Continuity Disaster Recovery

What is Desktop Virtualization?

Wikipedia defines desktop virtualization as:

Desktop virtualization, as a concept, separates a personal computer desktop environment from a physical machine using a client–server model of computing.

In layman terms, it’s simply means:

Your company will install the software in the server in a remote location and you can use it on any computer with internet access, while remaining the user experience of a normal desktop.

Some of the software products that do desktop virtualization are: include Microsoft’s Terminal Services, Citrix’s XenDesktop, and VMware’s VDI.

Why should you care about it?

Cost saving – In traditional system, applications and programs are installed in the computer itself. With Desktop virtualization, overall expenses are reduced because resources can be shared and allocated to users on an as-needed basis. Maintaining of all the computers in your company may be time and time consuming with Desktop virtualization,  updating of software only need to be done once.

Security – Desktop Virtualization is more performant than an encrypted partition of your hard disk drive as all the files are stored in the server and only you can access it. This would help managers improve compliance by centralizing the control and managing access to confidential information across the organization. In additional, as backup are made regularly on the service, hence the risk of data lost due to system crash is reduced.

Access anywhere – With an internet connection, you can connect to your company’s desktop virtualization. This means you can use any platform (desktop or laptop) to access your programs and documents.

It can be personalized: you can store your favorite bookmarks in browser and also installing your personal program while still being able to access it anywhere, anytime. In another word, the way you use and navigate around your computer system remains the same!

Questions for you:

1. You bought 5 new laptops for your office. Your IT guy asks you for the names to be given for the machines.
2. Your staff is on leave and you need to access his computer to retrieve some data. Is it right for you to ask your staff for password?
3. You decided to throw away your old PC. What are the measures to take to ensure data is not being leaked out?
4. How do you ensure there’s business continuity when there’s a fire in your building?

Here are some quick best practices to the above questions.

1. Do not use your staff name as the computer name or default names given by Microsoft. It’s hard to keep track of your assets when your machines are growing in numbers. Keep a proper naming convention format for computers. Example, ABCPC01, ABCNB01, etc.. where ABC denotes your company name, PC denotes desktop, NB denotes Notebook.
2. If you store your office data centrally, you will not have this problem. For urgent requests, you should ask your staff’s permission for password first, and suggest password to be changed when he comes back.
3. All removable media to be removed and internal drives are to be destroyed or removed first.
4. If you do regular backup and off site retention, your information assets are safeguard.

If you do not practice any of the above, it’s time to look into IT Security and Standard Policy.

The purpose of Infocomm Technology (IT) Security and Standard Policy is to maintain the quality of your organization information assets. These policies and standards preserve and protect organization information assets from intentional or unintentional acts or natural events which may result in their unauthorized disclosure, modification, destruction or usage.

The Policy provides the basic framework for establishing and implementing adequate IT security given the mission of the organization and the use of Infocomm Technology (IT) by its employees, contractors, customers and suppliers. 

The Standards provide the high level requirements for implementing the IT security policies, the basis for audit compliance and the basis for security self-assessment by Information Systems (IS) management.  They help to minimize the probability that IS management will overlook any of the security practices and to promote consistent and co-ordinated practices.

Without baseline policy and standards, systems and procedures actually implemented could undermine even the most carefully designed security features provided by hardware and software products.

Note: A free copy of IT Security & Standard Policy will be given away when you sign up for our corporate platinum maintenance plan.

In general, IT support industry defines an emergency when network is down or critical server(s) is down or generally an issue that is causing multiple users to be down in some ways that do not allow them to carry out business operations. A server is usually defined as critical only when users depend heavily on its functions. For example, file sharing; domain controller; DHCP, DNS, application such as CRM or sharepoint; email etc. Not all servers are defined as critical when it is being used occasionally or by few users or not in use during business operating hours. For example, spare DNS; backup server; batch jobs that run once a month, etc.

While the above definition may limit severely what constitutes an emergency over a common issue such as user is not able to print, the area becomes interestingly when it is the CEO of the company who is the user that cannot print.

It is important for you as a customer to share your concerns to your IT provider during the initial discussion on the service contracts. You may want to specific the key users in the company and categorize them as VIP (very important person) or VVIP (very very important person). Also, it will be of great help to IT provider when you highlight any important days of the month such as accounting period, batch jobs, etc. With this information, the IT provider would be able to come out with best practices to illustrate what is committed to, and what is typical.

IT providers tell you that you will have a guaranteed response time from them. Usually, the typical guaranteed response times comes in 4 or 6 hours. Emergency cases that hinder business operation such as server outage will have shorter guaranteed response time of 2 hours. You are not sure what it really meant. All you want is to have a stable technology that gives you a peace of mind, and even if there’s any technology breakdown, you want to be assured that a qualified technician is able to resolve the problem quickly.

Guaranteed response time commits an IT provider to a certain amount of time whether to answer your call, arrive at your office, or respond to an emergency. Response time is first and foremost remotely in nature. Usually IT provider will provide you with several means of reporting a problem using web ticketing system, email or phone call. After you have reported, IT provider will response to you remotely first via email, telephone or remote access within the guaranteed response time. When IT providers are able to do the above, they have already satisfied their commitment to you. If problem is unable to resolve remotely, depending on your service agreements, IT provider may charge accordingly for an onsite visit. Hence, it’s important for you to also find out what is their onsite response time.

A typical onsite response time may take up to 72 hours for non critical issues and up to 24 hours for critical issues. Do note that the response time and resolution time are not the same. Resolution time is the actual time taken to solve the IT problem and get it working. The worst case scenario that could happen is when IT provider responds to you at the 4th hour, and realized they can only resolve the problem onsite, which take them another 72 hours to arrive and spend another chunk of time to resolve your IT problem. Thus, total time taken would be 4 + 72 + resolution time, which is equivalent to 4 days or more. Once again, it is emphasis that this is a worst case scenario for non critical issues, which is still far better than sending the machines to manufacturer service center or any ad-hoc services.

You may ask why there is a need for guaranteed response time. Having a guaranteed response saves your time by knowing what to expect and not having to make repeated calls or requests for the same issue. On top of that, you know that the IT problem is to be addressed within a specific period of time helps to give you that feeling of security.

For more information on guaranteed response time, please do not hesitate to contact info@connectbit.com