Ensurepass

Case Study: 1 Soler Healthcare

Citrix Delivery Center Infrastructure Assessment Executive Summary

Soler Healthcare is a global research university with hospitals and research facilities in locations around the world. `Most divisions and branches of Soler Healthcare provide specialty services For example, the New York branch is the home of the School of Cardiology and the Center for Cardiovascular Treatment Specialists who work at Soler Healthcare travel to the company’s facilities in global locations to carry out their various medical, research and training duties.

Soler Healthcare has 5,000 full time employees, with several hundred contractors. The majority of the full-time employees are engaged in various research and training activities. All employeesat Soler Healthcare are currently required to work in an office location in order to have access to the organization’s network and resources.

Management, doctors and other healthcare professionals, and some field staff regularly use laptops, tablets, and smartphones. Members of the field staff encounter difficulties on a regular basis keeping files synchronized between their mobile devices and their assigned workstations in their offices.

Soler Healthcare has no immediate plans for expansion; however the management at Soler Healthcare is exploring a range of information technology (IT) solutions that will enable the organization to be more productive, efficient, and agile. Improving the company’s current desktop and application delivery strategy is a high priority for management Optimizing their desktop and application delivery strategy will improve the way the IT team provisions and delivers desktops and applications to users, and in the long run, should the organization need to expand, a more robust and flexible solution will ensure that the infrastructure is scalable.

 

1.1 Current Citrix Environment

Soler Healthcare does not have an existing CitnxInfrastructure.Soler Healthcare is interested in desktop virtualization.A desktop virtualization Proof-of-Concept (POC) environment was recently built for Soler Healthcare.After several demonstrations, management has decided to replace the current desktop and application delivery model with a Citrix virtualized infrastructure

 

1.2 Key Project Findings

After an onsite assessment of the Soler Healthcare infrastructure and a demonstration of the POC environment, the following statements indicate the status of Soler Healthcare’s IT needs and plans: The CIO of Soler Healthcare has been charged with the responsibility of using the upcoming desktop refresh window, during which all user office computer equipment will be evaluated and upgraded where necessary, to move to a virtualized desktop and application model.

Soler Healthcare is interested in desktop and application virtualization to address several problems, including the following.

Providing secure remote access to select users who need to access their data from remote locations outside of the corporate network.

Reducing overall general IT and storage costs

 

1.3 Next Steps

Following the infrastructure assessment of Soler Healthcare’s IT environment, this report recommends that Soler Healthcare takes the following actions:

Replace the physical servers and desktops with virtual servers and desktops and update the Operating System platforms to Windows Server 2012 and Windows 8

Provide secure remote access from any device to users in the HR, Doctors, Management, IT, the Emergency Response and Offsite Contractors groups

Implement a virtualization infrastructure with shared storage to support a new virtual server and desktop infrastructure.

Integrate disaster recovery solutions into the new architecture

 

Users

The Soler Healthcare environment consists of a diverse group of users.Call center staff use thin client devices to access corporate resources, while most of the other user groups access corporate resources from corporate-issued workstations and laptops.Over the last few years, users at Soler Healthcare have gradually begun to access corporate resources from tablet and smartphone devices. Users are frustrated with the ITteam difficulty rolling out new operating systems and applications, the lack of a remote access strategy, and the overall lack of flexibility in the environment. In both formal and informal settings, the CIO has presented the concept of virtualizing applications and desktops, andusers have responded favorably. Thus, the management at Soler Healthcare has instructed the IT team to assess, design, and build a virtual desktop solution, creating appropriate solutions for employees based on their job requirements.

 

Client Devices

All Call Center employees access applications from thin-client terminals. These terminals are used to connect to a legacy mainframe environment using a terminal emulator. The legacy mainframe environment will be replaced with a Windows-based solution.

With the exception of the Call Center, the majority of the other users in the environment have laptops and desktops with single-core processors and 1GB of RAM on which they run Windows XP.Some have newer computers running Windows 7.Currently users’ data is not backed up and the company does not have a disaster recovery strategy.

Some employees have handheld devices, such as a tablets and smartphones. Tablets and smartphones are currently not officially supported by the IT department at Soler Healthcare; only "best effort" support is provided.Extending support to tablets andsmartphones is being considered.Current breakdown of client devices at Soler Healthcare:

 

 

 

 

 

clip_image001

The HR applications suite named PositivelyPeopleis a front-end application that provides access to various modules, including payroll, time sheets, vacation requests, new hire procedures and information on former employees. The sensitive data in the PositivelyPeople application must be treated with strict confidentiality and must only be accessible to members of the HR user group.

Distribution of the data must be prevented. The output of the modules can be in either Microsoft Word or Excel file format, or Adobe PDF;so these applications are currently co-located with PositivelyPeople on the HR users’ desktops.

Installation of PositivelyPeople is performed manually based on a thoroughly documented process. The Finance team, which consists of the billing and collections team, also accesses the main finance application namedPositivelyFinance, from their desktops PositivelyFinanceis not available from devices outside of the Finance’s team vLAN. The application is only accessible to members of the Finance team Users of thePositivelyFinanceapplication should not be able to move or copy application data from the corporate network to any non-corporate issued devices or any devices that are not connected to the Finance’s team vLAN The vendor for PositivelyPeople and PositivelyFinance has tested and certified the applications to run on Windows Server 2012. The IT group at Soler Healthcare needs to ensure that these applications are always available.

Several months ago, Soler Healthcare sponsored a XenDesktop POC centered on mobilizing Windows applications for the Emergency Response Team. The POC focused on the Emergency Planning application named PositivelyResponse. The POC was considered successful.

