BOSTON -- The buzz around Citrix's renewed focus on XenApp and Edward Snowden might seem unrelated, but they're...
both top of mind for IT pros.
The two topics emerged as talking points for presenters and attendees at BriForum 2014 here this week.
Just over one month into his tenure as Citrix's CTO of desktops and applications, Gunnar Berger talked about Snowden in a presentation, saying companies not only need to worry about securing data against cloud providers' prying eyes, but from their own employees as well.
He explained Citrix Workspace Services (CWS), an upcoming platform that gives IT pros a way to deliver mobile workspaces from the clouds they choose. He noted that CWS is not desktop as a service (DaaS), but a platform that provides a management and control plane for Citrix products that adds "any cloud" to "any device, any network, anywhere."
"I have concerns about DaaS" he said. "This is the year of DaaS hype."
Slow your roll: Trust comes first
Berger's main concern about DaaS is that it "skips a lot of steps and looks right at the end solution," he said.
Steve Greenbergprincipal architect, Thin Client Computing
Specifically, conversations about implementing DaaS overlook what customers should do about their applications and data, plus the trust that needs to be established between cloud providers, the enterprise and users.
Putting desktops in the cloud helps with management, but if companies run line of business applications in their own data centers, there are potential performance issues. And keeping relevant data with those applications poses a problem, too.
"The desktop is only 10% of your problem. The other 90% is your apps and data, and those are all on-[premises]," he said. "Apps and data are like peas and carrots; I don't like either of them, but they go together."
Companies could send those applications and their data to the cloud, but that opens trust issues.
"How do you protect your data from us?" Berger said. "You should question everything."
Even after a cloud provider has taken steps to make itself trustworthy -- for example, encrypting data so that even the vendor can't see it, as Citrix does with its ShareFile service -- IT still has to worry about whether employees are trustworthy, Berger said.
"Does Edward Snowden work for your company?" he asked.
In businesses with super high security requirements or sensitive information that simply can't leak, an employee with an agenda and access can spell bad news. And for shops looking into DaaS, CWS, or doing VDI, securing data is of the utmost importance.
Securing data with fewer firewalls
In planning a large-scale VDI deployment for an aerospace company with classified information, Steve Greenberg, principal architect at Scottsdale, Arizona-based Thin Client Computing, LLC had to convince his client to alter its perspective on data security within the organization.
"Usually it's that the inside is good and the outside is bad," Greenberg said in an aerospace VDI case study session that he co-presented with Jared Cowart, senior solution architect at Nvidia Corp. "Stop doing that. The inside is the outside. Stop saying, 'You work here, I trust you.'"
Instead of having various zones, firewalls and secured SANs, the VDI build is such that whether employees connect to the data center from the LAN, WAN or over the Internet, they have to use a remote protocol. Even then, they only gain access to the data they need, and they can't copy it.
Some of the aerospace company's employees needed access to the Web to do research, so Greenberg added a secure, sandboxed area for Web browsing that couldn't interact with the other resources. It's not only more efficient, but it's more secure, too.
Back to XenApp
Last week, Berger wrote a blog post on Citrix's "over-rotation" away from XenApp, and the company's recent decision to refocus on it. Greenberg and Cowart said that's a good thing.
Sometimes there are situations where XenApp fits better than full VDI, Greenberg said.
For example, in the aerospace company's VDI deployment, there were use cases from rocket scientists and researchers to office workers and shipping clerks on the hardware and manufacturing side.
What ended up working the best was to create one XenDesktop virtual machine with one GPU per worker who needed it, such as the rocket scientists. For knowledge workers who didn't need as much CPU and other resources, the team deployed shared XenApp servers with virtual GPUs.
"We can take XenApp, make it look like Windows 7 and [customers] say, 'Yeah, that's the VDI that I want,'" Cowart added.
It wasn't cheap to build the aerospace company's virtual infrastructure, but saving money also wasn't one of the requirements. Its VDI deployment had to be fast, secure and needed to improve operational efficiency. In the end, what Greenberg, Cowart and the rest of the team built ticked all those boxes.
"There are a lot of projects that don't have the 'save money' aspect because that's not always the most important thing," Cowart said. "Think about how you would put a price on loss of intellectual property."
With Citrix Workspace Suite, virtual desktops and apps come together
Why does every vendor have a tool called "Workspace"?
ICYMI: Citrix Synergy 2014 recap