PFH Office of the CTO Newsletter - Issue 1 - September 2024

Welcome to the inaugural issue of the PFH Office of The CTO Newsletter. Each month, we’ll use this publication to bring you technical and business news that our expert teams in PFH think will be useful and interesting. We’ll also include relevant topics and stories from our supplier and partner network. Hopefully, the information will spark discussions on how to improve the use of technology in your organisation by introducing you to ideas and solutions to drive your digital transformation, cybersecurity, and business growth.

In this first issue of the newsletter, we cover some changes Broadcom announced at the recent VMware Explore conference that should start to clarify some of the uncertainty that followed Broadcom’s acquisition of VMware. We also cover the recent mandatory licensing changes to Citrix and NetScaler by Cloud Software Group and how PFH can help your organisation use the changes to its advantage. Then we discuss how cybersecurity planning based on established frameworks and best practices leads to better outcomes and how the PFH Security Division can help with that process. Finally, we highlight a solution that is well-placed to enhance the security of endpoint devices and their use while at the same time extending the lifecycle of devices well beyond a typical 3-year use period.

Broadcom’s VMware Explore Announcements - From Chaos to Clarity: How Broadcom is Transforming VMware with VCF 9.0

Broadcom’s acquisition of VMware introduced challenges, particularly in terms of pricing and packaging of VMware software. As we navigated the new and challenging landscape, we held onto the hope that Broadcom would eventually invest in R&D and enhance the VMware solution offerings. During this period, many customers faced difficult decisions about transitioning to the more expensive VMware Cloud Foundation (VCF). The perceived value of VCF often gets overshadowed by challenges, such as limitations on integrating it with existing ‘brownfield’ installations and the overall complexity of the software stack.

However, it was a pleasant surprise to see the significant strides Broadcom has made with VCF, particularly with the release of VCF 9.0. The latest updates signal a potential turning point for Broadcom, possibly marking the beginning of a new era where the initial turmoil after their acquisition of VMware transitions into a more refined and valuable offering in the VMware ecosystem.

Broadcom’s VMware Cloud Foundation (VCF) Launch at VMware Explore 2024: A Game-Changer for Brownfield Deployments

At?VMware Explore 2024, Broadcom made a significant splash with the latest enhancements to VMware Cloud Foundation, particularly with the introduction of Brownfield support. This new capability marks a pivotal moment for organisations looking to streamline their cloud infrastructure management by integrating existing environments seamlessly into VCF.?

Traditionally, VCF has been a powerful solution for greenfield deployments, allowing organisations to quickly build new, fully integrated cloud environments from the ground up. However, the latest update now allows VCF to support brownfield deployments, which means existing vSphere clusters, vSAN clusters, and even NSX environments can be ‘sucked’ into VCF. This is a significant leap forward for enterprises with established infrastructures that want to modernise without the need for disruptive re-architecting or starting from scratch. The ability to incorporate existing clusters into VCF simplifies the transition to a more unified, cloud-like operating model, reducing complexity, risk, and costs. It’s a game-changer for organisations that have invested heavily in their current VMware environments and want to leverage VCF’s advanced capabilities without abandoning their previous investments.

One of the other standout features of VMware Cloud Foundation has always been its centralised management and true cloud self-service “out of the box”, with the new update enhancing this feature. VCF now offers even more robust centralised management and a catalogue of self-service capabilities, allowing IT teams to manage their entire cloud infrastructure from a single pane of glass. This includes not only integrating new brownfield environments but also the complete lifecycle management of resources.?

Lifecycle management, a critical component of VCF, automates the deployment, patching, and upgrading of the entire stack—compute, storage, networking, and management components. This automation significantly reduces the administrative overhead and ensures that the infrastructure remains up-to-date with the latest security patches and features. VCF now includes more advanced automation tools, enabling organisations to automate the provisioning and management of resources across their hybrid cloud environments. This not only improves efficiency but also reduces the risk of human error, helping deliver a more reliable and consistent cloud experience.

