Coronavirus IT Management Readiness: Can Your IT Really Handle All Employees

Working from Home?

a management readiness checkMaury Weinstein, System Source President and Co-Founder

mweinste@syssrc.com

Dennis Kloster, Enterprise Engineerdkloster@syssrc.com

March 17, 2020

During the Webinar… Audio – In Presentation Mode until End Control Panel Grab Tab:

Hide The Control Panel Audio Pane:

Mute Yourself Switch between Phone and Mic &

Speakers View Webinar in Full Screen Mode Question Pane

Submit written questions Please mute when not speaking

Presentation available for download

Control Panel to Manage Your Session:

If pizza hasn’t arrived by 12:15, please check with your receptionist and then email Mike Jones at mjones@syssrc.com

We are recording the webinar, so please step away to pick up pizza at your front desk!

We Hope You are Enjoying Your Pizza!!

AgendaRemote Working Readiness ChecklistPreparing to Manage Remote Staff Generalized Work from Home Guidelines

Preparing Systems and Infrastructure for Remote StaffMicrosoft Windows Virtual Desktop Introduction

Preparing to Manage

Remote Access Method User Count

Crisis Leadership Team Appointed*

What Cannot be Done Remotely?

List Risks Assumed by Organization

Remote Work Policy Approved and

Distributed

Deep On-call Rotation

EstablishedStaff Emergency

Notification Process

Phase 1

GAP found

VPN

Thin Client (Citrix/RDS)

Other:

Phase 2

Video Conference

Windows Virtual Desktop

Total 0

Crisis TeamCreating and updating the planTimeline for policy implementationHow the implementation decision and changes will be communicatedStaff expectationsTechnology for working remotelyPlan update frequencyAuditor guidance Management indicators to select an appropriate response levelList risks assumed by the organizationUnderstanding what tasks cannot be done remotely Isolating teams and individuals critical to the organization from each other

Work from Home GuidelinesPurpose:To maximize effectiveness for employees working off-site. Decisions about the suitability and availability of work from home arrangements are at the sole discretion of your manager. Work from home is not a benefit, but a tool in situations where the organization, employee and ultimately our customers benefit.

Work from Home GuidelinesCriteria:Work assignments should be of significant priority, consistent with the level of

work you would be completing in the office. Work materials taken home should be enough to support 8 hours of work. The work scheduled to be completed at home should be independent in

nature, not needing in-person interaction with team members. A work from home day is not acceptable if meeting with a customer, vendor or

staff members would be missed.Work from home should only be scheduled when you have a productive

environment at home. Caring for yourself or others while ill is not a productive work from home situation.

Your working from home location must be transparent to the client.

Work from Home GuidelinesRequirements:Manager’s approval, preferably 2 days prior. Spontaneous work from home

days may be approved if other criteria are met and coverage is available. Access to all Company systemsHigh-speed internet access8 hours required with flexible hours within these guidelines:

10:30 to 3:30 available for contact with team Maximum one day per week

Additional home or cell phone expenses incurred during a work from home arrangement are not reimbursable.

Test your phone communications prior to working from home to meet the criteria of being transparent to the customer.

Work from Home GuidelinesTransfer callers from your work phone to home/cell phone so your location is

transparent to callers.Update your internal Outlook auto-response and calendar to indicate work

from home statusGather documents to complete work assignments and copy of non-

reproducible documentsCheck voice mail hourly, return phone calls and e-mail promptly.Complete brief log of your day's activity and include it as a billing note with

your timecard for that day.Plan for a productive work environment at home, including age appropriate

care arrangements for children or sick dependents.Employees working from home are responsible for a safe, productive

environment and for any additional insurance to support work from home.

Less Obvious Policy NuancesContractor and part time staff directionHR policy including waiver of approval and notice for vacation usage while

retaining right to disciplinary actionNeed strong culture demonstrating what working remotely meansSANS Institute https://www.sans.org/security-resources/policies

If pizza hasn’t arrived by 12:15, please check with your receptionist and then email Mike Jones at mjones@syssrc.com

We are recording the webinar, so please step away to pick up pizza at your front desk!

We Hope You are Enjoying Your Pizza!!

