TWiT.TV-Remote Access With Ericom
About Us

TWiT TV: This Week In Enterprise Tech99: Remote Access With Ericom

July 14, 2014

Hosts: Fr. Robert Ballecer, SJ, Curtis Franklin and Brian Chee.

Discussion: Microsoft manifesto to rally the Troops, the benefits and limitations of HTML5 remote access, The USPTO just granted patents for the Data Cente, and more. Click here for full transcript

Guest Dan Shapir, Ericom CTO shares his insights on:

  • Where is the remote access / centralized computing industry now?
  • What is the impact of industry shifts including: mobility, BYOD, Post PC era and the long tail of Windows, Cloud Computing (DaaS)?
  • What are the benefits and limitations of HTML5 remote access, as compared to the legacy approach access using native clients (this also covers access using the Microsoft RDP Client + RD Gateway)?
  • Is there a future for Google Chromebooks in the Enterprise?

Next Steps...


Full Transcript

Robert: We welcome to the show the CTO of Ericom, Mr. Dan Shappir. Dan, thank you very much for being on This Week in Enterprise Tech.

Dan: Thank you very much for having me on, Robert.

Robert: Now Dan, for the folks at home, could you tell them a little bit about what Ericom is and how you found yourself as their CTO?

Dan: I have been with Ericom for quite a while now. I've been with Ericom for close to 13 years and I've been CTO for the past five years.

Ericom is a leading provider of managed and secure remote access solutions, so we do stuff like terminal services, which is now generally called RDSH, we do VDI, we do HTML5 remote access – which kind of takes me back to what you are talking about a minute before with IT Pro TV, about being able to access VMs from within the browser. We do that sort of stuff, but we enable organizations to do that with their own virtual machines, running either on premises or from the cloud.

Robert: Now, Dan, when we think of remote access, there's a generation of us that think of the old style of dialing into a machine, of sludging through a process that might give you minimal control of some of your applications. We've come a long way from that now. What is the state of the remote access industry?

Dan: Well, the reality is that we've indeed come a long way and we need to come even a longer way forward, because... I am going to pull you back to that item that you were talking about in the first segment, which was Satya Nadella's letter to the Microsoft employees.

Now I don't know if you guys mentioned it or not, but when I read that email one of the main things that caught my eye was this statement, and I'm going to quote, "We live in a mobile first, cloud first world." That was a huge statement for me coming from the CEO of the company that literally invented personal computing. Think of it this way; you have a company that created the concept of a personal computer on the desktop in the office with all your applications and all your data installed and running on that personal computer, and all of a sudden the CEO of this company is talking about the fact that we are getting rid or moving away from the desktop, and from that personal computer on the desktop, to a world where we have a mobile device, be it a smartphone or a tablet, that we are taking on the road with us.

And instead of having the applications and the data on that personal computer on your desktop, they are going to be in the cloud where you can access them from anywhere at any time and, again, using any type of device. Now if you think about that, that really brings to the foreground the whole concept of remote access from a wide variety of endpoint devices across the Internet, to resources – and again, that can be data, that can be applications – that are running on servers, either in the data center or in the cloud.

I imagine that eventually we will get to the point in time where all the enterprise applications have been rewritten for this brave new world of mobile devices and cloud-based data, but this is going to take years, probably decades – especially if you take into account the amount of time that it takes enterprises to deploy new applications. So I am seeing the remote access market – and that includes Citrix, VMware and Ericom Software – as the facilitators of the transition to this world, because we will enable access to the existing enterprise applications from all these mobile devices, be they Windows and Android and of course IOS devices, which were all mentioned in Nadella's email to the Microsoft employees.

So, I really feel that the remote access market has indeed come a long way forward from where you presented it as being 10 years ago, but it still needs to come even more to the forefront, as I said, in order to become the bridging technology to that brave new world that was described in this email.

Robert: Right. Dan, when I think of where the industry has shifted since we first started looking seriously at remote access, I see how it's changed from a convenience – it's just something that you did so that you could get access to your workstation when you weren't in the office – to something that's absolutely necessary in an era of BYOD. When we have devices that don't natively speak the applications that are used in the enterprise, you now need a very strong back end that can offer you the same sort of activity but, say, on your tablet or on your phone.

