Over the past 30 years, IT workers have built and maintained a pretty significant part of human history that really tends to get overlooked and underappreciated. Wifi connections have become commonplace. “Always on” Internet connections are now as much a daily requirement as eating food. And, as we Google over lunch, there’s a huge force working in the background to provide as close to 100% availability as possible.

While each single IT worker is just a speck in the crowd, together, over time, the mass of IT has been very industrious. The Chinese has their Great Wall, and when it comes right down to it, IT’s accomplishments over the past 30 years are just as significant. Maybe you can’t see our IT infrastructure from space (a misnomer about the Great Wall, btw), but it is a substantial part of human history and a huge accomplishment that has taken decades to build.

So…the Great Wall is now just a monument, showing how industrious the Chinese people were. There’s a lot about the Great Wall that we could go into, but this blog post isn’t really about the Great Wall. It’s really about how management of our IT infrastructure is changing. Some stats show that the IT workforce in the U.S. is aging, with no recovery in sight from the younger generations. In short, the youth are not interested in IT anymore. Their interests are elsewhere. If it turns out that there is no recovery for IT, then the IT infrastructure may someday become our monument – our testimony to a most industrious time in human history.

I ask you: is it technology to the rescue once again? And if yes, what is likely to be the technology that can help IT continue to deliver 100% availability in the face of an aging IT workforce? And, then, what will our technology infrastructure look like in 5 years? 10 years?

Our friends over at myITforum.com are hosting a poll about this topic for the next month or so. We’d appreciate it if you would participate in it, giving us your feedback on this topic. Once the poll is over, we’ll circle back here for recap and a follow-up blog post.

The poll: http://www.myitforum.com/absolutenm/templates/?a=15991&z=120

Viewfinity launches cloud computing systems management

Q&A: Viewfinity's president on the company's new management suite that uses virtualization and takes systems and privilege management into the cloud

Systems management startup Viewfinity announced the availability of an updated suite of management products that help differentiate the company by taking advantage of two of today's most interesting and cost-saving technologies: virtualization and cloud computing.

The company's new cloud computing model offers cost-effective and easy-to-use systems and privilege management solution for laptops, desktops, and servers. And it provides management support for both in-house and mobile workforces.

To help grow the company and allow it to scale, Viewfinity also announced that it has secured a $9 million Series B-round of funding from Giza Venture Capital, JK&B Capital, and Longworth Venture Partners.

To find out more about this cloud-based management solution, I was able to speak with Gil Rapaport, Viewfinity's president.

InfoWorld: Your company is introducing the concept of bringing systems management into the cloud. Can you tell us why you're taking that position and explain what you've done that makes it really that easy to use?

Gil Rapaport: If you look at the evolution of systems management so far, it started with tools like Microsoft SMS, Altiris, LANdesk, and a few other legacy applications. These systems are costly to implement, costly to manage, and complex to use. Improvements came by the way of appliance-based solutions, but those still required a capital investment in infrastructure and operations, as well as license costs. With our cloud-computing software platform, the software can be quickly and easily installed and ready for evaluation. IT departments can turn their focus to managing computers to meet their business needs instead of focusing on the management platform. We make it extremely cost effective and easy for IT to support local and mobile workers. And our approach delivers value quickly, scales with business need, and eliminates the cost of in-house implementations.

InfoWorld: Your team has a strong foundation in virtualization. Tell us why that's so important and how you're leveraging that background as you take your strategy higher into the systems management realm.

Rapaport: Viewfinity has a unique method of encapsulation we call on-the-fly virtualization. This is a process that doesn't require application pre-packaging or change the infrastructure or desktop usage environment. It's also completely transparent to the end-user -- zero change to the end-user experience. Basically, we believe we have an ideal application and desktop virtualization solution for the IT administrator and end-user. Encapsulation is done at the endpoint (encapsulates existing applications or new deployments), and with the agent installed on the PC and through a basic Internet connection, it seamlessly communicates with our cloud platform, providing the ability to better support mobile workers. We have two patents pending to protect this unique technology.

