I seem to be having the same design conversation every couple of weeks so I’ve decided to blog a little on it.
Let’s take a company, Honest Joe’s Ovens or HJO, making specialty products, based in central Ireland. HJO has 150 employees. 100 of those staff work in the office/factory. Another 50 are sales/services people who work on the road. These are specialty ovens that HJO makes, so they sell all around Ireland, the UK, continental Europe, Japan, Brazil, and the USA. Collaboration and communications are critical. Sales and services people need the latest information on marketing pushes, features, and product servicing. Email by itself is just not cutting it and security is an issue because sales can carry sensitive customer information (the ovens are “specialty” ).
Question: How do you solve this problem?
Answer: There is no one correct answer for every company. You have to ask questions, understand the challenges, learn how they want to work, and figure out their strategy for the future. Only then can you figure things out.
When Windows 7/Server 2008 R2 were launched, we might have suggested something like:
- Windows 7 Enterprise on every PC and laptop. Sales folks have Direct Access to get into the office easily, and BitLocker (To Go) for securing data.
- Centralised Exchange with OST files would enable remote staff to send email back/forth securely via Direct Access.
- Centralised SharePoint (also via Direct Access) would enable staff to collaborate and gain access to the latest information.
- Centralised Lync to allow staff to have online meetings
Think about this one for a moment. Benefits: roaming staff always have access to their local desktop and apps even if they don’t have Internet access … mobile Internet access is not pervasive, despite what telecoms sales/marketing might have you believe. There’s a lot of stuff here … SharePoint, Exchange, Lync, SQL Server, Direct Access, IPv6, certificates, firewalls, load balancers, DMZs, edge servers, and on, and on, and on. Consultants can deploy this and probably will enjoy the challenge. But think about HJO. Will their 1 or 2, probably low paid, admins be able to keep it running? To do all this stuff reliably and securely, this 150 employee company has deployed quite a bit of infrastructure.
You could pitch the Remote Desktop Services/Citrix Gateway approach to share apps or desktops over the Internet. Yeah, more stuff to manage and secure in the SME with limited experience admins. To me, that seems like not a good way to go.
And those laptops on the road … what about them? How do you support them? How to you get new business apps onto a laptop in Japan that probably is not on the company network more than once a year … if ever? How do you secure it with patches in a reliable manner? Company procedures that tell users to do stuff do not work. It’s been a while since I brought up the first 2 IT admin commandments:
- Users are stupid
- Users lie
So here’s what I’m considering as an option in the conversation:
- Office 365: Dump Exchange. Dump SharePoint. Dump Lync. Don’t be an accidental SQL DBA. Don’t get messed up with firewalls, DMZs and load balancers. Let Office 365 be the “server farm” in the cloud. Heck, get the SKU with Office, and let users work together as one. I know, Internet access is still a requirement, but unfortunately that’s always the case. At least it doesn’t have to be 3G to sync your OST mailbox.
- Windows Intune: Deploy the office desktops and roaming laptops with Windows 7 Enterprise. Now you have BitLocker and BitLocker to Go for security. Good news, if you have active Software Assurance on Windows desktop licensing then you get a discount on Intune. With Intune, your admins can support (remote access), secure (patching and AV), and configure (policy settings and software distribution) local and roaming laptops.
Benefits? An experienced consultant can deploy this environment with little if any infrastructural cost to HJO. And let’s face it, with the market the way it is now, they make very little on h/w costs. The consulting gig is more important. The customer gets a better value solution that they can manage themselves. Maybe HJO outsources some of their management to the consulting company because HJO’s admins are busy enough with the 100 desktops in the office, and the consultant adds to their managed services business, as well as value to the customer. And this is scalable. In my last two conversations, the topic of growing sales staffs came up. Not a problem …change the subscription, get the user to buy a laptop, courier them a USB stick with a per-configured MDT build of Windows 7 Enterprise with Office Pro Plus, the Intune agent, etc, and that user is up and running in no time (lots of possible variations on this induction process).
Now you have roaming workers quickly accessing the same repository of information on the net as office workers, able to chat with each other easily, and the admins aren’t being asked to do more than they are able to. HJO has a good business solution.
As for the internal office infrastructure … lots of possibilities: stay on PCs, go with RDS, go with VDI, you name it. I’m still a PC guy, with RDS/XenApp second, pooled VDI a distant third, and assigned VDI waaay down in 4th place. No one solution is perfect, just don’t buy the marketing crappola about reduced costs/management of VDI.