The Pillars of PCaaS: Part 1 “Self-Healing”

5-pillars-65431331-ss-1920As organizations pivot towards an end-to-end workplace transformation–specifically enabling a predictable, precise, and repeatable PC lifecycle –they are finding that a PC as a service model is supported by 2 mission-critical pillars–Zero Touch and Self-Healing.

The one ingredient that forms the connective tissue throughout both pillars– and therefore the key to successful transformation–is automation.

In terms of self-healing we are addressing automations that support the continuous integrity of the PC as it travels through the lifecycle.– incident management and support , optimization, and authorized and controlled evolution of the compute environment.

And from a strategic vision perspective-automations enabled by our pillars have a direct and positive affect on the Total Economic impact– a measurable ROI combined with a reduced TCO. We’ll show you this through a blend of best practice automation processes, better maintained infrastructure and more focused IT resources and work force.

Now, of the many business and technological benefits Utopic’s Persystent Suite offers, none seem as impactful as the ability to self-heal an affected PC and return it to a productive state in about 45 seconds–the time it takes to reboot the machine.

Our live demos prove that this can be done–especially when we infect a healthy machine with ransomware and self-heal it as if the issue never occurred. But how? Is this solution different than a reimaging or a rollback to a Day Zero state? And how is this tied in to a larger automation initiative of the PC lifecycle.

Let’s start with why a PC needs to self-heal. Even though our demo illustrates the most catastrophic issues, the need to self-heal is not always a four-alarm emergency… sometimes it’s simply an issue of poor performance or mis-configuration. The PC is inexplicably running slow or an application or the OS didn’t update or load in the expected way. There are dozens of seemingly routine issues that would typically require the time to diagnose, replicate and repair. Persystent Suite simply flips this concept around: get the user back up and running immediately; resolve the support ticket in minutes and then, when time allows, review the change logs and identify root causes in order to prevent future occurrences.

And it’s all about automation. From an enterprise perspective there’s  lot to unpack here, so let’s start with the basics. Self-healing starts with the ideal state. As covered in Part 1, zero touch automation helps define and configure the policies and compliances that make up this approved template of the operating landscape. This is the image each PC must maintain and that IT can easily replicate and control across the enterprise

Simply, Self-healing automatically reverts a PC back to its last known ideal state. This is not a rollback. With rollbacks you lose all the prior updates and often times the applications and data. Self-healing, conversely, returns you to the last updated and approved state…with all the latest sanctioned changes, updates and patches still in place. This means no re-imaging. This means no starting from scratch.

We can validate the speed of the self-healing automations since it is only the changed files that are affected. In the case of corrective action, files that don’t exactly match the approved state are repaired and restored. The same concept is true when applying authorized updates…except in reverse. It is only the targeted approved changes supplant the previous iteration to the snapshot.

So what happens is when self-healing is necessary, IT can remotely reboot the device on demand. The PC will shut down as it typically does, and during the pre-boot process, right after BIOS loads and before the OS executes, Persystent Suite applies the last known approved state. This takes roughly 45 seconds or the time it takes the device to reboot.  In this scenario the user returns to productivity in near real time without losing their data, their applications or their profiles. To the user, it’s if the issue never occurred.

And that objective underscores a key strategy for practically every company: Keep users working towards company goals without having to lose time or data.  No waiting hours to get a PC diagnosed and repaired; no sending the device off to IT and waiting to get a replacement; no ambiguity on whether the issue has been satisfactorily resolved. And this works no matter how corrupted or damaged the hard drive is.

This prompts several questions.

How does the image stay updated? One of the proprietary automations within Persystent is the capability to schedule routine updates to the state with a new snapshot that is maintained on the device itself.

Periodically IT needs to make changes to the image. Whether we are talking “Patch Tuesday” or semi-regular application updates or any other authorized change blessed by IT , you need an easy way to ensure each PC gets the update…therefore when a PC is self-healed, the last image is the most up to date approved version.  The problem with a non-automated approach is oftentimes the patches and updates fail, applied inconsistently and/or take way too long to apply.