Preparing Technology Testing Satisfaction

Remote Access Method

System Maximum Capacity*

Infrastructure Needed?

Licensing Required*

Licensing Type

Licensing Costs

Remote Workstations

ConfiguredSecurity

Protocols*

One Day Test Group with

Exercise All StaffOne Question

Survey

Phase 1

GAP found

VPNThin Client (Citrix/RDS)

Other:

Phase 2

Video ConferenceWindows Virtual Desktop

Total 0 $ -

Licensing Required “Office 365 Business, Business Premium and ProPlus subscribers can install

Office on up to 5 PCs or Macs, 5 tablets, and 5 smartphones. You can count hybrid Windows devices, such as the Microsoft Surface Pro, as either a PC or a tablet.”

MSFT Office 365 licensing available by the month (at annual pricing if purchased through our channel)

SaaS licensing may have hard cap at purchased quantity

System Maximum CapacityBandwidthVPN concentrator capacity/licensingVoice over IPWorkstation RDS capacity/licensing

Security ProtocolWhat systems can join your network?

Remote access from lower security or compromised networks may require state checkingEncryption usePlaying the 80/20 rule at homeEach remote access software is another door into your networkSome organizations rely on “over the wall” support and fraud checkingProtections behind your firewall aren’t extended to some remote users

Probable Work from Home Support Issues• Latency and speed issues with home bandwidth

• Exacerbated by VTC, file syncing and rural bandwidth• Require speed test of 20/10 and acceptable latency

• Workstations without VTC headsets or softphones• Disk encryption• 2FA without conditional access• Workstation shortages• Access to special phone services• 44% of last Friday’s reactive support requests were remote access vs.

18% same Friday last month• Corona themed phishing

Scenario 1 - VPN

Do you need to duplicate the “in the office” look and feel?Can you remotely access from only preconfigured workstations?Do you have adequate bandwidth?Do some need applications that most don’t require?

Scenario 2 - RDS

Do you want to offer applications without first loading them on remote workstations?

Do you want to isolate personal systems from the office network to increase security?

Do you want to use a remote system in a low bandwidth scenario?

Scenario 3 – Virtual Desktop

Do you want a full desktop experience?Do you want others managing the infrastructure?Do you want to pay only for what you use?

Microsoft Windows Virtual Desktop

Windows Virtual Desktop (WVD)Delivered on AzureDennis Kloster, System Source

Virtualization Scenarios

Security and

regulationFinancial Services

Healthcare

Government

Elasticworkforce

Mergers and acquisition

Short term employees

Contractorand partner access

Specificemployees

BYOD and mobile

Call centers

Branch workers

Specialized workloads

Design and engineering

Legacy apps

Software dev test

Virtualization Hosts of the Future

Windows Virtual Desktop Multi-session

Scalable multi-session modern Windows user

experience with Windows 10 Enterprise security

Windows 10

Multiple sessions

Win32, UWP

Office 365 ProPlus

Windows ServerRD Session Host

Scalable multi-sessionlegacy

Windows environment

Windows Server

Multiple sessions

Win32

Office 2019 Perpetual

Windows 10 Enterprise

Native single-session modernWindows experience

Windows 10

Single session

Win32, UWP

Office 365 ProPlus

Provides virtualization infrastructure as a managed service

Utilizes Azure Active Directory identity management service

Deploy and manage VMs in Azure subscription

Manage using existing tools like Configuration Manager

Connects to on-premise resources

High Level Architecture

C U S T O M E R S U B S C R I P T I O N

Windows 7Enterprise

RemoteApp

Web access

Management

Diagnostics Gateway

Broker

Windows 10 Enterprise

M A N A G E D B Y M I C R O S O F T / P A R T N E R

Windows Server 2012 R2 and up

Windows 10 Enterprise multi-session

Load balancing

M A N A G E D B Y M I C R O S O F T / P A R T N E R

Compute Storage Networking

Identity Strategies

Options for Required Active Directory

Pros Cons

Spin up a DC in Azure Can sync with on-premises DC with VPN or ExpressRoute All familiar AD Group PoliciesVMs can be stopped to reduce costs

Adds additional management of a VM and Active Directory in Azure

For cloud-based organizations, use Azure AD Domain Services

Don’t have to connect to on-premises resources

AD DS runs continuously with a small fixed charge

For hybrid organizations, use VPN or ExpressRoute and make sure your on-premises DCs can be found in Azure

No AD DS or Domain Controller required in Azure

Latency could be higher delaying user authenticationAssumes on-premises environment

• Pay only for the virtual machines (VMs), storage, and networking when using the service.

