The document discusses the transformative journey of a global pharmaceutical manufacturer, 'Pharmaco,' towards a 'universal workplace' that enhances user satisfaction and operational efficiency. It outlines challenges such as managing off-network devices, complex IT architecture, and the need for robust security measures while proposing solutions like 802.1x access control and DirectAccess. The overview highlights the strategic importance of adapting to a highly regulated and competitive market through improved IT service delivery and user experience.

1. Entertaining BYOC?Beware the PerimeterRick Dehlinger, Independent Technologist/ConsultantCitrix Technology Professional/Public Speakerrick@rickdehlinger.com | @rickd4real | LinkedIn

2. RickD – 1992 to 2010Desktop andApplicationDelivery

3. What are you talking about Rick???New!!!Proven

4. Introduce “PharmaCo”Solution Overview – Universal WorkspaceChallenges…!Summary/ReviewClosureAgenda

5. Case Study – ‘PharmaCo’

6. Global specialty pharmaceuticals manufacturerDesign, test, manufacture, and sell specialty pharmaceuticals@10,000 users WWR&D, Manufacturing, Sales, Administrative Services, Contractors, etc.HQ on West Coast USA, offices/users in over 40 countriesHighly competitive marketHighly regulated industryWho are they? What do they do?

7. Primary datacenter in Oregon, variety of other resources scattered everywhereSmall IT team, operational support provided by a global MSPXP on the desktop, data everywhere, SMS for basic managementComplex Active Directory structureSnapshot: IT Environment (today)

8. @10,000 users worldwideLarge percentage of remote users (40%+)Large percentage of ‘contingent’ workersSnapshot: User Environment

9. Complex IT environmentSlow time to market with new servicesUser satisfaction level – too low!M&A, sale of business units costly and complexHIGH risks/impact of industrial espionage, compliance breaches, legal actionsProblems…!

10. The ‘Universal Workplace’

11. User perspective: “What you want, when you want it, where you want it.”IT perspective: Major IT transformation projectTouches almost every component of their infrastructureTHE opportunity to do things RIGHT!What is the ‘Universal Workplace’?

12. Users:“…all you need is a browser and an Internet connection!!!”“…dynamically adjust to provide you with everything you need!”“…use any device you want!”IT/Management:“…service non-managed machines without managing them”“…we’ll be dancing in fields, as carefree as birds!!”‘Single Pane of Glass’ - Universal Access

13. Datacenter, data, system consolidationAD, application rationalizationDesktop refresh (Win7/x64)SMS to SCCM, Exchange upgradesSAN upgradesNetwork Perimeter Hardening/TransparencyWhat’s in scope?

14. (not much!)IPv6…What’s not in scope?

15. Desktop/Delivery Services FocusSolution Overview

16. Solution Stack (subset)

17. Dynamic Composition / Statelessness / Layering

18. Componentized Resources

19. Policy Evaluation/Enforcement

20. Perimeter Services

21. Execution and Presentation

22. Composition at Runtime

23. BYOC – Perimeter…Challenges and Solutions

24. Problem: no layer 1-3 access controlNo device differentiation, health checking, etc.Find a plug, have fun! (full network access)Today:Simple Certificate check for wireless network access, some wired network access (conference rooms)Cisco Clean Access implemented, torn out on main campusPrimary ‘filter’ today: facility security, escort policiesChallenge One: Access Control, Managed Networks

25. 802.1X now a critical dependencySwitch/router upgradesEnterprise PKI deploymentNote: Gartner/Burton feedback…Solution: 802.1X PNAP

26. …implementing a NAC architecture is not simple… the promise… is still mostly in the future.Burton Group, 2008 Analyst Report

27. Problem: 40%+ field employeesrarely connect to corporate managed networkGoal: seamless user (AND it management) experience on and off managed networkChallenge 2: Managing Off-Network Devices

28. Don’t manage them!(shot down)Establish SSL VPN connection at logon(an option… but not desired – more complex user experience)DirectAccess(current leading option…!)Open SourceOpenswanOptions to Consider…

29. Upsides of DirectAccessSeamless user experienceSeamless management experienceChallengesIPv4 resources!!! No-go without NAT64/DNS64 services – must have UAGRobust PKI requiredComplexityUnknown quantityNo internal/3rd party expertise identifiedMore on DirectAccess…

30. Moving slowly…MSFT engaged for POCMajor uncertainty (and RISK!)Status…

31. The fear…Keyloggers on unmanaged devices capturing username/password, compromising other externally published applications (OWA, SharePoint, etc.)Potential solutions:Computer Associates UCGvisionapp’s vSLRisks:‘Honey Pot’ (reverse encrypt-able credentials database)Agents on each AD Domain ControllerChallenge 3: No Passwords Outside the Perimeter

32. Accept the risk!…and move critical services behind new perimeter w/OTPSolution?

33. Session Review

34. Rick Dehlinger - Independent Technologist/ConsultantCitrix Technology Professional/Public Speakerrick@rickdehlinger.com | @rickd4real | LinkedInrick.dehlinger@clarossystems.comAbout Claros:Claros Systems is an independent professional services organization intensely focused on building world class, change friendly Delivery Systems. It’s owned by Rick Dehlinger and 2 other managing partners.