Because of Persystent’s proprietary file-based automations, the administrator only need to update the golden image.  Our process works in that the image is refreshed back to the ideal state, then the new changes are applied and tested before distribution. As the new ideal image proliferates across the enterprise, it only applies the changes to the a new highly compressed snapshot that exists on each device. That’s why it is fast, efficient and highly successful on the first attempt. And the changes can be applied on or off the network. Utilizing this process, IT can schedule regular updates so that the images are current and authorized. And applying this same self-healing automation process, the user gets the updates the next time they boot up their device. Now the next time a user calls with a break/fix issue, it is the latest version that gets reapplied without the symptoms that caused their concern to begin with.

And, If IT wishes to regress back to an earlier image, Persystent maintains up to 20 previous images. There’s simply never a need to reimage a box.

Getting a user back up and running quickly is great, but I still  need to know what happened?

After the self-healing cycle completes, Persystent automatically provides a change report that details all the changes made to the desired state so IT can analyze and pinpoint the root causes that created the situation. You can easily compare the ideal state against the corrupted state and see down to the file level what changed or what was affected. With major breaches such as viruses or malware up to up to 2-3000 individual files including registry having been changed, this approach is comprehensive enough to not only help identify root causes, but to provide the necessary documentation to facilitate compliance.  We don’t say that Persystent is a security solution, as it does not prevent issues from happening, but it does remove the causes or unsanctioned changes that allow them to proliferate and create headaches. By applying an ideal state,  you demonstrate a control over the change management landscape as dictated by multiple compliance agencies.

Does self-healing only occur during an IT-initiated reboot? No. Persystent promotes either on demand or automatic self-healing based on the individual companies need and policies. It offers multiple levels of repair that can be applied based on the situation. For example, organizations that deploy multi-user PCs such as in colleges, labs, libraries or kiosks, having the PC self-heal  every time the PC reboots is the applied best practice… simply because you can’t predict what any individual user has done and IT must maintain a fresh baseline.  Yet, for most companies we suggest that IT retain the ability to self-heal only when needed–a break/fix support call, patching optimizations –this remote, on-demand application allows for the necessary support tickets be created, but also document when corrective action for compliance reporting.

I use SCCM or WSUS. The good news is that Persystent integrates with these solutions. And because this is an important consideration, we will dedicate a video to this subject that shows that Persystent is  complimentary with SCCM and WSUS…and it can be integrated into any ITSM/ITIL solution such as LanDesk (Ivanti) Tivoli, Dell Kase, etc…

Overall, Utopic recognizes the desire is to keep the technology current, but reduce infrastructure complexity and meet the unique needs of the enterprise. However, many IT organizations are struggling to find the right balance between maintaining mission-critical systems and implementing new innovation for the business.  To keep pace with evolving workspace transformation goals, companies face challenges to adjust strategic processes and manage infrastructure changes which directly impact the ability to increase profitability and gain a competitive advantage by reducing time to market, minimizing the complexity of change management and limiting support costs.

And that’s where the automations provided by Persystent Suite make a huge difference. In the end self-healing not only simplifies repair and recovery but creates a undeniable combination of ROI and TCO into a net effect or Total Economic Impact. In terms of TCO, your cost per device goes down;  your year over year cost to manage the fleet is reduced. This is demonstrable in that automations and self-healing remove hurdles to compute availability, remove inefficiencies and irregularities, reduce the time and resources necessary to maintain and optimize,  and expand the operational lifespan of devices. In the ROI chart we’re showing, you can see from a labor perspective the reduction in incidents, lack of repeat occurrences and the resolution speed significantly reduces IT resources.

Advertisements

Integrating with SCCM: Not “either/or,” but “AND”

sccmLet’s start with the plain fact that Utopic’s Persystent Suite and SCCM (System Center Configuration Manager) are complimentary solutions and not an either/or proposition.

