How Nutanix's VDI Protects Corporate Data, Balances Security Risk, and Allows Work from Home
It was March 20, 2020, and in five days, a country of 1.3 billion people would be ordered to stay home. At 3i Infotech, the directive came down to my team: We needed to enable our employees to work from home within days, because our clients are depending on us.
3i Infotech is a global software development company that serves clients in several verticals, including Banking, Insurance, Financial Services, and Enterprise Resource Planning (ERP). We provide mission-critical business applications to our customers and have to support them round the clock. However, it would be a Herculean task to suddenly allow hundreds of developers to work from home effectively and ensure availability and security. While we had a solution available for remote working, there was an immediate pressure to figure out a solution and scale our operations to 100% capability. As a leader, I knew I had to find the right cost-effective solution in a timely manner and at the same time not pass that pressure onto my team.
In moments like these, it’s important to remain calm to get the best out of everyone. I acknowledged that this was a big ask, but assured the team that we’d seek out the best options and that I would be the one responsible for making the business case. With that, it was time to find a solution that met our needs, and find it fast.
We Can’t Risk Our Code, but We Can’t Come to the Office Either
We are based in Mumbai, and have over 32 offices in 12 countries. My role as head of the Enterprise Technology Group and Information Security is to take care of 3i Infotech’s infrastructure within the organization, including our data centers across all locations and our cloud infrastructure. I’m also responsible for Information Security in 3i Infotech. So my job isn’t client facing, but to instead support our 5,500+ employees as they fine-tune our offerings to meet the requirements of more than 1,200 clients.
As a software development company, our most valuable asset is our source code and due to security concerns, we do not provide laptops to most of our developers—our development teams usually work on desktops in office premises. Only very few people, such as those who provide demos or customer support, have portable assets. This was the source of our challenge as COVID-19 began to spread and India headed towards lockdown: We could not move all the desktops to employee residences.
For starters, that would require some big infrastructure changes in the office. We could ask employees to use their personal devices at home and then give them a secure VPN, but that wouldn’t have done much for stringent security. Many people would still be using free antivirus software on their personal machines, and we really wouldn’t know what kind of malware was sitting on that device. These personal devices wouldn’t have met the criteria for our VPN, so users wouldn’t have been able to connect without an exception approval from our team. Providing exception approvals across the company would have exposed us to a great deal of risk.
On top of this, developers need a whole host of applications to do their work, whether it be for writing code, testing, or preparing documentation. Adding all these applications to personal devices was not advisable, because it would have been a lot of extra work for my team to perform all these installations by remote connection. That would have been a cumbersome job.
VDI Was the Answer—but Which Solution to Choose?
The answer to these challenges was a virtual desktop interface (VDI), which would allow employees to access all their apps without us compromising on security. With VDI, we wouldn’t risk leaking our most valuable asset.
Which solution should we choose, though? I knew Nutanix because we had used one of their VDI solutions in the past for a short-term project, but that had been an on-prem solution. I considered going back to that product, but on further reflection I realized that arranging high-end infrastructure for 250 to 300 users was not possible within such a short time frame. For our immediate needs, we needed something in the cloud.
I looked at Dell and some services from Microsoft as well, but I decided to give Nutanix a call because we had also spent the past few months working with them on hyperconverged infrastructure and we had a good relationship. I explained our situation and when I asked how quickly they could solve our problem, their rep said, “I can give you a demo in the next half hour, and if you like it, we can deploy it overnight.” That’s when I knew I didn’t need to search any further.
After the demo, my team was confident that Nutanix Frame was what we needed. Frame would allow us to easily deploy to our users, which was important not just for speed, but because I wanted this to be as easy on my team as possible. Instead of spending 20 minutes setting up an individual user, I wanted it to take two or three minutes. That seemed possible with Frame, because we could create buckets of users who all had the same needs.
Frame would also ensure that users couldn’t copy any code from the environment onto their local machines or anywhere else. Finally, it would offer a seamless experience to our users, regardless of whatever device they used at home.
Deploying Against the Clock, and Overcoming Some Hurdles
Nutanix had been quick to get the demo to us. Now that we had chosen this as our solution, it was our turn to act fast to deploy in time. I told my colleagues in the business and development teams that we could enable remote work, but we needed to know what programs and applications each person would need. What set of software does a developer require versus a code tester versus someone doing QC, for example?
The way we set it up is that when the developer connects to the VDI, all of his applications are there, ready to go. He then runs through our VPN, which allows him to connect directly to the servers in our data center. We did run into some hiccups in the first few days, which arose from our mindset going into this situation.
This solution alleviated our security concerns, but in turn it created problems for our code testers. They would spend several hours setting up the environment, run the test for five or six hours, and then shut down. The problem with the VDI was when these testers came back the next day and re-started their VDI, their test from the previous day was gone.
We realized that for these specific users, we had to give them VDI with some storage space, so whatever environment they created would remain for the next time they logged on. I had to go back to Nutanix and tell them that our needs were different than we initially thought. We needed some training to set up those VDIs, but it was no problem. Nutanix hopped on the phone with my team, helping us set up our unique solution.
We set up 30 users in the first few days, but once we got through those hiccups, we had all our 250 users working from home in just over a week. It’s been a seamless experience for those users, relatively easy for my team to deploy, and we know that our source code is safe.
In an Ever-Changing World, We’re Ready
The COVID-19 pandemic has tested systems and infrastructure across the world. For companies, it has presented a major test of business continuity. We don’t know for sure how long the pandemic will last or what the next several months or years will bring. What I do know is that I will not have my company land in this same reactive situation again.
Looking back to our business before March 20, all our IT plans were theoretical. Going forward, we have to be practical in our implementation of everything. To prepare for whatever comes next, we are looking at VDIs as a long-term solution in place of those traditional VPN connections.
For those companies that are now considering the same, my advice would be to be as clear as possible in your requirements for the VDI. Once you set those expectations with your partner, it becomes pretty easy to set up something like this. Our long-term plan is for a hybrid environment of cloud and on-prem.
Nutanix Frame has opened up a new reality for 3i Infotech, in that we had never seriously considered allowing employees to work from home before. And if we ever again encounter a situation where we have to work from home, I know we will be ready.