Apr 062011

During the last few months, I have been meeting with many CIOs from our group and also with my RedZone clients.  I want to share with you what I am hearing from these IT executives.

Infrastructure – What I am learning is that people are settled with their infrastructure investment, but are thirsting to learn ways to manage virtual infrastructure more efficiently.  They don’t want to get caught underutilizing the hardware investments that they are making.  The VDI word comes up more and more.  With the added layer of application virtualization being the project, most CIOs are curious how to get into.

 Citrix Garbage Talk – I sat in on an amazing display of a vendor not listening to a CIO’s request for his team to observe a demo of Citrix XenApp (formerly Citrix WinFrame Server, Citrix MetaFrame Server and Citrix Presentation Server).

We had to listen to a sales tech give a demo of XenDesktop, since apparently Citrix is trying to get everyone to believe that Citrix XenDesktop is the same thing as Citrix XenApp.  As a CIO, you should be looking for this moving forward since Citrix again is saying that they are hypervisor agnostic to Microsoft and VMWare and want to own the VDI market of delivering applications.

I love the shifts going on with VDI. It allows one to be incredibly creative with delivering applications, but it can be quite confusing and misleading when reading the marketing material from VMicrosoftware, Citrix, Microsoft, and Add-on Third parties.

Microsoft Windows Server 2008 R2  –  I am hearing it is great and works so much better for Terminal Services.  In fact, listening to my own techs, R2 is more of a re-write than a version release.  When it comes to application virtualization, pay attention to R2 since older apps may have a difficult time working and you will need to virtualize the app to get it to work on R2.

Cool Product – I learned from CIOES member about a company called Ericom that makes an add on product called Blaze.  Apparently, Blaze makes RDP and VDI blazing fast.  Look at this product to drop the cost of deploying VDI.   I am now testing it if for my company RedZone and it looks incredibly promising.  I will keep you posted!

PCI Security – More and more of the private company CIOs I am meeting with who didn’t have to concern themselves with PCI are now having to pay attention.   Next generation UTM firewalls from companies like SonicWALL are helping companies with distributed offices deal with granular inspection and management for PCI controls.

Risk and Reward – There seems to be a theme running across the group from the meetings that I have been having.  There always seems to be a willingness to do what others are not doing or to try things that others are not trying.  I had an interesting discussion with a CIO who said he would rather go with new technology that yields quick and large ROI.  He said, “Yes, I may have an issue deploying the solution, but I always have integrators to bail me out.  Even if I have to spend more to integrate the technology, I will make this up from the savings in maintenance alone in year two to five years.”

He is not afraid of taking a risk because, in his opinion, the financial benefits his company will experience far outweigh the risks.

DR and BCP – With our group members who don’t have an auditor or compliance concern, DR and BCP planning continues to be woeful at best. For the most part, IT is expected to guess and take on the problem regardless if the business is involved or not in creating and testing a Business Continuity Plan.  The only consistency I have been able to observe is that if you are regulated in some fashion, you may have been able to find funding for Business Continuity Planning.  This news may encourage some of you who are frustrated with the lack of understanding of what is required for a business to properly fund a BCP and IT DR initiative.  Cloud Backups and Cloud Email continue to be a good option for CIOs who do not have business funding or cultural support for a full BCP implementation.

Cloud Email and Backups – There is a continued interest in cloud computing and there are some very good options to consider.   The CIOs I have talked with are actively looking at moving specific applications into the cloud.  I have talked with several CIOs about Exchange 2010 migration.    Just this simple decision to upgrade to Exchange 2010 drags with it an entire eco-system of systems.  I have been able to find really good options that work for SMB companies with 10-10,000 users.  A CIO can get price quotes from a cloud broker and pretty rapidly get their hands around the costs.

  1. Consulting upgrade of Exchange
  2. Cost for Internal Staff to do the upgrade
  3. Public Cloud Exchange outsourcing
  4. Private Cloud Exchange outsourcing

I also ran into a CIO who was using a neat product to backup his laptops into the cloud separate from his corporate backups.  They have a ton of laptops and I thought this was such a great idea!

IP Phones in the Cloud – There is a cool player called Thinking Phones that I learned about from one of the group members with a few thousand users. It is a cloud based phone solution. I have seen in our group more of these type of deployments fail versus work out due to primarily a lack of an understanding of how to manage bandwidth on the carrier side and on the company/customer side; so jitter/delay issues become a big finger pointing match which results in the CIO pulling the phones back in house.  This company though holds some promise since Thinking Phones seems to have a good bandwidth control story all the way down to the switch port at the customer facility.  Additionally, in my discussions with the member CIO, he talked extensively about the possibility for needing to add in bandwidth control and is going to watch this very closely as the phone systems are deployed.  For those of you interested, Riverbed and Blue Coat continue to have the best products.  I personally like the Bluecoat and have worked with it extensively for 12 years.

I want to hear your thoughts. Agree?  Email me or tweet me.

Feb 022011
Download Desktop VDI Bubble Chart White Paper

Download Desktop VDI Bubble Chart White Paper

Thanks to our sponsor RedZone for providing the reference document of technical questions to ask your Virtual Desktop VDI vendors.

  • How do they handle expanding hard drive drifts?
  • How do they handle OS Operating system patch management and size issues?
  • What SANs do they support native interaction with?
  • Application virtualization/streaming
  • Session control and management
  • How is offline mode handled?
  • What virtual infrastructure native support do they have?
  • On/Off Premise
Jan 282011

“There are no rules of architecture for a castle in the clouds.” ~G.K. Chesterton

I was reminded by this quote, as I compiled the best, best, best questions to ask regarding Intelligent Perimeters to follow Part 1, aren’t network perimeters of the future going to be the gateway to the Cloud? Look at the quote from G.K. Chesterton. Do you agree? From a security perspective, a CIO will need to understand even more clearly how security architecture and design integrate into building intelligent perimeters.

As I wrote the questions to part 2, I thought, “Oh no! More security information!” The quote from Eliot struck me as oddly correct. Use the information that you are gathering in these questions to feed the architecture. It is my intent to merge wisdom with knowledge.

“Where is the wisdom we have lost in knowledge?
Where is the knowledge we have lost in information?” ~
T.S. Eliot, Choruses from The Rock

11. (Numbers cont’d from Part 1)Do you have gateway protection at the network perimeter for?

  • Virus
  • Malware / Spyware
  • IPS
  • Content management?
    • Are you using the perimeter to enforce email policy for “outbound email hygene?
  • Anti-phishing

12. Is your mail relay?

  • In the Cloud
  • Internal Network
    • DMZ

13. Do you prefer your security systems?

  • Physical
  • Virtual appliances
  • Software on servers

14. Do you prefer appliance strategies or software with perimeter defenses?

15. Where do your organizational skills lie? Microsoft/ Linux/ Other?

16. Can the DMZ be replicated at the DR site? If not, what aspects of it are needed? How manual will it be?

17. What is the philosophy regarding a PC anti-spyware versus “in-line” approach to anti-spyware?

18. Do you outsource any aspects of perimeter defense (Firewalls, SPAM, AV, etc.)?

19. Is remote access remediation integrated into the help desk appropriately?

20. IDP/ IDS/ IPS – Are they deployed

  • Where? Inside the network? Outside the network?
  • Do you outsource these services?
  • Why? (Yes/No)
  • How are logging, monitoring, and forensics/reporting handled?

21. Centralized Management of security devices

  • Remote Sites Firewalls
  • VPN client end-points
  • SSL VPN clients