General discussion

Locked

Government Technology

By Ramon Padilla Jr. ·
Tags: Off Topic
blog root

This conversation is currently closed to new comments.

464 total posts (Page 3 of 47)   Prev   01 | 02 | 03 | 04 | 05   Next
Thread display: Collapse - | Expand +

All Comments

Collapse -

NVD - Homeland Security Helping You

by Ramon Padilla Jr. In reply to Government Technology

August 11th, 2005 was the debut of NVD (The National Vulnerablility
Database) by the National Institution of Standards and Technology
(NIST). Quoting directly from the NVD website "<em><strong>NVD is a
comprehensive cyber security vulnerability database that integrates all
publicly available U.S. Government vulnerability resources
and provides references to industry resources. It is based on and
synchronized with
the </strong></em><a href="http://cve.mitre.org/">CVE</a><em><strong> vulnerability naming standard</strong></em>." The database is funded by the Department of Homeland Security's National Cyber Security Division.<br />
<br />
So what NIST has provided us in the form of NVD is a comprehensive one
stop shop for locating information about vulnerabilities in products
presented in an easy to use format. I spent a few minutes with
the database, popping in the names of software vendors and you
certainly will find tons of info, even on software packages that don't
pop into your mind when thinking about vulnerabilities - such as your
back up software.<br />
<br />
This is certainly a site you want to bookmark and make visiting it a
regular part of your security protocols. You can get to it by
clicking <a href="http://nvd.nist.gov/">here.</a><br />
<br />
<br />
<br />

Collapse -

Why have a Desktop PC at all?

by Ramon Padilla Jr. In reply to Government Technology

The recent news reports
that I have read regarding organizations, both public and private, who were
impacted by the Zotob and Rbot worms is disconcerting. To the uninitiated,
those who were affected did not practice good patch management.





<br />
<br />
However, those in the
trenches know that keeping up with patches, especially at the desktop level, is
a daunting task. On top of that, patch management is just a small part of total
desktop management. Application installation, software updates, hardware
maintenance, training, security, and more are all part of desktop management.





<br />
<br />
In 1996, Gartner Research announced
the average Windows 95 desktop cost $10,000 a year to own. This includes,
besides the activities mentioned above, the direct costs of user support, lost
productivity, downtime, and administrative costs including depreciation, and
finance charges.





<br />
<br />
Some would argue even then
that the total cost of ownership (TCO) computed by Gartner was either
overinflated or underrepresented. Whatever the cost is today, (based on your
own TCO) there is no arguing that managing the desktop takes up a significant
amount of an IT department's total resources.





<br />
<br />
The workload to manage
desktops is such that a whole market of desktop management tools have sprung up
to help us "control" them. Novell Zenworks, Intel Landesk, Hewlett-
Packard OpenView, IBM's Tivoli TME10, or Microsoft's Zero Administration Kit
are just a few examples. And even with these tools, the TCO for a PC just seems
to stay the same or is even increasing.





<br />
<br />
So given all this, don't
you have to wonder if it's worth it?


I know I did a few years
ago. I looked at my organization's IT budget and the amount that was being used
to purchase and support PCs and said "there has to be a better way".





<br />
<br />
That better way, after
some significant research and testing was a hybrid solution consisting of thin
client technology, Citrix, and Linux that would be phased in over time.





<br />
<br />
In a nutshell, the plan
was to provide a "desktop" to the end user via their browser and run
all their applications either directly from a Web server or from a Citrix
server. Their individual machines would have their OS replaced by a very thin
build of Linux and all machines purchased (new or as replacements) would be
Linux-based thin client machines.





<br />
<br />
This desktop solution, in
my opinion, was more secure and less susceptible to end user
"intervention", virus breakouts, and emergency patches; thin clients
were easier to install and trouble shoot, and workers were no longer
"tied" to their workstation since they could get their own tailored
desktop from any machine in the organization.





<br />
<br />
In order to succeed, we
had to do two <strong><em>critical</em></strong> things. Get buy-in from the organization and
make sure we had a solid network infrastructure that had a very low
latency.