Broadcom has expanded VCF’s self-service capabilities, providing users with a comprehensive catalogue of services. This allows developers and other end-users to quickly and easily deploy resources and services as needed without waiting for IT intervention. This self-service model accelerates innovation and reduces time-to-market for new applications and services.

VCF license portability

?VCF license portability is a crucial enabler for hybrid cloud environments. It allows organisations to seamlessly extend their on-premises infrastructure to public cloud platforms. With VCF’s license portability, businesses can move workloads across different environments—whether on-premises, in private clouds, or across public cloud providers—without the need to purchase separate licenses for each environment. This flexibility simplifies operations, reduces costs, and enhances the ability to leverage the full spectrum of cloud services while maintaining a consistent and integrated management experience across the entire hybrid cloud infrastructure. Ultimately, VCF license portability empowers organisations to adopt hybrid cloud strategies more effectively, delivering scalability, agility, and cost efficiency for their cloud journeys.

This update is something VMware should have done years ago. Some might say it is too late, but this is a positive set of announcements for those who have and continue to invest in VMware. See more in this VMware Explore 2024 session video titled?3 Transformations for the Smarter Way to Cloud. The relevant section starts at the 11-minute mark.

Citrix Mandatory Licensing Changes

Citrix (and NetScaler) are now subsidiary companies of the Cloud Software Group (formally TIBCO). Earlier this year, they implemented some significant and mandatory changes in their licensing of Citrix and NetScaler. The outcome of the changes is that many organisations using Citrix to power their business will need to move to a subscription licensing model.?

The software industry is increasingly adopting subscription pricing models. While there’s nothing inherently wrong with this approach, many IT teams and business executives are reluctant to change things that already work well and that have known costs. However, software vendors sometimes force change. Citrix customers are now experiencing this firsthand as they face a mandatory shift to subscription licensing.?

The new available licenses are:

?????????? Citrix Universal Hybrid Multi-Cloud

?????????? Citrix Platform License

?????????? Citrix for Private Cloud

?????????? NetScaler Fixed Capacity

The Citrix Universal Hybrid Multi-Cloud and Citrix Platform License subscriptions include access to the complete suite of Citrix products. Enabling you to deploy the solutions and technologies you need for your specific needs. Read more about the four available license types on the Citrix How To Buy Licensing page.

The Citrix for Private Cloud subscription is intended for organisations with fully on-premise deployments. This subscription type does not allow the use of cloud resources from an on-premise deployment.

The NetScaler Fixed Capacity licenses are available so that NetScaler throughput capacity and instances can be purchased individually to meet specific ADC needs.

Citrix is pushing and hoping that organisations will adopt the Citrix Universal Hybrid Multi-Cloud (HMC) license. However, as this license is very feature-rich and includes NetScaler and Endpoint Management functionality, it may include things that current Citrix deployments don’t use or need. It also means that some organisations that transition to an HMC license could be paying for functionality that they don’t need or have via other solutions. Plus, many HMC license owners could be unaware of what’s available to them.

The PFH Digital Workspace team are experts in all things Citrix-related, including the new licensing model and how best to navigate the transition to get the maximal benefits and ROI from this mandatory licensing change. Reach out to your Account Manager in PFH to arrange a pre-sales chat with the Digital Workspace team so we can work together to make sure your Citrix licensing transition is following the route best suited for your organisation. You may be able to use the functionality included in the HMC license to deliver needs in other areas of your business. For example, the deployment of NetScaler load balancers via the HMC license rather than purchasing other load balancers.

Security Design Based on Global Frameworks and Best Practices

In addition to the Digital Workspace team helping organisations make good decisions about Citrix licensing, the PFH Security Solutions team can work with organisations of all sizes and across all sectors to design, deliver, and support robust cybersecurity strategies.?

