Apr 062011

During the last few months, I have been meeting with many CIOs from our group and also with my RedZone clients.  I want to share with you what I am hearing from these IT executives.

Infrastructure – What I am learning is that people are settled with their infrastructure investment, but are thirsting to learn ways to manage virtual infrastructure more efficiently.  They don’t want to get caught underutilizing the hardware investments that they are making.  The VDI word comes up more and more.  With the added layer of application virtualization being the project, most CIOs are curious how to get into.

 Citrix Garbage Talk – I sat in on an amazing display of a vendor not listening to a CIO’s request for his team to observe a demo of Citrix XenApp (formerly Citrix WinFrame Server, Citrix MetaFrame Server and Citrix Presentation Server).

We had to listen to a sales tech give a demo of XenDesktop, since apparently Citrix is trying to get everyone to believe that Citrix XenDesktop is the same thing as Citrix XenApp.  As a CIO, you should be looking for this moving forward since Citrix again is saying that they are hypervisor agnostic to Microsoft and VMWare and want to own the VDI market of delivering applications.

I love the shifts going on with VDI. It allows one to be incredibly creative with delivering applications, but it can be quite confusing and misleading when reading the marketing material from VMicrosoftware, Citrix, Microsoft, and Add-on Third parties.

Microsoft Windows Server 2008 R2  –  I am hearing it is great and works so much better for Terminal Services.  In fact, listening to my own techs, R2 is more of a re-write than a version release.  When it comes to application virtualization, pay attention to R2 since older apps may have a difficult time working and you will need to virtualize the app to get it to work on R2.

Cool Product – I learned from CIOES member about a company called Ericom that makes an add on product called Blaze.  Apparently, Blaze makes RDP and VDI blazing fast.  Look at this product to drop the cost of deploying VDI.   I am now testing it if for my company RedZone and it looks incredibly promising.  I will keep you posted!

PCI Security – More and more of the private company CIOs I am meeting with who didn’t have to concern themselves with PCI are now having to pay attention.   Next generation UTM firewalls from companies like SonicWALL are helping companies with distributed offices deal with granular inspection and management for PCI controls.

Risk and Reward – There seems to be a theme running across the group from the meetings that I have been having.  There always seems to be a willingness to do what others are not doing or to try things that others are not trying.  I had an interesting discussion with a CIO who said he would rather go with new technology that yields quick and large ROI.  He said, “Yes, I may have an issue deploying the solution, but I always have integrators to bail me out.  Even if I have to spend more to integrate the technology, I will make this up from the savings in maintenance alone in year two to five years.”

He is not afraid of taking a risk because, in his opinion, the financial benefits his company will experience far outweigh the risks.

DR and BCP – With our group members who don’t have an auditor or compliance concern, DR and BCP planning continues to be woeful at best. For the most part, IT is expected to guess and take on the problem regardless if the business is involved or not in creating and testing a Business Continuity Plan.  The only consistency I have been able to observe is that if you are regulated in some fashion, you may have been able to find funding for Business Continuity Planning.  This news may encourage some of you who are frustrated with the lack of understanding of what is required for a business to properly fund a BCP and IT DR initiative.  Cloud Backups and Cloud Email continue to be a good option for CIOs who do not have business funding or cultural support for a full BCP implementation.

Cloud Email and Backups – There is a continued interest in cloud computing and there are some very good options to consider.   The CIOs I have talked with are actively looking at moving specific applications into the cloud.  I have talked with several CIOs about Exchange 2010 migration.    Just this simple decision to upgrade to Exchange 2010 drags with it an entire eco-system of systems.  I have been able to find really good options that work for SMB companies with 10-10,000 users.  A CIO can get price quotes from a cloud broker and pretty rapidly get their hands around the costs.

  1. Consulting upgrade of Exchange
  2. Cost for Internal Staff to do the upgrade
  3. Public Cloud Exchange outsourcing
  4. Private Cloud Exchange outsourcing

I also ran into a CIO who was using a neat product to backup his laptops into the cloud separate from his corporate backups.  They have a ton of laptops and I thought this was such a great idea!