Let me ask you a little bit about that, that movement to centralizing power in the enterprise network, and then giving access to the centralized power through a thin client; isn't this just repeating what we had in the 80s and 90s?

Dan: Well you know, what goes around comes around and we've already started going down this path with the cloud, with web applications. We are not really talking about websites anymore these days, we talk about web applications, and all of these things are leading the way towards this kind of swinging back to the world of centralized computing. And again, it's not just data, it's not just the resources in the on-premises data center, it's resources in the cloud, the public cloud, the hybrid cloud. So yes, I definitely see us going in that direction.

Now if you've got those client/server applications that were designed to be running on-premises with the server really close to the client, and all of a sudden you want to be able to access those applications, as you mentioned, from a BYOD device that is not owned by the enterprise, and you want to access it from home or on the road, then you definitely need a powerful remote access solution – but one that eliminates the need for IT to really manage the endpoints, because one of the main things about BYOD is that as the enterprise tech, you do not want to manage all these devices. You don't want to be in a position where an employee can bring in any device that he chooses to purchase, and you find yourself in a situation where you effectively have to own this device, have to manage this device, have to install and configure the device.

You really want to be in a situation where you can look at this device as a thin client in the sense that you really don't need to manage it, it's just there, it can be used as kind of a remote monitor and keyboard and mouse into those enterprise applications running in the data center or in the cloud.

Robert: Let me bring in some of my cohosts here. Brian and Curtis, when we start looking at this thin cloud revolution, one of the things that immediately comes to mind is the Chromebook revolution. We've had an entire class of devices that pretty much only work, only can achieve their full potential, when they are connected, and it's become a really good model for how do you make good cloud devices, how do you make good remote access devices. Is that sort of the de facto standard right now, when we think of something that you can deploy across an entire enterprise, did Google get it right?

Brian: Maybe. The Chromebook is a mighty fine device that really hasn't found its legs yet. I prefer to put the Chromebook into something more along the lines of thin/zero clients and so forth. It's the management of all these pieces that is driving people crazy, and that's why when I started looking for a solution for the University of Hawaii, the ability to go and slave existing desktops makes a lot of sense, and not having to manage it makes a lot of sense.

The Chromebook is a nice box. It works well, I have been playing with a couple of each HP versions; HP thin clients. The big difference between a Chromebook and a lot of the commercial thin clients and zero clients that are out there is management. They are able to go and handle things like Kiosk, able to handle different things. One of the things that has always been a challenge though is things like audio and video, and having the codecs and so forth at the machine that you are slaving, which is what Ericom does very nicely, makes a pretty big difference – especially in things like healthcare where you have a need for videoconferencing between doctors, and so forth. The Chromebook gives you a lot of nice things, but you need something behind it and a remote access system makes a pretty big difference.

Robert: Curtis, what about it? On your end, looking at it from the executive level, what do you think they see as proper remote access?

Curtis: Well I think proper remote access falls into a couple of things. It has to allow for just enough access to critical enterprise data and applications and, as Brian said, it has to be easily managed. When you look at the total cost of an enterprise system, ongoing management and administration is an enormous piece of it. So I think that when they look at systems like this, they want to know that the access can be managed but, more important than that, that it can be managed effectively and efficiently by as a small a team putting in as a few hours as possible. Those are the keys for managers all over the enterprise these days.

Robert: Alright. Dan, let me go back to you, I want to give you the last question in this segment and that is: when enterprises, when businesses start putting together a remote access solution, what do you think is the biggest mistake that they make?

Dan: Well, it kind of goes to what it is that you want to achieve, and where you want to end up eventually. For example, we were talking about the fact that with BYOD you don't want to end up managing the endpoints, so you have to look for the solution that enables you to do that.

We believe that the way to achieve that is using HTML5 remote access, because it literally runs within your browser and effectively transforms any remote application that you are accessing into a web application. So, since you just launch the browser and can access the application from within the browser, you don't have to install anything. You effectively transform any type of device that you are using into a kind of zero client.

