From the words of Ralph Wiggum, I Choo, Choo, Choose You [to be my FlexCast model].

Choosing the correct FlexCast model always leaves people wondering if they made the right decision.  The answer to this question requires us to look closer into the user requirements.  For example, the ABC School District Reference Design was recently published, and as can be expected from the title, it is based on a large school district (70,000 total users, 20,000 concurrent).  How did we decide which FlexCast model was most appropriate?

It came down to simply meeting the needs of the school and the students.  This particular example used three FlexCast models:

1. Hosted Virtualized Applications: The elementary school children typically required a single application for their current class. When that particular class ended for the day, there was no need for the children to get back into the application from a different location.  Providing a single hosted virtualized application provided the easiest user experience for the elementary schools.
2. Hosted VM-Based VDI Desktops: Middle and High School students utilized many more applications, many of which were launched simultaneously. The students were familiar with a desktop interface and it was determine providing them with this experience would provide the best environment from which to work. The decision between hosted shared and hosted VM-based came down to a question of security. The school district felt it would be safer to create VMs for each desktop as opposed to the shared model.  The shared model could allow a student to cause mischief on the server, thus impacting other students. Many of the students are extremely smart and computer experts, so it was a matter of time before they breached the system.
3. Hosted Blade PCs: A small group of high school students took part in the CAD classes.  The CAD application used, and the projects students had to complete, required specialized hardware.  The school district decided it was easier to centralize a group of Blade PCs and allow students to connect as needed. This allowed for centralization and helped reduce the over number of powerful desktops required as they Blade PCs could be shared between schools.

As we know, there are more than three FlexCast models, but the School District did not have a need for them all.  In fact, as other organizations start to assess and design their virtual desktop environments, they too will see that certain FlexCast models do not fit in with the overall goals.

How does one determine the best approach? By understanding the user requirements, the limitations of each model and selecting the most appropriate model that gets the job done at the lowest cost.

Which models have you seen the most of so far?

Want to learn more about the ABC School District, then join the live webinar on June 18th

Daniel
Lead Architect – Worldwide Consulting Solutions
Follow Me on twitter: @djfeller
My Blog: Virtualize My Desktop
Questions, then email Ask The Architect
Facebook Fan Page: Ask The Architect

Andy Winiarski and I are going to be at Synergy 2010 next month to deliver a talk on Windows 7 and how it ties into desktop virtualization. I am there from Product Marketing to provide some color on XenDesktop. Andy will be bringing a consultant’s perspective and will give us some straight talk about real world issues connected with managing both an OS migration and a new desktop infrastructure. We thought we should let you know what we are planning to talk about and encourage you to join us in San Francisco.

We can easily make the assumption that Windows 7 will be on at least some of your desktops within the next 2 years. Given that Windows XP survived so long as a common OS platform in most enterprises, and taking into account user pull for the new OS, analysts are expecting a rapid ramp up which will put stress on IT and its suppliers. Windows 7 was launched almost one-third of the way into the 4th quarter of 2009, yet Microsoft still sold over 60 million licenses.

The first Windows 7 desktop to hit the network will immediately kick off a corporate wide effort to ready users, support teams, and applications for the inevitable upgrade. With this in mind, there are concerns that come up whenever we consider a large technology migration that could affect the way that your company does business. The speed of migration and the availability of staff and budget to attend to it are major concerns. Even if you wanted to make the change in the short term, is it even feasible to expect such a rapid rollout? Data security continues to be a key issue. Bitlocker will help but data is still exposed sitting on potentially 1000s of endpoints both inside and outside of the office. Temporary productivity hits can be severe during OS upgrade – despite best planning, a key resource could be left high and dry due to DoA hardware failures or unforeseen app incompatibilities.

