Thursday, June 27, 2019

How IT can fix the broken employee experience

The next BriefingsDirect intelligent workspaces discussion explores how businesses are looking to the latest digital technologies to transform how employees work.

There is a tremendous amount of noise, clutter, and distraction in the scattershot, multi-cloud workplace of today -- and it’s creating confusion and frustration that often pollute processes and hinder innovative and impactful work.

We’ll now examine how IT can elevate the game of sorting through apps, services, data, and delivery of simpler, more intelligent experiences that enable people -- in any context -- to work on relevancy and consistently operate at their informed best. 

Listen to the podcast. Find it on iTunes. Read a full transcript or download a copy.

To illustrate new paths to the next generation of higher productivity work, please welcome Marco Stalder, Team Leader of Citrix Workspace Services at Bechtle AG, one of Europe's leading IT providers, and Tim Minahan, Executive Vice President of Strategy and Chief Marketing Officer at Citrix. The discussion is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions.

Here are some excerpts:

Gardner: Tim, improving the employee experience has become a hot topic, with billions of productivity dollars at stake. Why has how workers do or don't do their jobs well become such a prominent issue?
Minahan: The simple answer is the talent crunch. Just about everywhere you look, workforce, management, and talent acquisition have become a C-suite level, if not board level, priority.

And this really boils down to three things. Number one, demographically there is not enough talent. You have heard the numbers from McKinsey that within the next year there will be a shortage of 95 million medium- to high-skilled workers around the globe. And that’s being exacerbated by the fact that our traditional work models -- where we build a big office building or a call center and try to hire people around it -- is fundamentally broken.

The second key reason is a skills gap. Many companies are reengineering their business to drive digital transformation and new digital business or engagement models with their customers. But oftentimes their employee base doesn’t have the right skills and they need to work on developing them.

The third issue exacerbating the talent crunch is the fact that if you are fortunate enough to have the talent, it’s highly likely they are disengaged at work. Gallup just did its global Future of Work Study and found that 85 percent of employees are either disengaged or highly disengaged at work. A chief reason is they don’t feel they have access to the information and the tools they need to get their jobs done effectively.

Gardner: We have dissatisfaction, we have a hard time finding people, and we have a hard time keeping the right people. What can we bring to the table to help solve that? Is there some combination of what human resources (HR) used to do and IT maybe didn’t think about doing but has to do?

Enhance the employee experience 

Minahan: The concept of employee experience is working its way into the corporate parlance. The chief reason is that you want to be able to ensure the employees have the right combination of physical space and an environment conducive with interacting and partnering with their project teams -- and for getting work done.

Digital spaces, right? That is not just access to technology, but a digital space that is simplified and curated to ensure workers get the right information and insights to do their jobs. And then, obviously, cultural considerations, such as, “Who is my manager, what’s my development career, am I continuing to move forward?”

Those three things are combining when we talk about employee experience.

Gardner: And you talked about the where, the physical environment. A lot of companies have experimented with at-home workers, remote workers, and branch offices. But many have not gotten the formula right. At the same time, we are seeing cities become very congested and very expensive.
The traditional work models of old just aren't working, especially in light of the talent crunch and skills gap we're seeing. Traditional work models are fundamentally broken.

Do we need to give people even more choice? And if we do, how can we securely support that?

Minahan: The traditional work models of old just aren’t working, especially in light of the talent crunch and skills gap we are seeing. The high-profile example is Amazon, right? So over the past year in the US there was a big deal over Amazon selecting their second and third headquarters. Years ago Amazon realized they couldn’t hire all the talent they needed in Seattle or Silicon Valley or Austin. Now they have 17-odd tech centers around the US, with anywhere from 400 to several thousand people at each one. So you need to go where the talent is.

When we think about traditional work models -- where we would build a call center and hire a lot of people around that call center – it’s fundamentally broken. As evidence of this, we did a study recently where we surveyed 5,000 professional knowledge workers in the US. These were folks who moved to cities because they had opportunities and they got paid more. Yet 70 percent of them said that they would move out of the city if they could have more flexible work schedules and reliable connectivity.

Gardner: It’s pretty attractive when you can get twice the house for half the money, still make city wages, and have higher productivity. It’s a tough equation to beat.

