Recover a workspace for road warriors
In this blog you will read about the solutions that I come across for deploying laptops for road warriors as they are called. Road warriors are employees with a laptop that rarely visit the office, come to think of it, I’m a road warriors.
Lately we had several discussions about the different tooling available (and in our portfolio) and I noticed a few interesting reasons for customers to choose either way. The discussion was about the manageability of the laptops, I’ll get into that later on.
Deployment of devices is simple, there are many solutions available that can deploy a device. Some people would say that even an idiot can deploy a device, managing the device and the user workspace is what differs the boys from the men. It’s like with backup and restore, backup is simple, restore is for real men.
With VMware Mirage making a strong comeback on the market at VMworld I wondered where it stands compared to the others. So I put the ones we used in a list and did a really fast check.
What is deployment tooling in this context, what are we talking about. The tooling I’m referring to are products that you use to deploy a laptop or a desktop, add a new Windows image to it and install loads of applications on them.
If we look at deployment tooling there are a few, let’s name the ones I use from time to time;
- Microsoft SCCM/ MDT/WDS
- Symantec Deployment solution powered by Altiris technology
- RES Automation Manager
- VMware Mirage
I think this is a fair list of the top products used, sure some aren’t listed but those we don’t use and never crossed our discussion.
A deployment tool has to provide some basic features that are key to the solution,
- It needs to be able to deploy a Windows image to a device,
- It needs to deploy software in a certain order to that device.
These are key features and all but one in the list are able to do this on their own. So let’s take a look at each one and talk about why you would use them and why you wouldn’t.
There is one more feature that is required in these days market when it comes to device management and that is recovery of lost or broken devices. With users moving around they roam with their devices and these devices might fall/break or get stolen (or left on the train). Users will need access to their data no matter what and vendors will need to find a way to solve this.
Not only deployment but also recovery is key.
The topic we had at hand lately was that we have a customer with 1000 laptops that need to be deployed, appeltje-eitje we say in Dutch (apple-egg, meaning simple). As soon as we agreed it was simple we came to the topic off how about management and what about if he or she does something stupid like wreck the thing of leave it on a train. How will we cope with that challenge, that goes beyond deployment itself but is vital to the customer.
So the topics for this blog are:
- Can I deploy a Windows image with it?
- Can I recover a broken, stolen or lost image?
Microsoft SCCM + MDT
Microsoft SCCM/MDT/WDS is a collection of tooling that can be used apart or together and is the standard for deployment in the IT world.
It has some drawbacks for it console is not the easiest one to use and takes a lot of training to get used to. Microsoft SCCM is designed to deploy devices or software but not to do it as fast as possible. It will deploy the software as you planned but in due time. A few years back an effort was taken to integrate Microsoft App-v with SCCM and we had some issues with that for the application needed just-in-time didn’t arrive just-in-time but at the time SCCM found it suitable.
The 2012 version has been improved and the console looks much better now but still is pretty hard to get used to when you have to use it rarely. The cool thing about SCCM is of course the easiness of deploying drivers with images, it’s a one click solution for that. Ones task squences have been setup it’s a solid tool to be used.
If we look at the questions within this topic the of course Microsoft SCCM or MDT with WDS can deploy images to devices, there is not doubt about that.
If we look at manageability of the devices where it would backup the user workspace and restore it when needed, it’s not possible. Of course you can create a backup of some sort but that backup will only work when you still have your device. When the device is lost or really broken the backup is gone.
In this new era of flexible deployment and management of user workspaces on devices Microsoft SCCM only enables 50% of what we need.
Altiris (Symantec deployment solution)
Altiris is the grandfather of deployment tools, it has been around since 1998 and is being used at so many places to deploy millions of servers. Sure Altiris is a product that could deploy a laptop, it uses a PXE process to deploy an image.