• Pick VM and storage options to match your use cases.

• Purchase one-year or three-year Azure Reserved Virtual Machine Instances, for up to 72% savings versus pay-as-you-go pricing.

Azure Consumption

WVD Environment Types

Environment Types

Workstation OS Running Profile setting synced

User can install

software

Use Case

Physical Laptop or Desktop

Locally Yes or No Y

“Personal” Virtual Desktop

Specific VM for each user

Single session

Yes or No Y DevelopersHeavy Users

Non-persistent Virtual Desktop

User assigned to resource

pool

Multi session Yes N

Published Apps

None – apps only

Multi session Unique profile

Selecting an Operating System

Scalable multi-user legacyenvironment

TS CAL

Scalable multi-user modern

experience with Win 10 Enterprise

Security

User ConcurrencyApplication

Delivery

Native single-session modern

experience

DevelopersHeavy Users

Dedicated Session

Server 2019 RD Session

Host

Windows 10 Enterprise Multiuser

Windows 10 Enterprise

Improved Security with Management

Security through

Azure AD (i.e. MFA,

CA)

Reverse connect

eliminates open

inbound ports to

VMs

Multiple admins

assigned role-based

access

Isolated user

sessions in single and

multi-session

Reduced Attack

Surface

Granular Access Control

Isolated User

Sessions

Azure AD Security

Client Features and Administration

Features Windows Web Android macOS iOS

MFA X X X X X

3rd party plug-ins X

Dynamic Resolution X X X

Multimonitor X X

Teams Coming soon

Bulk Deployment X X

Management Intune, ConfigMgr, GPO

WVD Bandwidth Recommendations• Bandwidth rises with:

• Resolution and frame rate• Voice or video conferencing• Real-time communication• Streaming 4K video

Workload Applications Bandwidth Recommendation

Display resolution @ 30 fps

Task worker Word, Outlook, Excel and Adobe

1.5 Mbps 1024x768

Office worker + PowerPoint and Photo Viewer

3 1280x720

Knowledge worker + Java 5 1920x1080

Power worker + CAD and publishing 15 3840x2160 (4K)

1. Profile Container - Replaces roaming profiles and folder redirection. Speed logon and application launch times.

2. Office 365 Container roams Office cache data (i.e. Outlook OST, OneDrive cache, Skype for Business GAL) and Windows Search DB with user in virtual desktop environments.

3. App Masking - Minimizes gold images by creating a single image with all applications. Provides app compatibility with no packaging, sequencing, backend infrastructure or virtualization

4. Java Redirection - Increases security of multiple installed versions of Java by mapping specific versions to individual apps or websites.

FSLogix acquisition provides three core pieces

FSLogix VHD (Container based)

• Fast login regardless of profile size and efficient IO• Network attached data appears as local profile• Limited multi-session with read only and differential disks• Customized for Office performance

Are You Licensed for WVD?

Pay only for the virtual machines (VMs), storage, and networking consumed when workstations are using the service

Options such as one-year or three-year Azure Reserved Virtual Machine Instances with monthly payment options, can save up to 72% versus pay-as-you-go pricing

ServerAccess Server workloads with WVD with RDS CAL license with active Software Assurance (SA)

ClientAccess Windows 10 single and multi session and Windows 7 with WVD with:

• Microsoft 365 E3/E5• Microsoft 365 A3/A5/Student Use

Benefits• Microsoft 365 F1• Microsoft 365 Business• Windows 10 Enterprise E3/E5• Windows 10 Education A3/A5• Windows 10 VDA per user

Next StepsWe have a quick response team for assessing, setting up or testing remote

accessWindows Virtual Desktop pilots available to check use casesFixed price solution bundles and jump starts for 2FA, mobile device

management, phishing/training, Single Sign On and more