When we introduce Persystent to IT professionals, at times the solution is compared to Microsoft SCCM. Whereas there is a small functionality overlap with imaging configuration management capabilities, the larger vision is that SCCM only manages configuration. The focus of Persystent Suite is self-healing and continuous compute availability. This, of course, takes into account that the configuration for any PC image is up to date and properly deployed.

To that end, Persystent Suite works as a compliment to SCCM. SCCM is a powerful tool that manages the deployment, and security of devices and applications across an enterprise through policy enforcement, and patching.  Persystent has that ability too, however that’s where the similarity ends. For SCCM, once the base image is built or updated, that’s it. It doesn’t maintain a continuous and updated repair point should any issue affect an individual PC. It does not do any type of repair.

This alignment happens when an IT organization creates and maintains an image using SCCM. They can add all the appropriate applications, security patches and updates and deploy to the entire enterprise. Once the image is “out in the wild” users might experience any number of performance issues that are self-inflicted, influenced from external activity, breached, or simply mis-aligned. One way or another, SCCM is not capable of any sort of automated repair/recovery and the user’s productivity is disadvantaged. Persystent Suite, and its proprietary technology, adds the ability to automatically schedule and take snapshots of the incremental changes of the approved image. Consequently, when a user calls support with an issue,  they now can simply perform and on-demand reboot of the affected PC and return it to compliant productivity in less than a minute. This includes all the applications, profiles, updates and user data. It effectively removes the need to re-image and reapply all the patches , application and updates. It is not only a tremendous time saver, but also ensures the reliability and integrity of the desired PC image.

Several Utopic  clients concurrently leverage SCCM and Persystent for various automation tasks such as high speed imaging, deploying scheduled and successful updates/patches, managing baseline configurations, and enforcing PC compliance.

Without getting too technical: Persystent can perform imaging just as well as SCCM. In most cases it can process an image faster because of certain process automations and the ability to incorporate drive encryption in parallel to the base image’s creation. Persystent imaging is hardware independent where you can deploy a standard base image to any make or model of the computer in an environment. You simply have to download the driver CAB files on the server and Persystent does the rest. It  coexists with SCCM in that one can continue to use SCCM for imaging if that process is working well. SCCM would apply authorized windows updates or install application and Persystent would then automatically capture that state so that you can immediately repair and restore the system back to the desired repair point in the event of an issue. Also, by offering multiple levels of repair provides even more control for IT teams.

Additionally, Persystent’s other key functionality is that it can perform secure device wipe. This is outside of SCCM’s functional purview. Upon retirement, reassignment or recycling , hard disks still contain a great deal of sensitive and proprietary information sensitive information. Persystent can quickly and seamlessly erase data hiding in any proverbial dark corner and render the hard drive completely unreadable. This function (which can also wipe a drive remotely) complies with DoD, NIST 800-88 industry standards.

For many organizations having the imaging combined with automated self-healing is not a either/or proposition, but an “and” that delivers continuous ROI. A combined force provides the necessary value to not simply extend the lifecycle of an asset, but rather provide the necessary ingredients to control the image and ensure the end user is optimized to reliably carry out functions that support the business goals.

Fighting Application Drift with Self-Healing

The ability to conduct and on-demand or automatic self-healing repair of a corrupted PC  and bring it back to the approved desired state is one of the many advantages Utopic’s Persystent Suite offers. In these cases it is easy to imagine a user clicking on a suspect link and infecting their system, or adding an unauthorized application fraught with spyware and other performance-hindering elements, or perhaps accessing their registry and adjusting a standard setting. Persystent Suite is perfectly scaled to directly remediate these issues on a single reboot of the system to return the affected PC to the desired state.

Although these scenarios happen too often and are extremely problematic, the more likely service desk call will be from a user experiencing slow performance or an application performing out of character. There are dozens of potential root causes, but a likely culprit is application drift. This indicates the affected PC is not using the most updated version of the application, an update did not correctly apply during the last upgrade, or, over time, has become misconfigured from its optimum standard. In some cases, it represents unsanctioned modifications made by the end-user or third party.

