Written by Benjamin Cavolick from Microsoft division
The way we work in the next 3 years will be fundamentally different to how we currently work. If recent events have taught us anything, is that in general, we’ve been fantastically unprepared for the changes we’ve faced. Remote working was until recently seen as a job perk, something that was a ‘nice to have’, but the accepted view was that the ‘real’ work only gets done in the office. True, there had been a slow adoption of remote working policies & every few years a VDI provider would extol the virtues of their solution; cheaper, faster & more secure, but there was no real ‘why’ and subsequently these projects were mainly side lined or canned.
That was of course until the world went into panic mode last year and then immediately demanded why we didn’t already have a fully working remote worker toolset in place… In the middle of this decisions were taken on the fly; Laptops were taken home with no VPN, Desktop’s & monitors were bundled into cars – asset tags be damned!, backups were suspended (indefinitely), ports were opened up to the internet (who needs security right?), half solutions were cobbled together.
Obviously things have gotten better, but we’re still working with the same tools, at least until recently. What if I told you that a mysterious company had been secretly (well not so secretly!) preparing for this exact scenario and had all the tools available now? Imagine the scenario; Brián from IT Marketing HR division starts a new job, working at BigInfo – he’s not given a laptop as he just bought himself a new Apple iMac Pro with 5k retina display & gold plated mechanical keyboard so there’s no way he’s going to be ‘forced’ to use a company Windows laptop. He needs access to the corporate network for file sharing, he needs to print when he comes into the office, he needs his email from anywhere, he needs to communicate with his team, there’s a finance application that requires a secure connection to their bank and must be ran on pre-approved devices. What would you propose? Of course, he could be obliged to use the company laptop, but there’s a cost to this, not just the cost of the laptop, but perhaps also a performance cost. We couldn’t configure his personal machine for obvious reasons, security may be low on the list for many, but we can’t really be leaving the proverbial doors completely unlocked.
As I mentioned earlier, we’ve had VDI solutions in place for decades, and these could certainly be an option, but this is only one piece of the puzzle. Current VDI solutions tend to be notoriously difficult to setup and manage, they often sit on kit housed on premise making it not easy to scale (up or down), the operating system licenses are at best, simply confusing & because of the complexity it really is a bespoke solution for most organizations. In addition they rely on other vendors to ensure they continue to work, a point that will become clearer later on.
Here’s the proposal, a fixed cost per virtual machine, automagically pre-configured with access to only what is required, available immediately, protected by MFA and using the same SSO for everything – and perhaps most importantly for this scenario, can securely run on any machine (within reason!) and from any location where they have internet. That’s a lot of buzz words so let’s break it down;
- Fixed costs, previously getting a quote for a VDI solution required some (a lot of) guess work, are the machines going to be left on? Will the Windows license be compatible with the VDI solution? Will you purchase the most powerful host servers in the expectation of full utilisation? Electrical costs? Infra upkeep costs? A fixed cost that you can tell your customers will massively facilitate these conversations.
- Pre-configured; if the OS is being managed by the same company that performs the configuration wouldn’t that be great? No more third parties playing catch up with a recent patch, no more guess work and testing, ultimately far less angry customers. It’s quicker, easier and far more efficient if we could just add a user to a group and that VM is automatically configured; applications & printers installed, security tools & theme’s applied – the end user starts is added to the correct group and immediately has a company VM to start working on immediately.
- Simplicity; can you imagine a restaurant that didn’t make its own food? Every time a customer made an order they would run to the nearest takeaway re-package it and charge twice as much to the customer. That restaurant wouldn’t last 5 minutes, it wouldn’t be accepted. Yet, this happens all the time in IT, quickly mentioned above, but more concisely why isn’t the owner of the OS making also an environment to remotely run it on? There’d be no risks with licenses, testing is (well should be) done within the constraints of this garden, yes walled gardens have issues, but we’re not talking about development, we’re talking here about baseline infrastructure being managed by the same people. Fundamentally we’ve seen major advantages when the OS owner and hardware are the same – efficiency, reliability & security to name but 3.
- Security; if everyone has the keys to the fort then it’s no longer a fort, it’s just cold dark building with no windows. Making sure we keep our company data safe and ensuring intruders are kept out can be done an infinite ways, but often with security simplicity is best. We could allow OneDrive and SharePoint to be connected to externally, but that could lead to data loss, it depends on the level of confidentially and of course the risk to make a decision. The simplest solution is to house all this data availability within a Virtual machine, this way it’s available immediately when the user starts and is immediately revoked when the user leaves. In addition what if you could use the same threat analytics currently used for things like Exchange access, this threat analysis could be used for VM access, again no need for a separate product, it’s all joined, saving both time and money.
It will come as absolutely no surprise that I’m talking about the new offerings from Microsoft with Windows 365 (W365), this totally integrated suite incorporates the Windows 10/11 OS seamlessly & simply with a cloud based VDI solution. Cost is fixed, Licenses are simple, security is integrated, existing tools (Microsoft Endpoint Configuration Manager & Azure AD) are tailer made for configuring the endpoints & it is built with O365 closely tied into the offering. W365 will start rolling out this year and it will revolutionise the way we work, not just in the scenario above, but in many other ways e.g. consultants that have a company laptop wouldn’t need an additional QIMinfo laptop, they would just need a W365 access, testing & development, less powerful laptops could be purchased (to run the connection to W365), no configuration of company laptops would need to be performed (time saving) and a whole lot more, I can certainly see in the not too distant future, mobile phones being used as thin clients that seamlessly connect to a monitor and BT keyboard/mouse that launches access to W365 and bang you have a fully powerful Windows 11 machine running on your phone! the possibilities are endless.
Have no fear Windows is here to stay, but the entire way we connect to Windows is changing and Qiminfo is embracing this change.