We think that it is an opportune time to consider alternatives to the normal refresh approach to try to avoid these potential migration issues. With large budgets to commit to, perhaps it really is time to renovate your desktop infrastructure. The desktop infrastructure of previous decades is no longer current. Old methods are starting to show their age. Tools that worked well 10 years ago are starting to break and it’s hard to find someone to fix them. And there are new desktop virtualization technologies that are more efficient and cost effective than the old approach to desktops. This is a chance to make an investment in your desktop delivery infrastructure, bringing it completely up to date, rather than keeping your desktop management and delivery methodologies firmly planted in the 1980′s.

We could go on and on concerning Win7 migration and virtual desktops and that’s exactly what we plan to do at our breakout session at Synergy 2010. Make sure that you mark this session on your calendar. You get two opportunities to attend. If you’re really keen, come to both sessions!

SYN330 – Move to Windows 7 the easy way with desktop virtualization

May 12, 03:30 PM
May 14, 01:00 PM

Click here to register today!

You heard about desktop virtualization and VDI; your organization got excited and maybe is considering it now for its own IT. Now you are confronted with all your organizations requirements – business as well as technical. The logical question is, where to start and how to design a XenDesktop architecture that meets these requirements.

Typically, you start researching for information that reflects your situation or maybe even try to reach out to friends and your business network for customer references. Once you found a starting point, I am sure more questions will come up such as:

• Do I only need VDI? Or should I consider different desktop deliveries from the FlexCast options?
• How should I integrate and deliver my apps? Installed? Streamed? Or hosted?
• How do I ensure performance? What do I need to consider for scaling the environment?
• How can I preserve the user settings and make the transition as smooth as possible?
• Do I need to deliver the virtual desktops to remote users?
• How did others implement XenDesktop?
• …

I could go on with the questions, but I want to keep it short since I would like to see these questions being raised at the Hands-on Learning Lab Workshop “SYN418W – Designing a XenDesktop architecture” during Synergy. Why? This workshop will provide exactly this platform for discussion. I mentioned hands-on, but it is more a “hands-off” workshop, where you will have the opportunity to work with peers on a given fictitious customer scenario having the same questions or even the answers to your questions. The workshop will be guided by our most experienced architects, who already worked on several customer projects designing and implementing XenDesktop.

I am looking forward to see you there and hope to answer all your questions!

Tarkan

Senior Architect, Worldwide Technical Readiness

Follow me on twitter: @TarkanK

Under the much debated HITECH legislation in the American Recovery and Reinvestment Act of 2009, HIPAA covered entities and their business associates must notify patients and in some cases the secretary of Health and Human Services of privacy breaches pertaining to identifiable patient records. I have written previously about the distinction between privacy and security breaches, and I am going to focus on the security breach aspect today.
In the language, the secretary of HHS is required to specify technologies and methodologies that would render protected health information unusable, unreadable, or indecipherable to unauthorized individuals. If covered entities and their business associates apply such technologies and methodologies, they will not be required to provide notice of the breach as otherwise required by the act.
HHS specified that the “unusable, unreadable, indecipherable” test has been met if the breached data has been encrypted and the security of the key has not been compromised. HHS also specifies that the encryption must also comply with the HIPAA security rule’s provisions. To make things easier on us, HHS actually gives two examples of encryption that meets the standard:

• For data at rest, encryption consistent with NIST Publication 800-111
• For data in transit, encryption complying with Federal Information Processing Standard (FIPS) 140-2

One way of securing data in a NIST 800-111 consistent way is the use of disk encryption. Microsoft’s BitLocker is available with certain editions of Windows 7, Windows Server 2008, and Windows Vista and is also FIPS 140-2 validated, so is McAffee’s SafeBoot  and there are many others available as well.  It may be cumbersome for healthcare CIOs to have all their applications tested in a disk encrypted environment on the endpoints and the transition may take some time.
FIPS 140-2 includes several layers of security and HITECH/HIPAA does not seem to specify which one the government would deem appropriate to grant the reporting exception. I am certainly thinking about this topic from a virtualization perspective, where the data would never leave the datacenter. Applications or entire desktops would execute securely inside the datacenter and be accessed by end users over a high performance delivery protocol that provides a great user experience. This is already done widely for clinical apps in the healthcare space and providing FIPS 140-2 compliant remote access is a problem that has been solved. However, I am wondering what would need to happen inside the datacenter? I have my thoughts on this topic but I am curious to hear from you.
What do you anticipate the internal or external auditing procedures to be?

