20 CIO Digest October 2009

EndpointHow to Reduce Costs and

Complexity—Now!

By Ken Downie

As Moore’s Law continues to drive up processing

power, many companies have achieved substantial

cost, space, and efficiency savings in their data

centers by running many virtual servers on fewer

pieces of iron. Yet for organizations with a significant number

of client systems to manage, endpoint virtualization has the

potential to provide even greater savings.

While the most effective technical approach varies depend-

ing on an organization’s needs and infrastructure, the business

SOLUTIONS FEATURE

What is endpoint virtualization?In its broadest sense, endpoint virtualization means separating or partitioning the various layers in-volved in client computing: a user’s data, profile and configuration set-tings, software applications, and the underlying operating system. Think of the elements that define a user—his or her data, profile, applications, and desktop configuration—as different colors of paint. If you mix all the paint, it’s tough to get any of the original colors back. Keep them separate, and you have flexibility.

Consider the problems associ-ated with the traditional client computing model: when software

is installed locally on dedicated physical hardware, application performance often degrades over time. If a problem occurs with the application—for example, because the user installs another application or version that conflicts with it—a desktop support technician usually has to spend valuable time visit-ing the machine to remediate the problem. And if the user needs to be upgraded to new hardware, the pro-

cess of transferring applications, data, and configuration settings to the new machine is laborious and potentially error-prone.

Virtual applications run on a central server, either in the data center or on a network local to the client machines, thus separat-ing the software component from the client hardware. Application virtualization is usually accom-panied by application streaming technology, which delivers the software to the client machines over a wired or wireless network. Some endpoint virtualization technologies stream the entire desktop, including the operating

system. Others use “bubbles” or “wrappers” to present a personal-ized workspace, exactly the way the user left it and with secure access to his or her data, from whatever PC might be handy.

Depending on the technology used, client machines might be traditional PCs and laptops run-ning a local operating system, a thin client running an embedded operating system in flash memory,

or a diskless, stateless device. One advantage of using “thick client” hardware is that organizations can choose to virtualize some ap-plications and not others, whereas thin clients require more of a commitment to virtualization.

Since the bottom line is reduc-ing endpoint complexity—and the cause of that complexity varies from business to business—most organizations will want to adopt a hybrid approach based on a careful evaluation of their needs and goals.

Show me the moneyWhen shopping for solutions, be careful of any vendor or reseller that pushes one particular flavor of endpoint virtualization without a thorough understanding of your situation, your network, and your requirements for return on invest-

ment. Usually, that just means that’s all they have to sell you.

“Companies aren’t looking at endpoint virtualization because it’s some single compelling technol-ogy that’s right for everyone,” says Mark Bowker, senior analyst at En-terprise Strategy Group (ESG). “It’s really a set of technologies that can solve business problems for certain profiles of users who need controlled, efficient access to a spe-

symantec.com/ciodigest 21

Endpoint Virtualization

results of endpoint virtualization are nearly always cost

savings (especially for large organizations), easier

management, less risk, and substantial productivity gains

for both end users and IT staff.

22 CIO Digest October 2009

SO

LUTIO

NS

FEA

TUR

EK

im K

ola

no

ws

Ki

cific set of applications that they use regularly. Companies con-sidering endpoint virtualization should examine their potential use cases and work backward, with the understanding that multiple approaches may be necessary even within a single organization.”

It’s therefore advisable to work with prospective technology part-ners to establish a one-year ROI plan. Those that shy away from the challenge may not be equipped with the breadth of technology necessary to deliver success within a reasonable timeframe.

Education: a natural for endpoint virtualizationEndpoint virtualization is generat-ing quite a buzz among educational institutions, and for good reason:

the ability to roll back applications to a standard image, avoid applica-tions conflicts, and optimize license management can save thousands of hours a year in IT staff time.

