Application transformation and transplantation to support BCP
Making applications work for remote users
The enterprise is changing. Web-based applications and mobile apps are becoming more prevalent and the way applications are procured and delivered is becoming more standards-based to meet today’s multi-platform requirements.
While this bodes well for the future, there will always be a requirement to access legacy applications and data. What’s obvious in the current complex, and changing circumstances caused by this global pandemic, is that a considerable number of large organisations have Business Continuity Plan, (BCP) in place that just did not take the possibility of this type of mass isolation into consideration. This has resulted in a disparate workforce, struggling to adapt to new ways of working in addition to the complexities of trying to access their business- applications and data from locations that were never considered as part of BCP.
As organisations try to adapt and continue business-as-usual across a dispersed workforce, strenuous grips around working practices and security policies have to be relaxed in certain areas to allow people to work.
The challenge therefore, is trying to maximise productivity and continuity of business without compromising on required security and access controls. Particularly if in this case, the “break glass” solution is to allow access from non-corporate endpoints.
Most organisations have instances of application publishing as “virtual desktop” or “application farms” using VMWare and Citrix in addition to the solutions from Microsoft. These instances are typically present to host applications with compatibility problems or provide access to specific user groups with a carefully controlled desktop (e.g. 3rd party offshore vendors). Rarely are these scaled or scalable for the whole enterprise.
The reasons behind this are twofold:
- The availability of capability and capacity to provide cross platform application delivery is rare.
- The cost of hardware to support an enterprise deployment requires a large capital investment.
The next few paragraphs of this article focuses on how businesses can address point one.
The headache of migrating and supporting business-critical proprietary and commercial OTS applications across multiple platforms is a persistent problem. Most organisations focus on supportability of applications as discrete installs per platform and this is a cause of application proliferation in the enterprise, resulting in multiple versions and configurations across the organisation.
So, the question is this: what’s the best way to manage application migration from one platform to another in support of enhancing BCP?
This is largely down to the complexity of the application stacks we have today. When organisations undertake Windows migrations it’s typically to support a move from one OS to another. In the transition of these applications, it’s typical that a number will fail to move as a result of compatibility issues. That’s where the use of a presented application comes in. Using Citrix, Microsoft or VMWare technologies it’s possible to present the app to a later desktop, while ensuring compatibility with the base OS of where the application is installed.
The same is true for applications required to support a BCP solution. Presentation of the application can be delivered to the endpoints securely regardless of their status as; a Corporate desktop, temporary VDI solution (DaaS) or even BYOD devices.
While VDI through DaaS might go some way to helping address point two (the cost of hardware to support an enterprise deployment) and BYOD might look like an attractive alternative to Corporate PC’s, they come with considerations relating to security of data and systems. There are widely acknowledged benefits of VDI, being economies of scale with regards to management and maintenance and reduced total cost of ownership. This is further enhanced by the ability to spin up a DaaS solution to support BCP.
In this scenario, the desktop OS sits on a host solution and users securely access their virtual desktop, and subsequently their applications and data, from a range of different devices – thin clients, desktops, tablets. The organisation can choose to own all of the client devices, or can incorporate without much compromise a BYOD (Bring Your Own Device) model.
One of the issues, however, is that BYOD means different things to different organisations. For many, it can be as (relatively) simple as allowing employees to use their own mobile phone for business calls/emails. At the other end of the scale – and far less common – is requiring employees to cough up for their own laptop or tablet for use in the workplace. However, in a BCP situation, access to any device can be the difference between continuation of a capability to work or not.
There are considerable barriers to allowing a fully functional BYOD strategy. Two key barriers are the fact it requires a complex strategy to implement and it also opens up the issues of data leakage and device ownership. Saying a definitive no to BYOD is certainly a safer option than wrestling with the complexity of a hybrid setup, but this is at odds with providing BCP access to a remote and isolated workforce. While implementing comprehensive security policies and DLP can minimise data leakage, moving to BYOD does represent a major cultural, policy and governance shift.
Of course, there are some browser-based applications that can be run – these might be the majority of applications for the minority of organisations. With this cloud-based approach to application provisioning you can publish applications that run in a browser within your organisation, allowing users to access that application through a URL behind the firewall. But only a small proportion of applications work like this, and they don’t tend to be the ones that companies rely on day in, day out for business-critical activities requiring enterprise-grade functionality.
Here are our recommendations for what steps you need to consider for an application transformation and transplantation to support your BCP:
The complexity of the application stacks today makes managing the multi-platforming of thousands of applications time-consuming and expensive. Without the right approach, costs can spiral out of control and applications and user groups not required for business continuity can add to the complexity and eat up the budgets earmarked to improve the BCP. It’s important to note that the target for publishing applications is far less important than the methodology and process to get them there.
Application Business Planning
Once a target application environment has been selected the hard work begins. The key to this approach is to provide users access from disparate locations to their applications and data in the event of a BCP being triggered. The identification of users mapped to their application requirements is the first step in identifying the business areas that would be benefitted by this approach. This can have the added benefit of seeing what applications are already published in the centralised systems. This also allows targeting of users based on those applications delivered, albeit holding a dependency on the ability to scale, e.g Citrix environment to host new users.
This principal challenge for the IT team during BCP stems from the need to migrate and scale infrastructure and applications in a short timescale, while continuing to support business services and adhering to SLAs.
Application Technical Discovery
Few applications have ever been deployed out of the box without a degree of customisation, adding an extra layer of complexity to any application migration project. It’s no trivial task figuring out:
- How the application has been customised and why?
- What servers does it link back to?
- What dependencies does it have? Can the install be recreated?
- Where is all this information documented?
- Do you have access to the source code or media?
Collating and making this information available to an application management team is the final element of provisioning. Most crucially, this is because without this information, they will be unable to publish the applications and subsequently allow users access to the central application environments.
Of course, all preparation of applications environments is worthless should the end user be unable to access them, and to that end, provision must be made around the following:
- BYOD versus Corporate desktop
- Remote access and VPN
- Network availability
- Security policies and DLP safeguards
- PCI compliance and GDPR
- Policies on applications and data that must only be accessed on premise.
The summary of the above is this:
A more robust BCP solution is available for most businesses, however, there needs to be analysis of what’s admissible and how that is delivered, including a review of existing security and IT usage policies and BCP before steps are taken to implement anything.
Should you need a hand completing any of the steps above, or additional advice about how you can successfully transform or transplant your application to support BCP, get in touch