When it comes to managing the user workspace it’s less suitable for that’s not what it is designed for. Tools like Altiris (keep calling it that even though I know it’s Symantec) are built in a time when we did not have these road warriors like we have today. It’s not designed for how we work now, it’s a one-time-deployment tool for servers, desktops and laptops and sure you can manage a bit with it later on but not that bit that I was looking for in this use case.
What it lacks in this use case is the ability to save the users workspace and restore it when needed. The user workspace in this case is the users profile, the applications and documents residing on the laptop. When the laptop is stolen (or forgotten as we most see) that user workspace has to be restored to a new device.
Even though I think Altiris is a hell of a tool, for this use case it’s not use-able.
RES Automation Manager
Again a tool that I think is a great tool in certain scenario’s. We use RES Automation Manager a lot to deploy golden images of virtual environments, it’s easy to setup and it’s darn easy to deploy a golden image with it. Even our System Center guys had to agree that it was too simple to be true. They are working days to get a Citrix server deployed and with RES Automation Manager they did the same job in a morning even without knowledge of the product. Try that with SCCM 🙂
But, there is a huge but… RES Automation Manager needs a host to provide the Windows images, it can not do anything without a running Windows image where it can deploy an agent. It’s not a deployment tool as such. This makes it useless for this scenario.
When the agents are running on a Windows machines, desktop or server, it’s a killer app. If you haven’t seen it yet, you surely missed something. For network related tasks, repetitive tasks like on- and off-boarding of users this is the tool to use.
Back to the use case. With RES Automation Manager you can not deploy a laptop image without using something like WDS to deploy the image. Therefore it’s not suitable.
From a management point of view is not the right product, even though it could backup certain parts of the user workspace it could not ensure that all applications were safely in a backup, it’s not designed like that.
VMware acquired Wanova a while back and with that gotten their hands on a delivery tool. At first many might have looked strange at this for what was VMware doing with a deployment tool.
They positioned the tool, they called Mirage, as the deployment and management tool for physiscal desktops and persistent VDI’s. They claimed to extend it to manage all VDI desktop pools but never gotten that far.
With CloudVolumes coming on board VMware, now named App Volumes, the future for Mirage looked bad. App Volumes was better suited to manage application layers of desktops and worked without modifications. So where was Mirage heading.
We thought they would slowly let it die but they did the opposite. VMware Mirage has been positioned at VMworld 2014 as the Client-deployment and recovery tool, a direct competitor of Microsoft and Symantec.
So if we compare the basics between these products, what do we see?
All products can deploy an image and all products can deploy applications. VMware Mirage handles the application deployment as layers. These are not layers like UniDesk is doing but basically a layered task automation that installs the application on the device.
What is cool about this layering is that when you experience an issue with e.g. the templates of your company (we have a complex one) you can re-enforce that layer and that layer alone. It will fix your template and you don’t have to redeploy.
Another cool thing about Mirage is the recovery part, as said before deploying is easy but what if the user runs into issues. What is the user loses the laptop, drops it or does something that makes it unusable? Most deployment tools can’t fix this, you need to either redeploy or get a new device and deploy.
VMware Mirage is different in this, it will create a backup like you’re used to with you Mac book. and that backup is stored in the data center to speed up recovery. When a users notices that their devices is e.g. broken or stolen it can report that to the IT desk and they can recover the user image (with all applications and data) and restore it to a virtual machine or a replacement device.
So while the user is travelling to the office the restore process is running and will be ready when they get in. It will allow them to work within their workspace as they left it.
There are more features that are cool about the layering product and the possibilities but for this discussion this was the most important one. One other one is migrating from Windows XP to Windows 7 without the user noticing it… but hey who’s on Windows XP still, right?
For our use case and I think many use cases VMware Mirage is a killer solution, they fact that you can restore a recovery image of a complete user workspace to a replacement device or a VDI is so cool. This is what the users want, this is service IT should offer users.
Citrix had the slogan, Anytime, anywhere any device… This is that slogan reinvented.
We will advice this customer to do a PoC with VMware Mirage for it meets all the requirements and more.