Sunday, 15 August 2021

The mainframe and Cloud PC

When I first started working with mainframes, and it was a long time ago, people used to sit in the main office and work on dumb terminals. The mainframe lived in a highly-secure, climate-controlled, part of the building that could only be accessed by people with appropriate key cards. In fact, the majority of people working on the mainframe had no idea what the mainframe looked like. They’d never seen it because they weren’t the chosen few who had been invited into the machine room. For them, it didn’t really exist. They were simply focused on getting their work done. They would come into the office, power up their terminal, and do whatever needed doing. They didn’t know or care about virtual storage or paging or security. They simply did their work. And went home.

How times have changed. Or have they?

The start of August saw the launch of Cloud PC and Windows 365 from Microsoft. The idea is that everything the user wants lives in the cloud – their data, applications, tools, and settings – and they can access it from just about any device they like to use – which could be a laptop, but could also be an Android or Linux device or even an Apple device.

Basically, Azure Virtual Desktop is used to build a virtual machine on top of any other device. And that runs Windows 365 for the user. All the data, applications, etc are stored in the cloud. Users don’t know or care exactly where it is, they simply get on with their work.

It does all seem to be very similar to how mainframers used to work 40 years ago. Everything you need to do your work is stored somewhere, but you don’t know or care where that is. And you simply get on with your work.

Plus ça change, plus c’est la même chose!

It’s not just Microsoft that has recycled this venerable mainframe way of working, Amazon has too. Amazon has its Workspaces Desktop as a Solution (DaaS) product that users might choose. And, of course, Chromebooks have been around for a while. They work on the principle that the operating system is small, the device doesn’t need to have much computing power, and the work takes place in the cloud somewhere.

So, why would you choose Microsoft’s Cloud PC option? Let’s suppose that you are back in the office working, you haven’t completed some major piece of work, so you simply save it and dash to get your train home. On the train, you can get out your tablet (or even your phone) and continue working. And when you get home, you can boot up your home PC and, again, carry on working. You don’t need to borrow a work PC loaded with everything you need to do your job. As long as you have an Internet connection, you can be productive and work on the same desktop environment. Another benefit is, if you leave your laptop on the train, or have it stolen, there is no data on the device. It is all stored in the cloud, so thieves can’t access corporate sensitive data or personal information of clients, etc.

For corporate IT teams, there are also a number of benefits. The first one is budgeting. Rather than buying in new PCs every year or so for staff, they can calculate how much Windows 365 will cost for their staff. If this works out cheaper than buying new devices over a three-year period, they have better control over their budget. There are different sizes of Cloud PC available, and these have different price tags. So, that must be taken into consideration.

Managing Cloud PCs can be done using Endpoint Manager in much the same way that existing physical devices can be managed. And that means corporate security policies can be applied to Cloud PCs as well as real devices. The Endpoint Analytics dashboard allows IT teams to see whether Cloud PC users need more resources allocated to them (or perhaps less). There’s also the Watchdog Service which looks after connectivity. If users become disconnected, alerts are raised, and suggestions made about how to rectify the situation.

I imagine that we’re all fairly familiar with the security on a mainframe, the big question is what kind of security do you get with Windows 365? Firstly, every Cloud PC managed disk is encrypted. Similarly, all data sent over the Internet is encrypted. Data in use isn’t encrypted.

As you might hope in these days of ransomware attacks, multifactor authentication (MFA) is used when someone tries to login. This uses the Azure Active Directory (Azure AD). So, only people passing that test get to login to Windows 365. As mentioned earlier, Endpoint Manager can apply access policies as people try to login.

Lastly, Windows 365 uses a Zero Trust Architecture (ZTA). In the event that perimeter security has failed, it will continually monitor identities, devices, and services that are being used. Should anyone try to access anything unusual or above their security level, ZTA will flag it and alerts will be raised. Again, all data used lives in the cloud.

Certainly, the idea of low power end devices and high power remote devices – whether that’s a mainframe or the cloud – seems like the way things are going for the next little while. To make accessing your mainframe work in that way would probably require it to be able to be accessed from any browser anywhere. I recently discovered that there is a way to do this. If you’re interested, the company is called MainTegrity, its product is called GateWAY z/OS, and you can find out more on its website at http://gatewayzos.com/

The thing about the IT industry is that ideas come and go – and then come back again. Sometimes we have everything on premise, sometimes we have nothing. As always, interesting times!

No comments: