0800 8047 256

United Kingdom
EACS on LinkedInEACS on TwitterEACS on YouTubeEACS on FacebookEACS on Goolge+EACS on Pintrest
≡ Menu

Cireson Password Reset – Reduce Costs. Gain Control. Elevate User Happiness

30% of service desk calls are for password resets and they cost on average $25 each.

Eliminate this expensive distraction for your service desk and allow employees to spend their time focusing on the business.

The Cireson Password Reset app for Active Directory is the first phase of many new pre-built apps that support authentication, user provisioning, and is easy to set-up.

HOW YOU WILL BENEFIT

Cireson helps reduce costs, gain control, and elevate user happiness across the business by providing an easy to implement, Active Directory integrated, HTML based self-service driven and workflow automation solution.

Return on Investment

It’s ridiculously easy to save your company money with Cireson. Resetting passwords manually is expensive, inefficient and time consuming.

Integration with your Service Desk solution

With straightforward integration into Microsoft Service Manager and all other Service Desk solutions on the market, you create immediate and timely adoption for your end users. A work item will be automatically created and closed directly in your Service Desk to allow for auditing and reporting.

Multi-Factor Self Service Options

Get users back up and running with zero downtime. Cireson offers users secure access 24 hours, 7 days a week with the flexibility of resetting their passwords via text messaging or email.

Password Policy Supported and Enforced

Security across the infrastructure increases, respecting your native directory services password policies to reduce potential access vulnerabilities.

Access Freedom

Using the Cireson Portal, end users are able to reset passwords from any device, anywhere, any time.

Password Reset Reporting

Get insight into how Password Reset is performing and saving money and time across the organisation. Identifies hot spots and trends in the data.

Contact EACS for more information

Big Data & Business Intelligence

Big Data and Business Intelligence are clearly very hot topics in the IT industry at the moment, not just to manage IT infrastructure more effectively, but also to assist the organisation itself to grow and develop. Dashboards help managers and C-level executives to identify the strengths in the organisation and, more importantly, the areas for improvement. By constantly targeting the weakest performing area, levels of investment can be channelled very efficiently in a process of continual business improvement.

In 2015, EACS embarked on a journey to provide better visibility of the state of our business to the Board of Directors. The result is a web-based dashboard solution that is available internally via SharePoint, or externally via PowerBI, that hooks into various data sources including finance, CRM, service desk, Google Analytics, etc; and summarises the data at a high level to provide a picture of progress and performance.

The intention of this solution is to produce an overall score that represents the performance of the business. But this alone will not paint a detailed enough picture without two further areas of context. The first is history. There’s no point knowing that your score is currently 80%, without knowing what it was previously. If, in the previous period, the score was 70% then this is a positive step forward. If however it was 90% then clearly something is going wrong and it warrants further investigation. This is referred to as “direction”.

The second is “depth”. In order to ascertain why the overall score is 80%, one must break that score down into areas, such as finance, sales, etc. Then, each area can be broken down further into constituent Key Performance Indicators (KPIs), which not only have a “value”, but also a “target”, from which a performance “score” can be derived. This aggregated rollup provides a hierarchical model which allows the users of the system to drill down into more detail, to follow the path of poorest performing scores until the true cause of the figure is revealed.

This journey has proved so valuable to EACS that the solution is now being productised so that other organisations can benefit from our development. This will be launched in spring 2016 at our main Optimise IT event in Cambridgeshire. Until then, EACS is keen to speak to other organisations who may be interested in this solution, to discuss the possibility of either beta testing or early adoption. For more information please contact us.

Remote Desktop Solutions: What’s Out There?

Remote Desktops are not new.  In fact they reach back to the dawn of time…well the 1990s. In that time they’ve come a long way and there appears to be more options than ever before. However, the same goal remains at their core: to allow you to connect remotely to a desktop, enabling you to be productive and access your Line of business (LOB) applications.

In the broadest sense, Remote Desktops can be split into two categories:

  • Single user remote desktops, often referred to as VDI (Virtual Desktop Infrastructure)
  • Multi user remote desktops, referred to as Remote Desktop Services (RDS), Terminal Services (TS) or Server-Based Computing (SBC)

The single user remote desktop typically involves having a client OS virtual desktop (Windows 8.1 or Windows 10) per user.  So 30 users = 30 virtual machines. Great if everyone needs to personalise their desktop and perhaps install applications.

Multi user remote desktops have many users with their own “desktop session” on a single Server based OS, such as Windows 2008 R2 or Windows 2012 R2.  30 users = 1 RDS server1.  Great user per virtual machine (VM) density.

How do I choose what option is best for me?

How long is a piece of string?  The best way is to engage with an IT partner to discuss your business requirements as to why you are looking into remote desktop solutions.  However, there are some questions you can ask yourself to give you a better idea of what approach may be more suitable (see table).

Now we know the basics, let’s look at the options. This article will focus on Microsoft and Citrix based technologies as this is our area of expertise.

Microsoft Remote Desktop Services (RDS)

As old as the hills and the “tried and tested” remote desktop solution.  Many users log onto the same RDS server and share the server resources, leading to the best user density.  The server is made to look and feel like a desktop OS, such as Windows 8.1. Being a server OS, there can be compatibility issues or licensing restrictions for your applications. It is also possible for a single user to “hog” resource on the server, degrading the experience for other users. However, there are measures to prevent this.  RDS can be based on physical or virtual servers on any supported hypervisor, such as Microsoft Hyper-V, Citrix XenServer or VMware vSphere. Users connect to their remote desktop via the Microsoft Remote Desktop Client which is now available for many platforms, including Mac, iOS and Android.

Microsoft Virtual Desktop Infrastructure (VDI)

Although late to join the party, Microsoft’s VDI offering uses Hyper-V to provision client OS virtual desktops; one for each user. This may be a nonpersistent pooled VM that returns to its original state when the user logs off, giving the same user experience every time based on a “master” or template image. Or it could be a static VM assigned to the user permanently.  A statically assigned VM allows the user to make changes, such as install applications.  VDI should give a user experience closest to using a physical PC and has better application compatibility.  However, it can come at a higher hardware cost due to the amount of virtual machines required. One advantage of Microsoft’s VDI solution is that Hyper-V’s extended management tool, System Center Virtual Machine Manager (a paid for product) is not required whereas this is a requirement for Citrix XenDesktop VDI2.  Users connect the same way as above, via the Remote Desktop Client.

Microsoft RemoteApp

This is as variation of Remote Desktop Services but instead of having a full blown desktop, the user accesses only the applications remotely. This is great if you have a subset of applications on your remote desktop servers and want to integrate the experience with your local desktop rather than having two desktops to manage. It can also be preferable for mobile users who may want to access their applications on devices with smaller screens where navigating a Windows desktop can be impractical.  Again, access is via the Microsoft Remote Desktop Client.

Citrix XenApp

XenApp builds upon Microsoft Remote Desktop Services with built-in features as image management for your XenApp servers, broader end-user device compatibility and a more adaptive connection protocol which can better handle higher latency, less bandwidth connectivity.  Another advantage is that you can publish both Desktops and Applications from the same server, giving greater flexibility to your users and administrators. At present, this is not possible via Microsoft RDS/ RemoteApp with separate servers needed.

Seen as the market leaders in the “session hosted” remote desktop space, Citrix XenApp gives you a very good management layer in which to configure, provision and secure your remote desktop servers.  Users connect via the Citrix Receiver (available for almost any device) using Citrix’s proprietary remoting protocol, HDX. As with Microsoft RDS, application compatibility can be an issue.  As well as your Microsoft RDS licenses, you will need to purchase XenApp licenses.

Citrix XenDesktop

Citrix’s VDI solution, XenDesktop uses the same architecture as XenApp so you can invest in a single technology and deploy either shared hosted, pooled VDI or private (static) virtual desktops to your users via a single management interface. It also allows you to deploy their agent to a physical PC and use the same infrastructure to remotely connect in the same way you would to a virtual desktop.  However, for fairness it must be noted that you can achieve a similar function using Microsoft’s solution.

Another major plus with XenDesktop is that it is hypervisor agnostic, so you can deploy on Citrix XenServer, Microsoft Hyper-V or VMware vSphere meaning you can use the same hypervisor already deployed and not have to run two hypervisor technologies. Like XenApp, you do have to buy additional licenses on top of the Microsoft licenses and, depending on the level of license, this will influence which features are available.

We’ve looked at five options available today and as mentioned before, there are others.  However, whichever option you decide upon (after careful research and an assessment carried out by EACS, of course), you will ultimately get the same benefits:

  • Greater flexibility through home working, roaming/mobile workers being able to access their Windows applications
  • Broader device compatibility which is almost a must in today’s multidevice world, allowing the possibility of a BYOD scheme
  • Centralised management of your desktops/applications
  • Easier scalability.  Adding 10 new users to a remote desktop solution should be quicker than provisioning 10 physical desktops with all the bits and pieces that go with the “traditional” desktop rollout
  • Easier rollout to a new operating system; more true with RDS and Pooled VDI solution where a single image is used for multiple users

table

 

 

 

 

 

 

To find out more about the options around Remote/Virtual Desktop solutions, please call EACS. You can also arrange for a Desktop Assessment, where for a fixed fee we will analyse and assess your current infrastructure and requirements to make sure that you choose the right solution.