Minahan: Yes, there is that higher productivity thing, this whole concept of mindfulness that’s working its way into the lingo. People should be hired to do a core job, not spending their days doing things like expense report approvals, performance reviews, or purchase requisitions. Yet those are a big part of everyone's job, when they are in an office.

You compound that with two-hour commutes, and that there are a lot of distractions in the office. We often need to navigate multiple different applications just to get a bit of the information that we need. We often need to navigate multiple different applications to get a single business process done and that’s just not dealing with all the different interfaces, it’s dealing with all the different authentications, and so on. All of that noise in your day really frustrates workers. They feel they were hired to do a job based on core skills they are really passionate about – but they spend all their time doing task work.

Gardner: I feel like I spend way too much time in email. I think everybody knows and feels that problem. Now, how do we start to solve this? What can the technology side bring to the table and how can that start to move into the culture, the methods, and the rethinking of how work gets done?

De-clutter intelligently

Minahan: The simple answer is you need to clear way the clutter. And you need to bring intelligence to bear. We believe that artificial intelligence (AI) and machine learning (ML) play a key role. And so Citrix has delivered a digital workspace that has three primary attributes.
First, it’s unified. Users and employees gain everything they need to be productive in one unified experience. Via single sign-on they gain access to all of their Software as a service (SaaS) apps, web apps, mobile apps, virtualized apps, and all of their content in one place. That all travels consistently with them wherever they are -- across their laptop, to a tablet, to a smartphone, or even if they need to log on from a distinct terminal.

The second component, in addition to being unified, is being secure. When things are within the workspace, we can apply contextual security policies based on who you are. We know, for example, that Dana logs in every day from a specific network, using his device. If you were to act abnormally or outside of that pattern, we could apply an additional level of authentication, or some other rules like shutting off certain functionalities such as downloading. So your applications and content are far more secure inside of the workspace than outside.
When things are within the workspace, we can apply contextual security policies based on who you are. Your applications and content are far more secure inside of the workspace than outside.

The third component, intelligence, gets to the frustration part for the employees. Infusing ML and simplified workflows -- what we call micro apps -- within the workspace brings in a lot of those consumer-like experiences, such as curating your information and news streams, like Facebook. Or, like Netflix, it provides recommendations on the content you would like to see.

We can bring that into the workspace so that when you show up you get presented in a very personalized way the insights and tasks that you need, when you need them, and remove that noise from your day so you can focus on your core job.

Gardner: Getting that triage based on context and that has a relevancy to other team processes sounds super important.

When it comes to IT, they may have been part of the problem. They have just layered on more apps. But IT is clearly going to be part of the solution, too. Who else needs to play a role here? How else can we re-architect work other than just using more technology?

To get the job done, ask employees how 

Minahan: If you are going to deliver improved employee experiences, one of the big mistakes a lot of companies make is they leave out the employee. They go off and craft the great employee experience and then present it to them. So definitely bring employees in.

When we do research and engage with customers who prioritize on the employee experience, it’s usually a union between IT and human resources to best understand what the work is that an employee needs to get done. What’s the preferred environment? How do they want to work? With that understanding, you can ensure you are adapting the digital workspaces -- and the physical workplaces -- to support that.

Gardner: It certainly makes sense in theory. Let’s learn how this works in practice.

Marco, tell us about Bechtle, what you have been doing, and why you made solving employee productivity issues a priority.
Stalder: Bechtle AG is one of Europe’s leading IT providers. We currently have about 70 systems integrators (SIs) across Germany, Switzerland, and Austria, as well as e-commerce businesses in 14 different European countries.

We were founded in 1983 and our company headquarters is in Neckarsulm, a small town in the southern part of Germany. We currently have 10,300 employees spread across all of Europe.

As an IT company, one of our key priorities is to make IT as easy as possible for the end users. In the past, that wasn't always the case because the priorities had been set in the wrong place.

Gardner: And when you say the priorities were set in the wrong place, when you tried to create the right requirements and the right priorities, how did you go about that, what were the top issues you wanted to solve?

Stalder: The hard part is gaining the balance between security and user experience. In the past, priorities were more focused on the security part. We have tried to shift this through our Corporate Workspace Project to give the user the right kind of experience back again, and letting it show in the work and focus on what the user has to do.

Gardner: And just to be clear, are we talking about the users that are just within your corporation or did this extend also to some of your clients and how you interact with them?

