down from the state and federal governments that, if an employee could work from home, they should. All their applications and data were still in the corporate datacenter, but the employees were no longer in close proximity to that data. Most companies rushed to beef up the VPN infrastructure they already had in place, or stand-up fresh VPN implementations. This was so employees could work from home.
A VPN is a quick and easy way to get employees back into the corporate network securely. But as employees work on documents locally or use personal laptops to access corporate applications, it could still result in a data leakage. Another risk to using a VPN is the user’s computer being infected with some type of malware or ransomware. With a VPN, it is very easy for that piece of Ransomware to traverse the VPN connection and infect any server that user has access to. In a Horizon type environment, since the published applications and desktops are streamed to the user’s computer and no information ever leaves the datacenter, there is no risk of a data leakage.
Additionally, if the user’s computer gets infected with ransomware, the malware has no method of accessing the corporate network. In addition, if the user is working off a virtual desktop and accidentally contracts Ransomware on the virtual desktop, the user would not have admin rights on that desktop. Which would mean the Ransomware wouldn’t be able to run. In this case the virtual desktop can be immediately deprovisioned and refreshed to a gold image, allowing the employee to continue working.
Sounds like Horizon is the perfect solution, right? Well, there are some caveats. To run Horizon in the corporate datacenter, you must have a VMware vSphere infrastructure already functional in the datacenter. If your application or desktops require 3D graphics acceleration, Horizon can offer that through integrations with their solution partners nVidia and AMD. For applications such as Microsoft Office, you must have purchased Office licensing that includes shared computer activation.
Finally, you must have enough free resources in your vSphere and storage environment to host both management servers required for Horizon, as well as the application host servers or virtual desktops. There is a cloud option for Horizon for customers that either don’t have a vSphere infrastructure or don’t have the resources available to host one. Horizon cloud is offered both through IBM Cloud and Microsoft Azure. So, as with any cloud service, you give up some control; although the available feature set is expanding with every release. Despite these caveats, Horizon is a great option for businesses that need to enable their employees to work remotely while maintaining control over their sensitive data.
What About My User’s Mobile Devices?
It’s hard to have a conversation about remote work and Horizon without bringing up the subject of “bring-your-own-device” (BYOD). BYOD is the concept that the business enables their employees to use their personal devices for work functions, be that a smartphone, tablet, or personal computer. This idea allows employees to work with the device their most comfortable with, not with what IT has told them they must use. An employee that uses a Mac at home but then has to come into work and use a PC will be confused and frustrated, leading to reduced productivity.
By IT allowing that user to choose the device they want to work with, we’re enabling the user to instantly be more comfortable and productive out of the gate. But as with anything, there are upsides and downsides. The biggest weakness of BYOD is security. How does IT enforce the strict security controls on the corporate systems and data while allowing the employee to use their personal device? The solution is a technology called mobile device management (MDM).
Through the use of device and user profiles, IT can push policies to user devices that install and configure applications, add VPN profiles, restrict certain functions on the device such as the camera or social applications, or even wipe the device of all corporate data if the device is lost or stolen or if the employee separates from the company. MDM creates a secure silo on the user’s device, and contained in that silo, is all the corporate information. VMware’s MDM product, Workspace 1 (WS1), is a cloud-based solution that offers all these features, plus a few more. WS1 can also act as a secure VPN tunnel for individual apps.
If you have an internally hosted application with a mobile application, you can push that mobile application to your end users and then WS1 can create a per-app VPN tunnel back to the corporate network. This would allow your users to work on that mobile application from virtually anywhere without exposing that internal application to the internet. Workspace 1 can also incorporate Single Sign-On federation and Horizon to seamlessly allow the user to access their Horizon applications or desktop from one portal.
At the end of the day, BYOD and MDM are crucial pieces to the EUC solutions that will empower your users to work the way they want, while allowing IT to ensure they are able to keep those users, their desktop and the critical company data protected.
What About When this is All Over?
So, what does your business do when the social distancing orders are lifted, and employees can return to the office? You’ve decided to make the investment into Horizon and WS1, but is it necessary now that everyone can be back in office? Absolutely! A study titled “The Remote Work Report” by Zapier in November 2019 found that over 95% of US workers polled would like the option to work remotely, but only 74% would be willing to quit a job to do so.
This means your employees want to be able to work on their terms, from their home or on the road, but still access the same tools and applications as they used in the office. By investing in a full EUC solution now, your employees are going to be more productive and more fulfilled, both during this crisis and in the future.
During the COVID pandemic, VMware is offering 90-day extended trials of both Horizon Cloud on Azure and Workspace 1. Contact us to learn more and get started.
Contact Request
Want to be the first to know when we post content like this on our blog? Hit the green “Follow” button with the email icon below to opt in to our blog feed and you’ll get updates via email as soon as they go live here.