Breakdown of all user groups and their application requirements:

clip_image003

 

clip_image005

 

Application Access

With the exception of Call Center users, all users currently access their required applications locally on their desktops or laptops. The recently conducted XenDesktop POC has increased interest in desktop virtualization. Members of the Management team who attended the demonstration are excited about the possibilities of having secure remote access to the corporate network, centralized management of applications, and a host of other features they like. The POC was successful and has gained the support of many of the decision makers at Soler Healthcare.

In the new environment, users in the HR, Doctors, Management, IT, the Emergency Response and Offsite Contractors groups should have remote access to their applications and/or desktops at all times including when at a Soler Healthcare facility or outside of one (over the Internet from other networks). All other users should have access to their applications and/or desktops only from the internal network Access to email in particular should be available to all users regardless of their location (internally and externally),

 

Virtualized Desktops

Soler Healthcare is new to the concept of desktop visualization and has recently begun to explore the possibility of visualization applications, desktops, and server workloads. Soler Healthcare plans to move to a virtualized desktop and application model for users based on what is deemed most appropriate following the successful POC of XenDesktop in their environment. On Soler Healthcare’s desktops and applications visualization wish list, management would also like for the IT team to implement high availability within the desktop and application solution.

 

Databases

SQL Server 2008 is currently implemented in the Soler Healthcare environment A team of database administrators maintains the SQL database infrastructure. A full backup is performed on a nightly basis as part of the regular maintenance program All databases are currently stored on a storage area network (SAN).

The backend database for the PositivelyPeople, PositivelyFinance and PositivelyResponse applications are alsohoused on this SQL Server 2008.Soler Healthcare is moving all databases to SQL Server 2008 R2 with the most recent service pack and patches based on robust new hardware and virtualized servers. The PositivelyFinance database needs to be transitioned to this new platform as soon as reasonably possible.

 

Windows Server and Active Directory

The Soler Healthcare server infrastructure is based on Windows 2008 R2 servers. Windows 2012 has been tested successfully for all applications, and Windows Server 2012 will be implemented as the server operating system platform in new virtual environment. The environment consists of a single forest which contains several domains, one for each country in which Soler Healthcare operates and maintains a facility. Each of these domains includes all of Soler Healthcare facilities in that country.

A Remote Desktop Services (RDS) License Server is hosted on a single domain controller within each domain, with 100 Client Access Licenses (CALs) on each RDS license server.

The IT staff at Soler Healthcare built all of the servers and desktops in the current environment using a manual build process. Servers at Soler Healthcare have been in service for three years with no significant changes, so the process of building or rebuilding a server has not been a regular part of maintenance tasks. However the CIO is requiring an automated, easy-to-use server provisioning process be incorporated as part of the new IT infrastructure.

Logon scripts are not enabled for users as Soler Healthcare abandoned logon scripts last year in favor of Group Policy Objects.

Soler Healthcare applies a minimal set of Group Policy Objects (GPOs) to domain-joined servers and workstations. Only one GPO, which configures Internet Explorer and Windows Update settings, is applied to domain-joined servers and workstations.

Roaming profiles were implemented previously, but they caused issues with one of the PositivelyFinance modules. Instead, local profiles are being used and administrators must manually delete the profiles when necessary No Remote Desktop Services-specific home drives have been implemented, as they have been deemed unnecessary.

 

Network Architecture

The site layout of Soler Healthcare

 

clip_image007

 

 

Site Layout

Soler Healthcare is a worldwide organization comprised of three data centers in New York London and Hong Kong with numerous regional hospitals connected by a private wide area network to their local datacenter. Additionally, users work from home and on the road Approximately 20% of all users work from home offices or travel part of the time. This is likely to increase significantly due to a new flexible working policy for administrative and managerial users. Because of this, reliability of remote access will be very important The CIO has emphasized that internal WAN traffic between sites must be kept to a minimum. As such, each user has a home" datacenter, to which he or she primarily connects; if there is a failure, virtualized desktops and applications should fail over to the secondary datacenter Based on this architecture, the datacenters are designed to support specific regions.

clip_image009

 

Enterprise Storage

User data is currently stored on an aging iSCSI SAN Soler Healthcare plans to roll out a new global storage solution for the three main datacenters, and the new storage solution will provide a total capacity of more than 1PB. Components of the solution will be physically located at the three datacenters. Initially, only about 200TB of space will be used at each data center, and a administrative project to delete obsolete and old files has been started.

Soler Healthcare plans to upgrade its storage solution in order to incorporate redundancy, high availability, and replication between the primary and backup datacenters, for each site.

 

Server Hardware

Characteristics of all physical servers associated with the Soler Healthcare environment.

clip_image010 

Soler Healthcare is planning to purchase new hardware to support the planned virtualization environment. This capital expenditure has received preliminary budgeting approval; however, where feasible and reasonable, server virtualization should be incorporated in order to maximize the efficiency of datacenter operations.

 

Security

Active Directory is used to authenticate users in the Soler Healthcare environment Due tothe sensitive nature of the PositivelyFinance application, shadowing of this application should be prohibited.Shadowing of all other applications and desktops in the environment should only be allowed by Level-3 support personnel.

Anti-virus software is installed on each server and workstation, and it is automatically updated every hour.

In the future, the company will require two-factor authentication when accessing the environment remotely.

 

Disaster Recovery

The mobile workforce is not incorporated into the disaster recovery plan at present. As such, the mobile workforce must be included in any disaster recovery plan. The CIO has confirmed the use of the London datacenter for disaster recovery purposes.

 

 

 

Comments are closed.