By Chris McDuffie, VP of Cloud Architecture —
In a bold proactive move to quash prolonged uncertainty over “return to work” scenarios, many high-profile tech companies are allowing employees to work from home for months, a year, or even indefinitely.
For most enterprises with less advanced tech, offering the same distributed workforce option is a daunting challenge. Many organizations still rely on legacy applications and processes that cannot easily move to the cloud. Chat, video conferencing, and even VPNs have been quick solutions to keep people working. But what about the apps that don’t perform well over a network? And how secure is your solution? Are you allowing unmanaged devices to connect directly to your network?
If that doesn’t keep you up at night, it should.
I have been immersed in remote work consulting and solutions for more than a decade. I’ve seen a lot of use cases for remote apps and desktops over the years, and a lot of misunderstandings and mistakes. In my experience, there are five key principles to consider when establishing a successful, long-term remote work architecture. Those principles are explained below. But, first, where and how to start?
I start every conversation with applications, data and users.
Connecting users to data through an application is why IT exists.
Although very simple, that concept is the foundation of remote work success. Does my solution provide access to my data efficiently, conveniently, securely, and is it performant? Does it provide a good experience or will dissatisfied users try to find a way around it? Politics must be addressed, and collaboration is required, to deliver a solution that is adopted and not abandoned by the end user.
While data is the IP, applications are the UI of the business. They impact user experience and flow. How you deliver is critical to productivity, employee satisfaction, connectedness, accessibility and profitability.
Now that we know the correct origin, here are some tips on how to see your strategy through.
Five Key Principles for Leveraging Remote Apps and Desktops
- Collocate apps with their data
- Think in terms of business enablement
- Leverage the security capabilities
- Use the appropriate delivery technology
- Expand beyond corner cases
Collocate apps and data
Locating an application next to its data provides opportunities to improve performance, security and availability.
Many applications experience latency connecting to data across a network. By locating the application near the data, users receive consistent performance. This also means the data remains inside the data center, behind your secure network perimeter. Delivering that application through virtualization provides secure access from anywhere, without corporate data needing to traverse the internet.
Many customers use application virtualization for tactical situations, like presenting an old line-of-business application, IT admin desktops, or for resource intensive creatives/designers. While these are completely valid use cases, the more you leverage virtualization the more value you get. It can enhance information security and remote work capabilities, simplify 3rd party access for contractors and customers, and even lead to unexpected savings in other areas. For example, a distributed workforce requires less office space, which requires less heating and cooling, and so on.
Gallup research states that “Work units in the top quartile in employee engagement outperformed bottom-quartile units by 10% on customer ratings, 22% in profitability, and 21% in productivity.”
Leverage security inherent in remote apps and desktops
Delivering applications and desktops through a reverse proxy reduces the ports required to connect to an infrastructure, keeps applications and data behind the firewall, and reduces the risk of lost or stolen endpoints. Thunderbolt security flaws are a non-issue if you don’t have any data on the device.
Citrix® provides solutions that are Common Criteria and FIPS certified. They have several excellent whitepapers and architectures for highly regulated industries. I recommend checking them out for additional information. Here are a few:
For environments that are being accessed by unsecured devices, technologies like Citrix app protection and IGEL UD Pocket can help mitigate risk.
Use the appropriate delivery mechanism
Many businesses start with VDI or cloud-based desktops. Both have valuable use cases but don’t fit every situation. Remember to start with the data, not the delivery. If you are not already in the cloud, a cloud-based desktop may not provide a lot of value.
Remote PC – The quickest way to value is by making your existing corporate desktops available to users from anywhere. Remote PC uses existing desktop PCs and laptops in the office, reducing the need to build out server or desktop infrastructure in the data center. The business gets access to all their resources using the same tools and processes with which they are familiar. Granular policies allow to control of copy/paste, local file access, local printing, on-screen watermarks, and more to protect against data leakage.
Remote Apps – It’s funny to watch the industry circle back to remote application technology every couple of years. Microsoft has owned RDS for 20 years, and I don’t think they really understood the value of remoting technology until they launched Windows Virtual Desktop in Azure. While VDI gets the headlines, don’t downplay Remote App.
Most of the following things can be done in VDI, but in many cases it’s still easier with a virtual application.
- Remote Apps make it easy to aggregate multiple sources. If you have data in multiple data centers or regions that can’t necessarily be relocated, remote app delivery can be used to publish those apps into a single store.
- Easier app stores. Most organizations have 4x, 10x, or 20x more apps than they think they do. The biggest challenge to VDI is diversity. It’s rare to have more than a few groups of user desktops that are the completely homogamous. By delivering individual applications through RDS, users can easily pick and choose what they need to do their jobs.
- Per app policies and licensing.
Remote Desktops – There are quite a few options for VDI. Make sure you understand the business requirements before you decide on a technology. Price and easy deployment options aren’t always the best solution. This is where the UX/UI conversation is more important than ever. Are you replacing the desktop? If yes, what are the user’s expectations? This is an opportunity to fix some broken processes, but don’t punish the user community for IT’s past mistakes.
Expand beyond corner cases
The compute requirements of a remote workforce can be significant. Cloud is an interesting play here because of the pay-per-use model. If migrating your data center to the cloud did not make fiscal sense before, it might with the addition of VDI. Cloud allows you to scale up and out to provide the most appropriate experience for a given user segment or project – and equally important, scale back down as the need recedes. If cloud still does not make economic sense, many hardware providers offer creative purchasing models to make adding capacity easier and more cost effective.
Be cognizant that you are moving a much more volatile workload directly impacting end users (politically vocal humans!) into your highly optimized server environment. In most organizations, servers and data center resources are managed by a different team than desktops, which can cause conflict and confusion. Users don’t hesitate to call a CXO when there is a blip in performance that’s impossible to track down. (Trust me – I have been hired to solve this problem.) Desktop processes, deployments, updates, etc. are managed differently and have a lot of dependencies, from shared infrastructure and networks, to DNS, DHCP, and internet.
To create a great user experience, consider the following:
- Understand the user’s workflow. Make every effort to build something that allows users to stay in flow.
- Optimize for video and audio. Users will expect YouTube, Zoom, Webex, Teams, etc. to function like their current desktop. Or better.
- Create an application strategy. There are a lot of options so: Test. Refine. Test and refine again.
- Don’t forget user profiles. A slow profile can make for a poor overall experience.
- There are some interesting ways to handle files these days with multiple cloud-based services from which to choose. There will be more than one way to solve your specific challenges.
Remote PC is the fastest way to value with the least disruption to the business. It requires minimal planning, infrastructure, and deployment to get users connected to applications and data and may serve you well into the future.
As you progress, planning and communication are the main factors for success. Understand your applications and how they connect to data. Understand user workflow. Workspaces are intensely personal. If you take away someone’s physical desktop, give them something better. Something they couldn’t do before. Something that helps them stay in flow.
This overview just skims the surface, but I hope I’ve provided some ideas and maybe some inspiration. The biggest challenges are politics and planning. Get ahead of those, and the design and technical pieces become much easier.