“Educational institutions have been early adopters of endpoint virtualization because it addresses their major pain points,” says Bowker. “Traditionally, a good por-tion of their IT staff time is spent on deployment—just rolling out new images. Endpoint manage-ment tools can lighten that load considerably, but there’s a huge op-portunity to reclaim staff time and improve service by virtualizing applications or workspaces.”

Barry R. Ribbeck, director, systems architecture and infra-structure at Rice University in Houston, can relate. “It’s always a very challenging process for us to get images on the lab machines in a specific timeframe,” he explains. “There are so many different groups and people involved that the task is difficult at best, and deployment always comes down to the wire. And then once we have gone through all the effort to test and validate the image, there are inevitably last-minute requests or software versions that come out mid-semester that we’re under pressure to accommodate. That’s a tough position to be in, because we want to be responsive, but we can’t

risk application conflicts that might cause downtime for other users.”

Ribbeck hopes that using Symantec Endpoint Virtualiza-tion Suite to stream applications to 500 desktop PCs in student labs will help solve these problems. Deployment of the solution is cur-rently underway.

“Application virtualization will give us the ability to change horses in midstream and perform upgrades without impacting our base image,” he explains. “If an instructor wants to add software that’s not in the default build, we’ll be able to do that on the fly, without impacting every other course that’s taught on those

“CIOs are taking a hard look

at the resources involved in the daily maintenance of endpoints. Endpoint virtualization can drastically reduce those costs.”

– Mark Bowker, Senior Analyst, Enterprise Strategy Groups

Founded: 1912Location: Houston, TexasWebsite: www.rice.edu IT Staff Managing Client Systems: 60Endpoint Virtualization Goal: Stream virtualized applications to 500 endpointsCurrently Implementing: Symantec Workspace Virtualization and Symantec Workspace Streaming

Rice University

Barry R. Ribbeck (left), Director, Systems Architecture and

Infrastructure, and Trey Gammon, System Administrator, Rice University

symantec.com/ciodigest 23

machines. We’ll be able to provide instant gratification.”

At Harvard’s School of Engi-neering and Applied Sciences (SEAS), endpoint virtualization was recently tested to examine potential savings in deployment costs, licensing costs, and remedia-tion time for MATLAB, Wolfram Mathematica, COMSOL, and Abacus—heavyweight engineering and scientific applications that tra-ditionally consumed considerable IT staff time. The school recently completed a pilot using Symantec Endpoint Virtualization Suite to stream the four applications to faculty, research, and student computers.

“The engineering and scientific applications we chose to virtual-ize can take hours to install and configure locally, and the licenses are often expensive,” says Jack Yatteau, technical lead for the pilot effort at SEAS. “So the ability to stream multiple versions of the software, or keep certain people on a specific version, or allow them to concurrently test the old and new versions simultaneously and compare the results, was very attractive. Users can now begin using new or upgraded applica-tions in minutes, and installation and configuration is significantly streamlined, with no CDs or DVDs required. Both IT staff and re-searchers can be more productive.”

“Our service calls have gone down, and we’ve seen that they are much lower for students and faculty who are using the streaming versus the self-installed applications,” says David Gipstein, director of opera-tions for information technology at SEAS. “And with dynamic license management, we don’t have to buy 1,000 licenses to cover all potential users. We can buy some fraction of that and grow it as required, maintaining both compliance and the ability to audit usage. This is

particularly helpful because we have a fluid community with students, research-ers, and collaborators here from weeks to years. When they’re gone, assigned licenses can simply expire, and return to the central pool for reassignment. And for university-owned computers, application virtualization will certainly streamline systems deploy-ment during hardware refresh cycles.”

The case for healthcare: making more time for patientsAnother industry embracing endpoint virtualization is healthcare, driven in part by the adoption of Electronic Medical Records (EMR) that is now underway at many hospitals. Physicians, nurses, and clinicians are using computers to access medical data more than ever, and IT organiza-tions are charged with making sure that information is available conveniently and securely.

