The noble goal of most sysadmins IT pros and MVP’s is to create reliable computer systems out of intrinsically unreliable parts.
The hardware, software, operating systems, applications, configurations, and, security, and network threats, and yes, sadly, our own end users, often need to be calculated for in this equation. The use cases, systems, configurations, security postures, and now location of our fleet is every changing. Security threats are spiking, malware and ransomware is prolific. The math has changed. Speaking of equations, a few variables have also changed, perhaps forever.
No longer are a few users remote, sometimes. Now almost all of our users are remote nearly all the time. The Network Operating Center (NOC) and Security and Systems Operations Centers (SOCS) have gone dark – apps exited - monitors dimmed. We were sent home. Yes, everyone talks about the nearly 1 Billion End Users who are not at home, Starbucks, mom’s basement, and in between – but hardly anyone talks about us – the IT superheroes. We had to give up a ton of what we used to use to support our users. Now what?
First, I think no matter what – we must strive to get our security postures correct. This many users, in this many locations, with this many different configurations – only software can see what we need to see. We are going to have a very hard time managing what we cannot see, what we cannot measure, so we must.
While the isolation, containment, and benefits of large scale remote solutions like Microsoft AVD (link to MS here) or VDI is of huge security value to the enterprise, the rapid shift to remote work left many of us flat footed. Laptops, occasional vpn’s, and home wifi is the new reality.
One of the things we need to consider now is the tradeoff between creating complex resilient architectures or simply using what we decided to use better. Historically we have seen that large fleets of well managed desktops can approach both the productivity desired for end users as well as a spectrum of manageability and elasticity of vdi that makes it smile.
The New Methodology
First and foremost we should assess our end user populations to determine a few things.
First we should look at this security configuration and posture of every end user based on a few things. Initially we're going to want to know who they are as role based access control and security should be a real thing.
Second we should observe where they work: are they in a single location or do we notice them moving across networks. Third, what type of machine have we provisioned to them together with the different software antivirus and perhaps update schemas they helped make our life easier. Last and certainly not least, what does the activity of the end user look like? Are they doing a variety of tasks in volatile and high volume ways, are they unpredictable or doing suspicious or unintended activity.
Measuring these attributes together with the configuration of the provision machine as well as deep and near real time introspection into its actual usage patterns gives the modern IT pro an incredible amount of data.
Speaking of data, there should be so much that we're using artificial intelligence and machine learning to recognize the patterns and routes to remediation that truly allow us to scale in this new normal. In my coming blogs I hope to share detailed step-by-step actions sysadmins can take today to begin bringing some of the chaos at the edge under control. While you cannot manage what you cannot measure, we believe it is now possible to see what was previously unseeable and to perhaps for the first time get scaled to work for us instead of against us.