• Remote access only?
• FIPS 140-2 for all server to server communication inside the datacenter?
• FIPS 140-2 even for server to storage communication for medical apps?

Please comment directly on these pages.
Florian

Twitter: @florianbecker
Ask the Architect: Everything Healthcare
Tech Target Blog: Virtualization Pulse

HP Technology@Work is a great opportunity to connect face to face, one on one, with the experts in desktop virtualization. Citrix is offering Technology@Work attendees the opportunity to schedule time with our experts – 1:1! Bring your toughest technical questions – get the answers you need.

In addition to demonstrating Citrix XenDesktop with HP server, storage and client platforms, Citrix along with Microsoft and Intel will be outlining our latest advances at this “do not miss” event in Frankfurt, Germany, April 27-29. This is a unique opportunity to meet 1:1 with our Citrix and HP desktop virtualization experts so you can explore in depth the best way to transform your desktop computing environment. We will also explain how we can accelerate your implementations with some very special packaged offerings for Proof of Concept and Pilot testing. We look forward to seeing you in Frankfurt!

Michael Dell
Chairman and CEO
Dell Inc.

Citrix is pleased to announce that Michael Dell will be one of the Keynote speakers during Synergy 2010. Attendees can see Mr. Dell’s presentation on Thursday, May 13th at 8:30 a.m.

Mr. Dell is the chairman of the board of directors and chief executive officer of Dell, the company he founded in 1984 with $1,000 and an unprecedented idea — to build relationships directly with customers. In 1992, he became the youngest CEO ever to earn a ranking on the Fortune 500.

Mr. Dell serves on the Foundation Board of the World Economic Forum and the executive committee of the International Business Council, and is a member of the U.S. Business Council. He also serves on the Technology CEO Council and the governing board of the Indian School of Business in Hyderabad, India. He is the author of Direct From Dell: Strategies That Revolutionized an Industry.

In 1999, he and his wife formed the Michael & Susan Dell Foundation to manage the philanthropic efforts of the Dell family.

Well, not quite, but as a physicist working on the grand unified theory would say: The arrows are pointing into the right direction.
While patient care is not delivered virtually quite yet, the experts in the field of Health Information Management and Systems will have their annual gathering in Atlanta in early March (http://www.himss.org) to ensure we’ll get there in the future. If you haven’t been to the HIMSS show yet – it is an exciting conference with well over 20,000 attendees.
Questions on health record portability, privacy, interoperability, and the plain old task to get physicians to warm up to the idea of using a computer as the primary means of documenting clinical information will be at the center of the discussions, while musings on whether the federal government is going to pay for your healthcare IT initiative are sure to be overheard as well.
I myself will make my way up to Atlanta to find out what’s going on in the industry and I seek to speak to many attendees and presenters on application delivery challenges in this unique field. Stay tuned on these pages for regular updates and follow me on twitter for a play by play of my HIMSS journey.
Before I pack my bags and decide whether or not to include foul weather gear and snow shoes, please let me know what specific topics around healthcare IT you are interested in.

