After catastrophic earthquakes in Christchurch toppled its New Zealand law office, Duncan Cotterill implemented desktop virtualization to provide stronger disaster resilience, according to the law firm’s CIO at the time.
desktop virtualisation - News, Features, and Slideshows
LAS VEGAS: Sacking the old PC in favor of desktop virtualisation is starting to grow and the information technology managers taking the lead on that trend offered some perspectives on the networking and security challenges it brings.
Imagine being CIO for Intel. You serve over 90,000 employees scattered around the globe, many of them hardcore technologists happy to second-guess any decision you make.
Intel CIO Diane Bryant doesn't seem to be buckling under the pressure. In a recent interview with InfoWorld's Doug Dineley and myself, Bryant — who joined Intel in 1985 and worked her way up through the ranks — clearly laid out her vision for making desktop virtualization a key part of Intel's long-term plans to serve its internal users.
Dineley: What caused you to consider virtualisation on the client side?
Bryant: The big change I've seen in even just the two years since I've been CIO is the plethora of devices. Intel calls it the "compute continuum." It used to be you would come to Intel and get a desktop, and in '97 you got a notebook, and then smartphones. Now there are all kinds of devices that people are looking to bring into the environment: netbooks and tablets and all kinds of things. In January is we opened it up and we said: "If you have a smartphone, and you're willing to sign a waiver that you're going to have Intel-confidential information on your personal device, we will push contact, calendar, and email onto your smartphone."
Knorr: Can I ask you what the waiver says?
Bryant: I'm not a lawyer, so I'll paraphrase. In general it says: "If you lose your iPhone you have to immediately call Intel and we will wipe the phone, which means we will wipe the Intel information and we will wipe your information."
Knorr: That capability has to be enabled before somebody can use it?
Knorr: Yes. We put a password on the device and we have remote wipe capability. This is where client virtualization comes in...
Dineley: So you're an Exchange shop and you're using ActiveSync?
Bryant: Yes, so it's very low cost for us. And to your point, how many iPhones: In January when we launched we had 8,000 BlackBerrys; we now have 9,000 employee-owned devices in the environment. The vast majority are iPhones. And we all know how often we use our handheld devices to stay connected — those hot emails that you need to reply to. Now we have that many more employees who are that much more productive. The survey feedback says that they save 30 minutes a day because they have that information on their devices. When they walk down the hallway trying to find a conference room, they don't have to open their notebook, they just look [at their handheld device]. It was a huge productivity gain, but from a client virtualization perspective, the employee had to sign up and say: "You can wipe my device." Where we want to get to is a secure, virtual partition on your smartphone device [so]when you lose the device I can wipe my VM and your personal data remains intact.
Knorr: You can't do that with an iPhone.
Bryant: You can't do that today on anything. That is what we're actively working on today. That's one example of why client virtualisation is so key and why we're enabling it not just for your desktop or your notebook, but to be able to support secure partitions across a full range of devices that you may have or that I may want to buy for you.
Dineley: So you're a big believer in the client hypervisor?
Bryant: I am. I'm a big fan of it. But also I think what's more important is that virtualisation technology is a foundational technology that enables many different use models.
Dineley: So not all Intel employees are going to have the same thin client?
Bryant: No, because all Intel employees are not the same. That's the same in any large corporation. In the old days you ignored that fact and you gave everybody the same device. Today you don't have to do that anymore. You can say: "You're a factory worker, here's the best device for you to be productive. You're a sales guy, you're on the road, you're always mobile, here's the best device for you. You're an engineer cranking massive computations, here's the best device for you." We've definitely gone to a segmented population, giving the best device to the employee based on their needs or multiple devices based on their needs.
In most cases we want the VM on the device, because you're not always connected. If the virtual machine is off in the cloud, there's an assumption that you're connected in order to be productive. That's just not a reality, so in general we want a rich client with the VM on the device.
There are cases where that isn't the best solution, though. For instance, our training rooms. We have large training rooms around Intel worldwide — [with all] those desktop machines, how nice it would be if you didn't have to send IT guys out to maintain and update those machines. You just hold a virtual container out in the cloud, a virtual hosted desktop. It's a static solution, it's not used very frequently, but when it's used you want it to work. You don't want the employees coming in to be trained and the silly desktop doesn't run. So that's a great example of hosting out in the cloud. We have a proof of concept going on that demonstrates the lower total cost of ownership for IT.
Knorr: So client hypervisor is the model you're really going for. You've decided that VDI with a constant connection is not practical, except in these training-room type environments.
Bryant: Or for some of the factory workers. I think the bigger point is, it's such a heterogeneous environment, with very different needs, across the population and across the devices — not just by employee but by application. For instance the sales force, which is incredibly mobile: We're rolling out a new CRM solution for them. One would have thought that we could do something that is SaaS or web-based, that they're going to be connected, [But] the feedback from them is: "No, you can't assume I'm always connected." They want it on a small form factor, mobile device, but they want it local. So this is our exploration process: "Who are you? What app do you need? And when and how do you need it?" Then I have to figure out what's the right secure, virtualized solution to deploy that app to you.
Dineley: Do you see the desktop management problem as primarily managing virtual machines on client devices or primarily managing virtual machines on servers that are accessed by client devices? And in some cases those virtual machines travel to client devices and back. What's the central hub for managing all of these VMs? Is it a VDI server farm or is it some other kind of solution?
