One driving force behind the push to standardize is
concern about security. IT can make a strong case that
rogue applications can bring down the network, or that
old software has vulnerabilities that hackers pounce on.
Another factor is the advent of virtualization, which
makes it easier to standardize. More companies are
using virtualization tools to create a “gold standard” —
one desktop version that gets pushed to all end users.
IT managers who are locking down desktops say the
strategy can lead to lower costs and smoother operations. King makes a point about the “overall fitness”
of how organizations deal with software and handle
operational budgets. A standard desktop forces I T to
think about deployment strategies and, if handled
correctly, ultimately reduces the number of approved
desktops to just one or two.
Yet, some companies wrestle with the notion of standardization because they want to give employees some
flexibility in the way they do their jobs, says King. There
are ways to allow some flexibility with standardized
desktops, including allowing employees to select tools
from a pre-approved applications
library, or allowing employees to
request new tools from IT.
Still, no matter what you do,
some end users will insist on
bending the rules, or breaking
them outright, by downloading
their own software.
In that case, King suggests, “if
the app is fairly benign, simply
note that the download is unap-
proved, explain why and have
the worker scrub it from the
system,” he says. “In addition,
creating a review mechanism
for employees to submit applications for consideration/
approval can be a good way for organizations to learn
about new technologies and to reward workers for
their initiative.”
Here’s how three IT organizations are locking down
desktops while providing some flexibility for employees.
Continued from page 28
approved software that they download themselves.
This has led to significant time savings, he says,
because IT staffers have been freed up to focus on
managing the library rather than about doing “one-off”
application installs. He says the most significant challenge has to do with apps that are not yet in the repository, but that a department might need; the IT staff has
to deal with this challenge on a case-by-case basis.
St. Luke’s uses application virtualization software
from Beyond Trust called PowerBroker Desktops. The
rules-based engine can remove administrative rights
from the user’s desktop so that the person cannot
install applications, and it watches for errant installs
that did not complete correctly. A dashboard matches
the look and feel of other Microsoft data center tools.
Johnson says his team uses PowerBroker to manage
about 8,000 desktops in 90 buildings. He says St.
Luke’s has settled on Windows XP SP3, Office 2007,
Adobe Flash, Microsoft Silverlight, the Citrix client
and Microsoft Live Meeting as the core of its standard
desktop.
A new employee is added to multiple groups as
appropriate — say, advertis-
ing, marketing and general
business. For each group, the
employee can then download
multiple applications from
the approved list, obtain file
permissions to gain access
to network servers for those
applications and configure
some options locally, such as IE
toolbars and Outlook menus.
One other challenge at St.
Luke’s, and for most companies dealing with a standard
desktop, has to do with version-
ing. The facilities use a core image for their base OS
and apps, and tend to stick with one version for long
periods of time. Yet, Johnson says the organization
manages about 22 different versions of Java through
application virtualization — and this argues against
including Java in a standard desktop.
By virtualizing, St. Luke’s IT staffers can root out incompatibilities between applications that use Java. For
example, they can determine that the standard desktop
for accounting always needs a specific Java plug-in. Yet,
they keep the core the same and deliver Java versions
as needed, outside of the standard desktop.
Interestingly, one of the lessons Johnson has learned
is to avoid tweaking the standard desktop — even for
IT staffers. “Less than 1% of our IT staff have admin
rights,” says Johnson. “But we do give people room
to roam. We don’t say ‘You can’t use that application.’
We’re happy to deliver it, as long as we can deliver it
virtually,” to any employee, he says.
St. Luke’s is a bit unusual in how it locks down
administrative rights, even for IT staff. Ed Boyle, a
less than 1%
of our it staff have
admin rights.
eriC JoHnSon, INFRASTRUC TURE
MANAGER, ST. LUKE’S HEALTH SYSTEM
St. luke’s Health System:
Standards plus Flexibility
Consistency across a large organization can be difficult.
With 10 locations throughout Idaho, St. Luke’s Health
System has been extremely careful about its standard
desktop. For infrastructure manager Eric Johnson, one
important goal was to give doctors and other staffers
flexibility around which hardware they can use — allowing them to choose from a list of approved devices —
and where they may work within the hospital.
“In moving from Novell to Microsoft for our back
end, we had a blank slate,” says Johnson. The organization decided to move from systems-based downloads
for applications to user-based downloads. In other
words, end users can choose from a library of pre-
