Essar’s virtual desktop infrastructure strategy for optimal security

Feature

Essar’s virtual desktop infrastructure strategy for optimal security

Back in 2010, when a senior management forum at the Essar Group highlighted the business requirement for security and segregation of personal and corporate data on end-user devices, the group’s IT team swung into action. After evaluating various approaches, Essar honed in to a virtual desktop infrastructure initiative, confident that this would enable it to tackle all security issues arising out of the group’s BYOD (bring your own device) strategy for its 75,000 employees spread across five continents and 25 countries.

The $17 billion Essar Group — a leading player in sectors ranging from steel, oil & gas and power, to BPO, telecom services, shipping, ports and projects – decided on a Rs 25 crore (Rs 250 million) virtual desktop infrastructure (VDI) project, centered on the potentially favorable ROI arising from the procurement of the low-cost, energy-efficient Citrix XenDesktop.

Zeroing in

After evaluating various vendors, Essar chose the Citrix XenDesktop virtual desktop infrastructure solution, as its proof of concept and FAB analysis revealed that the features and integration with the Essar environment fitted the bill.  

Essar opted for Citrix XenDesktop Platinum licenses as these are in line with its diversified user requirements. Essar Group CTO N Jayantha Prabhu says, “XenDesktop virtual desktop infrastructure licensing enabled us to consolidate and gave us an in-depth view of licenses and better manageability as against the OEM licenses on individual machines owned by different verticals and departments.” 

Essar has signed a Microsoft Enterprise Agreement that allows the company to leverage all Windows OS platforms. This agreement covers the VDI component of the Microsoft OS that is planned on the multiple deployment option of the Citrix Desktop Virtualization solution incorporating hosted shared desktops (HSD), virtual desktop infrastructure and XenClients.

Implementation

The project team comprised Citrix resources for project management, and Citrix partners Orient Technologies, AGC Networks and Microland for implementation and migration of 4,000 users to Citrix XenDesktops and XenClients. Subsequent to implementation, Essar’s internal teams took over the management.

XenDesktop users connect to the XenDesktop servers by visiting a predefined URL, where they are prompted for logon credentials. Once authenticated, they are presented with icons corresponding to applications as prevalent on their physical desktop.

XenClient facilitates moving to an offline VDI platform.  The Synchronizer software helps synchronize the virtual desktop on the client machine with a remote copy in the data center (XenServer Storage). This solution provides essential hardware-enabled virtualization, security and isolation functionality.

Infrastructure considerations

On the network front, the bandwidth is shared between VPN and Internet traffic including external XenDesktop users. The external traffic of XenDesktop users moves through Netscaler devices that perform load balancing by caching the Web interface. User requests are redirected to the cloud or data center that is least busy in terms of concurrent connections, data center response time, packets handled or bandwidth consumed, to ensure high performance and flexibility.

With Citrix XenServer, the HSD / virtual desktop infrastructure machines can run on any server, effectively decoupling them from physical servers.  Essar has successfully configured virtual desktop infrastructure on existing desktops and laptops, thin clients, mobile thin clients, tablets and smartphones. (Android, Apple iOS, Windows Mobile and Blackberry).

A list of 64 in-house and commercial applications run on the virtual desktop infrastructure based on the different user profiles. The three categories are XenDesktop HSD for task users, XenDesktop VDI for power users and XenClient for users who require offline access.

Moving users from desktops or laptops to the virtual desktop infrastructure and the accompanying user education posed some challenges. “User adoption process for task user migration was easy, but special users with critical applications required planning,” says Prabhu.

The gains

With virtual desktop infrastructure in place, Essar can now perform centralized OS and application updates or migration collectively for a group of virtual desktops. This enhances security, as the administration is centralized — antivirus and firewall policies can be applied and monitored from the data center, and applications accessed by users can be restricted and tracked.

The virtual desktop infrastructure solution integrates with corporate directories such as Active Directory and LDAP, and applies appropriate user access policies to all users. Desktop virtualization Netscaler hardware allows administrators to allocate server resources to avoid over-consumption.

Other benefits of the virtual desktop infrastructure at Essar include:

  • Longer life of thin clients as compared with desktops and laptops.
  • Faster scalability due to ease of deployment.
  • Optimal utilization of resources due to dynamic allocation of CPU and server memory.
  • Desktop environment accessible from anywhere, anytime.
  • Easy access control and single sign-on.
  • Efficient SAML support and numerous connectors.
  • Reduction in helpdesk calls.
  • Reduction in cost of application rollout, provisioning, updates, maintenance and training.
  • Backup, recovery, archiving and purging are faster, easier and more reliable (hence cheaper). 
  • Easy local printing and local graphics acceleration in virtual desktop infrastructure.

Prior to the virtual desktop infrastructure project, 15 administrators were required. Today the project is handled by one Citrix resource, two Essar personnel from the project team and five Essar personnel from the support team.


This was first published in January 2012