Productivity, Security, and Reduced Costs: You Can Have It All | Microsoft Small Business Center
Today's information workers and mobile warriors may feel like they invented the "always on" office. With a smartphone in their pocket or purse, or a laptop slung over their shoulder, they can stay in constant touch with the workplace.
The end result of this connectedness is a sizeable uptick in worker productivity, but it often comes at a cost to the IT staff, which has to help ensure the stability of the system and the security of the data. The end user's desire for mobility and flexibility comes into direct conflict with the IT professional's need for security and control. And then there are the accountants, who're growling about the need to lower costs, including (especially?) IT costs. Is this three-way conflict unavoidable?
Thankfully, no. The Windows Optimized Desktop can alleviate this tension among end users, IT, and accounting, providing a desktop infrastructure that is designed to enable mobile productivity, risk management, system control and cost reduction. Built around Windows 7 Enterprise and the Microsoft Desktop Optimization Pack (MDOP), the Windows Optimized Desktop solution includes powerful technologies that will make employees productive virtually anywhere while enhancing IT management and helping reduce costs.
So, how do Windows 7 and MDOP make this possible? By building on a client infrastructure framework and toolset that provides a uniform, reliable and productive end-user experience, combined with a security enhanced and easily managed IT environment.
With Windows 7, your end users will be treated to Microsoft's fastest and most reliable operating system, with an intuitive user interface that makes navigation a snap. When the 800-plus employees at Enterasys Networks, a midsized firm headquartered in Andover, Massachusetts, heard about the features in Windows 7, they began clamoring for the new OS. This isn't surprising: as a global provider of routers and switches for use in corporate networks, Enterasys boasts a technology-savvy workforce. These knowledgeable employees were eager to take advantage of Federated Search, the Aero desktop, and the improved performance features in Windows 7.
For Rich Casselberry, the director of IT operations at Enterasys, the move to Windows 7 was an opportunity to solve some gnarly issues regarding remote workers, system management, and power usage.
The IT staff was particularly interested in delivering a better user experience to employees working remotely. Seventy-five percent of Enterasys employees have portable computers and 40 percent rarely come into the office. "We have information workers who work from home, and sales staff and service engineers who are always on the road," says Casselberry. During peak traffic times, remote employees often experienced latency on the network. What's more, the IT staff did not have the capabilities to ensure desktop security for remote workers. "We hoped that sales folks would log on to the corporate network and visit Windows Update on their own, but we couldn't enforce it," says Casselberry.
To improve the work experience for remote employees, in March 2010, Casselberry and his team began a pilot project to test a new feature of Windows 7 Enterprise, DirectAccess. Using this feature, remote workers can access corporate resources on the network, such as file shares, websites, and applications, without having to establish a VPN connection. With split tunnel routing, these same employees can also visit public websites without going through the corporate network.
Enterasys is also taking advantage of the Microsoft Desktop Optimization Pack to more fully automate desktop management. Today, Casey DuLong, Help Desk Analyst at Enterasys, is using the Microsoft Diagnostics and Recovery Toolset (DaRT) to help restore PCs that won't start and to recover lost data. Recently, Casselberry has been testing the Microsoft System Center Desktop Error Monitoring (DEM) tool set to address potential problems with employees' computers before they become an issue.
Equally intriguing for Enterasys, the Microsoft Optimized Desktop promised significant cost savings by lowering power usage. After hearing that Windows 7 could reduce power consumption by around 40 percent, Casselberry decided to test the claims, asking DuLong to test Windows 7 power usage on a pilot installation of the 32-bit version of Windows 7 Enterprise Release Candidate.
DuLong conducted three tests using a pair of identical IBM NetVista desktop computers, one running a standard Windows XP Service Pack 3 installation and one running Windows 7. During the tests, DuLong recorded the intake of electricity for each computer measured in watts per second by an energy consumption meter.
"It became evident quite quickly that the claims around reducing energy consumption with Windows 7 were no fabrication," says DuLong. "Windows XP consumed up to five times more electricity throughout the course of all three labs."