The best practice is to get the user back up and running immediately. By conducting an on-demand reboot of the PC, the user can return to productivity in about a minute. From the end-user’s perspective, it will be as if the issue never happened. The reboot restores the last known desired state. This desired state, maintained and controlled by IT, contains the proper version and the correct configuration for not only the application, but for the PCs entire operating system.  It also removes any unauthorized changes that may have contributed to the PCs performance issue, yet leaves the end-user files and profiles untouched. From a security, asset management and compliance standard, it ensures each user is using the appropriate version of an application to which they are given rights to access.

However in terms of best practice (and compliance satisfaction), it is important to know why the PC was affected. Every time the desired state is reapplied, Persystent Suite creates a file change report. This report lists all the items that differentiated from the desired state settings. It allows IT to see and document (without having to sift through thousands of event logs) the delta between the approved policies, registries, applications, infrastructure configurations etc…  from the time of the issue and the approved state. This way, IT can pinpoint root causes more clearly and adjust policies or procedures to prevent or mitigate such occurrences in the future.

Innovation of the Year!

utopic_pinkIn recognition of the seamless and inventive way PCs can now be automatically self-healed from small break/fix issues and catastrophic failure, Pink Elephant, the global IT Service Management leadership certification and training organization awarded its top prize for IT Excellence to Utopic Software’s Persystent Suite.

Utopic, a leader in imaging, repair and configuration management solutions, was selected among four finalists at Pink Elephant’s 20th Annual International Conference & Exhibition, “Pink16,” in Las Vegas for Innovation of the Year. Persystent is a cloud-based and on-premise platform that facilitates repair and recovery of compromised or mis-configured devices. It achieves this in near real-time and without manual intervention with a single reboot of a device. Visit our main website at www.utopicsoftware.com.

As part of the thorough judging process, Utopic proved that a PC experiencing a catastrophic failure resulting from a malware breach, could be “self-healed” with a healthy, approved image in only 45 seconds. It successfully met the judging panel’s rigorous requirements of a solution that could positively impact the ITSM community and be translated into best practices.

This acknowledgement goes far in confirming the viability ofIT-Excellence-Awards-Innovation-Of-The-Year automated self-healing that can repair and recover any PC in less than a minute regardless of the damage.” said Utopic CEO Bob Whirley, “More specifically, it validates the incredible hard work and vision our team has put in to developing a comprehensive and game-changing solution. It is truly a great honor.”

SEE A DEMO OF PERSYSTENT SUITE

According to Utopic, Persystent Suite achieves ITSM’s most important goal: getting users back up and running in the shortest amount of time and thereby promoting greater amore controlled compute availability and productivity. Studies have shown that Persystent reduces break/fix incidents by more than 70 percent. Through automatic corrective action, what called “self-healing,” an ideal state is reapplied during the pre-boot process and the user is back up and running within minutes without loss of data, setting or applications.

 “All the finalists were truly innovative, but what tipped the balance was that the judging panel thought the Persystent solution would have the biggest, broadest and most positive impact on the ITSM community, ” said George Spalding, Executive Vice President, Pink Elephant. “We congratulate the Utopic team and look forward to continued innovation from them in the future.”

According to the organizers, a record number of nominations were submitted this year from organizations of all sizes and from virtually every industry. Pink Elephant’s IT Excellence Awards are considered one of the industry’s preeminent honor. See Pink Elephant’s press release

“We are absolutely thrilled and gratified the judging committee made up of our peers and other subject experts at Pink Elephant recognized the value Utopic brings and that our Persystent solution is a proven path towards that value,” Whirley added.  “As a fast-growing technology company, it’s gratifying to know our team has made significant inroads into changing how change management is perceived, deployed and managed.”

Whirley has been invited to speak at next year’s conference.

The IT Excellence Awards were created to honor and generate public recognition of the achievements and positive contributions of organizations contributing to the ITSM community.

