|
|
|
 Dynamic Delivery
|
2010 – Vol. II
|
|
|
E-mail article
|
|
Intel's Drive Toward Stateless Employee Computing
|
|
|
To enable device-independent mobility (DIM) at Intel, Intel IT is considering implementing dynamic virtual client (DVC) technology, which uses containerized software to abstract the OS, applications, corporate and personal data and workspaces, and user-specific settings. In this model, users can access applications and information from any device, anywhere, anytime.
HOW TO SUPPLY DIVERSE DEMAND? THE PLATFORM PROLIFERATION CHALLENGE
As mobile devices and technologies proliferate, employees increasingly want to use their personal devices, choosing the best platforms, applications, and services to manage their professional and personal lives.
Intel anticipates the need to support not just employees who use one or two devices, but also those who roam among several devices, which raises challenges:
- Keeping business and personal information separate on each device, whether owned by Intel or the employee
- Keeping corporate data and application context synchronized and secure across devices
- Maintaining security, manageability, and functionality across devices
- Ensuring compatibility between new and legacy technology and applications
- Maximizing return on investment (ROI)
After researching technologies, we concluded that abstracting the traditional corporate build environment into layers – OS, applications, user data, and user-specific settings – would deliver a stateless computing model, allowing access to corporate information in formats tailored by platform for greater flexibility and performance. IT benefits include centralized application and data policy management, cost savings via reduced integration for individual platforms, and improved service delivery.
GO STATELESS
To implement DIM, Intel is considering DVC technology to abstract environment components and deliver them to a wide variety of devices.
Abstraction of components into virtual containers enables faster upgrades and provides greater flexibility and faster solution development at lower cost.
The planned solution consists of three steps: evaluating DVC technologies, building DIM support architecture, and implementation in segmented communities versus waiting for more comprehensive solutions.
EVALUATING DVC TECHNOLOGIES
Intel has evaluated several technologies that support DIM:
OS streaming. With OS streaming, Intel would use OEM platforms instead of engineering them and rely upon OEM support.
Application streaming. Similar to OS streaming, isolating applications into virtual containers simplifies maintenance and allows device-independent access.
Cloud storage. Secure cloud storage enables removal of user data from client endpoints, allowing anywhere, anytime access and eliminating the need for IT back up. It also provides an opportunity to create and manage file retention policies, leverage efficient storage and archival technologies, and enable more effective legal discovery practices.
Client virtualization. Client virtualization allows separation of hardware, OS, application, and user settings layers, and facilitates changing one without affecting the others.
BUILDING AN ARCHITECTURE THAT SUPPORTS DIM
The evaluation showed that virtual containers are central to DIM architecture, and the internal and external cloud storage and services that provide data and application mobility.
Using Containerized Software Appliances – Isolating the dependencies of an application or data set can dramatically simplify software deployment by eliminating potential compatibility issues, file dependencies, or undesirable interactions with other applications. Isolated applications also are more secure.
Furthermore, containerization simplifies configuration and deployment of security patches because only a small number of client endpoints, now a back-end service, need to be patched. Clients are synchronized and updated the next time they connect.
Abstraction of all layers yields a stateless computing model, where many clients share a single base OS image and application layer.
Separating Personal and Corporate Workspaces and Data – Separate containers hold personal and corporate data: The end user stores personal information in one – the device itself or a personal cloud – and is responsible for management (e.g., backup), whereas corporate data is stored in another and is managed according to corporate policies. This offers two important benefits:
IT benefits include centralized application and data policy management, cost savings via reduced integration for individual platforms, and improved service delivery.
Improved data security and stability. Beyond improved performance, hardware-assisted virtualization improves security such that negative events in the personal space (e.g., viruses) have no effect on corporate assets.
Reduced liability. Separation means less personal content will end up in the corporate infrastructure. It may also be possible to limit the migration of company content to the personal file system, or at least enable surveillance of occurrences. DIM implementation demands examination of information storage and flow to protect both the company and the individual from loss and misuse.
Using an internal cloud for work-related documents improves retention management and protection of intellectual property. It also eliminates network back up of clients and enables new data archive and legal discovery processes, which can minimize costs significantly.
Widespread use of cloud storage services enables implementation of tiered storage and several benefits:
- Archival cost reduction
- Retention policy enforcement, minimizing storage and liability from excessive data retention
- Content index and search services for legal discovery and information reuse
Implementing Virtualization – During the evaluations, Intel considered several technologies that support OS and application streaming and virtualization, including:
- Type 2 hypervisor or hosted virtualization
- Directed I/O-based hardware virtualization
- Type 1 or client native hypervisor-based virtualization
- Virtual container security, manageability, and mobility
Implementing Internal Cloud Infrastructure and External Cloud Services – Cloud computing is important because it enables cloud storage of corporate data, and access and synchronization between devices. Intel envisions a mix of internal and external cloud services, with an internal cloud defined as an internal environment with cloud computing characteristics and external clouds provided by suppliers.