In Grand Blanc, Michigan, Genesys Regional Medical Center, a member of the Ascension Health system, is using endpoint virtual-ization to make sure technology is giving healthcare profession-als more of their most valuable resource—time—instead of taking it away.

Until recently, doctors, nurses, and clinicians waited for time on shared computers, then spent much of that time logging on to the system and to various applica-tions. With increased reliance on EMRs, “squatting” became a prob-lem. “Once staff members were at a PC, they would often try to stake a claim to what was expected to be a shared computer,” says Dan Stross, CIO at Genesys Regional

Medical Center. “Doctors making their rounds often had to hunt for an available computer, taking time away from patient care. We wanted a design that would allow staff to sign on quickly using their I.D. badge and a single password. Our goal was to get them logged in, with a single sign-on for all their applications, in less than 10 sec-onds, and then be able to suspend their session with one keystroke. We then want to allow them to quickly resume and get back to

mic

ha

el

br

un

et

to

David Gipstein, Director of Operations for Information Technology, Harvard School of Engineering and Applied Sciences

Founded: 1847 (as Lawrence Scientific School)Location: Cambridge, MassachusettsWebsite: www.seas.harvard.eduIT Staff Managing Client Systems: 5Number of Endpoints Virtualized: 50Applications Virtualized: MATLAB, Wolfram Mathematica, COMSOL, and AbacusSymantec Endpoint Virtualization Solutions Used: Symantec Workspace Virtualization, Symantec Workspace Streaming

Harvard School of Engineering and Applied Sciences

s

24 CIO Digest October 2009

where they left off—in less than 10 seconds—at a different device.”

Symantec Endpoint Virtualiza-tion Suite with Symantec Work-space Corporate met the hospital’s needs. Hospital personnel simply swipe their badges and enter a password, and are instantly logged on to a personalized desktop with

whatever applications they’d been using in precisely the state they left them. When they log off, no data re-mains on the endpoint. Security and compliance are improved, and doc-tors find that their daily rounds take two hours less. Doctors can even log into their workspace from home us-ing Symantec Workspace Remote to further enhance productivity.

Following a suc-cessful pilot program, Genesys is now rolling the solution out to 700 doctors.

“We chose to make this investment over a lot of competing investments because we can tie this directly to

improved patient care,” says Stross. “Very simply, endpoint virtualiza-tion is allowing us to reclaim staff time by providing more ubiqui-tous access to PCs. The way most healthcare organizations are dealing with this problem is to put more and more computers on the floors of the hospitals, which causes congestion

and drives up costs. With endpoint virtualization, we can reduce the number of PCs that we really need—we’re just using the ones we have more effectively.”

A fly-right model for airlinesAt Azul Brazilian Airlines in São Paulo, recent efforts to streamline

service by virtualizing ticket sales, check-in, and crew desk applica-tions are already paying off. To give agents fast access to applications and data from various locations in the airports, the company is using

Symantec Endpoint Virtualization Suite to stream applications from a local server to thin-client PCs with embedded flash memory. “Golden” images of the three applications reside on a central server.

“Dedicated PCs with locally installed software are expensive to maintain and vulnerable to security and reliability issues,” explains Jefferson Santana, data center and IT architecture manager, Azul Brazilian Airlines. “With Symantec Work-space Virtualization and Symantec Workspace Streaming, applications load on demand, without needing to be locally installed. As soon as a user logs into the endpoint device, the server immediately begins stream-ing down packets of the applica-tion code for different functions as needed. The application builds up in the cache in the background as the session continues.”

Because Azul’s IT staff can maintain the software from a central location, the applications are not subject to local corruption, and administrators don’t have to visit machines and re-load soft-ware from CDs. Security has also improved, since after a user logs off, no code or data remains on the endpoint. Perhaps most important, applications are customized for the user, not for the machine.

