Transforming Desktops (Desktop Transformation) is more than an operating system upgrade; it requires a new operational process to evolve into a complete desktop service offering. Personal Computer Lifecycle Management (PCLM) is a set of processes that manage end user devices from procurement to sunset. A well-developed methodology will cover all aspects of architecture, procurement, management, and decommissioning of end user devices. PCLM is often associated with a vendor’s solution that targets managing the overall process, but you can develop your own methodology and leverage many of your existing tools. Below, I provide a basic framework on which you can base your PCLM.
Assessment & Planning
Defining the future state of your desktop service begins with an analysis of your current inventory and requirements.
- Application Inventory: Collect an inventory of installed and utilized applications on all users’ end point devices. This information should be centrally stored and maintained in a CMDB or Application Library.
- Application Rationalization: First, determine which applications are actually used on end user devices. Previous desktop implementations may have baked in dozens of applications and utilities that may not be relevant to the business anymore. Standardize on a single version of a product and/or eliminate products that have duplicate functionality.
- License Inventory: The contents of the CMDB or Application Library should be validated with the procurement department with current license information. A rationalized application list will uncover applications that may be missing license information as well as identifying applications that will no longer require license maintenance or renewals.
- Application Compatibility: Process by which you determine if your application inventory will function on the targeted platforms. Usually requiring a third-party tool, the application code is inspected to ensure functionality on the end user device. An application may require changes by the manufacturer to be compliant, or it may be necessary to replace it with a more current version.
- Device Inventory: Along with your application inventory, a similar inventory of all end user devices including PCs, laptops, netbooks, tablets, and mobile devices should be collected and stored in the CMDB. Refresh cycles are often between three and five years, and there may be a large number of devices that can be repurposed as part of the Desktop Transformation initiative.
- Compliance Requirements: If your organization is required to comply with regulatory compliance (GLBA, HIPPA, PCI) then your new service offering should ensure that these requirements are adhered to. User or Data separation, auditing, reporting, encryption, and additional security measures need to be defined.
- Policy Definition: Document computer use and security policy requirements that will govern all end user devices. Levels of authorization, authentication, and access are defined here. The overarching policies should flow down to the different end user device form factors.
- Use Cases: Although users may be in the same department, they may not all use the same applications or have the same working requirements. A Use Case documents the requirements of your users, and it will assist in mapping the technologies and delivery methods that you will be required to build.
- Service Definition: The envisioned state of the desktop service that describes what the end user computing environment will consist of. It will define for your users what platforms and services will be made available to them.
Architecture & Procurement
This phase will focus on constructing the foundation components of the service.
- Device Selection: With the Use Cases as your starting point, select the types of devices that will cover your user requirements. As a service, you should consider all form factors and what is the most efficient method of delivering the services to your users. You can also integrate BYO devices into the offering by documenting basic hardware, software, and warranty requirements for users to follow.
- Operating System Builds: The creation of a standardized base operating system that includes applications and security tools to control the platform. You may find it necessary to integrate end user applications and utilities into the base image for ease of integration. Having multiple hardware form factors may require more than one base image. Having a method that allows you to work off a single base image and customize driver installation based on the hardware target is a more effective method.
- Application Packaging: Applications in the CMBD or Application Library should be prepared for distribution by creating an installation install routine or package. Based on how the application will be deployed, you can select different packaging types. Microsoft Installer packages (MSI) can customize a standard application install when being deployed. Application Virtualization formats will capture all the configurations and files to run in an isolated workspace on the end user’s device. These applications are not actually installed; rather, they are integrated to run with the desktop operating system.
- Hardware and License Procurement: Upon completing your inventory analysis, you can provide your procurement department with a list of new devices and software that will be required for your Desktop Transformation initiative. As these new products are brought into your environment, they should be added to the CMDB.
The deployment of the new service should be staged based on addressing the largest common Use Cases first, as these typically have a lower level of application and configuration complexity.
- Hardware: New hardware devices should be fully prepared for use when they arrive at the user’s desk. If your software distribution solution deploys applications on first use, then you will want these devices to be connected to the corporate network during the user’s first login.
- Operating System Deployment: You can select different methods of operating system deployment.
- Local installations will place the full operating system on the local hard disk.
- Client-side hypervisor solutions distribute a local copy of a virtual machine and its applications.
- Hosted Shared Virtual Desktops have users run a shared desktop session from a server. These users will have a thin client device for access.
- Hosted Dedicated Virtual Desktops assign the user a single instance of a Windows operating system that is hosted in the data center. These users have a thin client device for access.
- Application Deployment: Applications that have been packaged should be placed in a centrally managed solution. Enterprise Software Distribution (ESD) and Application Virtualization products can integrate with the Active Directory to deploy assigned applications to users based on group membership. Applications should be able to be provisioned and de-provisioned from a central console.
- Self-Service Provisioning: Your desktop service should strive to have integrated automation and Self Service. Each step of the desktop service provisioning process can have a level of self service. Creating a central application and services store where users can request services can reduce the overall cost of supporting the environment. BYO and mobile device users will benefit the most from the ease of requesting and receiving services.
Keeping the service running effectively will require formalized procedures that your IT team will need to follow.
- Documentation: Supporting documentation in the CMDB and operation runbooks will formalize how your desktop service will be managed. Every step from the how the image was created, to application package standards, to how to maintain the environment will be documented here.
- Patch Management: Applications and operating systems require constant patching and updating. Based on how your operating systems are deployed, you may require different methods for deploying these updates. Traditional agent-based patch management will deploy updates to the devices in your environment. If you use a single image method of deployment (client-side hypervisor or layering solution), then you will need to apply the updates once to the central image; the devices will pick up those updates on their next synchronization.
- Configuration Management: Keeping the managed devices functioning based on your design will be the task of configuration management. These tools will ensure that hardware and software deployed on the end user device stays within the designed specifications. Acting also as inventory agents, these solutions can also constantly feed the CMDB to keep it current.
- Audit and Compliance: For environments that follow regulatory compliance, the end user devices should be configured to report in to a central repository or have tools that monitor regulated activity.
- User Persona and Data Backup: The user’s working environment should be available to the user regardless of the platform he or she is connecting from. This will require the implementation of a user persona management solution that captures the user settings and preferences in a central store, which can then distribute them according to the device or platform they are on. If you allow users to keep corporate data on the local hard disk, implementing a corporate-controlled backup or a file sharing solution will ensure that the data is recoverable in the event the device is lost or inoperable.
When a device has reached the end of its service cycle, there are processes that should be developed to properly decommission it.
- Backup: Perform a complete backup of end user’s data and profile.
- Removal of Data: Disks should be securely wiped of all data. You may choose to perform this with software or an electromagnetic solution, especially if you are keeping the disk for service desk repairs. Once the disk has been wiped, you should destroy it, eliminating the possibility of intellectual property theft.
- Re-stock Licenses: The decommissioned machine will have had software and operating system licenses assigned to it. These licenses need to be reclaimed in your CMDB or Application Library. If the licenses come from a master license agreement, ensure that procurement has the record of the reduction of use.
- Hardware Disposal: All computer hardware should be properly disposed of. If you are planning on acquiring new hardware, the manufacturer may offer services to take these old devices away as part of the new device purchase. As stated before, the hard disks should be removed, wiped, and destroyed separately.