With this underlying technology, we transform the model from management of the computer as a whole to management of the conglomerate of applications. As an example, with our IT support feature, Activity Recording, you can filter the significant events of each application, watch a screen-recorded "movie" clip of the PC events, and even rollback (or "undo") the action that has caused problems.

InfoWorld: What size of company could realistically bring its systems management into the cloud, and who do you compete with most heavily?

Rapaport: Viewfinity isn't necessarily a small company play, although it could manage any implementation from a small number of users on up to several thousand users. The real beauty of the market position is that we don't really have to compete against anybody -- in a new installation, Viewfinity could replace the entire need to put a classic hardware/software management infrastructure in place. If a traditional (or "legacy") system like Altiris or LANDesk is already in place, Viewfinity is a smooth and simple way to add urgently needed functionality such as management for mobile workers (IT's biggest headache right now), Win7 upgrades, a quick path to privilege management, etc., and then can stand at the ready to take progressively more of the systems management functions into the cloud. It's a wonderful place for us to be -- far less expensive and smoother to put in place than even the plug-and-play appliance approaches to systems management on the market today.

InfoWorld: Speaking of traditional or "legacy" systems management options, I notice that Greg Butterfield, former CEO of Altiris, has joined your board and that Altiris' former CTO Dwain Kinghorn is now part of your Advisory Council as well. Can you tell us a little more about how they will be directly involved in Viewfinity's strategy and growth going forward?

Rapaport: We believe the addition of Greg Butterfield and Dwain Kinghorn to our extended team speaks volumes. That is also true for the other industry icons that have joined our new Advisory Council. The ability to attract and appoint these leaders validates our credibility and presence in the market. Greg, Dwain, and the members of our advisory council will provide insight and direction regarding Viewfinity's vision and its strategy for executing that vision, as well as technology and product guidance as we expand our offerings into the systems management marketplace. Their existing field of connections in every sector ranging from investors to industry partners, to channel participants and key services throughout the world can help to shorten the cycle it takes to make us a strong global leader and a pervasive force in the systems management sector by as much as two to three years.

InfoWorld: Which systems management functions do you consider to be the most obvious to bring into the cloud? And which are more complicated?

Rapaport: Viewfinity's ability to reach mobile workers is the function that has had the greatest impact on our customers and prospects thus far. This is a problem that all companies have, regardless of size. For green fields, we're able to provide the ability to manage and control all of the company's desktops and laptops at the application level from a standard Web interface, wherever they reside. For larger organizations, with our browser-driven interface, we can operate side-by-side with more traditional systems, to fill the gap where needed to reach mobile workers and to provide remote support and propagate privilege management policies. In particular, we've found our software deployment capabilities especially useful for reaching workers who don't regularly connect to the corporate network. Corporations are often utilizing the Viewfinity platform as the distribution point to deploy software packages.

InfoWorld: I understand part of your go-to-market strategy includes a "freemium-based" component. How does this play into your overall business strategy?

Rapaport: As with most freemium products, our free components are meant to offer value and to entice. Once IT administrators use our product, they will immediately realize the benefits. Viewfinity's cloud-computing model offers a much lower barrier to entry because we provide the infrastructure. It's easy to continue using Viewfinity to increase the number of desktops that are being managed. The cloud delivery model, coupled with the ever growing base of mobile workers, positions us nicely in the marketplace. Offering unlimited use for up to 50 PCs helps IT administrators get comfortable with the product and apply it to their environment before rolling out mainstream. And then they will typically tell their colleagues about us, which supports their confidence in the product.

InfoWorld: Where do you hope and intend the market for cloud-based systems management to be a year from now? And what is the role you hope Viewfinity will play in helping to drive that charge?