Stalder: The primary focus was our internal user base, but of course we also have contractors that externally have to access our data and our applications.

Gardner: Tim, this is yet another issue companies are dealing with: contingent workforces, contractors that come and go, and creative people that are often on another continent. We have to think about supporting that mix of workers, too.

Synchronizing the talent pool 

Minahan: Absolutely. We are seeing a major shift in how companies think of the workforce, between full-time and part-time contractors, and the like. Leading companies are looking around for pools of talent. They are asking, “How do I organize the right skills and resources I need? How do I bring them together in an environment, whether it’s physical or digital, to collaborate around a project and then dissolve them when that project is complete?”

And these new work models excite me when we talk about the workspace opportunity that technology can enable. A great example is a customer of ours, eBay, which people are familiar with. A long time ago, eBay recognized that they could not get ahead of the older call center model. They kept training people, but the turnover was too fast. So they began using the Citrix Workspace together with some of our networking technologies to go to where the employees are.

Now they can go to the stay-at-home parent in Montana, the retiree in Florida, or the gig worker in New York. In this way, they can Uberfy the call center model by giving them, regardless of location, the applications, knowledge base, and reliable connectivity they need. So when you or I call in, it sounds like we are calling into a call center, and we get the answers we need to solve our problems.

Gardner: Marco, your largely distributed IT organization has permeable boundaries. There isn’t a hard wall between you and where your customers start and end. The Citrix Workspace helped you solve that. What were some of the other problems, and what was the outcome?

Stalder: One of the main criteria for Bechtle is agility. We have been growing constantly for the last 36 years. Bechtle started as a small company with only 100 employees, but organic and inorganic growth continues, and we are still growing quite rapidly. We just acquired another four companies at the end of last year, for example, with 400 to 500 employees. We need to on-board them quickly.
One of the main criteria for Bechtle is agility. We have been growing constantly for the last 36 years. And our teams are spread around different office locations. We also have to adapt to new technologies rapidly because we want to be ahead of the technology.

And our teams are spread around different office locations; even my team, for example. I am based in Switzerland with four people. Another part of our group is in Germany, and I have one colleague in Budapest. Giving all of these people the correct and secure access to all of their applications and data is definitely key.

As an IT company, we also have to adapt to new technologies rapidly and quickly, probably faster than other companies because we want to be ahead of the technology for our employees. We are selling these same solutions to our customers, along with the same experience -- and a good experience.

Gardner: We often call that drinking your own champagne. Tell us about the process through which you evaluated the Citrix Workspace solution and why that’s proven so powerful.

One platform to rule them all 

Stalder: In early 2016, we began with a high-level design for a basic corporate workspace. We began with an on-premises design, like a lot of companies. Then we were introduced to something called Citrix Cloud services by our partner manager in Germany.

In January 2017, we started to think about the Citrix Cloud solution as an interesting addition to what we were already planning. And we quickly realized that the team I am leading -- we are six to eight people with limited resources – could only deliver all those services out to our end users with help. The Citrix Cloud services were a perfect fit for the project we wanted to do.

There are different reasons. One is standardization, to build and use one platform to access all of our applications, data, and services. Another is flexibility. While most of our workloads are currently in our own data centers in Germany, we are also thinking about bringing workloads and data out to the cloud. It doesn’t matter if it’s Microsoft Azure, Amazon Web Services (AWS), or you name it.
Another benefit, of course, is scalability. As I said, we have been growing a lot and we are going to grow a lot more in the future. We really need to be able to scale out, and it doesn’t matter where the workload is going to be or where the data is going to be at the end.

And, as an IT company, we are facing another issue. We are selling different kinds of IT products to our customers, and people tend to like to use the product they are selling to their customers. So we have to explore and use different kinds of applications for different tasks.

For example, we use Microsoft Teams, Cisco WebEx Teams, as well as Skype for Business. We are using many other kinds of applications, too. That perfectly fits into what we have seen [from Citrix at their recent Synergy conference keynote]. It brings it all together in the Citrix Workspace using micro apps and micro services.

Another important attribute is efficiency. As I said before, with seven or eight IT support people, we cannot build very complex and large things. You have to focus on doing things very efficiently.

Another really important thing for us as we set up the workspaces project is engaging with the executive board of Bechtle. If we find that those people are not standing behind the idea and understanding what we are trying to do, then the project is definitely going to fail.

