Get best of the week

Provide udalenku and do not screw up. IT Director Tips



Today, the main problem of companies, especially large ones, is that sending several thousand employees to work remotely is a difficult task both for information security and for the IT service as a whole. You can send people home, make a VPN, but connecting to a corporate network of a large number of devices that are not very controlled by you is really a difficult task. Obviously, it will not be possible for each remote employee to issue an antivirus and a leak prevention system.

Another problem is how to ensure that the entire set of corporate applications from home work on a diverse fleet of equipment: from an old Windows 7 PC to an iPad.

In this post we will talk about several applied tasks and problems that a huge number of companies have encountered in connection with the transfer of employees to a remote location.

VDI Access


The essence of creating a virtual desktop infrastructure (VDI) is the transfer of user IT capabilities to the server infrastructure / to the cloud. With this approach, user workstations become an Enterprise solution for which all the functionality that is available for business critical IT systems is available: fault tolerance, security, centralized management, updates, backup and recovery. It is easiest to organize a secure remote access to such a system.

What complicates the implementation of VDI today?


  • Most companies need to implement the technology very urgently. That is, in fact, they needed remote access “already yesterday”.
  • As a rule, no one has any budget for the VDI implementation project, everyone has to find funds, which further complicates the situation.
  • VDI , , , , , ..
  • – « ».

?


  • -: VPN , , , VPN /. , .
  • , - . , , .


Faced with an increased flow of requests for organizing remote access, for ourselves we came up with the following classification of types of remote access:

Level 0


All IT systems are completely isolated on the perimeter of the organization, there is no remote access. Of course, such an infrastructure is as safe as possible, but the current situation is forcing most customers to move to other levels.

Level 1


This is the most common type of remote access now, from whom it is already organized: either the connection is through a VPN, or some of the services can simply be published (the most common is corporate mail, VKS service).

Such technologies have been around for decades. Additional equipment is usually not required, the company can relatively quickly configure most of the functionality for remote employees. However, this approach has many disadvantages.

  • , , VPN , , - , , . - / WhatsApp Telegram , .
  • , .
  • , - .
  • : , - ..

2


The so-called “quick start” is a transitional option to a full-fledged VDI through the use of VDI components, but the connection is made not to virtual desktops on dedicated virtualization servers, but to physical workstations (AWPs) of employees. With this option, the requirements for additional server resources are minimal, because we are talking about deploying 6-8 virtual machines that are not very resource-demanding, the deployment time is also minimal, and the connection protocols and policies are the most common - based on Citrix Virtual Apps and Desktops, or VMware Horizon.

What are the benefits?

  • Users can already work completely remotely in their usual environment: they are sitting at home computers, but they see the familiar screens of their office PCs.
  • — . VMware Citrix : - , - ..
  • VMware Citrix . Citrix .
  • : VDI 512 /.
  • . - , . .
  • – .

:

  • , , .
  • , : // .

3


The most advanced level, which is a full-fledged VDI. To all of the above, we add target resources - virtual machines and individual virtualized applications. The scheme is very similar to level 2, but it will already require separate physical resources in the form of servers and data storage systems, or hyperconverged clusters.

What are the benefits?

  • An additional advantage of VDI over level 2 is the complete remote infrastructure management. Up to the point that technical specialists in the office are no longer required (VDI in the external cloud is a standard story).
  • User workstations are unified: virtual tables are created on the basis of a single template, are deployed and managed serially, and are guaranteed to be updated.
  • . . , . .
  • VDI : , DLP, MDM.

:

  • . , 5 , . , , .
  • Duration of implementation. You need to create virtual desktops, virtualize individual applications, configure everything, make roaming profiles, migrate users. We are talking about terms from three weeks to two to three months (excluding the timing of equipment delivery).
  • Quite productive equipment will be required because VDI loads servers and storage quite heavily.

We summarize:

  • Level 0 - there is no remote access.
  • Level 1 - basic remote access, which can be implemented in two to three days, most likely, without the purchase of additional equipment.
  • Level 2 is a transitional option to a full-fledged VDI - forwarding user sessions on VDI technologies to physical workstations.
  • Level 3 - full-fledged VDI with templates, automation, fault tolerance and other Enterprise-capabilities.

What else is worth paying attention to?


In order to organize the remote work of employees to companies without a budget for the implementation of VDI as soon as possible, you can start the deployment using temporary (trial) licenses and in a week begin to connect users to their workplaces without buying hardware and software.

The validity period of a temporary license depends on the technology, usually 2-4 months in consultation with the software manufacturers. In parallel, you can go to level 2.

And if the situation with remote work drags on, it would be nice to organize a full-fledged VDI. Citrix this year has a new licensing scheme for the local version - on an annual subscription. Its cost is approximately 2.5 times lower than a permanent license. VMware offers the VDI quick start service, but it is available only to those customers who can pay with loans - it costs 212 credits. This service offers one VDI template for up to 25 users.

Remote access information security


This is a separate topic, about which we wrote in detail in a previous post. See detailed recommendations from Alexander Asmolov .

Operational implementation of videoconferencing


If the events of recent weeks had occurred several years ago, then massively moving everyone to a remote location would be much more difficult, more expensive and inconvenient. Especially to build communications between employees, partners and contractors so that everyone is comfortable.

Today, everything is different. VKS systems (video conferencing, this is an outdated name) have already turned into full-fledged collaboration platforms. We communicate in a way that is convenient for us; using devices that are convenient for us; at a time that is convenient for us.

What services are available as part of the collaboration platform:

  • Audio and video communication.
  • Multipoint conferences with any subscribers within your organization and beyond.
  • Conference scheduling through portals and email applications.
  • .
  • .
  • .
  • . , , , -, .
  • . WhatsApp, Telegram . - , . , , , , - .
  • You always see the current status of the subscriber: talking on the phone, in a meeting, busy or free. This saves a lot of time. After all, if there weren’t a status function, you would have to call the subscriber, wait a while, hang up and think about when to call him again. It will take about 20 seconds, but if such calls per day are under 100, and even multiplied by the number of employees, then a lot of man-hours are running.

All the above services are building blocks, a set of bricks that can be dialed as needed. The same thing with scalability: they created a system for 100 users, after some time they realized that it works very well and needs to be expanded - just buy licenses and add server capacities.

How to provide videoconferencing services for your employees?


The first, fastest and easiest option is to connect to one of the most popular cloud services of the VKS: Cisco Webex, Microsoft Teams, Zoom. The system starts almost instantly (the next business day), the service is provided by subscription for a certain period. We offer this option in several cases.

  1. As a temporary solution, while a full-fledged VKS system will be designed and put into operation.
  2. Small business representatives, for whom the introduction and support of their own videoconferencing system is too expensive. But at the same time, videoconferencing is required for business.

The disadvantages of this option are:

  • All traffic exchanges take place outside the perimeter of your company.
  • Tool management is limited.
  • The biggest drawback: all public services today are very heavily overloaded.

If the cloud service is not even suitable as a temporary solution, you can consider the second option - the operational implementation of HVAC systems on premises based on popular Russian and foreign vendors (Yealink, Vinteo, TrueConf, Videoport, IVA), whose solutions are deployed “out of the box” to the shortest deadlines.

In both versions, the popular WebRTC technology is available: this is a connection to conferences via a browser. Generate a link, people enter it and end up in your conference. You can chat, exchange documents, and work together. All you need is a laptop with a camera and a browser.

The material was prepared on the basis of the webinar "Emergency organization of remote jobs. What to consider. ” The full version can be viewed on YouTube

Authors:

  • , VDI
  • ,

More articles:


All Articles