Moka5: Managed Local Desktops in the Cloud

moka5Desktop Virtualization has forced us to change the way we deploy and manage desktops, and for the most part we have evolved our process to streamline updates, patches and security for these hosted environments.  Not every use case can support a connected virtual desktop.  For these users, they are often subject to the legacy tools and deployment methods, which makes the management of them challenging and limits the admin’s ability to control the quality of the desktop service.

Moka5 is tackling the problem of desktop management with their LivePC bare metal and software operating system virtualization solutions.  If you consider that one of the major challenges in desktop management is the constant need to keep the base systems updated with system and security patches, and application updates that come just as often. An administrator spends a significant amount of time re-engineering their desktop image. Moka5’s LivePC breaks up the working environment into containers – operating system, application and user data.  These containers are able to be updated independently of one another, allowing more simplified integration of patches and updates.  An administrator can manage a single base operating system image regardless of the applications that ride on top of it.  It has been normal practice to have different gold images based on an application set or use case.  This requires a significant amount of maintenance, as every gold image instance needs to be maintained separately.

Moka5: Managed Local Desktops
Moka5: Managed Local Desktops

The container approach that Moka5 takes also enables the user to have more freedom, based on policy of course, to customize their workspace, even installing their own applications.  Since the user layer is separated from the core OS image and the provisioned application container, the integrity of the base desktop service is protected from badly behaving applications.  If an application that the user installed does cause a problem, the admin can just revert back or clear out the user container and bring back a stable environment.

The containers are also synchronized, so in affect creating a backup of the endpoint.  The images and containers reside on image stores, which can be replicated across multiple servers, creating a highly available infrastructure.  Changes made to the image by the administrator or the end user replicate only its changed bits, eliminating the need to completely replicate large amounts of data over potentially slim network connections.  The Application Gateway that resides in the DMZ provides secure access to the internal image stores without the requirement of a VPN client.

Enabling BYOD, so long ACE

There are many steps to implement a BYOD initiative in your organization, with the technical implementation only being one part of that process. If you have contractors or users who need (or want) to bring in their own devices and don’t want IT to make changes to these machines, you can deploy one of two Type-2 solutions.  One of the solutions I have always been fond of was VMware’s Assured Computing Environment (ACE) product.  The solution took the VMware Workstation player and created a self-contained, secured portable desktop image.  This could be run from a CD or USB drive and had all applications and configurations built in.  A VPN client could allow the ACE session to connect back to the corporate network. Nothing needed to be done on the client to run it, and there were policies that could disable the image after a period of time.  The obvious challenge was keeping the image current and redistributing it to those users.  So with VMware dropping the product, Moka5 has stepped in and filled the gap with their Enterprise AnyWare product.  So you can provide your contractor with an USB stick or CD that is member of your Active Directory domain, has all of your applied security policies and tools, and could be the only way they connect to your corporate network, completely isolating the personal from the business profiles.

Portability of the layers is an important part of the solution.  Being able to move from a physical desktop, where a bare metal image is deployed, to a remotely accessed image running a Type 2 hypervisor on a Mac or Windows machine. As users migrate their usage to different form factors, such as tablets and smartphones, they want to be able to access their data to view or manipulate it without having to access a full desktop. The mobile suite, available for the major mobile platforms, extrapolates the user data and gives a user access to do such a thing.  Changes made on these devices are also synchronized with the image stores automatically.

Ready for Cloud Delivery

Traditional desktop management cannot address the growing mobile workforce.  More devices are spending time outside our four walls than inside.  Keeping the devices and the user’s data protected will require secure connectivity and replication.  These require significant infrastructure to make happen.  Moving part, or all of the remote PC management outside your network may be an answer.  The Moka5 central management infrastructure can scale outside your network, extending your ability to manage devices without scaling out your internal infrastructure.  Run as a web service, the image replicas could in part, or entirely be hosted by a cloud provider.  Moka5 has certified their solution to run today on Amazon’s S3 cloud and storage services.

Proponents of Desktop-as-a-Service (DaaS) look to bridge the gap between cloud economics, user data availability and device security.  Current solutions are either all-in or all-out the provider’s data centers, making DaaS one of the least subscribed to services.  A solution that can extend the corporate desktop service while leveraging cloud provider infrastructure, providing access to user data and maintaining corporate compliance and security is  necessary step for DaaS to be an effective solution.

Posted in End User Computing, IT as a ServiceTagged , , , , ,