It was not that easy, just telling those board people what we would like to do. We had to build a proof of concept system to let them see, touch, and feel it themselves. Only in this way can one really understand it.

Gardner: Of course, such solutions are a team sport. You don’t just buy this out of the box. Digital transformation doesn’t come with a pretty ribbon on it. How did you go about creating this workspace?

There is IT in team 

Stalder: It was via teamwork spread between different kinds of groups. We have been working very closely with Citrix Consulting Services in Germany, for example. We have been working together with the engineers within our business units who are selling and implementing those solutions within our customers.

And another very important part, in my opinion, was not just engaging the Citrix people, but also engaging with the application owners. It doesn’t really help if I give them a very nice virtual desktop and they are able to log-on fast but they don’t have any applications on it. Or the application doesn’t work very well. Or if they have to log-on again, for example, or configure it before using it. We tried to provide an end-to-end solution by engaging with all of the different people -- from the front-end client, to the networking, and through to the applications’ back end.

And we have been quite successful. For example, for our main business applications, SAP or Microsoft, we have been telling the people what we want to do to get those application guys on board. They understand what it means for them. In the past we had been rolling out version updates for 70 different locations.

They were sending out emails saying, “Can you please go to the next version? Can you please update to this or that?” That, of course, requires a lot of time and is very hard to troubleshoot and configure.

But now, by standardizing those things together [as a workspace], we can deploy it once, configure it once, and it doesn’t matter who is going to use it. It has made those rollouts much easier. For example, for our virtual apps and desktops, we just reached about 30 percent of our employees. It's being done in a highly standardized project basis across every business unit.
We also realized the importance of informing and guiding the people as to how they have to use the new solutions, because it’s changing and some people, they react a bit slow to change. At first they say, “I don’t want to try it. I don’t need it.” It was a learning process to see what kind of documentation and guidance the people needed.

The changes are simple things [that deliver big paybacks]. Because if the people can take a PC back home and use a VPN to connect to their company resources, they may no longer need that PC. They can simply use any device to access their work from home or from on the road. Those are very simple things, but people have to understand that they can do that now.

Gardner: As I like to say, we used to force people to conform to the apps and now we can get the apps and services to conform to what the people want and need.

But we have talked about this in terms of the productivity of the employee. How about your IT department? How have your IT people reacted to this?

Stalder: I also needed a lot of time to convince the IT people, especially some security guys. They said, “You are going to go to Citrix Cloud? What does it mean for security?”

We have been working very closely with Citrix to explain to the security officer what kind of data goes to the cloud, how it’s stored, and how it’s processed. And that took quite a while to get approval, but at the end it went through, definitely.

The IT guys have to understand and use the solution. They sometimes think that it’s just for the end users. But IT is also an end user. They have to get on board and use the solutions. Only in this way everyone knows what the other one is talking about.

Gardner: Now that you have been through this process and the workspace is in place, what have you found? What are the metrics of success? When you do it well, what do you get back?

Positive feedback 

Stalder: Unfortunately, measuring productivity is very hard to do. I don’t have any numbers on that yet. I just get feedback from employees who are talking about different things as they try the system.

And I have quite an interesting story. For example, one guy in our application consulting group was a bit skeptical. One day his notebook PC was broken so he had to use the new Citrix Workspace. He had no choice but to try it.

He wrote back some very interesting facts and figures, saying it was faster. It was faster to log on and the applications started faster. And it was easy to use. Because he does a lot of presentations and training, he realized he could start the work on one device and then switch back to another device, maybe in the meeting room or go to the training room, and just continue the work.

We also get feedback saying they can work from everywhere, can access everything they need, especially if they go out to the customer, and that they only have to remember one place to log on to. They just log-on once and they have all the data and all the applications they are going to need.

Gardner: Tim, when you hear about such feedback from Marco, what jumps out at you?

Minahan: What stands out is the universal challenge we are all experiencing now. The employee experience is less than adequate in most organizations. It is impacting not only the ability to develop and retain great talent, but it’s also impacting your overall business.
What also stands out is that when technology is harnessed in a way that puts the employee first -- and drives superior experience to allow them to have access to the information and the tools they need to get their jobs done -- not only does employee retention go up, but you also drive better customer experiences, and better business end results.