Rapaport: We believe we're already driving the charge. More adoption and use of cloud-based software is going to reaffirm and strengthen the direction the market is moving. When companies can be more productive immediately and can do that with the help of a systems management solution that doesn't required specialized IT experience or the need to purchase and install a management server, we believe cloud-based systems management will become a natural and increasingly prevalent trend.

Once again, I'd like to thank Gil Rapaport, president of Viewfinity, for taking time out and speaking with me.

This story, "Viewfinity launches cloud computing systems management," was originally published at InfoWorld.com. Follow the latest developments in virtualization and cloud computing at InfoWorld.com.

Here's a continuation of the Top 10 Windows Desktop Lockdown Tips & Tricks recently written by Darren Mar-Elia in WindowsITPro:

#2 Elevate as needed: As a corollary to No. 1, sometimes you need to elevate user privileges to allow them to get their jobs done, especially if they are mobile users. Look for third-party products that let you selectively elevate on a per-application or task basis to let users do what they need. This is an important capability because, as you move to least privilege, help desk calls from users who can no longer perform certain tasks will increase. Having a solution that lets you elevate specific tasks can reduce these calls while ensuring security.

Learn how one Viewfinity CIO customer, Lathrop & Gage, is using our Privilege Management product to move from its Wild Wild West environment to more of a least privileges operation.

Managing desktops and laptops in a distributed environment is a top challenge for IT departments.  Current industry research shows that the most urgent and pressing issues are clear: 

• Providing better support and management for your mobile workforce
• Securing your environment through desktop lockdown without simply causing a shift in the type of help desk calls
• Deploying software versions and patch updates easily and with extended reach to mobile workers
• Resolving help desk calls faster

Yet, many solutions that exist on the market today to help alleviate these issues become a burden themselves.  With some legacy systems, in 50% of the implementations, the time to roll the system out takes over six months.  And for every 5,000 desktops an organization must manage, they must have at least one full-time employee on staff to simple tend to the administration of the systems management servers. 

What if there were a solution that allowed you to focus on managing computers for end-users and their business needs and not the administering of the management platform? What if in four easy steps and in less than ten minutes, the software can be installed and ready for evaluation? 

We'd like to hear from you - what are some of the  systems management challenges you are dealing with in your organization?  Are they the same issues as noted above, or do you have an entirely different set of challenges?

Elevating security rights to administrative levels on a per application basis

An important and challenging problem for IT Administrators to maneuver around is managing administrative privileges on the desktop. Many applications that are developed in-house as well as some commercial products, such as Visual Studio, require running the application as an administrator. If the user doesn't have administrative privileges, the application components will not function or even worse, the application will not run at all. A typical situation facing IT administrators is where an end user needs to run such an application and must either grant full local administrative rights to the user account or utilize the native Windows command "RunAS" and provide the administrator password. Allowing users to have administrative rights or exposing the administrator password is risky and creates a less secure environment, which opens the door for desktop problems to occur.

This problem is especially challenging for IT Administrators working for the government as the recent US Government Federal Desktop Core Configuration (FDCC) mandate stipulates that administrative rights cannot be granted to end users and may not be made available on federal desktops and laptops.

Granting administrator rights at the application level and removing privileges from end users is the best approach for optimum desktop security. With this approach, the desktop operates within the least privileges mode except for applications flagged for elevated privileges.

Here's a 70 second video clip demonstrating Viewfinity Elevate Privileges. Feedback is welcome.

Darren Mar-Elia recently published his Top 10 Windows Desktop Lockdown Tips & Tricks in WindowsITPro magazine.  We thought we'd share these with you.  Below is tip #1.  Stay tuned, more to come.

1.  Least privilege is the best privilege:  The single biggest thing you can do to ensure your desktop security is to run your desktops using a least privilege model.  This means not making your users Administrators or Power Users on their desktops.  While this can be challenging to accomplish, with users as administrators, you have no control over what they can do on their systems.