<br />
<br />
The buy-in began with the IT
governance committee. Fortunately, we had a very astute committee that, after
seeing the research and the solution in action, quickly bought in to the idea. The
next step was to eat our own dog food. The IT department made the move to this
solution. From there, it was time to woo top management. We knew that if they didn't
understand what was going on, the plan would eventually fail. Again, at the
time I attempted this plan (and probably why I was comfortable in doing it) we
had an incredibly sharp and IT-friendly administration. From the CEO to the
CFO, they were on board and active supporters.





<br />
<br />
Meanwhile the
infrastructure work was going on, and we were revamping and expanding what was a
tired network to start with. So we began putting the solution into place,
department by department, and you know what? It worked great! Yes, we initially
had some kinks, but once they were worked out the network was greatly improved.





<br />
<br />
Unfortunately, this story
has an incomplete ending. While doing the project, our community voted to merge
local governments. So when the time came for the merger, we were not quite
finished. Overnight, the whole environment that had been primed and ready
literally disappeared. That ended the solution.





<br />
<br />
The point of this story
though is that I know the solution works and you can be rid of a great deal of
desktop headaches by ridding yourself of a fat client machine. I have seen the
beginnings of it, I know what the TCO was turning out to be, and if I ever get
the opportunity again I will seek to implement a similar solution.





<br />
<br />
And yes I realize that
this solution doesn't fit 100% of the users but it works for the vast majority.
And I would rather be managing a very small subset of needy fat client machines
than an entire organization's.





<br />
<br />
It?s a bold move, switching from fat client
machines to thin client and delivering an organization's desktop through a Web
browser. But with the proper planning and execution it can be done. Just make
sure you start at the <em>beginning</em> of
your CEO's next term in office.<br />
<br />
<em><em>Keep up with the issues and challenges that uniquely affect
public-sector IT with TechRepublic's free Government IT newsletter,
delivered each Tuesday. <a href="http://nl.com.com/MiniFormHandler?brand=techrepublic&list_id=e068">Automatically sign up today!</a></em></em><br />

Collapse -

Why have a Desktop PC at all?

by emil.vincent In reply to Why have a Desktop PC at ...

<p>Sounds very interesting, we have the same issue with desktop management. What was your plans for mobile notebook users under this setup, who also need to work off line at times?</p>
<p> </p>

Collapse -

Why have a Desktop PC at all?

by ktharbi.c In reply to Why have a Desktop PC at ...

<span>
<p class="MsoNormal"><span>I am not fully agree with you!!! , I think that idea depend on your environment , and if the organization use the full facility of his operating system (like Windows), he can reduce his costs in managing the clients , and also if I go to your idea I think I must do a big investment on servers , networks and software (like CITRIX), and also I have the single fall point problem if that servers have any problem , and also I lose the power of the clients , this is what i think!!!</span></p>
<h6 class="MsoNormal"><font face="Times new roman" size="3">Can you help me with more information.</font></h6></span>

Collapse -

Why have a Desktop PC at all?

by Wayne M. In reply to Why have a Desktop PC at ...

<p><strong>Return of the Mainframe!</strong>  Having grown up in the days prior to networking where there were dumb terminals connected to a central computer, I can assure you there is a need for distributed processing that drove the migration away from the mainframe.</p>
<p>As noted above, one of the prerequisites for a complete thin client approach is a large amount of network bandwidth.  Two more that are equally important are low latency and high availability.  Finally, the "network" needs to take on the responsibility for storage and processing power.</p>
<p>Due to the combiniation of processing power and low latency available at a desktop, the computer user interface has grown up to be much more supportive of the user.  For example, most word processing packages now provide keystroke-by-keystroke spelling checks.  Some user interfaces are context sensitive, with areas of the screen enabled or disabled based on user data entry.  These types of functions are feasible because we can throw excess processing power at the problem without affecting user response times.</p>
<p>For a reminder of the user cost of thin client technology and centralized processing, pay attention to the response times the next time you are at a gas station.  I am continually amazed at how long it takes the pump to realize that I have stopped pumping gas and returned the nozzle to the recepticle.  This is the same reaction users often feel when migrated to a Citrix or Web-based version of a familiar desktop application.</p>
<p>Regarding support cost, the transition back to centralized processing and storage has lead a return to 24x7 support.  Even routine maintanence needs to be scheduled at off-hours.  Any sort of outage during standard working hours is a crisis affecting the entire company.</p>
<p>I have touched on mostly the technical issues and I feel that true distributed processing is still in its infancy.  Current web browser software does not provide near the level of user interface support that people desire and need.  There is also the problem of inadequate funding and staffing for the underlying support professionals, but that is another topic.</p>
<p> </p>