Internal clouds can have most of the features of external clouds, using similar technologies to host cloud-aware applications and provide a dynamic infrastructure that responds to demand and fault signals. Internal clouds would provide the application layer and corporate data, while external clouds would provide personal data and services.
FOCUSING ON SEGMENTED COMMUNITIES
To maximize ROI, Intel needs to address existing and emerging requirements rather than wait for a solution that meets the needs of all users, which allows it to implement ideas more quickly, facilitate ROI, and collect feedback to share with suppliers, architects, and engineers.
Intel has identified three DIM use cases that could be implemented in the short term:
- Delivering services to devices that cannot sustain a full IT build [e.g., mobile Internet devices (MID)]
- Providing on-site-mobility to move between office, lab, and home, and access the IT environment from several devices
- Separating corporate data from personal data and providing it on multiple platforms
Each of these use cases exercises a slightly different aspect of DIM and will enable Intel to gain valuable experience and information to improve its architecture.
RESULTS
Two current projects are helping Intel explore the practicality of DIM:
Smart Phone Pilot Project – The advent of smart phone encryption has enabled a pilot project exploring the feasibility of providing corporate e-mail, calendar, and contact information services on personal smart phones. Previously, these were only provided on Intel-purchased devices; now, native applications on employee-purchased devices deliver them.
Intel hopes to answer the following questions during the pilot project:
- Can we move away from buying personal devices for users and still benefit from the associated productivity gains?
- Does DIM reduce support costs significantly?
- Is it possible to provide secure services on personal devices? Is this viable in the enterprise environment?
- Can personal devices support IT services, or are they more appropriate for personal applications only?
Netbook Proof of Concept – Netbooks and other small-form factor devices such as MIDs are becoming more popular in the workplace. Intel needed to investigate the associated IT impacts:
- Is security risk acceptable?
- Do netbooks increase support costs?
- Do netbooks reduce productivity?
To answer these questions, Intel developed a proof of concept (PoC) to test workplace netbook use using three separate scenarios:
Locally installed IT build. This was secure but expensive.
IT build run as a virtual machine. This can be costly and unsecured, and degrades performance.
Locally installed OEM-provided OS with an enterprise workspace provided by a virtual hosted desktop (VHD) interface. This adequately addresses the value proposition for using netbooks in the enterprise to complement users' primary workspaces.
The results indicated that netbooks, when used as companion devices, can improve employee productivity through better mobility, connectivity, and access to corporate data without higher provisioning and support costs or security risk.
The VHD model reduces commingling of corporate and personal data, easing personal information back-up burden as well as legal exposure by limiting the amount of personal information stored on PC platforms and back-up storage systems.
Benefits – The PoCs suggest numerous DIM benefits, including a total cost-of-ownership savings of $100 per platform.
TRANSITION TO REALITY
DIM presents a major challenge and opportunity for IT. Today, IT-provided data, application, OS, and hardware layers are tightly integrated and device-specific. Implementing DIM requires thinking about these components as services. Intel also needs to manage security issues as it lands services on each new device, and to determine which applications beyond e-mail, calendar, and contact information to enable.
JUST THE BEGINNING
With the consumerization of IT, managing clients in an enterprise environment is becoming more complex and costly. Users are demanding access to corporate applications and data from multiple devices, some of which IT does not own or manage. DIM, based on DVC technology, enables user choice and flexibility while allowing IT to focus on delivering services rather than managing hardware platforms.
Intel Information Technology – Mobility
November 2009By Dave Buchholz, Technology Evangelist, Intel IT; John Dunlop, Enterprise Architect, Intel IT; Ed Jimison, Technology Evangelist, Intel IT; Glen Maxson, Technology Evangelist, Intel IT
This paper is for informational purposes only. THIS DOCUMENT IS PROVIDED "AS IS" WITH NO WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY, NONINFRINGEMENT, FITNESS FOR ANY PARTICULAR PURPOSE, OR ANY WARRANTY OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. Intel disclaims all liability, including liability for infringement of any proprietary rights, relating to use of information in this specification. No license, express or implied, by estoppel or otherwise, to any intellectual property rights is granted herein.
Intel, the Intel logo, Intel Core, Intel vPro, and Xeon are trademarks of Intel Corporation in the U.S. and other countries.
*Other names and brands may be claimed as the property of others.
Copyright ©2009 Intel Corporation. All rights reserved.
|
|
|
|
|
|