The chart below was taken from data gathered from a recent systems management survey run with Redmond Magazine's audience.  It reveals that while 2/3 of organizations agree with Darren's #1 tip, most have taken an all or nothing approach to lockdown.  Are you hesitant to move to a locked down desktop environment?  If so, why is that?

There is a fair amount of pressure to resolve desktop and laptop problems instantly, over the phone, as the end user waits anxiously on the other end. For example, I got a call from my boss, who was at the airport having problems trying to run Outlook. Outlook was taking a very long time to start and when it finally started, he got a message related to a corrupted file. I launched into my standard troubleshooting methodology:

1. Information Gathering — What changes were made to the computer recently? What new applications have been installed? When was the last time the application worked properly? Usually I get mixed responses, with more details coming from technical users and less from business users. Most end users won't always "recall" exactly what they did.
2. Error Analyzing — Use typical tools including application event log, log files, user groups and application knowledge bases.
3. Invoke Remote Terminal — Establish remote control session with problematic PC. Try to recreate the problem and then take corrective action.
4. Execute Fix — This depends on what information is available from steps 1-3. In some cases the problem can be fixed by applying the latest patch, modifying the registry or other settings. Sometimes it's faster to just reinstall the application, although all user settings need to be recorded and reset (location of all PST data files, account settings such as email signature, etc.).

Viewfinity offers a feature, Activity Recording, that shows me, step by step, exactly what events were executed on the PC. I then simply undo the event that caused the problem. How much time would be saved and aggravation avoided in a day? A month? How much in a year?!

Business Need
Is it possible to setup and manage white listed only applications versus having to maintain a list and block all unapproved software?

Viewfinity Capability
Viewfinity can be configured to support a "white list only" model so that when an end user logs in, his/her desktop is configured to only present and run the applications that are required for them to work. Other standard desktop applications are not available — no games, IM, iTunes, etc. are visible.

See it in several Easy Steps

ROI Considerations

• Reduces end user support and malware incidents
• Improves network and asset utilization by restricting the use of non business-critical applications
• Ensures business-critical applications are meeting corporate configuration standards

Related Viewfinity Usage Areas

• Block Application
• Compliance

Since Sarbanes-Oxley, there has been a lot of buzz about "compliance" and the hoops IT must jump through to ensure its adherence. But everybody views it differently. One organization demands all PCs are locked down completely, another one keeps the environment wide open and resets to a golden image when issues occur, and yet another has different policies for laptops and desktops or different polices depending on the end user’s functional role within the organization. Many argue that there is no such thing as privacy on company’s computer, and others insist that there are privacy issues to be considered. Regardless, these policies create tension between IT personnel and end users. And since more and more people are telecommuting, it is very difficult to keep everything as restrictive as management would like. Many enterprise level organizations have conceded the fact that the corporate PC, while primarily a tool to conduct business, is also the same device used for “personal computing” and separating these two uses may not be necessary. This allows employees to use their PC for both business and personal needs. With this approach, however, what should be the role of tech support and how is corporate compliance enforced?

Maintaining "blacklists" or "whitelists" for unauthorized and authorized applications can be time consuming. Since fluctuations between blacklists and whitelists occur frequently, flexible application lockdown rules based upon groups, connectivity status, application, and time of day would best support the needs of the end user, the system administrator and the company. Configurable compliance policy support would help to eliminate critical problems that might occur if, say for example a laptop is stolen. If the laptop isn’t connected to the corporate network, specified data and/or applications cannot be accessed. Or, to disable iTunes or IM during business hours.

So what is the norm today and can an automated method for managing privileges help your company protect itself if complete lockdown is not the ideal approach?

Have a look at Brian Madden's blog posting, "If Symantec buys a client hypervisor, they could dominate the desktop virtualization market in two years" as it lends itself to what we are doing with the on-the-fly virtualization™ methodology. We agree with his philosophy that the solution to virtualize the other 480 million desktops should not be "hard and game changing" but rather a non-disruptive approach, as noted "without even noticing it."