1 exact user load depends on multiple factors and will vary on each use case.
2 for using image management of Pooled/ non-persistent VDI or deployment of Static/ persistent VDI.

Update from the End User Computing Team

In the End User Computing Team, we have a lot of new technology updates to take on board and help our customers deploy, including new operating systems, assessment tools and Cloud based solutions, as well as Mobile Device and Application Management.

The big news of course is Windows 10, whilst it has only just been released, consumers and IT departments alike are very interested in making the switch- but should you dive right in? For consumers this is probably an obvious choice as it is free until July 2016 for customers who already have Windows 7 or 8, but what about corporate IT?

The biggest problems faced when migrating to a new platform are application compatibilities and user profiles and EACS can help you with both of these issues. Using our Windows 10 Readiness Assessment services we can assess the applications as well as the current platform they reside on. The service is part of a best-practice project approach developed by EACS to ensure the success of application and desktop migrations.

Once we have the applications that require migration, we can then analyse them using Citrix’s AppDNA, which will examine each application and determine whether it will run without any modification on Windows 10, or if updates or patches are required. It produces a simple report that indicates the readiness of your applications for Windows 7, 8 or 10. In addition, it will state whether they are 64-bit compatible, suitable for XenApp/XenDesktop, RemoteApp or Remote Desktop Services. If it’s identified that the application will not run under Windows 10, don’t worry, this isn’t the end of the line for the application. There are several technologies available that can virtualise the application and isolate it from the operating system.

AppSense helps with user profiles. As well as managing applications, AppSense virtualises the user so that they can log onto different versions of Windows without fear of corrupting their profile. It is worth noting that each version of Windows has a different Profile Version and if using centralised profiles each profile will be kept in a different folder, meaning settings will not roam with the user.

Mobility has always been a theme with Citrix, and now with XenMobile 10, it is iOS 9 and Android 6 ready, with a hugely improved interface and features that make the end user experience smooth and simple. Citrix has taken the step to join both the Application and Device management server from XenMobile 9 into one Linux based appliance. This provides much easier management, troubleshooting and installations.

With the huge response EACS is seeing with regards to Cloud technologies, here in the EUC team we have been looking into the new Citrix Workspace Cloud as well as RemoteApp and Desktop as a Service using Microsoft Azure. Citrix has taken the approach to provide a Software as a Service (SaaS) offering where Citrix hosts the management of their solutions such as XenApp, and you simply connect your datacentre or Public/Private cloud to the Workspace Cloud. This keeps the data close to the Desktop or Server hosting the applications, whilst ensuring access is highly available and secure. The datacentre could be in your own building, hosted elsewhere, or as a cloud service such as Microsoft Azure.

NVIDIA continues to improve their GRID offerings with the release of the Tesla M6 and M60 graphics cards for Virtual Desktop Infrastructure. The new cards are more powerful as you would expect, with the M60 boasting up to 32 concurrent users per card, whilst the smaller M6 card designed for high density Blade Servers will take up to 16 concurrent users. Overall this is twice as powerful as the previous K2 cards with twice as many users per card. Through testing and research, EACS has found that it isn’t just 3D applications that benefit from having a dedicated graphics card in the server. With graphical applications like Microsoft Office 2013, and the increase in HTML 5 websites, more and more graphics are making their way into the corporate XenApp environment; having a graphics card in the hardware hosting XenApp and passing it through to the XenApp worker servers vastly improves the end user experience, something that is at the heart of what we do in the End User Computing Team.

What is EMS?

image-3-web

Microsoft’s Enterprise Mobility Suite is a collection of Microsoft Cloud products designed to allow users to be more agile in the workplace. EMS is the epitome of Microsoft’s mobile first, cloud first vision, in that it provides administrators with the tools to make corporate data available to users on any device, and from any location. This does, however, pose a security issue in that data is then allowed to flow freely around potentially unprotected devices. EMS addresses this by including mobile device management capabilities and data protection features in its product set.

EMS is designed to allow users the freedom to use whichever device they wish, whilst also ensuring that corporate data is kept secure and safe no matter which device the data is accessed from.

There are currently four products included in the Enterprise Mobility Suite. These can be purchased separately if required, but EMS becomes the most cost effective option if two or more products are purchased. Below is a rundown of the feature set of Microsoft’s Enterprise Mobility Suite.