The other thing that you need to look at is: does this solution have the ability to scale to cloud level capacities? In the past, remote access solutions or centralized access solutions were kind of a departmental level type of solution, so you were dealing with hundreds – maybe thousands, max – of concurrent users. Suddenly, if you're thinking about this as something that's going to be done across the entire enterprise, or let's say by cloud providers as a service that they are going to be giving out to their customers or by various service providers, then you need to find a solution that you are going to be able to scale to potentially tens of thousands, or hundreds of thousands, of concurrent users. So you need to be able to think about: is my solution going to be able to scale to that level? Will I be able to manage a solution that scales to that level? Will it support multi-tenancy; all this sort of thing. So these are the things that I think you need to consider and to start looking for in the type of solutions that you're going to be using going forward.

Robert: Thank you very much, Dan. When we come back, we're going to be actually showing you a demonstration of Ericom's remote access system and maybe it will be something for you.

[COMMERCIAL – Tekserve]

We want to welcome back to the show Dan Shappir, who is going to show us a demonstration of what he can do for those who are looking to deploy a remote access solution. Dan, what is this demo all about?

Dan: As I was talking about before, I was talking about two key points to facilitate, let's call it modern or future remote access solutions; these being cloud level scalability and HTML5 remote access. What I'm going to focus on in this demo, simply because it's easier to demo, is the HTML5 remote access component of the solution [i.e., Ericom AccessNow]. What's really cool is that what I am showing now is a demo that anybody can access from their office, from their home. It's live on the Amazon cloud, and you can see the URL in the address bar, so if you go there you will get exactly the same page that you can see in the show right now. I can click here and – by the way, as you can probably tell, I am running within the Chrome browser – just open a new tab, and it is establishing a connection to a remote Windows desktop in this case. The desktop that I am connecting to, by the way, is hosted in Amazon in the West Coast, I believe. I am connecting from rather far away, so what you are actually seeing is cross-continent connection.

While this Windows desktop is logging on, I am going to launch another session, this one actually just containing a single published application – in this case, Microsoft Office Word – so that opens in another tab.

I'll switch back to the first tab; as you can see, we've already logged into the desktop. Now what's really cool about this is it's running wholly within the browser, but it runs in the browser without requiring download or installation of anything. So basically, you have a URL that you click, or a link. It could be a link sent to you via email, a link placed in a portal, or a link that somebody tweets or puts in their Facebook page; you just click that link and you can connect to a remote desktop.

So think about a scenario like a disaster recovery type scenario, where the organization wants to enable employees to connect remotely to their desktops, or to virtual desktops that substitute their desktops until the disaster ends. They can just publish a link on their homepage and employees can literally go anywhere, open up a browser – because you have a browser in everything these days – click that link, and they are immediately connected to their desktop again without having to configure, download or install anything on whatever device they happen to be using.

I can interact with this desktop; opening the Start menu or launching Excel within this desktop. As you can see, performance – I hope you can see this in the show – performance is actually very, very good. You can literally play videos in the remote session and get them as videos within that remote session in the browser.

So here is Excel running within that desktop. Here at the bottom we see – on top of my local Start button – we can see the remote Start menu and the remote taskbar. I can also put that session into full screen mode within the browser – let's hope that works – by clicking here... let's see... Probably Skype doesn't like me doing that, so we will skip that.

Robert: Dan, a quick question here. When we are playing with this it is very, very responsive; I am noticing that. Are you using UDP in the back end to speed that up?

Dan: No, this is actually... Unfortunately, it's not using UDP because currently browsers do not support UDP intrinsically so, as I said, we don't want to download and install anything, so we have to use the capabilities that the browser provides. In this case, we are actually basing our remoting protocol on the WebSocket communication protocol, but what we do is we dramatically compress the data before we send it down to the client. So if you compare this to a standard RDP session, you will probably see something in the order of magnitude of an 80-90% bandwidth reduction, compared to regular RDP sessions.