Twitter: @florianbecker

Florian

The American Recovery and Reinvestment Act of 2009 (ARRA) contains a whole chapter called HITECH. This catchy acronym stands for Health Information Technology for Economic and Clinical Health and makes you wonder if “they” construct the acronym before deciding on what information to convey. It basically mandates a number of fairly stringent disclosure requirements for HIPAA covered entities and their business associates  in the case of privacy  breaches leading to the disclosure of patient data. The act is intentionally aggressive in order to entice health care providers and insurance companies to be really cautious about patient privacy and record security.
I am at HIMSS in Atlanta this week and I notice that ARRA, HITECH, HIPAA and other related topics are front and center in many sessions and for many vendors on the floor.
Under HITECH, the burden of proof is on the side of the covered entity to prevent a breach, discover the breach, and then disclose the breach to the patients and – in some cases – to the secretary of health and human services. If the breach is affecting 500 or more patients in a state or region, the covered entity must notify the patients via public media and notify HHS immediately. 
So, let’s define what a breach really is, and then what you can do to never having to call your local newspaper for the disclosure ad.

Under HITECH, a breach is an “unauthorized acquisition, use, or disclosure that compromises the security or privacy of the health record”. There’s also something in the language that this must pose a significant risk of financial, reputational, or other harm to the individual. Note that I am not a lawyer, but I did stay in a holiday….. tonight. Kidding aside, I did listen to Gerry Hinkley and Deven KcGraw during their HIMSS session this week – both are legal experts in this field.

So, having a laptop with unencrypted, and personally identifiable patient information stolen would be a breach. If, however, the data is secured with federally accepted levels of encryption (and the security of the key is not compromised), OR the data does not include certain items such as DOB or the patient’s ZIP code, it’s not a breach.
As you can see, the devil is in the detail. So, how can you take steps to avoid that painful disclosure? For one, ensure that the patient information never leaves your data center. Leverage desktop or application virtualization and disable clipboard and local disk access on the client device. Many electronic health applications can only print through the server, so that client connected printers are not needed and can also turned off without compromising functionality. If mobile access to the data is needed, consider the Citrix Receiver for the iPhone or mobile access platform of your choice to deliver the information without delivering the data.
Even without HITECH, these are important considerations for any Electronic Medical Records (EMR) rollout. When done correctly, you could allow your doctors, nurses, and staffers to use the laptop, netbook, tablet, iPad of their choice without having to worry about IT managing the myriad of devices or any of them leaving the premises.

Now, unfortunately, this is only one aspect of HITECH. The other aspect involves the unauthorized access  of patient records by employees who have legitimate access to the systems, but are basically snooping around. HITECH covers privacy breaches, not just security breaches.  Looking up your own lab results, or the chart of your friend’s sick kid is an example of a well intentioned, but illegal breach. Looking up the local football player’s records to determine if that hamstring injury has healed before Sunday’s game is also an illegal breach, but not an innocent one.  Identifying those scenarios actually requires intelligent data mining to assess whether access was justified for a person to do their job or constitutes a breach. While you can’t fix the latter category through application or desktop virtualization, you can confidently use virtualization technology to prevent breaches through the loss of devices or data without restricting mobility. One less thing to worry about in the complex world of healthcare regulation.

Questions? Comments?
Follow me on twitter: @florianbecker

Or Windows on Mac, Thin Client, WinMo, iPhone…

The list grows as Citrix Receiver continues to make the end computing device ambigous. In a previous post I showed how Windows applications or desktops can be delivered to an iPhone, iPod Touch or iPad.

Right after the post, the guys in engineering called me up and said, “Hey, we’re not finished yet…”. In addition to iPhone, iPod Touch, and iPad, Citrix Receiver also runs on Android, WinMo, Thin Clients, Mac and PC platforms.

The small feat of magic is that all of this can also be run from a web browser.

I can see it now, you are roaming somewhere, and think, ok let me login to work for a couple of seconds to check something. You launch the browser on your mobile device, Mac, PC or Thin Client and your Desktop is streamed to you. While checking a few things in your work desktop, you navigate away to take a call or use a local app, then navigate back to your work desktop … the way you just left it.

