While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
What is the secret to success when implementing a new virtual desktop infrastructure? One of the biggest factors, if not the secret itself, has nothing to do with technology, according to federal IT executives.
It’s about getting users excited about VDI — communicating early and often so they understand how desktop virtualization will impact them and what benefits they can expect.
In 2012, when the Department of Energy first launched its VDI initiative, some early adopters balked because they couldn’t store their applications and data on traditional desktop PCs. Instead, as many agencies have witnessed in VDI projects over the years, they would use thin and zero client terminals (running little or no local system software) to access resources from data center servers. IT leaders at DOE addressed employees’ concerns through coordinated communications. Not only did skepticism ebb, but also VDI took on a certain level of cachet in the department. Within four months, hundreds more staff members asked to join the program.
“People didn’t have to have clunky PC towers under their desks,” says Donald Adcock, DOE deputy CIO. “And yet, end users had all their applications available and in the latest and greatest versions. They realized that VDI offered benefits in return for change that wasn’t that drastic.”
Experts agree that constant, open communication and the necessary prep work to ensure reliable performance help raise users’ overall comfort with VDI deployments.
“When end users give up local control of their data, they worry they won’t be able to get their work done if for some reason they get disconnected from the network. That’s a valid concern,” says Greg Schulz, senior advisory analyst for Server and StorageIO. “Fortunately, these issues can be addressed if, as part of the VDI effort, you enhance the IT environment, make it more resilient and show people how this will protect their data.”
At DOE headquarters, IT managers communicate with a broad range of stakeholders to spur VDI acceptance. The agency currently relies on VDI to deliver core business applications, such as the Microsoft Office suite, as well as its MaaS360 enterprise mobility management software.
DOE’s VDI environment is based on two main technology pillars: VMware vSphere, in part because of the large number of virtual machines it can support; and Citrix XenDesktop, based on the strength of its management tools, video quality and low bandwidth requirements.
Adcock says DOE views VDI as a more secure way of managing desktops because IT staff can perform application updates and distribute security patches from a central location, instead of moving from desktop to desktop. Planners also see VDI as an energy-conscious alternative to maintaining scores of full-powered PCs, which puts the program in line with the agency’s charter.
“The department has a very robust telework program. With VDI, employees can log in from any device and see a desktop they’re completely familiar with,” Adcock says. “Alternative technologies are more cumbersome when it comes to logging in securely and maintaining that session.”
Explaining such benefits directly to users helped cultivate buy-in, Adcock says. In addition, DOE’s IT staff continuously offered details about the measures they’d taken to ensure high availability of back-end resources. They promoted the VDI project via posters and fliers, and IT created a VDI section on the agencywide Powerpedia wiki to share information about the program and give users a forum for posting their thoughts.
Such a clear exchange of ideas proved invaluable when the VDI rollout experienced inevitable issues, such as temporary glitches related to audiovisual communications and printing resources.
“The customer base expects that, along with the successes, you will share the challenges and how you are working through them,” Adcock says. “To build trust, it’s important to be as transparent as possible during the deployment.”
He would know. Prior to joining the Energy Department, Adcock helped lay the groundwork for one of the most mission-critical VDI environments in government: the Pentagon.
Nearly two years ago, with Adcock at its helm, the Army Information Technology Agency began a VDI pilot as part of a larger virtualization initiative to modernize data centers, servers and storage resources. Early efforts met resistance, but as the Army ITA moved further down the path with VDI, it developed a clearer picture of what would influence the project’s success.
“It’s all about the end users — if they’re not happy, you’ve got a challenge,” says Greg Garcia, current executive director of the Army ITA. “Most projects get into trouble because of misaligned expectations among users, not poor technology implementations.”
After many months of piloting VDI for the Joint Chiefs of Staff, the Army ITA has pivoted its rollout toward production systems. The goal is for the agency’s VDI to serve 80 percent of 4,000 JCS desktops by the end of 2014.
The Army ITA chose VMware View for a number of reasons. First, the JCS was already running the software at one of its locations, which enabled clients to easily connect to both implementations. The VMware software also allowed the Army ITA to meet its goals for building a multitenancy solution, maintaining tight security and closely integrating the VMware hypervisor with converged hardware from Nutanix, says Joel Cassell, ITA engineering director.
“It is much more efficient to patch images in a single place rather than running around the capital region to touch every machine,” Garcia explains. Garcia and his staff address concerns in regular meetings among stakeholders and end users. The Army ITA also created a chat room using open-source Jabber software. The idea: get some of the more tech-savvy users to embrace VDI, and the rest will follow.
It also helped that Garcia was one of the early VDI adopters. “That helped me stay informed about what everyone else was experiencing,” he says. “Being in the same foxhole with your IT customers, experiencing the same frustrations and benefits, buys you credibility.”
As a result, Garcia says, the agency sweats technical details to help minimize drama. Early on, a VDI pilot suffered network performance challenges, but the symptoms weren’t what users might normally associate with a network hiccup. It turned out cursor performance was the issue.
“With VDI, you’ve got to worry as much about how rapidly you can swipe a cursor across the screen as how quickly a 3 megabyte file takes to load from a server,” Garcia says.
For almost four years, the Lawrence Livermore National Laboratory has offered virtual desktops that staff can use for personal web mail, something forbidden on the lab’s regular PCs.
“It didn’t take a lot of arm twisting because we provided something people didn’t have before,” says Lee Neely, senior cybersecurity analyst. “The biggest complaint we hear is that at lunchtime, the system is fully subscribed.”
The lab, which uses a combination of VDI platforms from Citrix, VMware and Microsoft, plans to build on its success by moving applications that require regular updates to a central VDI environment. IT managers are also eyeing VDI to deliver applications to smartphones and tablets.
VDI acceptance hinges on familiarity, Neely says. “If the user opens an application by clicking on the same icon and they save a file using what looks like their preferred folder structure, the adoption is high,” he explains. “They don’t care that it’s VDI because everything looks like it’s running locally.”
It’s ironic, given the importance of communications, that silence is one of the best ways to gauge VDI success.
“When someone says, ‘Oh, you took away my desktop two months ago? I didn’t even notice,’ that’s really the best compliment,” Garcia says.