The third thing that stands out is the recognition that traditionally we in the IT sector focused on putting security in the way of the experience. Now, if you put the employee at the center, we are beginning to attain a better balance between experience and security. It’s not an either-or equation anymore. This story at Bechtle is a great example of that in reality.

Gardner: What was interesting for me, too, was that employees get used to the way things are. You hit inertia. But when a necessity crops up, and somebody was forced to try something new, they found that there are better ways to do things.

Minahan: Right, it’s the old saw … If you only asked folks what they wanted, they would want a faster horse -- and we never would have had the car.

Monday, June 24, 2019

Architectural firm attains security and performance confidence across virtualized and distributed desktops environment

Better security over data and applications remains a foremost reason IT organizations embrace and extend the use of client virtualization. Yet performance requirements for graphics-intense applications and large files remain one of the top reasons the use of thin clients and virtualized desktops trails the deployment of full PC clients.

For a large architectural firm in Illinois, gaining better overall security, management, and data center consolidation had to go hand in hand with preserving the highest workspace performance -- even across multiple distributed offices.

The next BriefingsDirect security innovations discussion examines how BLDD Architects, Inc. developed an IT protection solution that fully supports all of its servers and mix of clients in a way that’s invisible to its end users. 

Listen to the podcast. Find it on iTunes. Read a full transcript or download a copy.

Here to share the story of how to gain the best cloud workload security, regardless of the apps and the data, is Dan Reynolds, Director of IT at BLDD Architects in Decatur, Illinois. The discussion is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions.

Here are some excerpts:

Gardner: Dan, tell us about BLDD Architects. How old is the firm? Where you are located? And what do you have running in your now-centralized data center?

Reynolds: We are actually 90 years old this year, founded in 1929. It has obviously changed names over the years, but the same core group of individuals have been involved the entire time. We used to have five offices: three in central Illinois, one in Chicago, and one in Davenport, Iowa. Two years ago, we consolidated all of the Central Illinois offices into just the Decatur office.
When we did that, part of the initiative was to allow people to work from home. Because we are virtualized, that was quite easy. Their location doesn’t matter. The desktops are still here, in the central office, but the users can be wherever they need to be.

On the back-end, we are a 100 percent Microsoft shop, except for VMware, of course. I run the desktops from a three-node Hewlett Packard Enterprise (HPE) DL380 cluster. I am using a Storage Area Network (SAN) product called the StarWind Virtual SAN, which has worked out very well. We are all VMware for the server and client virtualization, so VMware ESXi 6.5 and VMware Horizon 7.

Gardner: Please describe the breadth of architectural, design, and planning work you do and the types of clients your organization supports.

Architect the future, securely 

Reynolds: We are wholly commercial. We don’t do any residential designs, or only very, very rarely. Our biggest customers are K-12 educational facilities. We also design buildings for religious institutions, colleges, and some healthcare clinics.

Recently we have begun designing senior living facilities. That’s an area of growth that we have pursued. Our reason for opening the office in Davenport was to begin working with more school districts in that state.

A long time ago, I worked as a computer-aided design (CAD) draftsman. The way the architecture industry has changed since then has been amazing. They now work with clients from cradle to grave. With school districts, for example, they need help at the early funding level. We go in and help them with campaigns, to put projects on the ballot, and figure out ways to help them – from gaining money all the way to long-term planning. There are several school districts where we are their architect-of-record. We help them plan for the future. It’s amazing. It really surprises me.

Gardner: Now that we know what you do and your data center platforms, let’s learn more about your overall security posture. How do you approach security knowing that it’s not from one vendor, it’s not one product? You don’t just get security out of a box. You have to architect it. What’s your philosophy, and what do you have in place as a result?

Reynolds: I like to have a multilayered approach. I think you have to. It can’t just be antivirus, and it can’t just be firewall. You have to allow the users freedom to do what they need to do, but you also have to figure out where they are going to screw up -- and try to catch that.
I like to have a multilayered approach. I think you have to. It can't just be antivirus, and it can't just be a firewall. You have to allow the users freedom to do what they need to do, but you also have to figure out where they are going to screw up -- and try and catch that.

And it’s always a moving target. I don’t pretend to know this perfectly at all. I use OpenDNS as a content filter. Since it’s at the DNS level, and OpenDNS is so good at whitelisting, we pick up on some of the content choices and that keeps our people from accidentally making mistakes.