I am switching over to the other tab. Here I have Word, but this time without the Start menu because in this case I just published that particular application, without anything else. So there is no desktop here, it's just that published application. And if you think about it, what's really cool about this is that I have effectively webified Word, in this case. I can click here, I can start typing... actually I see that they put Word Viewer instead of the actual Word so I can't start typing here, but if it was the real Word I could start typing. So if you think about Office 365, here I put the actual "real Office" inside the browser and effectively webified it.

So we were talking about Chromebooks before. Chromebook supports HTML5 obviously, because they are using the Chrome browser, so you can put Windows applications, Office applications or essentially any other Windows application on top of a Chromebook via this mechanism of remote access – and the same thing would, of course, work on an iPad, an Android tablet, a Mac, whatever.

Robert: Right. So one of the obvious advantages of going with this approach is, because it's browser-based it essentially means any device can use it; any device that supports HTML5 is going to be able to use this remote system. I think one of the questions I would have would be: we are a bit more conscious about security now. What guarantees do you have that a session is going to remain private? If someone is going to be accessing their desktop remotely, or even a server remotely, you're going to have to have some sort of encryption, some sort of guaranteed level of privacy.

Dan: Well of course, I mean look at it from this perspective; organizations are using online services and cloud-based services these days all the time, and you use for example, and the reason that that you are able to do that is because if you properly use the web it is indeed secure. For example, you have HTTPS and you can use certificates so data is encrypted over the wire.

In the case of AccessNow, it's the exact same thing; we're using the built-in security capabilities that browsers have. So that means that, for example, communication over the wire will be encrypted because we're using encrypted WebSockets, which work exactly like HTTPS. In fact, because you are running wholly within the browser, stuff doesn't actually get saved onto the local device because you literally cannot save out of the browser into the local device. The browser runs the pages within their own sandbox so they can't access the device, and stuff on the device is limited in its ability to access the content within the webpage.

You've also got things like cross-origin based security, so other websites are also unable to peek into what's going on within that session. Obviously, we've built a lot of security facilities into this solution as well, including a Secure Gateway service, proper authentication, and I mentioned certificates before... So you get all this good stuff to ensure that the session is really private.

I do want to mention one more benefit of using HTML5 in this way, and that's the fact that HTML was meant to be customized. Think about technologies like CSS and stuff like that; it really makes it easy for people to customize the way that their webpages look. We've done the same sort of thing with AccessNow. So, one of the advantages of AccessNow being HTML5 is that you can literally customize it to look the way that you want it to look.

Here we've done that for publishing SAP® Business One as a cloud-based service; I will log in here. For anybody who is familiar with the SAP color scheme and graphics, they will immediately recognize that that's exactly what we are using here. So here we have SAP Business One running – again, within the browser – so instead of waiting for SAP to release SAP Business One as a web-based application, you now have it instantly transformed into a web-based application, in a web page that's been customized – in this case, as I said, to the SAP color scheme, but it could be customized to any organizational color scheme, layout, whatever.

Robert: So Dan, let's break down some of the finer points here. It's actually very, very secure because it's not actually touching the client computer; it's staying entirely within the browser. Very customizable, does not need any proprietary download onto the client computer itself; as long as it's got a browser that supports HTML5, it's working just fine. Now I guess the big question for me would be: what's the licensing fee? Say someone is approaching you and looking at, say, deploying for a 10,000 seat network, which is what we always use in our test case, where they say we're going to need up to 300 licenses operating concurrently; what kind of deployment path do they have to look at?

Dan: I am the techie so I don't generally deal with licensing fees, but what I can say is that Ericom is very accommodating in this regard. As I recall, the license cost for concurrent users is slightly over $100 per concurrent session. If you are talking about larger bulk purchases, certainly if you're talking about 10,000 licenses, then you get certain bulk discounts, which can drive the price significantly down, but that would be the ballpark.

Robert: Fantastic. Let me open this back up to my cohosts quickly before we have to end the show. Curtis, this is one of those things that I could imagine being an easy sell to, say, a CTO. If I went to my CTO and I said, "I've got a remote access system that won't require any new hardware, will use our existing infrastructure, has negotiable licensing, and has a level of security because we won't be touching any of the hardware for BYOD or home devices," that sounds like something they would actually understand.