“Because the virtual desktop can stream to any endpoint device where an agent logs on with proper credentials, any agent can work on any station,” Santana points out. “This means the user experience is portable across

mic

ha

el

sc

him

pf

SO

LUTIO

NS

FEA

TUR

E

Location: Grand Blanc, MichiganWebsite: www.genesys.orgParent Company: Ascension HealthNumber of Endpoints Virtualized: Currently rolling out virtual workspaces to 700 doctorsSymantec Endpoint Virtualization Solutions Used: Symantec Workspace Corporate, Symantec Workspace Remote

Genesys Regional Medical Center

sDan Stross, CIO, Genesys Regional Medical Center

“We chose to make this investment over a lot of competing investments because we can tie this directly to improved patient care.”

– Dan Stross, CIO, Genesys Regional Medical Center

symantec.com/ciodigest 25

Application Virtualization: An um-

brella term that describes software

technologies that improve portabil-

ity, manageability, and compatibility

of applications by encapsulating

them from the underlying operating

system on which they are executed.

Often used in conjunction with ap-

plication streaming.

Application Streaming: Describes the

delivery of virtual applications to cli-

ent machines. Applications need not

be fully installed on a client computer

but are instead delivered piece by

piece over a network as required.

Virtual Desktop: The entire

desktop, including the

operating system, is sepa-

rated from the endpoint.

Virtual desktops can be

stateless—meaning that

user data and customiza-

tions are discarded when

the user logs off—or stateful,

which means user data is retained

in a file and reinstated when the

user logs back on.

Connection Broker: Connects a user

to his or her personalized, secure

virtual workspace from any PC.

Terminal Server:

The most basic

form of end-

point virtualiza-

tion, terminal

servers allow

multiple clients

to connect to a

single, centralized server and “share”

applications. Limitations can include

compatibility problems with certain

applications, remote display issues,

software license complexity, and risk

of impacting other users who are also

accessing the terminal server.

Endpoint Virtualization Glossarys

any machine in our environ-ment. That pays huge dividends in terms of flexibility and faster service in an airport setting.”

Azul is also using Altiris Client Management Suite from Symantec to allow administrators to deploy, manage, and troubleshoot systems from virtually anywhere. “We felt a new level of efficiency was possible in endpoint architecture for the airline industry, and we set out to find it,” says Kleber Linhares, IT general manager at Azul. “We used endpoint virtualization to deliver low-cost workstations ideal for use in a harsh airport environment. This has increased availability, security, productivity, and flexibility and reduced the need for administrator support, allowing us to drive our TCO well below that of the tradi-tional model. We project a 40 percent reduction in total cost of ownership for our endpoints.”

The future is nowEndpoint virtualization has indeed come a long way since the humble terminal server. Education and healthcare are leading the transformation. But as evidenced

at Azul Brazilian Airlines, any organization with distributed end-points and standardized applica-tion sets can reap the benefits.

“CIOs are taking a hard look at the resources that are involved in the daily upgrading, patching, and maintenance of endpoints, and frequently those costs are much higher than they’d like them to be,” concludes ESG’s Bowker. “Properly implemented in the right situation, endpoint virtu-alization can drastically reduce those costs. But for IT, the biggest

upside to endpoint virtualization is centralized management and control.” n

Ken Downie is Senior Writer at NAVAJO Company. His work has appeared in Business Finance, Internet World, and Business Credit magazines.

Founded: 2008Location: São Paulo, BrazilWebsite: www.voeazul.com.brNumber of Endpoints Virtualized: 120 (will grow by as many as 400 systems per year)Applications Virtualized: Sky Speed (ticket sales), Sky Port (check in), and crew desk applicationSymantec Endpoint Virtualization Solutions Used: Symantec Workspace Virtualization, Symantec Workspace Streaming

Azul Brazilian Airlines

s

Kleber Linhares (left), IT General Manager, and Jefferson Santana, Data Center and IT Architecture Manager, Azul Brazilian Airlines

pau

lo f

rid

ma

n