Pink Elephant is a premier global training, consultingimages and conference service provider, and has an undisputed reputation for leading the way. They are proud of their pioneering and innovative spirit, which has enabled them to introduce and spearhead many revolutionary concepts and programs since their inception forty years ago. Pink Elephant has grown to become recognized globally as The IT Service Management Experts and is very proud of its commitment to IT best practice frameworks. In fact, Pink Elephant has been involved in the “ITIL project” since its inception in 1989.

@itilexperts

 

Can you recover your corrupted business PC’s in under minute?

This is a repost of a blog article from our overseas partner Greatstone:

http://www.greatstone.co.uk/blog/2015/11/20/can-you-recover-your-corrupted-business-pcs-in-under-minute

vidpngPC downtime can be a debilitating event for professionals individually and for businesses collectively.

Many businesses count the cost of downtime but don’t think of the wider implications. Factors such as customer satisfaction and loss of brand integrity are just two of the key losses apart from the more evident costs such as lost productivity and a temporary dip in sales.

When you start to evaluate the direct cost (in terms of salary paid and time lost) of one or more members of staff unable to carry out their assigned tasks, and add to that the cost of support staff intervention to provide a fix, it becomes obvious that this can run in to many thousands of pounds for each instance.

Coupled to this, latest Gartner surveys suggest that unplanned IT downtime can cost businesses up to £4,500 (nearly $7,000) per minute for business-wide outages also impacting on:

  • Customer loss
  • Damage to brand reputation
  • Loss of productivity
  • Overtime, repair and recovery, compensatory costs
  • Lawsuits from unfulfilled contractual obligations
  • Sales and marketing spend wasted

The bottom line is whether it’s a single machine effected by malware, virus, or unauthorised software installs, or a business-wide problem that requires all machines to be reconfigured, the underlying costs can be significant.

So if this is a topic that you or your organisation can relate to, it’s probably time to think about how you can mitigate the threat of possible downtime and whether you’re internal IT team or external MSP recovery plan can act effectively and efficient getting the individual or the wider organisation back in business as quickly as possible.

Don’t forget to wipe! The keys to data sanitization and hard disk erasure

Every year IT teams supporting a modest-sized enterprise (2500 devices) will retire about 23% of its devices each year. That’s 575 machines a year containing sensitive information. As many companies like to take advantage of re-purposing these machines, they first must go through an end-of-lifecycle transition; from storage of data to reassignment, resell or donation. If the device is being reassigned from one department to another, it might require a new image; so the previous image with its specific rights and application selection needs a fresh tableau on which to build upon. If the device is leaving the organization, there can’t be any trace of its prior usage left. NIST agrees:

NIST Special Publication 800-88 Guidelines for Media Sanitization mandates that “in order for organizations to have appropriate controls on the information they are responsible for safeguarding, they must properly safeguard used media.” Taking control of old electronic media means disposing of it in a safe, secure, and compliant fashion.

The decommission process can be lengthy and, with all the daily fires requiring attention, considered a lower priority. This is why many companies ether have a stack of old devices waiting for retirement in some storage room or outsource to companies that specialize in data sanitization and hard disk destruction.

This year, IT teams will be potentially inundated with retiring devices considering the sunsetting of Windows XP last April. Because of the cost, many companies have simply opted to invest in brand new machines with Windows 7 preinstalled rather than face the battle of OS migration. This leaves them to face the problem of decommissioning their old PCs in a way that prevents any significant leakage of sensitive information.

As noted, many companies use outside organizations to handle this aspect of their business. Using our modest-sized enterprise as a model, decommissioning 575 devices can be expensive. Based on industry research, this costs between $30 and $50 per device. For our example company, that is a budget line item in excess of $23,000 for the year. Unfortunately for this company, an additional 12% of their machines, still within their industry-accepted 4-year lifecycle, were XP machines. They opted for new units rather than upgrade. Another 300 machines; that’s an additional $12,000. According to Microsoft (The Enterprise PC Lifecycle: Seeing the Big Picture for PC Fleet Management), the breakdown of the service is basically $46 (or as high as $375 per PC) including $12 for archiving data, $12 for sanitizing the hard drive, $8 for reloading the operating systems, and $12 to test the PCs. Granted some of this cost is deferred by the potential resale of these units. However, with older, unsupported OS’s, donation is more likely.

