Wednesday 18 April 2012

Using my iPad for work!


After much pressure from the MD and Marketing Manager, and now also having my own iPad, I decided to investigate iPad access to our network.

My first port of call was configuring a server to run Neocoretech, which is a VDI solution that does not require a SAN or massively complicated infrastructure prior installing (unlike some of the alternative solutions).  With the Neocoretech server running and configured on our network, I had to build a Windows 7 image.  The image I created was a “read only “image, so that the user cannot change the image.  Some minor configuration was carried out to make the virtual machine a member of the domain, as well restricting some functions of the operating system in order to improve performance.   

Testing was carried out from a laptop to ensure the VDI infrastructure was working, before connecting my iPad to the wireless network and browsing the VDI landing page.  I had to install a free RDP client onto my iPad, and I chose Remote Desktop – Universal App by Evolve Networks, as these gave me the option to create more than one RDP session unlike the Wyse free application.

On network, it gave me a very good user experience, where the Windows 7 desktop was useable on the iPad.  The only gripe I had was that scroll bars were a pain, and where you would expect to press and drag them, you had to click to jump to the scroll bar on.

My next challenge was getting this to work remotely.  As you can see from other posts, we use Microsoft UAG hosted on a Celestix appliance as our remote access, but this solution does not offer an iOS client to allow the iPad to fully integrate with the features of the UAG, so I am unable to use the UAG to give me VDI access on the iPad.

As an alternative, I configured a Cyberoam UTM appliance to give me an L2TP VPN.  Following these instructions provided from Cyberoam will give the right result: http://kb.cyberoam.com/default.asp?id=1891

As did not have alternative route out to the internet, I create a hotspot on my iPhone, and used Bluetooth to connect my iPad to the hotspot.  Using 3G, I connected my iPad to the L2TP VPN, and from there started up my RDP client, and connected to my VDI server.  I was surprised as the latency was not as bad as I had expected, but it gave me my Windows 7 desktop on my iPad via the 3G network!

Very impressed how quickly this was configured and running, but now I need to customise my Windows 7 VDI image to optimise it for our network.

iOS and Android in the workplace (aka Replacing your computer with an iPad/Android Tablet?)

With iOS and Android becoming more popular in the home environment, I am often asked how these devices can be used as the endpoint to connect to a work network.  I would like to separate the use of these devices as a work device, rather using them as an access point for the occasional remote access session.

Irrespective of whether the tablet or mobile is a company or personal device, the issue with connecting it to your network is software support, so we have to look at what applications are required in the workplace.  With email, most mobile and tablet devices will support Exchange, and most of these devices will have the ability to create, read and edit Microsoft Office documents.  There may be some issues with legacy applications, or Windows only applications, which would render the device useless for those applications.

I’ve read in some places, where the solution is the replace the applications with something that will work on these mobile devices, or on other computer operating systems.   This seems a little bit extreme, especially in the current economic climate, where IT budgets are being cut and hardware refresh rates being increased from three years to up to five years.  Embracing BYOD (Bring Your Own Device) will also bring the same challenges, as the organisation may save hardware costs in not having to purchase and maintain devices, but will have to alter the backend infrastructure to support these new devices.

I’ve always liked the concept of VDI (Virtual Desktop Infrastructure) but in the past, it has been both complicated and expensive.  There are now solutions which can give you a virtual desktop for less than the cost of a new PC.  By manipulating budgets, it would be possible to deploy a VDI solution, instead of carrying out a hardware refresh of the desktop/laptop infrastructure.  The VDI solution would be able to create a Windows desktop environment that can run on any endpoint that supports RDP (Remote Desktop Protocol).  This would enable the old hardware, the mobile devices, the tablets, the BYOD equipment and home devices to connect to the VDI solution using RDP.  This solution can run on the network, and allow these devices to connect assuming they are on the network. 

The next challenge would be allowing these devices to connect to the VDI solution when they are away from the office.  If there is an SSL-VPN solution in place, you may be out of luck!  Most SSL-VPN solutions allow you to connect to your office, via an internet browser.  By installing some software components, via ActiveX or Java, it will give your Windows and Apple (and sometimes Linux) computers the ability to connect to the network and allow your applications to run remotely.  The issue comes as most of these solution providers have not written software components for the mobile and tablet devices to connect natively to the network.  Although web applications will work on these devices, any application requiring more than a web browser will not run.

The way to allow these devices onto the network will be to use a “traditional” VPN, utilising PPTP, L2TP or IPSEC.  This type of connectivity is normally configured on a firewall or VPN concentrator and once configured with the appropriated settings and authentication (we will have to think about security); these devices will connect and can interact with your network as if they were a computer on the network.

Once connected, the VDI solution will be available to the device, and then allow your Windows desktop to run, even though the device is not in the office and may not be running a traditional operating system!