Enterasys also took advantage of MDOP's virtualization technologies. One of these, Microsoft Application Virtualization (App-V), delivers a seamless user experience and provides streamlined application deployment and simplified application management.
App-V transforms applications into centrally managed virtual services that are never installed on the client machine and don't conflict with other applications. Moreover, App-V relieves end users of the pain involved in application upgrades, patches and terminations—no more reboots, lengthy installation waits and annoying uninstalls. In short, by using App-V, application management is centralized, while application execution is isolated on the client computers.
Sounds good, you say, but you have business-critical applications that were created for Windows XP and are incompatible with devices running Windows 7. That's where another component of MDOP comes to the rescue: Microsoft Enterprise Desktop Virtualization (MED-V) delivers applications in a virtual PC that runs a previous version of the OS. Such legacy applications operate exactly as if they were installed on the desktop—users can even pin them to the task bar. With MED-V, you get built-in tools for application compatibility testing. It also provides functionality for creating, managing, and updating corporate Virtual PC images through a centralized console, facilitating rapid provisioning and enhanced security of virtual machines.
But won't there be major headaches in running the overall system? Nope. Microsoft System Center, which provides the management infrastructure of the Windows Optimized Desktop, captures and aggregates knowledge about the infrastructure, policies, processes and best practices, enabling you to optimize IT structures and thereby reduce costs, improve application availability and enhance service delivery.
Again, the experience at Enterasys is instructive. With DirectAccess, Enterasys' IT staff is expecting to gain a streamlined remote-access solution to simplify management of remote computers. Because DirectAccess is based on IPv6 technology, Enterasys IT staff would no longer have to wait for users to return to the office or connect through a VPN to update their desktop and portable PCs, avoiding issues with user certification and cached credentials.
By using new application compatibility and imaging technologies in conjunction with Microsoft System Center products, Eric Gosselin, system administrator at Enterasys, has also streamlined software planning, testing, and deployment processes. Enterasys can now build a new image for a bare-metal machine 33 percent more quickly and has reduced the number of images that it maintains from six to three. "We had multiple images for our single-core processors and our multicore processors, but Windows 7 eliminated all that," says Gosselin.
"Windows 7 offers a lot more technologies to streamline deployment and, used with System Center Configuration Manager 2007, it offers a scalable and flexible way to offer employees the latest operating system when and where it's most convenient," Gosselin continues.
Okay, Windows 7 and MDOP can equip employees' mobile devices with all your apps, and System Center can make IT management nearly painless, but how can you know that your critical business information is security enhanced?
Rest easy. With Windows 7, you have BitLocker encrypting the data stored on client devices. Once BitLocker is activated, any files saved to the hard drive are automatically encrypted. On top of that, you can take advantage of the security features of Microsoft Forefront Endpoint Protection, which builds on System Center Configuration Manager 2007 to offer desktop security and management in a single infrastructure. Forefront Endpoint Protection provides highly accurate detection of known and unknown threats and actively protects against network-level attacks by managing Windows Firewall configurations.
What's more, with DirectAccess, the IT staff can check whether remote desktop and portable PCs are running the requisite security updates whenever a remote employee connects to the Internet. Because System Center Configuration Manager 2007 also works with DirectAccess in Windows 7 Enterprise, the IT staff can deliver security updates and other configuration services to remote workers according to the same schedule as office employees connected directly to the network.
"DirectAccess could make all the difference to our comfort level by maintaining security for our road warriors," says Enterasys' Casselberry. "As soon as they start their machines, we can push out the right security updates using System Center Configuration Manager 2007. With split tunnel turned on, I'm going to be measuring the reduction in Internet bandwidth, which should be substantial, and I don't expect to see any increase in malware, despite the fact that users are accessing corporate and noncorporate networks at the same time."
So, there you have it. By deploying Windows 7 Enterprise with MDOP, managing it with Microsoft System Center and warding off threats with Forefront Endpoint Protection, you can make your mobile end users more productive, enhance the manageability and security features of IT operations, and give the bean counters in accounting something to cheer about.
Want to learn more about the Microsoft Optimized Desktop? Then check out the resources here.