Collapse -

Why have a Desktop PC at all?

by Ramon Padilla Jr. In reply to Why have a Desktop PC at ...

Regarding Emil and Harbiks questions and Wayne's comments. Emil, we put Windows and
Office on their mobile PCs with the eventual plan that they would
switch to Linux and StarOffice. However they were encouraged (and
most did) to find a network connection in order to use a Citrix
session. We employed the Citrix secure gateway as well as RSA
SecureID Authenticators for anyone connecting outside our network.<br />
<br />
Harbik, I have to laugh because you bring up some of the same points
people used to scoff at the idea when they first heard it. Yes
you have to invest in servers, but that is offset by the cheaper
desktops/thin clients and keeping them in service longer. As for
single fail point, Citrix provides fail over and we also built
redundancy in for those users that HAVE to be able to get on no matter
what. Also, in 99% of network environments, if the power goes off
- PEOPLE DONT WORK. Why? Because their files are on the
network servers and they print via the network. Same as if the
network goes down (which should not happen that often). So that
is a false arguement. In fact, that exact thing happened in the
environment that I work in yesterday. Power was lost to the
building but generators brought enough power back on to run the lights
at low level and power a PC. However, the switches in the closets
on each floor had very small back up power supplies which did not last
long and then guess what - everyone sat around looking at each other
because of a lack of network connectivity - NO MATTER that
everyone was using a fat client.<br />
<br />
Lastly, of course this solution depends on your environment - as do ALL
IT solutions. If it fits use it, if it doesn't don't or tailor it
for your environment. I think though that this solution is
appropriate to more environments than people think. They just are
too comfortable with the status quo.<br />
<br />
Wayne - Gonna have to disagree with your there. Response time was
so good that most people did not realize they were in a Citrix
session. My demonstration of the environment was to play PINBALL
that comes with Windows with full color and sound. That always
made a believer out of folks. If you are going to compare a gas
station to your network, go ahead, but that was no comparison to
ours. Fact was, response times were extraordinary. The
whole thin client/Citrix solution is FAR from infancy.<br />
<br />
Thanks for reading!<br />
<br />
Ramon<br />

Collapse -

Why have a Desktop PC at all?

by BobbyPR In reply to Why have a Desktop PC at ...

<p>Hi folks!</p>
<p>Once I had to give advice to a client about the same matter.  Unfourtunately the advice was against the thins clients.  Maybe this could apply for you.  Check the problems that I found with the thin clients at this site:</p>
<ul>
<li>Very slow connection to applications like: Word, Excel, and a Data Entry Windows App.</li>
<li>Sometimes Windows freezes</li>
<li>Data Entry App. sometimes took from 10 seconds to 3 mins (with timeout feature turned off) to bring a single record.  So basically they were getting a timeout screen often. </li>
<li>Poor screen resolution.  Some Windows colors look sandy.</li>
<li>Option that you set on Word (like dictionaries, language, auto correct) are lost on each reboot.  This options vary between users, and offices.</li>
<li>Can't bring work made at home in a floppy because theres wasn't one drive on the thins. (lots of lawyers depend on this)</li>
<li>If network is down nobody can keep working offline.  (with desktops they can keep working and even print because theres always a printer that is connected directly to a PC to prevent this events)</li>
<li>The thins generated more network traffic.</li>
<li>It created an unexpected task for the networking department.  Users started to flow to their offices to upload  documents to the server.</li>
<li>On the maintenance side, there where not many vendor that could give hardware support to this equipment.  So they were under the mercyless hand ($$$) of only one vendor.  Desktops hardware is easier to find and troubleshoot.  More vendors = competions = low prices.</li></ul>
<p>Of course, the thins needed less maintenance, administration comes down to zero, security is a plus, the possibility of getting a virus via floppys or any other media is reduced, but with so many disadvantages...</p>
<p>Roberto D?az</p>

Collapse -

Why have a Desktop PC at all?

by Mr L In reply to Why have a Desktop PC at ...