To validate these numbers, I spoke with the VP of IT of a well-known health care plan provider. They routinely spent $25,000 on top of the cost to recycle decommissioned machines to ensure the sensitive data that may still reside on hard drives was removed. This company is bound by very strict HIPAA compliance requirements in addition to the mandates of a dozen or more accreditation agencies.

If cost is prohibitive, the other option is to do it yourself. Without getting into soft costs and personnel time, there are two other potential hurdles that make this option complicated. First, it can be a fairly lengthy process. This means a resource has been reassigned from higher value tasks; not to mention the aforementioned daily emergencies. Secondly, it requires a degree of expertise. Every IT pro worth their salt knows simple file deletion or partitioning is insufficient. Companies must take action that will leave no trace of the previous image or data on a device.

Okay, one last thorn. Your company has the will and bandwidth to re-purpose/ decommission end-of-lifecycle devices. Now you must invest in a unique software license to run shredding/removal process. Besides having another SLA to manage, does the product actually make the process easier? Does it use recognized best practices to remove data, sanitize drives and replace old images with an approved, “clean” version? Can it accommodate multiple drives simultaneously (such as in a RAID) without having to break it apart first? And, does it allow you to provide certified evidence of data destruction?

It’s almost enough, as one IT pro wrote in a tech forum, “to take a sledge hammer, thermite, and go Office Space on 200 old hard drives. But I have other things to do.”

Whether re-purposing for use in another department, donating, reselling or smashing it to bits with a baseball bat, “wiping” the hard drive is a definitive part of the PC lifecycle. For companies that maintain any sensitive data on the drives (that’s most of them!), it rises to the level of necessity. Companies can reduce the financial impact if their sanitization process is included as a part of another indispensable infrastructure maintenance solution such as configuration or change management. For example, deploy one central solution that handles your entire automated configuration initiative: self-healing restoration, recovery, imaging and patching/updating.

But to make the whole thing effective and worth unifying sanitization with other configuration functions, it has to be fast (at least 10 seconds per gigabyte). It has to be thorough. It must use one of the two recognized destruction techniques: degaussing or making every shred of data permanently unreadable by overwriting it. In terms of repurpose and donation, you can now apply a proper clean and approved image on the “wiped” machine with confidence.

Unification makes a great deal of sense since it leverages other components important to compliance and security. The ability to image/reimage a re-purposed machine without having to expend any more capital is a huge boon. It goes back to that often repeated CIO mantra, try to do more for less.

Persystent Suite, which currently facilitates restoration, recovery, imaging and patch/update migration capabilities in a single centralized solution, recently added “wipe” functionality to its suite in order to help larger enterprises fulfill compliance mandates related to data security and device control. See it here.

WinXP…beyond the sunset

The end has come and gone. Despite the warnings, despite the lack of support and despite the realization that an operating system is now stagnate, thousands of businesses still have not made the leap from Windows XP. We’ve heard a great deal of reasons including  the cost to upgrade is too great; older applications don’t have an update that will work in the new paradigm; we’re planning on it in the nebulous future, and; our current configuration works just fine (If it ain’t broke, why fix it!).

Regardless of the excuses, every IT department is eventually going to have to make the move, so organizations are going to have to commit budget to upgrade or replace systems. The following are the top 5 reasons you need to make the move sooner than later…

#1. Be prepared to lose your security compliance and deal with the pain and suffering sure to follow.

#2. Migrating now will ensure continued access to the vital and vast third-party ecosystem of Windows partners and support organizations.

#3. Pervasive mobility — BYOD, consumerization of IT, always-on computing — is nearly unachievable without the move to Windows 7 or, especially, Windows 8.

#4. If your organization is migrating key applications and services to the cloud, staying on XP much longer will be a huge impediment.

#5. Moving to Windows 7 or 8 now is a far better economic proposition than putting off the inevitable until early 2014.

.
These aren’t scare tactics or a hard sell to push product, just some friendly advice!