Azure AD Premium

Azure AD Premium builds on the success of Azure AD by providing additional features to make the option of extending your existing Active Directory into the Cloud more attractive than ever before. The feature set includes:

Self Service Password Reset– A portal which a user can visit in order to reset their cloud, or Active Directory password. This alleviates the issue of 1st line support password reset calls and gives the user the control to reset their password when needed without making a call to a service desk.

Cloud App Discovery – This agent can be deployed to client computers and will report back on the usage of web based cloud applications, such as how many people are using them, and how much data is flowing through them. For example, it might report that 40 staff members are using the Dropbox application, and that 5GB of data is flowing through Dropbox every week. This is invaluable information and helps discover and target the increasingly prevalent issue of ‘Shadow IT’ and data leakage.

Cloud App Single Sign On – Based on the findings of the Cloud App Discovery tool, or based on information already available to IT, cloud applications can be integrated with Azure AD.

As an example of this, instead of the marketing team having knowledge of the username and password of the corporate Twitter account, you can integrate it with Azure Active Directory. This means that the marketing team log into Twitter with their Active Directory credentials, and if a user leaves the company, you can revoke access to this account easily by simply disabling the Active Directory account. Over 2500 cloud applications can be integrated into Azure AD, and this number grows by the day. You can effectively use this tool to increase corporate security by obfuscating usernames and passwords for corporate 3rd party accounts behind your existing Active Directory user accounts.

Multi Factor Authentication (MFA) – This allows IT to force a second factor of authentication to be used for login to cloud services. This can be a text message, phone call, or a mobile app (available for Windows Phone, iOS and Android). The Azure MFA server can also be deployed on premise to provide MFA to on premise line of business applications.

Analytics– IT can use Azure analytics to report on password reset activity, suspicious logons and other important data which can help identify potential attacks on user accounts.

Intune

This is a mobile device management solution designed to help customers manage their Bring Your Own Device (BYOD) environment. You can manage the following devices with Intune: Windows 8.1/10, Windows Phone, iOS and Android. It includes the following feature set, along with many other configurable options.

Security Policies – These control which security settings mobile devices require in order to connect to corporate resources, such as password locks, client certificates and encryption.

Conditional Access –This forces a mobile device to be enrolled into the Intune service and be compliant with the company’s security policy in order to access resources hosted on Office 365, or even on Exchange On Premise. This means that IT can have control of every mobile device which is connecting to corporate resources.

Mobile Application Management– Office applications can be automatically pushed to managed mobile devices and then secured. For example, copy and paste can be restricted so that corporate data can only be copied/ pasted into approved applications. This helps to prevent corporate data leakage.

Email Profile Management – Deploy Email Profiles automatically to devices.

Selective Wipe – IT can just wipe corporate data from a mobile device. For example, when a user leaves a company, IT can ensure that corporate data is wiped without factory resetting the device.

Azure RMS

Rights Management Services are used to apply restrictions to files and emails. Examples of these restrictions are: Do Not Forward, Read Only and Expiry Dates. These restrictions can be applied to Office 365 data, or On Premise data (using a connector). Some examples of this in use are:

Email RMS– If a credit card number is detected in an email which is sent outside the company, a Do Not Forward rule can be applied to the email. This will make sure that the recipient can only Reply or Reply All.

Document RMS – A sensitive document on a File Server, containing financial information, could be marked as Read Only for all users except the Finance Department, who have full access.

Document Expiry – A file could be sent out to people external to the business with an expiry date. Once this file reaches the set expiry date, it will become inaccessible. This file could also be instantly revoked if required, making it instantly inaccessible, no matter where the file was located. This includes copies of the file.

Advanced Threat Analytics

ATA is the latest addition to the EMS product suite and provides Administrators with sophisticated tracking and alerting against advanced targeted attacks. This includes elements such as:

Brute Force Attacks – ATA will monitor and alert administrators if any attacks of this type are recognised.

Reconnaissance – Any recon activities being performed against DNS server, or against Active Directory using account enumeration, are tracked.

Identity Theft – Various forms of identity theft such as pass-the-hash and remote execution can be identified and alerted against.

Abnormal Behaviour – Strange working hours, password sharing, random geographical access and other abnormal behaviours can be identified and alerted against.

Known security issues – ATA will inform you if weak protocols are in place, or if plain text authentication is being used, exposing sensitive information.

You had me at Enterprise! In summary, the Enterprise Mobility Suite provides administrators with the tools to make workplaces more usercentric and device agnostic. It is set to be a fast growing product and is priced to suit.

Additionally, the Enterprise Cloud Suite can be purchased through Microsoft licensing channels, which combines Office 365 E3 licensing, the Enterprise Mobility Suite and Windows Software Assurance, all on a per user basis.

Speak to EACS today about how the Enterprise Mobility Suite can make your business more agile and productive!