<p>Ramon,</p>
<p>Some details please (we can deep-dive offline if you prefer)...how many seats, application environment, how many customized/home grown apps, etc.  Not to minimize, at all, the project you undertook, but without knowing the scope it's hard to judge.  I have better than 10,000 seats to worry about...3,000 of them at a corporate campus with a wide variety of apps, both shrink-wrap and home grown...and I'm uncomfortable at first pass even thnking about expecting Citrix to support them all.  </p>
<p>I'm all for dumb terminals, I grew up with them, but my users have got to come first</p>

Collapse -

Why have a Desktop PC at all?

by Ramon Padilla Jr. In reply to Why have a Desktop PC at ...

Mr. L,<br />
     We were at around 300 seats when we had to
stop.  Putting 50 clients per server.  Saw no reason not to
keep going - bandwith was looking good and we had built our
infrastructure to handle the full amount of desktops in the
organization - about 3500-4000.  Had a good mix of applications -
Of course Office (which by the way did not display any of the negative
tendencies that were mentioned above by Mr. Diaz.  We then had
multiple home grown applications, some were delivered via a terminal
emulator back to a mini computer (very old apps) some were in VB that
ran against SQL Server, some were comercial (a large inmate tracking
system) fat client against Oracle database, and web apps that had to be
run via IE which we served up as well.  In short, we had a large
variety of apps that covered the gamut.  Like any roll out, we had
some niggling issues we worked through, but we made all the apps
work.  Biggest problem was an app that assigned an ID based on the
machine it was running on.  Can't remember the exact problem, but
the solution was to get the vendor to give us a fix where it derived
the ID from the mac address of the NIC in the machine.<br />
<br />
Obviously in your situation you are talking about a much larger role
out - but I am a believer that this solution scales so long as you have
built your infrastructure out correctly.  The nice thing about it
is that you can run both environments in parallel and they co exist
nicely.  You can add more as you are able to - its not like you
turn out the lights one night and bingo everyone is on a thin client
running Citrix.<br />
<br />
As I said in the article, it is a bold move that takes alot of careful
planning.  But it is a strategy.  It doesn't have to be
accomplished over night and can be done over a period of time. 
There are many people who like to nay say about it without putting a
lot of thought into it.  I spent a considerable amount of time
looking into it before making the decision to go forward and never
regretted it.  Unfortunately I ran out of time, otherwise I would
be sitting here writing this with a much larger installed base than
what we got to.  However, as I said before, given the opportunity
I would do it again in a heart beat.  The rewards we were reaping
were too nice to be ignored.  Supporting the Citrix clients was
much easier than a traditional desktop and troubleshooting was a
breeze.  Virus protection/security was easier and more centralized
and I could go on and on.  But this whole concept leads to debates
not unlike Linux vs Windows - it is religious and personal to
some.  I personally look for soultions that work and can give me
as much freedom to provide solutions to my organization that I can for
the least cost.  I feel/felt that this is one of them.<br />
<br />
But don't just take my word for it (not that you would).  If I
picqued your interest just a little, try some more research.  <a href="http://www.thinplanet.com/">Thin Planet</a> is a good place to start as well as Brian Madden's <a href="http://www.brianmadden.com/">home page</a>.<br />
<br />
Hope this proved informative to you.<br />

Collapse -

Why have a Desktop PC at all?

by IT Makes Sense In reply to Why have a Desktop PC at ...

Ramon: Do you have your business case and/or presentation justifying this project?  If so, can you share it with us?

Back to After Hours Forum
464 total posts (Page 3 of 47)   Prev   01 | 02 | 03 | 04 | 05   Next

Related Discussions

Related Forums