In addition, last year I moved us to Cisco Meraki Security Appliances, and their network-based malware protection. I have a site-to-site virtual private network (VPN) for our Davenport office. All of our connections are Fiber Ethernet. In Illinois, it’s all Comcast Metro E. I have another broadband provider for the Davenport office.

And then, on top of all of that, I have Bitdefender GravityZone Enterprise Security for the endpoints that are not thin clients. And then, of course, for the VMware environment I also use GravityZone; that works perfectly with VMWare NSX virtual networking on the back-end and the scanning engine that comes with that.

Gardner: Just to be clear Dan, you have a mix of clients; you have got some zero clients, fat clients, both Mac and Windows, is that right?

Diversity protects mixed clients

Reynolds: That’s correct. For some of the really high-end rendering, you need the video hardware. You just can’t do everything with virtualization, but you can knock out probably 90 to 95 percent of all that we do with it.

And, of course, on those traditional PC machines I have to have conventional protection, and we also have laptops and Microsoft Surfaces. The marketing department has Mac OSX machines. There are just times you can’t completely do everything with a virtual machine.

Gardner: Given such a diverse and distributed environment to protect, is it fair to say that being “paranoid about security” has paid off?

Reynolds: I am confident, but I am not cocky. The minute you get cocky, you are setting yourself up. But I am definitely confident because I have multi-layers of protection. I build my confidence by making sure these layers overlap. It gives me a little bit of cushion so I am not constantly afraid.

And, of course, another factor many of us in the IT security world are embracing is around better educating the end users. We try to make them as aware to help share your paranoia with them to help them understand. That is really important.

On the flip side, I also use a product called StorageCraft and I encrypt all my backups. Like I said, I am not cocky. I am not going to put a target on my back and say, “Hit me.”

Gardner: Designers, like architects, are often perfectionists. It’s essential for them to get apps, renderings, and larger 3D files the way they want them. They don’t want to compromise.

As an IT director, you need to make sure they have 100 percent availability -- but you also have to make sure everything is secure. How have you been able to attain the combined requirements of performance and security? How did you manage to tackle both of them at the same time?

Reynolds: It was an evolving process. In my past life I had experience with VMware and I knew of virtual desktops, but I wasn’t really aware of how they would work under [performance] pressure. We did some preliminary testing using VMware ESXi on high-end workstations. At that point we weren’t even using VMware View. We were just using remote desktops. And it was amazing. It worked, and that pushed me to then look into VMware View.

Of course, when you embrace virtualization, you can’t go without security. You have to have antivirus (AV); you just have to. The way the world is now, you can’t live without protecting your users -- and you can’t depend on them to protect themselves because they won’t do it.

The way that VMware had approached antivirus solutions -- knowing that native agents and the old-fashioned types of antivirus solutions would impact performance -- was they built it into the network. It completely insulated the user from any interaction with the antivirus software. I didn’t want anything running on the virtual desktop. It was completely invisible to them, and it worked.

Gardner: When you go to fully virtualized clients, you solve a lot of problems. You can centralize to better control your data and apps. That in itself is a big security benefit. Tell me your philosophy about security and why going virtualized was the right way to go.

Centralization controls chaos, corruption 

Reynolds: Well, you hit the nail on the head. By centralizing, I can have one image or only a few images. I know how the machines are built. I don’t have desktops out there that users customize and add all of their crap to. I can control the image. I can lock the image down. I can protect it with Bitdefender. If the image gets bad, it’s just an image. I throw it away and I replace it.

I tend to use full clones and non-persistent desktops simply for that reason. It’s so easy. If somebody begins having a problem with their machine or their Revit software gets corrupted or something else happens, I just throw away the old virtual machine (VM) and roll a new one in. It’s easy-peasy. It’s just done.

Gardner: And, of course, you have gained centralized data. You don’t have to worry about different versions out there. And if corruption happens, you don’t lose that latest version. So there’s a data persistence benefit as well.

Reynolds: Yes, very much so. That was the problem when I first arrived here. They had five different silos [one for each branch office location]. There were even different versions of the same project in different places. They were never able to bring all of the data into one place.
I saw that as the biggest challenge, and that drove me to virtualization in the first place. We were finally able to put all the data in one place and back it up in one place.

Gardner: How long have you been using Bitdefender GravityZone Enterprise Security, and why do you keep renewing?