Mobility and the way we live, play and work has just been turned on it’s ear. Bring your own computer (BYOC), an industry momentum started by Citrix, is now a reality for companies that don’t mind providing the desktops and applications for employees to get their work done, but would rather do without the time and expense of maintaining specialized hardware out in the field, or even on employees desks.

Citrix runs Windows applications and Desktops from a central server, called XenDesktop, and pipes it out to your mobile device through the NetScaler AGEE so the data is secure on both the Client and Server side. So, just in case you are not fanatical about the iPhone or iPad, you can still take advantage of the most awesome technology to hit the computing model for the average person. Citrix Receiver along with XenApp and XenDesktop becomes an incredible deal for organizations with a number of different Clients … after all the personal computing device is personal, and you can’t always choose the device the end user will show up with.

Having seen a Windows 7 Desktop running on an iPhone, a PC and a Mac, I wasn’t all that surprised when engineering showed me Windows 7 Desktop running on Android. If you don’t think you need the entire Desktop, you can pipe one or two applications to these devices using XenApp and Citrix Receiver.




We used the previous infrastructure for this Proof Of Concept, because it was already setup with XenApp and XenDesktop. The only new pieces were the end devices. Once again, we used the Citrix Web Interface in XenApp for authentication to keep it simple, however, we have done POC’s with the same setup using LDAP and two factor authentication from the NetScaler AGEE.

Guides

You can have this setup, by following the guides we wrote up as a result of this testing.

Download the Deployment Guide – ICA Proxy for Citrix Receiver.
Download the Deployment Guide – ICA Proxy for Citrix Web Interface.

Citrix Products used in this POC

XenServer
XenApp
XenDesktop
NetScaler AGEE
Citrix Receiver v2.1

Client devices

iPhone
iPod touch
iPad
Mac
PC
Android
WinMo
Thin Client

Watch it live

Tap into the power of AppExpert!

Or any Application for that matter.

Chris Fleck gave fair warning. I’m here to tell you that it works and its here, now. The computing model just got turned on it’s ear.

Why would you want this? Because it increases your mobility without having to reboot your laptop everytime you want to use it, it saves time and money, and it delivers any Windows platform or application to your iPhone, iPod or iPad.

What was previously just a future scenario is now a reality.

Citrix runs Windows and Windows Applications from a central server, called XenDesktop, and pipes it out to your mobile device through the NetScaler AGEE. This is perfect for the iPad which has a screen size of 1024×768. Now the touch, squeeze and pinch is available for all of your Enterprise applications, making them usable on an iPad.




The small form factor of the iPhone was a little hindering for Enterprise applications. Now, with the iPad and Citrix Receiver, Enterprise Apps are usable. Although, while putting together this POC the Product Manager sent me an eMail from Microsoft Office 2010 running on a Windows 7 Desktop … from his iPhone. This confirms that form factors and the computing model is about to be rocked.




The magic is in the way that Citrix hosts the Windows desktops and delivers them to the mobile device. The advantage is all of the computing power of multi-core processors and large memory can still be utilized by Windows, while all of your touching and pinching power is localized at your mobile device.




All of the communication is done over secure tunnels, so all of the information is secure.




For this Proof of Concept, We started with XenServer, installed XenApp and XenDesktop, built a NetScaler to Front-end and secure the infrastructure, and fired up our iPhones and iPads. Its fast, easy and cool. We used the Citrix Web Interface for authentication to keep it simple. You can also use LDAP or any other type of authentication method.

Guides

You can have this setup, by following the guides we wrote up as a result of this testing.

Download the Deployment Guide – ICA Proxy for XenApp & XenDesktop for Citrix Receiver for iPhone, iPod and iPad.

Download the Deployment Guide – ICA Proxy for iPhone, using LDAP authentication.

Delivery Center has arrived.

Products

XenServer is free

Get XenDesktop here.

Download NetScaler VPX here

Citrix Receiver is available for Free on the App Store

Get an iPhone, iPod or iPad from Apple.

Watch it live

Tap into the power of AppExpert!