Curtis: I think they would absolutely understand it; those are all very compelling things. Now I think they will have other questions, like – and they get a very repetitive – what kind of difference will our users see when they use this; because even the smallest change is going to freak out some users. What kind of differences will our managers see? There are small questions, but I think when it comes to the major points, this ticks off a lot of the boxes on many enterprise must-have lists.

Robert: Brian, let me throw this over to you, because you have an even more interesting use case. In a university, when you are using this software to, say, share AutoCAD software, this becomes incredibly cost-efficient, right?

Brian: Oh, you bet! For small installations, what we are thinking about doing is for, say, 10 seats of AutoCAD Revit, which is not a cheap app. The chances of us using, on this project, more than 10 seats simultaneously is pretty much zero. So instead what we've decided to do is we're just putting 10 Intel NUCs on a rack shelf, and we're going to have an Ericom gateway to go into that and – because we are using the Blaze client, it's their [Ericom's] proprietary client – it can be RDP, it can turn off the compression and acceleration or use their accelerating compression... It allows them to get in.

We actually bring up a 3D building model, an eight-story building full of layers. Normally it would be a tough time, even on a local machine. We are able to spin that model and dive through it, almost as if we were sitting right next to the server, and it's way less complicated to install than an RDP gateway, and the initial cost for us is actually less than Citrix. Now obviously, if we're going to start talking about hundreds, thousands, tens of thousands of seats, we're probably go to a true VDI application; but because we only pay by the seat, we can grow this as our needs grow. The complexity and the amount of moving parts is dramatically less than what we tried to do with Citrix or with the traditional Microsoft RDP Gateway. And because the Blaze client is UDP and accelerated and compressed, it is dramatically faster than even our Citrix installed at the moment. And the security gateway that I am using, I'm actually putting it on an old... I think it's a Dell PowerEdge 750 that we are recycling, and it's running beautifully in the DMZ of my firewall.

Robert: Wow, fantastic. Well Dan, I think you've made a couple of converts here. We have a chat room running and... They were a little blasé at the beginning, and I quote, "Why do we want to know about this? This is just another remote system," but I think your technical expertise has won them over. Let me ask you one of the most basic general questions that we give to our guests here and that is: if somebody wanted to start looking at this as the solution for remote access in their network, what would you think their first step is? I think this is a companion question to: what's the biggest mistake? What is the thing that you want them to consider as they are choosing the remote application? Is it the types of applications that is going to run? Is it the type of infrastructure they use? Is it the type of users that they have? What's the most important piece of information to have?

Dan: Unfortunately, if you're looking at this at the enterprise level the answer would probably be all of the above, because you can't really ignore any one of these aspects that you've mentioned.

For example, you were talking about infrastructure; obviously if you are going to be doing remoting, then you may end up sending more data over your network. Likewise, you want to think about what your users are doing. As was mentioned before, users don't like it when things change, so you need to take that into account. Basically, I would say that you would need to really define what it is that you are trying to achieve; what your goals are. Are you doing this because you want to facilitate BYOD? Are you doing this because you want to reduce management costs? Are you doing this because you want to improve user experience? What are the driving factors? And you want to define criteria for success, so that you know if you have actually been able to achieve what you want to achieve or not. You want to do POCs.

What we at Ericom have tried to do is to make it as easy as possible to actually evaluate our software, so we give all our software with a 30-day free trial and, as Brian can attest, it's really easy to install, to deploy and to test. For example, that AccessNow system that I was showing, you can literally have it up and running on a server within five minutes; it's just next, next, next. It even installs a Web server as part of the AccessServer installation.

So, you want to think about what it is you want to achieve, you want to take all the factors into account, you want to do effective POCs and you want to be thinking about the future, about where it is that you want to be at – let's say, not just two years down the line but, maybe, five years down the line at the very least.

Robert: Dan Shappir, CTO of Ericom. Thank you so very much.

Folks, I am afraid you've reached the end of another episode of This Week in Enterprise Tech [01:08:10]


Go to Top