Bryant: For the majority of the cases, where almost every employee has a notebook device — we have 90,000 notebooks — in general for these notebook devices it's going to be local to the device. A VM loaded on the device. But you can also look at some handheld devices that don't have the capacity for that and they're going to be hosted in the cloud. You have to look at what is the device, what is the app, what is the use model...
Dineley: Are most users mobile?
Bryant: We need to assume that most users are going to pick up their work and leave and that they're not always connected. That's a kind of a baseline assumption. Back in 1997 we went from desktop computers to notebook computers to do exactly that — to allow you to be mobile, to allow you to work from your kid's soccer field if that's what you need to get your job done. The assumption is that people always want to be able to pick up their work and leave with it and they aren't always going to be connected.
Dineley: This is a difficult problem, isn't it?
Bryant: [Laughs] I'm not trying to be cagey, it really is complex.
Knorr: We keep interrupting you and making you stray from your narrative, but basically it sounds as if you're saying your practical implementation of desktop virtualisation is awaiting a robust client-side hypervisor.
Knorr: And that desktop virtualisation in the current deployment is not really widescale at all.
Bryant: No, it's just beta.
Knorr: So client-side virtualisation is the gating factor for desktop virtualization for you. Is that fair to say?
Bryant: Yes. We're in test [mode]. We're in pilot. We have 20,000 contractors at Intel at any one point in time. Today — except for this pilot program we have in India — we give them an Intel notebook with the Intel load on it. It's very expensive, because that contractor already has a notebook his company gave him. So we said, hey, let's do a pilot in India and say from now on, when we hire you as a contract worker, bring your company-owned notebook in and we will take a USB and load a virtual machine onto your notebook with the Intel load. It's secure, it's partitioned from your corporate load, and then when the contract is over we delete it. We now have a couple hundred contract workers in India — we have a large Indian design centre — [who are] working on this and it's working pretty well.
Knorr: And this is based on a client hypervisor or...?
Bryant: It's on a client virtual machine. We try not to talk about suppliers.
Dineley: Is it a bare metal hypervisor or Type 2 virtualization?
Bryant: [Laughs] That might narrow it down a bit, wouldn't it? But it's in beta, it's working, and it will save us $1,200 per notebook. The savings to Intel for the same capability to that employee are tremendous. The other [case] is mergers and acquisitions. Say we acquire a company and ideally day one when they show up you want them to be productive. They have their old company notebook with their old company build. We plug in a USB, drop down a VM, and then — we call it "day one up-and-running" -- we have it running in an Intel environment.
We have demonstrated successes that tell us [the advantages of] client virtualisation. If you have a device that you love, and for me to take on that burden of giving you the device you love... just bring your device to us and I'll drop a VM onto it. You can have the Intel load in our VM running on our OS and I can trust it because it's secured from your personal information. I no longer have to back up and save your personal family photos — which I have to do today, because I know you put your personal photos on your Intel notebook and I have to back it up. So it's secure, I only worry about my VM, you worry about your personal stuff, you get the device you want, Intel remains productive...that's the direction.
Knorr: There's an argument to be made that you're paying twice. Shouldn't everyone just have thin clients? Otherwise, you're paying for a powerful server to host desktop virtualisation on top of desktop or notebook computers.
Bryant: It all comes back to your use model. If your employee is tethered to the desk in a closed environment and they have access to X applications, then host those applications in the cloud, in your datacentre. That makes sense. But you put a box around what that employee can do and where they can do it.
Knorr: Did you look at the other solutions evolving now: Google Docs, the ability to work offline with HTML5's local storage model, that kind of thing?
Bryant: The environment is evolving very rapidly, because that model — those office applications hosted in a cloud — used to work only when connected. Now they have offline features and capabilities, so you've opened up a new opportunity for delivering applications to devices. We do proof of concept on cloud-based applications all the time.
The issue with that is, as a large enterprise I have a very large infrastructure — I have 100,000 servers in production — and so I am a cloud. I have the economies of scale, I have the virtualization, I have the agility. For me to go outside and pay for a cloud-based service...I can't make the total cost of ownership work. And most of my peers can't either. That's why most large enterprises are focused on building cloud capability — agility and scale — inside, with their own infrastructure.
Knorr: What about client virtualisation for mobile devices? You may have more insight than we do about how this is coming along, because currently, it doesn't really exist.
Bryant: You mean smartphone, handheld-size devices? There are various startups that are building handheld-based virtual solutions and we are absolutely out looking, helping, testing. Because that will be the key. Today I can only put email and calendar [on the device] — and I strip the attachments because that device isn't secure as an enterprise device. I've made you happier, because I'm letting you use your personal device, but I've limited what I can give you because of security. I have to protect those assets at all costs. As I'm able to put a VM on that device, and I can secure that device, then I'm able to give you greater and greater access to Intel's data and apps.
There's huge interest in desktop virtualisation technology, due to its promises of improved security, manageability and flexibility. Here are some details on how the technology works and why it might be a fit for your company.
Qumranet, the commercial sponsor of the KVM (Kernel-based Virtual Machine) virtualisation software, has begun beta-testing a desktop virtualisation system aimed at geographically distributed organisations.
Whitepapers about desktop virtualisation
Find out how an integrated infrastructure can help to reduce operational cost, improve enterprise productivity and ensure smooth business operations.