By Sramana Mitra and guest author Shaloo Shalini
SM: I guess the reason I asked for clarification about data sharing was to ascertain whether you are running what we call an extended enterprise, which I think you are. The IT infrastructure that you are running is actually being used by people outside of your employees. Does this mean that you have serious authentication and permission challenges to deal with?
MS: Well, we typically do not. We settled on Microsoft SharePoint, and we have some custom Web applications that we have built ourselves which take care of security and authentication. Authentication is not really a big problem for us. We are certainly securing the data. A lot of our data is highly secure because you are talking about internal plans for a building that may be used by the government or internal plans that are used by customers like [luxury jeweler] Tiffany & Company or banks or law firms. Security and authentication is not that big a deal. We can use RSA tokens; we can use SSL VPNs [secure socket layer virtual private networks]; that in itself is not a big concern. I would say probably in terms of these assets, it is 80% for internal consumption and maybe only 15%–20% for external consumption
SM: Can you help me to put this all in the context of cloud computing? Is your cloud computing strategy aimed primarily at getting out of the data center business and to provide enough redundancy across multiple data centers? Is that your primary cloud strategy, or is there more to what you are doing or other things that you plan to do?
MS: In terms of the cloud strategy, what we are talking about is a hybrid setup. We are talking about the cloud being our data center for the most part, so that I don’t have to clean up those servers, I don’t have to worry about them at all in terms of maintaining them. But then, I’m going our data and applications that are running in the cloud on a server, say, in a co-location facility. Again, I am not in the data center business, but I have a copy of my data so that if something happens to my cloud provider, I don’t end up with nothing!
At the same time, we are also going to move toward streaming the desktop to users because now we have an awful lot of mobile users. We have many users who will come in, work on a project and then go off. These are some of the people whom we have used again and again for our projects. Right now, I have a particular user who used to work for us, a very high-level person who left us to have a child. We called upon her to work on a particular project for a client that she had worked for before. Well, she said, I would be happy to work on the project, but I have a child now. I’m not going to commute into Manhattan. I would really love to work from West Norfolk, New Jersey, where I live.
Today, in cases such as these, to on-board such users, our IT has to allocate that user a company laptop, a company VPN end point and an IP telephone. I would be just happier if I could just stream a desktop to that user from the cloud instead of allocating and dealing with mobile users ourselves. Now we are working toward that. Part of that is going to be done; the groundwork has been done already with SSL VPNs. We are data testing VMWare View 4 to take care of this requirement. But then there is also the new Microsoft RDP 7 client that is going to work with Windows 7 and 2008 server R2 on the next server stack, so we are waiting to do that as well. The cool thing is that the VMWare View 4 works really well but it is not particularly in expensive, whereas we are told by Microsoft that there will be a lot of good rendering features that come with the new RDP 7 client.
The current RDP client that we use is clunky in terms of dealing with something like AutoCAD rendering. It doesn’t work very well for our requirements. We are still looking at working out the mechanics of how we can stream the desktop to our mobile users. But in terms of how we are going to secure that to the user, we have already worked that out with the SSL VPN mechanism.
SM: Okay. What are your options for the collaboration you are planning to do, the kind of desktop virtualization that you are trying to do? What are the different technologies available to you?
MS: Well, right now we are already using and we already have a capability of an IPsec [Internet protocol security] VPN. We are not going to allow users to use their own desktop units at home. We are not going to allow people to bring unsecured devices onto our network. And we are not going to give people carte blanche access to our network and different resources, because we are segmenting our data based upon actual leads. We get audited almost all the time by our different clients to show that we are protecting their data and that there is no security issue. So, we work very hard in order to give people these privileges. I think we were introduced to your Thought Leaders In Cloud Computing series through Viewfinity, and that is one good example of the kinds of things we are doing to ensure secure and monitored access to our network and data.
SM: Can you tell me more about Viewfinity and their offering that you use?
MS: Viewfinity is a product from a startup called Viewfinity; these are the same people who developed XOSoft WANSync, the replication engine used in the industry and one that we use. Viewfinity is a privilege management system whereby you can give users just the privileges for the machines that they need to work with. This is different from Microsoft, which is primarily ‘on or off’ kind of access where to give some privileges to users, you either have to give them administrative rights or not.
Viewfinity makes these types of things much more granular. With their tools, you can give someone the right to change the clock; you can give someone the right to defragment their hard drive but not the right to make changes to the security of their laptop. You can set up a system so that a user can run a certain application with executive rights because that application requires it. You don’t give them executive rights to all applications. You can also blacklist and whitelist specific applications, and you can log applications to see what users are using and what applications they are not using. These kinds of features help us with our licensing. We are constantly looking for better ways to get where we want to be, which is to be able to have our users work pretty much from anywhere to anywhere. As an example, right now as I am speaking to you, I’m in the parking lot of my daughter’s school. She is going to college next year. Tonight, I hit traffic going to the financial aid meeting where they teach you about all the different scholarships that are available. But it is okay, I have a laptop sitting here, so if I need to pull up some information I can. I have a cell phone; I didn’t have to call you at the last minute to say, ‘Oh! We can’t do this interview’ because in my company, it is all about getting it done. Sure you have to live, sure you have family obligation, but it is really all about getting it done and getting it done on time. If I can get this user in West Norfolk, New Jersey, to be able to work with the team that reports to me in Maryland because of the technology, that is what it is all about.