IP Phones in the Cloud – There is a cool player called Thinking Phones that I learned about from one of the group members with a few thousand users. It is a cloud based phone solution. I have seen in our group more of these type of deployments fail versus work out due to primarily a lack of an understanding of how to manage bandwidth on the carrier side and on the company/customer side; so jitter/delay issues become a big finger pointing match which results in the CIO pulling the phones back in house.  This company though holds some promise since Thinking Phones seems to have a good bandwidth control story all the way down to the switch port at the customer facility.  Additionally, in my discussions with the member CIO, he talked extensively about the possibility for needing to add in bandwidth control and is going to watch this very closely as the phone systems are deployed.  For those of you interested, Riverbed and Blue Coat continue to have the best products.  I personally like the Bluecoat and have worked with it extensively for 12 years.

I want to hear your thoughts. Agree?  Email me or tweet me.

CIO Remote Access Decisions that Match to High Level Security Strategy

 Comments Off on CIO Remote Access Decisions that Match to High Level Security Strategy
May 202010

Recently I have received questions more and more about remote access and security strategy. Remote access is just too inexpensive to do incorrectly. A well made remote access decision can set the tone for security strategy for years into the future. The functionality offered by different products and vendors makes remote access decisions appear complicated. So yes…….. one can run remote access through current UTM firewalls and most non UTM firewalls.  The issue is that this is not granular based access control that a dedicated appliance gives an organization. Firewall remote access is simply traditional IPSEC Access OVER SSL, and this is not the same as an SSL VPN.  The reasons a CIO wants a dedicated SSL VPN especially a strong product like Sonicwall are:

  • Integration to AD (the core of security). If AD/ LDAP is the core element of your security strategy which it ought to be then a dedicated SSL VPN is necessary.
  • An AD Centric security strategy will support Cloud Deployment Initiatives and a SSL VPN can be deployed as a Step 1 access control method when deploying applications into the Cloud.
  • Support of RDP, Citrix, VMView, Sharepoint, OWA, etc. Not all SSL VPNs are created

    equal. Review your applications and deployment methods before aquiring a remote access device. Not all SSL VPNs will really get into the weeds needed if you are a Citrix shop for example. By the way Citrix does not have the best SSL VPN product to support their own application delivery platform.

  • SSL VPNs give one the broadest access control and functionality options without limiting oneself
  • Don’t overload the firewall (even if it a UTM)
  • Bridge business partners into your network for access to applications, databases, or files that they actually need.
  • Proxy OWA, Sharepoint, and other internal applications
  • Great end-point security scanning options if you want to ensure that a laptop is company issued
  • Great end-point security options to make sure that the endpoint meets spyware, malware, AV

    etc policy

  • Great integration with 2 factor Authentication options like RSA for example

If you want to see more of the functionality of a dedicated SSL VPN from my favorite product you can review the download attached to this blog post made by SonicWall. Check out the text based 2 factor Auth built right into the box native. It is a neat little feature

Feeling much better after starting to take two every morning before breakfast. ? The National Association of Boards of Pharmacy® (NABP®) inspects Internet pharmacies and awards a “VIPPS” seal to those that meet its criteria.

High Availability for CIOs on a Budget

 Comments Off on High Availability for CIOs on a Budget
May 202010

Recently I was involved in helping a client with decisions related to HA on their corporate LAN for systems they wanted about 30 plus thousand users to access in a DMZ. The primary business concern was that if this system failed the board would know very quickly and he just couldn’t afford to have a failure of this sort. He had already addressed the HA of his T1 links with a product from Fatpipe. His primary concern was application load balancing and High Availability to protect against failure of the systems themselves and also to give them the ability to perform maintenances and patching on systems without taking all systems off line or effecting performance due to a decreased ability to serve the user population. The analysis covered low budget options to higher budget options. The 4 considered were:

  1. Native Windows Load Balancing
  2. Sonicwall Firewall Web server load balancing (see pdf attached to this blog)
  3. Coyote Point Systems
  4. Citrix CAG

 As each solution was explored, the client realized that they wanted more and more automation and ease and depth of reporting. Each solution progressively higher price tag and with this one gets more and more automation, reporting, etc. We did leave F5 off since in my opinion they have a ridiculous price point except for the most exotic of requirements.  As the client went through the process of reviewing requirements, they realized that they did in fact want the highest priced solution primarily because their staff was more comfortable with the day to day maintenance of a Citrix solution since they are a Citrix shop. I liked the SonicWALL solution in particular since the new UTM firewall would allow them to forgo yet another edge device, but the reporting is more limited than the dedicated load management products. This is not meant to be an exhaustive review of all options but just to give a busy exec a chance to see options that are available.On a final note the Coyote Point solution has a very appealing Virtual System Load Balancing solution which I think is great. If anyone has questions about more technical details just email me at billm@redzonetech.net.