Reynolds: It’s been about nine years. I keep renewing because it works, and I like their support. Whenever I have a problem, or whenever I need to move -- like from different versions of VMware or going to NSX and I change the actual VMware parts -- the Bitdefender technology is just there, and the instructions are there, too.

It’s all about relationships with me. I stick with people because of relationships -- well, the performance as well, but that’s part of the relationship. I mean, if your friend kept letting you down, they wouldn’t be your friend anymore.

Gardner: Let’s talk about that performance. You have some really large 2-D and 3-D graphics files at work constantly. You’re using Autodesk Revit, as you mentioned, Bluebeam Revu, Microsoft Office, Adobe, so quite a large portfolio.

These are some heavy-lifting apps. How does their performance hold up? How do you keep the virtualized delivery invisible across your physical and virtualized workstations?

High performance keeps users happy 

Reynolds: Number one, I must keep the users happy. If the users aren’t happy and if they don’t think the performance is there, then you are not going to last long.

I have a good example, Dana. I told you I have Macs in the marketing department, and the reason they kept Macs is because they want their performance with the Adobe apps. Now, they use the Macs as thin clients and connect to a virtual desktop to do their work. It’s only when they are doing big video editing that they resume using their Macs natively. Most of the time, they are just using them as a thin client. For me, that’s a real vote of confidence that this environment works.

Gardner: Do you have a virtualization density target? How are you able to make this as efficient as possible, to get full centralized data center efficiency benefits?

Reynolds: I have some guidelines that I’ve come up with over the years. I try to limit my hosts to about 30 active VMs at a time. We are actually now at the point where I am going to have to add another node to the cluster. It’s going to be compute only, it won’t be involved in the storage part. I want to keep the ratio of CPUs and RAM about the same. But generally speaking, we have about 30 active virtual desktops per host.

Gardner: How does Bitdefender’s approach factor into that virtualization density?
I like the way Bitdefender licenses their coverage. It gives me a lot of flexibility, and it helps me plan out my environment. I'm not paying by the core, and I'm not paying by the desktop. I'm paying by the socket, and I really like it that way.

Reynolds: The way that Bitdefender does it -- and I really like this -- is they license by the socket. So whether I have 10 or 100 on there, it’s always by the socket. And these are HPE DL380s, so they are two sockets, even though I have 40 cores.

I like the way they license their coverage. It gives me a lot of flexibility, and it helps me plan out my environment. Now, I’m looking at adding another host, so I will have to add a couple of more cores. But that still gives me a lot of growth room because I could have 120 active desktops running and I’m not paying by the core, and I’m not paying by the individual virtual desktop. I am paying for Bitdefender by the socket, and I really like it that way.

Gardner: You don’t have to be factoring the VMs along the way as they spin up and spin down. It can be a nightmare trying to keep track of them all.

Reynolds: Yes, I am glad I don’t have to do that. As long as I have the VMware agent installed and NSX on the VMware side, then it just shows up in GravityZone, and it’s protected.

Prevent, rather than react, to problems

Gardner: Dan, we have been focusing on performance from the end-user perspective. But let’s talk about how this impacts your administration, your team, and your IT organization.

How has your security posture, centralization, and reliance on virtualization allowed your team to be the most productive?

Reynolds: I use GravityZone’s reporting features. I have it tell me weekly the posture of my physical machines and my virtual machines. I use the GravityZone interface. I look at it quite regularly, maybe two or three times a week. I just get in and look around and see what’s going on.

I like that it keeps itself up to date or lets me know it needs to be updated. I like the way that the virus definitions get updated automatically and pushed out automatically, and that’s across all environments. I really like that. That helps me, because it’s something that I don’t have to constantly do.

I would rather watch than do. I would rather have it tell me or e-mail me than I find out from my users that their machines aren’t working properly. I like everything about it. I like the way it works. It works with me.

Gardner: It sounds like Bitdefender had people like you, a jack of all trades, in mind when it was architected, and that wasn’t always the case with security. Usually before the security would play catch-up to the threats, rather than anticipating the needs of those in the trenches fighting the security battle.

Reynolds: Yes, very much so. At other places I have worked and with other products, that was an absolute true statement, yes.

Gardner: Let’s look at some of the metrics of success. Tell us how you measure that. I know security is measured best when there are no problems.

But in terms of people, process, and technology, how do we evaluate in terms of costs, man hours, of being proactive? How do we measure success when it comes to a good security posture for an organization like yours?

Security supports steady growth

Reynolds: I will be the first to admit I am a little weak in describing that. But I do have some metrics that work. For example, we didn’t need to replace our desktops often. We had been using our desktops for eight years, which is horrible in one sense, but in another sense, it says we didn’t have to. And then when those desktops were about as dead as dead could be, we replaced them with less expensive thin clients, which are almost disposable devices.

I envision a day when we’re using Raspberry Pi as our thin clients and we don’t spend any big money. That’s the way to sum it up. All my money is spent on maintenance for applications and platform software, and you are not going to get rid of that.

Another big payoff is around employee happiness. A little over two years ago, when we had to collapse the offices, more people could work from home. It kept a lot of people that probably would have walked out. That happened because of the groundwork and foundation I had put in. From that time, we have had two of the best years the company has ever had, even after that consolidation.

And so, for me, personally, that was kind of like I had something to do with that, and I can take some pride in that.

Gardner: Dan, when I hear your story, the metrics of success that I think about are that you’re able to accommodate growth, you can scale up, and if you had to – heaven forbid -- you could scale down. You’re also in a future-proofing position because you’ve gone software-defined, you have centralized and consolidated, you’ve gone highly virtualized across-the-board, and you can accommodate at-home users and bring your own devices (BYOD).

Perhaps you have a merger and acquisition in the works, who knows? But you can accommodate that and that means business agility. These are some of the top business outcome metrics of success that I know companies large and small look for. So hats off to you on that.

Reynolds: Thank you very much. I hate to use the word “pride” but I’m proud of what I’ve been able to accomplish the last few years. All the work I have done in the prior years is paying off.

Gardner: One of my favorite sayings is, “Architecture is destiny.” If you do the blocking and tackling, and you think strategically -- even while you are acting tactically -- it will pay off in spades later.

Okay, let’s look to the future before we end. There are always new things coming out for modernizing data centers. On the hardware side, we’re hearing about hyper-converged infrastructure (HCI), for example. We’re also seeing use of automated IT ops and using artificial intelligence (AI) and machine learning (ML) to help optimize systems.

Where does your future direction lead, and how does your recent software and security posture work enable you to modernize when you want?

Future solutions, scaled to succeed 

Reynolds: Obviously, hyper-converged infrastructure is upon us and many have embraced it. I think the small- to medium-sized business (SMB) has been a little reluctant because the cost is very high for an SMB.

I think that cost of entry is going to come down. I think we are going to have a solution that offers all the benefits but is scaled down for a smaller firm. When that happens, everything I have done is going to transfer right over.

I have software-based storage. I have some software-based networking, but I would love to embrace that even more. That would be the icing on the cake and take some of the physical load off of me. The work that I have to do with switches and cabling and network adapters -- if I could move that into the hyper-converged arena, I would love that.
When I started, everybody said there's no way we could virtualize Revit and Autodesk. We did and it worked fine. You have to be willing to experiment and take some chances sometimes. It's a long road but it's worth it. It will pay off.

Gardner: Also, more companies are looking to use cloud, multi-cloud, and hybrid cloud. Because you’re already highly virtualized, because your security is optimized for that, whatever choices your company wants to take with vis-à-vis cloud and Software-as-a-Service (SaaS) you’re able to support that.

Reynolds: Yes, we have a business application that manages our projects, does our time keeping, and all the accounting. It is a SaaS app. And, gosh, I was glad when it went SaaS. That was just one thing that I could get off of my plate -- and I don’t mean that in a bad way. I wanted it to be handled even better by moving to SaaS where you get economy of scale that you can’t provide as an IT individual.

Gardner: Any last words of advice for organizations -- particularly those wanting to recognize all the architectural and economic benefits, but might be concerned about security and performance?

Reynolds: Research, research, research -- and then more research. When I started, everybody said there’s no way we could virtualize Revit and Autodesk. Of course, we did and it worked fine. I ignored them, and you have to be willing to experiment and take some chances sometimes. But by researching, testing, and moving forward gently, it’s a long road, but it’s worth it. It will pay off.

Listen to the podcast. Find it on iTunes. Read a full transcript or download a copy. Sponsor: Bitdefender.

You may also be interested in: