As your IT solution provider business grows, it becomes evident that your employees really don't need you to provide them an office any longer. Setting up a remote workforce can free up cash so you can invest in your business. Here, the vice president of product management for user workspace management at Quest Software offers tips on how to successfully manage remote workers.—Jennifer Bosavage
The benefits an organization gains from allowing employees to work remotely are hard to deny: easier hiring without relocation when seeking specific skills; access to markets with lower labor costs; and, for the right type of worker, increased productivity and reduced interruptions. That comes with new challenges, however. How do you deploy the environment remote workers need to do their jobs effectively on a wide range of devices, over a range of connections? How do you deploy it securely, protecting corporate data and interests without reducing productivity or increasing costs? To tackle all these challenges requires a multi-faceted approach, called “user workspace management.” Let’s look at each of these areas to see how a reseller or service provider might help an enterprise manage and empower their remote workers.
Access control: Depending on the sensitivity and security regulations you face, you might need to consider two-factor authentication using hardware or software tokens, as well as privilege management and policy controls that carefully restrict which applications are available, when, where, how, and to whom. To reduce complexity, you might also consider Single Sign-On solutions, and consolidation of all remote access resources into a Web portal.
Self-service: Another way to increase remote user productivity is to ensure that users can fix their own problems quickly. Consider self-service solutions for password changes and lockouts; help desk ticket management; and requests for increased privileges and expanded access.
Virtualization to the rescue: One approach that solves many of these challenges is to virtualize the applications and/or desktops, and deliver them remotely from a data center. There are three main ways of accomplishing that:
1) Session virtualization (also known as Terminal Server, Terminal Services, Remote Desktop Session Host, and, somewhat incorrectly, as Remote Desktop Services). It allows delivery of Windows applications and/or desktops to remote workers on any device, over pretty much any connection. On the plus side, the approach doesn’t require much bandwidth; the need for a VPN can be avoided by using an https gateway; data never leaves the data center; and the remote computer never needs to be joined to a domain, or even managed! The drawbacks: Users must be connected all the time; they can’t install their own apps in the corporate desktop; and peripheral support is limited, although advanced solutions from companies such as Quest provide support for all scanners, printers and headsets. Also, application compatibility can be tricky with session virtualization because it runs on Windows Server (not Client), but there are analysis and remediation tools on the market that can fix the majority of these automatically.
2) Server-hosted desktop virtualization (also known as VDI). This has the same benefits and requirements as Session virtualization, but allows users to install their own apps and provides wider support for peripheral devices. It also can make application compatibility easier, since it runs Windows Client. The cost to deploy is significantly higher, however, and licensing is particularly complicated. The wrong management software also can make management expensive, and reduce scalability.
3) Client-hosted desktop virtualization (also known as Local VDI). This is quite a different approach, in which the virtual Windows 7 desktops are not kept in the data center, but are put in a secure sandbox on the endpoint devices. This means they still work when the user is disconnected from the network, and they can experience higher graphics throughput for demanding applications. This approach works on PC and Mac endpoints, and also requires much less hardware in the datacenter, since the only server components are essentially web servers for distributing disk images and policy updates. It does require the local computing device to have the RAM to run a Windows 7 VM alongside its primary operating system, however.
Behind all this, it’s important to track, audit and monitor the whole service to make sure you’re the first to know when problems arise with the remote workforce’s workspace, and so there is a clear trail in the event of a security incident. Ideally, the monitoring solution should have an all-up dashboard and real-time alerting, as well as historical data collection for correlation and diagnostics when issues occur.
Many technologies and solutions must be brought together to provide a productive and secure workspace for remote workers. The final consideration is to source as many of these parts as possible from a single vendor, one with the breadth and depth of technology to meet all of these needs, plus the product integration to deliver even greater value when those parts work together.