The cybersecurity threat landscape and the defensive solutions from security vendors are complex and are constantly growing. A list of available security solutions would easily end up greater than 5000 products.?

Navigating this landscape to get a suitable network detection and response (NDR) tool, a managed NDR (MDR) provider, an endpoint protection solution, an SIEM (Security Information and Event Management) platform, a 24x7 SOC (Security Operations Centre) partner, or anything from a myriad of other items required to build an effective multi-layered security defence strategy is complex. It is a job for skilled professionals entirely focused on security, which is where the PFH Security Solutions team comes in.

But even for our expert team and other cybersecurity professionals, the threat landscape is broad and complex. Experience has shown that organisations can tame this complexity and manage it going forward if the cybersecurity strategy builds on solid foundations. Over time, best practices have emerged, and various global cybersecurity frameworks now codify the best practices. Many organisations use these frameworks to analyse their cybersecurity needs, design an appropriate pathway to improve their defences and manage the ever-changing threat landscape going forward.?

Many cybersecurity frameworks have gained traction due to their usefulness and support from Governments and recognised regulatory bodies. Some well-regarded frameworks used globally are the EU NIS2 Directive, ISO 27001, the MITRE ATT&CK Framework, and the NIST Cybersecurity Framework (CSF) 2.0

The European Union Agency for Cybersecurity also has advice and reports crafted to guide EU-based organisations on their cybersecurity journey. The Irish government has also published a National Cyber Security Strategy, and the Irish National Cyber Security Centre also publishes guidance documents.

All are worth reading and useful for benchmarking your cybersecurity strategy and defences. Even though one of the frameworks originates from the USA and one from the UK, all have global reach and are used around the world.

The PFH Security Solutions consultancy team can work with your organisation to assess your current security posture and requirements. Then, we will help you plan a suitable cybersecurity strategy and journey to get from your current place to one with an enhanced defensive posture. Using the industry best practices and guidance from the frameworks mentioned above.

Most organisations will need to embark on a journey that addresses the most critical security issues first and then other issues over a planned and managed timescale. You can’t do everything at once, and trying to do so typically leads to failure.

Securing and Extending Endpoint Device Lifespan with IGEL

?A core focus of any cybersecurity strategy is the defence of endpoint devices and the data that they need to contain or access to allow people to do their jobs. As the working landscape becomes increasingly hybrid, the attack surface available to cybercriminals increases.?

?There are many solutions available to protect endpoint devices from attack. One method that is increasing in use and popularity is to manage the devices with an operating system designed to optimise endpoint device security and performance.

?One such solution is the IGEL OS. This is a lightweight, Linux-based operating system designed specifically for endpoint devices in enterprise environments. It offers enhanced security through several key features:

?????????? Read-only file system - Prevents unauthorised changes and malware installation.

?????????? Modular architecture - Minimizes attack surface by only enabling necessary components.

?????????? Frequent updates - Ensures rapid patching of vulnerabilities.

?????????? Centralized management - Allows for consistent security policies across all endpoints.

?????????? Built-in VPN and encryption - Secures data in transit and at rest.

IGEL OS turns endpoints into secure, standardised devices, reducing the risk of cyber threats and simplifying IT management in organisations.

In addition to the security features and benefits that flow from IGEL OS, there are also CAPEX benefits due to extending the lifespan of a typical endpoint device laptop from 3-4 years to possibly 6-8 years due to the lightweight footprint of the IGEL OS solution not needing to support increasingly resource heavy needs of Windows versions. This is especially relevant given the end of Windows 10 support in October 2024. Rather than move to new PCs that will support Windows 11, you can deploy IGEL OS to existing devices and continue to access business applications and data. Talk to our PFH Digital Workspace team to find out more.?

Final Thoughts

That’s it for this first issue of the newsletter. Let us know what you think. If there are any areas you’d like us to cover, let us know. We’ll be back next month with the October newsletter. October

| From the PFH Office of the CTO |