Year-End – What to Expect in IT

time to plan Ivelin RadkovIf you look up information on preparing for the end of year in IT, the majority of the results will refer to accounting (which is not the results you were hoping to get). For many companies, the year-end is also the fiscal year-end. For consumer retail and sales companies, it is very likely the busiest time of the year thanks to the holiday season. As I write this, it is still about  week until Black Friday. That means I am writing this using cellular service, on my laptop, in front of a major chain store, where me and my tent are already 50th in line to get in on Black Thursday (previously known as Thanksgiving). Okay, maybe I exaggerate (a little).
So, how does all this affect IT? In many companies, the paradigm for IT changes from the rest of the year. At this point, production systems become locked. There are no further changes allowed to production until January of the next year. Only approved emergency and break/fix changes are allowed. Why? Here are a few reasons:

  • For those companies that are busiest during the holiday season, they need IT to be prepared and ready to ramp up for the higher demand. Business hours will probably become longer and after-hours time will decrease. Systems are going to be busy. So busy, that more servers may be needed to supply increased demand. This is one of those places that the investment in virtualization will definitely pay off. This means that ITs primary focus will be on consistent and reliable day-to-day operations.
  • That fiscal year-end mentioned earlier, means the accountants, financial groups, and leaders in the organization are trying to close out the year and prepare for the next. Their highest priority is the next year is tax season. And of course, no changes or interruptions to their resources.
  • That fiscal year-end also means that the IT budget for the year has probably been allocated already (use it or lose it). There will probably little to nothing left for expenditures until the next year (which is a little over a month away). So, don’t expect a new project to be started.
  • IT directors and their staff will now have a stronger focus on next year’s budget and balancing their needs and wants. So more IT time will be allocated to reporting and forecasting.
  • It is the Holiday Season. It is the time that of the year where the greatest amount of vacation time is spent. Of these last five weeks of the year, children are out of school for about three of them. Even college kids are home from school for a significant amount of time. The organizations IT staff is going to be running a lot leaner. The smaller the IT staff, the bigger the impact. Very few places are going to give their entire IT staff time off at once, but they are still going to be running with a smaller crew. Trying to avoid problems while the expertise is not in-house will be a priority. Therefore, no changes until the end of the holiday season.
  • There are organizations that are affected differently by the end of the year. The items mentioned above play out differently for them. Some organizations have a fiscal year-end that is different from the calendar year-end. In most of those cases, they do that because the calendar year end is too busy to allow both conditions to occur at the same time. However, the time-off factor is going to affect almost every organization no matter how big or small.

So where does this leave IT? Those of us in IT need to perform the daily tasks and also prepare for the year-end. The year-end has alterations to backups, daily operations, resource needs and more. Check back here for blogs that are going to discuss the tasks we in IT need to perform to prepare for the end of one year and the start of the next.

Do you have any specific questions, or topic you’d like to us to discuss as it related to year-end planning? Please feel free to email me or post your questions below.

 

AZS-3

 

Craig R. Kalty (CCIA, CCEE, CCA, MCITP:EA, MCITP:SA, VCP)|
Sr. Network Consultant
Craig.Kalty@CustomSystems.com

 

 

 

© 2014 Custom Systems Corporation

It’s all about the data… And secure, remote access

shutterstock_NeyroIt always comes down to data. In order to function properly in their jobs, employees need access to data. Along with access to the data, they need a comprehensive method of utilizing the data. In the office, employees  have secure access to the data they are permitted and the means to utilize the data. However, the company office is not the only place users require access to data.

We now have users that work from home, mobile, and remote offices. We have many types of portable devices, Wi-Fi access, and the Internet at our disposal that we can be just about anywhere and be need access to company data. So, if employees are not in the office, how do we make it possible for them to securely access data and provide the means to utilize it?

There are many solutions we could implement to offer our users secure remote access to data. Each one has its pros and cons involving ease of use, security, performance, and comprehensiveness. All the methods have the ability to be secure (some more secure than others). All solutions have the ability to require users authenticate/logon. In fact, depending on how each access solution is implemented, they all have the ability to make use of two-factor authentication. All methods have a varying level of complexity to implement. Here are some of the most common solutions:

  • Public Facing Websites – a website that is accessible to the Internet to provide users access to data in the company’s private data center. Security can be provided by SSL encryption and user authentication (logon). The webpage provides the GUI for users to comprehensively utilize data. The application being used can determine how viable a website solution is. Many third-party applications already provide web based access. For instance, almost every third-party e-mail solution of today has the ability to provide access through a webpage. In-house developed applications may or may not have been created with web access and may not be viable for straight access through the Internet. The biggest con to a web-based solution is security. You are providing a public doorway to your data with a webpage. If you do everything correct in securing the page you should be fine, but there is always risk.
  • Cloud Services – in essence, another form of web based access to data with differences. For instance, one difference may be where the data resides. Cloud based solutions do not always keep the data in the companies private data center. The data could reside at the data center of the cloud solutions provider instead. Required hardware and security are then provided by the cloud provider. Enterprise organizations may have the means to offer their own cloud based solutions, but most small to medium companies will need to lease a cloud-based solution. Cloud services is a subject in itself.
  • VPN – a Virtual Private Network solution offers a user remote connections directly to the company network and behave as if the user is on the local network. Using features like split-tunneling, communications meant for the company network can be segregated from other communications the user may be utilizing (i.e. Internet browsing). The most common form of VPN today is an SSL VPN. As the name implies, it utilizes SSL encryption for security. Almost all VPNs in use today utilize Internet access. However (believe it or not) some organizations still require the higher security of dial-in access. The problem with a VPN is that though it does a great job of getting you connected to the company network, you still need a method of utilizing the data. Once connected through a VPN, a user can access an internal web site, run an application that is on their device that knows to connect to data through the VPN, or access something on the network that will enable the user. This solution is probably the easiest to implement for an administrator, but it can also be the one with the highest learning curve for the user. Many times, the users will have to take extra steps in order to enable proper data access.
  • Remote Desktop Services (RDS) or Citrix XenApp – RDS comes with Windows Server (2008 or 2012). It allows users to access server based desktops or applications. The user is given access to either a full desktop or just specific applications. The desktops or applications are all running on a server back in the data center. The data and the applications are never on the remote user’s device. Only keyboard presses, mouse movement, and changes in video are transmitted between remote device and data center. The data remains safely in the datacenter. In this solution, users are sharing server resources, but do not interact with each other. RDS requires Client Access Licenses for each accessing user. Citrix XenApp installs on top of RDS and enhances RDS abilities (think of it as RDS on steroids). RDS was designed by a combined team of Microsoft and Citrix specialists, so Citrix knows how to enhance RDS. XenApp is faster, more secure, easier to administer, and has more features than RDS. I have been working with Citrix XenApp and its predecessors since the late 90s and love it, so I am a little biased when I say that this is my preferred solution.
  • Virtual Desktop Infrastructure (VDI) – refers to Citrix XenDesktop, VDI-in-a-Box, VMWare View, and similar products. In this case, users connect remotely to a virtual machine that is running a desktop OS (Windows XP, 7, or 8). Like RDS and XenApp, the data stays in the datacenter. Only keyboard presses, mouse movements, and screen changes are transmitted. The difference is that the user is accessing a desktop with its own resources instead of sharing resources with other users. Applications installed on the desktop provide users with the comprehensive access to data with a high level of compatibility for applications. This solution is generally more expensive to implement, but it can also be one of the most secure and comprehensive ways to enable users both locally and remotely.
  • Remote PC – this refers to services like VNC, LogMeIn, and even Citrix XenDesktop. In this case, the user is taking remote control of a physical PC/workstation in the company office. For instance, a user has a desktop that they work on in the company office. When the go external to the company office, they can connect back to their company office desktop and control it remotely. This provides the user with the same working environment internally and externally. However, this method tends to be a little slower and is affected more by bandwidth and slowness issues. I mention Citrix XenDesktop again because XenDesktop has a feature where it can have an agent on a physical desktop and provide that desktop to a user instead of a virtual machine. Because it uses Citrix’s ICA protocol and access methods, Citrix’s Remote PC solution tends to provide higher performance than others.

There are many other solutions for accessing data from the outside world, but not enough time to explain each here. I have instead listed the ones I consider the most prevalent. There is one consideration in the securing of data that I did not stress and I am going to do so now. The safest place for your data is in the datacenter. If data is stored on or copied to a remote device, it is harder to keep the data safe. If data is stored only on a remote device and not on the network, loss of that device through hardware failure or theft will most likely be irreplaceable loss of that data. Solutions like RDS, VDI, Citrix, and remote PC keep the data in the datacenter and still allow the users adequate access to it. VPN solutions allow for and sometimes need to have data on a remote device. When deciding on a method of access, keep in mind where you want the data to be stored and how you want it accessed. That should be one of the primary deciding factors.

Questions? As always, please post your questions or comments below.

 

AZS-3

 

Craig R. Kalty (CCIA, CCEE, CCA, MCITP:EA, MCITP:SA, VCP)|
Sr. Network Consultant
Craig.Kalty@CustomSystems.com

 

 

 

© 2014 Custom Systems Corporation

XenApp 7.6 Gives Us More Features

citrix-logo-webIn a previous blog, I discussed migrating from previous releases of XenApp and XenDesktop to version 7.x. In short, I recommended Migrating to XenDesktop 7.x because it was a good step forward. With XenDesktop, we were offered more features and improved performance. However, my thoughts on XenApp 7.x were the opposite. Unless you had a requirement to migrate to a Windows 2012 server implementation, I could not justify going to XenApp 7.x. Though there were a number of reasons for this, the primary reason was the loss of features.

Features we were used to in previous versions of XenApp were not there in version 7.x. In versions 7.1 and 7.5 we were given back a couple of features and introduced to some new ones, but still not enough to change my mind. Now that XenApp 7.6 has been released, I am going to recommend giving it a look. It still may not be worth the migration from XenApp 6.5 for some organizations because XenApp 6.5 is fairly solid. Keep in mind that, for now, XenApp 6.5 has product maintenance through February 24, 2016 and has an end of life date of August 24, 2016 according to Citrix. That is about eighteen months from now. For smaller infrastructures, making a migration may not need that much time. However, larger infrastructures probably want to start making plans and testing. Those organizations on the verge of migrating may be more willing to make the move now that XenApp 7.6 has been released.
Previously, I had listed reasons not to make the move to XenApp 7.x yet. With version 7.6, I am saying to consider it. Here are some reasons for migrating to XenApp 7.6:

  • Windows Server 2012 support.
  • Much easier installation which lends to easier expansion.
  • A clearly defined path for migrating from XenApp 6.5 with the tools to bring over previous configurations.
  • Missing features are back:
    • Application Folders in StoreFront and Web Interface.
    • Session Prelaunch.
    • Session Linger.
    • Support for anonymous users (kiosk mode).
    • Ability to function when the database is offline (connection leasing).
    • Virtual IP and virtual loopback.
  • New and improved features:
    • Improved reporting features.
    • Improved Remote PC Access.
    • SSL/TLS connections.
    • A tool for converting Citrix Application Streaming profiles to App-V 5 packages.
      (XenApp no longer does application streaming. You need to incorporate Microsoft’s App-V to gain the same functionality.)
    • Improvements to Director:
      • Licensing Alerts.
      • Monitor hotfixes.
      • Director is compatible with XenApp 6.5
      • View hosted application usage.

Keep in mind that a proof of concept is the proper course for determining if XenApp 7.6 will support your organization’s needs. There are also tools like Citrix’s AppDNA to help determine compatibility of applications before you migrate. So, as I have said, now is a good time to look into migrating to the latest version of XenApp.

Questions? As always, please post your questions or comments below.

 

AZS-3

 

Craig R. Kalty (CCIA, CCEE, CCA, MCITP:EA, MCITP:SA, VCP)|
Sr. Network Consultant
Craig.Kalty@CustomSystems.com

 

 

 

© 2014 Custom Systems Corporation