Client Virtualization and the Evolving Mobile Security Paradigm
Credit: Toby Jorrin
The Government Printing Office is piloting a Citrix VDI solution, CIO Chuck Riddle says.
As mobile computing grows, IT leaders are finding that a virtual desktop infrastructure offers more than merely a way to centralize control of an agency’s computing resources. A growing number of agencies see VDI as a secure, efficient way for mobile workers and teleworkers to connect to back-end agency resources.
For example, Lawrence Livermore National Laboratory (LLNL) is looking to its already-established VDI architecture to help solve emerging user requirements for secure remote access.
LLNL implemented VDI four years ago to address a single need: to let users browse the Internet, access webmail accounts and utilize social networking and other Web 2.0 tools without incurring risk to the agency’s mission-critical data resources.
The solution, known as SafeWeb and based on Citrix System’s XenDesktop VDI environment, is hosted by a third party and is now available to all 6,500 LLNL employees. The initiative has been a huge success, according to Lee Neely, senior cybersecurity analyst for LLNL. “Our users love it,” he says. “So long as they abide by our acceptable-use policies, they now have the option to take advantage of tools and websites that we otherwise would have had to block.”
Now, Neely and the LLNL IT team are taking the next step with VDI: going on the road. The lab is one of several agencies, including the Census Bureau and the Government Printing Office, that are implementing mobile VDI using solutions from companies such as Citrix and VMware.
The Livermore lab has launched a pilot involving a few hundred users to evaluate what technology products will best allow its fast-increasing population of mobile employees and teleworkers to access their desktop resources no matter where they are located or what computing device they happen to use.
Finding a “Best Fit”
Enterprise adoption of VDI poses some challenges, but its benefits can be worth it for agencies that need secure mobility.
“I liken VDI to installing solar panels; it’s higher cost, but for the right use cases, it can be ideal,” says Mark Margevicius, vice president and research director of client computing for Gartner. “It’s the applicability that you need to measure.”
For the Census Bureau, VDI is seen as the perfect fit for keeping field workers fully connected, secure and productive after the agency completes an initiative to cut its number of regional offices from 12 to six. However, VDI is also perfect for the agency’s telework program, which grew by 53 percent in 2012.
A VDI environment costs an estimated
1.4 to 1.6 times
as much as a traditional support-at-the-desktop model, because of requirements for network bandwidth, storage systems, servers, management tools and higher-priced licenses for VDI-enabled applications.
In 2011, Census IT officials kicked off a pilot program involving a few hundred mobile workers to assess user response and address any technical kinks. The Census VDI environment went into full production in January 2012. The agency’s goal is to have 85 to 90 percent of its mobile employees and teleworkers trained to use the system by the end of 2013, according to Chris Fudge, branch chief for Census VDI.
“Our biggest challenge by far has been moving quickly enough with the rollout to satisfy the demand from our users,” he says. “They all want in right now.”
The Government Printing Office, which has been experimenting with limited VDI use for five years, recently began allowing teleworkers to use their home-based and mobile computing devices to access agency PCs through its Citrix NetScaler portal. This fall, the agency will take the next step and pilot a genuine Citrix XenDesktop VDI solution with about 100 users.
“It’s sort of a phased approach, to get it out there and make sure that it sets and takes,” says Chuck Riddle, CIO of GPO. “VDI is definitely not a one-size-fits-all approach. For some use cases and some employees, it works well, and for others, it doesn’t. So we’re just trying to be careful about how we roll it out and how we advertise what it can and can’t do.”