Although there is much talk of a move towards virtual desktops, served as images from a centralised point, for many organisations the idea does not appeal. Whatever the reason (and there may be many as a previous blog here points out), staying with PCs leaves the IT department with a headache—not least an estate of decentralised PCs that need managing.
Such technical management tends to be the focus for IT; however, for the business, there are a number of other issues that also need to be considered. Each PC has its own set of applications. The majority of these should have been purchased and installed through the business, but many may have been installed directly by the users themselves; something you may want to avoid, but is nowadays an expectation of many IT users.
This can lead to problems: some applications may not be licenced properly (for example, a student licence not permitted for use in a commercial environment); it may contain embedded malware (a recent survey has shown that much pirated software contains harmful payloads including keyloggers); it definitely opens up an organisation to considerable fines should a unlicensed software be present and a software audit be carried out by an external body.
Locking down desktops is increasingly difficult. Employees are getting very used to self-service through their use of their own devices, and expect this within a corporate environment. Centralised control of desktops is still required—even if virtual desktops are not going to be the solution of choice.
The first action your organisation should take is for a full audit. You need to fully understand how many PCs there are out there; what software is installed and whether that software is being used or not. You need to know how many licences for software you have in place and how those can be utilised—for example, are they concurrent licences (a fixed number of people can use them at the same time), or named seat licences (only people with specific identities can use them)?
This will help to identify software that your organisation was not aware of, and can also help in identifying unused software sitting idle on PCs.
You can then look at creating an image that contains a copy of all the software that is being used by people to run the business. Obviously, you do not want every user within your organisation to have access to every application, so something is needed to ensure that each person can be tied in by role or name to a list of software to which they should have access.
Through the installation of an agent on each PC, it should then be possible to apply centralised control over what is happening. That single golden image containing all allowable applications can then be called upon by that agent as required. The user gets to see all the applications that they are allowed to access (by role and/or individual policy), and a virtual registry can be created for their desktop. Should anything happen to that desktop (machine failure, disk corruption, whatever), a new environment can be rapidly built against a new machine.
If needed, virtualisation can be used to hive off a portion of the machine for such a corporate desktop—the user can then install any applications that they want to within the rest of the device. Rules can be applied to prevent data crossing the divide between the two areas, keeping a split between the consumer and corporate aspects of the device—a great way of enabling laptop-based bring your own device (BYOD).
As with most IT, the 'death' of any technology will be widely reported and overdone: VDI does not replace desktop computing for many. However, centralised control should still be considered; it can make management of an IT estate—and the information across that estate—a lot easier.
This blog first appeared on FSlogix' site at http://blog.fslogix.com/managing-a-pc-estate