A recent global event has demonstrated how vital it is to maintain a reliable IT infrastructure. This is including its access points such as endpoint devices, as it is the backbone of many essential services. While the event may seem like an isolated incident, commentators have already stated that it’s no longer if, but when, an event like these PC outages will happen again.
Be prepared
While some managed service providers (MSPs) may argue that access devices are the customer’s responsibility, if the user cannot get to a machine that gives them the access, it’s a disaster.
An MSP can help customers to ensure connectivity in various ways. Virtual desktops are a proven mechanism for ensuring end-users can have a reliable access point. Any remote device—whether Windows, Linux, Chrome, MacOS, or others—can then access such a desktop.
Now – those amongst you who have been following will have noticed something that looks like a couple of major errors:
- Why wouldn’t images get corrupted in the same way as the desktop itself? Well, it would, if automated updates are enabled – which would be advisable in most instances. However, should the images be corrupted, reverting to a known, working image is pretty simple as everything is centrally controlled. Any failed update can be rolled back – and the image remains working for the user.
- But – I have already said that the primary means of access would be Windows: the client will still be corrupted! Ah – almost had me there. You can place a basic Linux distro on a bootable USB thumb drive. An MSP could provide such a device. It boots up and presents the user with a login screen to the remote desktop. Even those with a PC that is looping in the Windows BSOD can then boot into the Linux environment in a controlled and easy-to-use manner.
Challenges with USB port restrictions and boot hierarchy
There are still issues, though: many organizations operate on the basis of disabling USB ports to prevent users from introducing viruses and trojans from personal USB devices. Most of these restrictions are, however, Windows-based, blocking the USB port via Group Policy or registry modifications. As such, booting from the USB port will bypass such restrictions. The more common problem is that organizations default to a boot hierarchy: hard disk, followed by other methods (USB, CD, whatever). This is harder to bypass because the BIOS holds it.
Assess the risks
MSPs can work with their customers to assess the perceived risks of another outage against the risks of having users boot up from a rogue USB device. In most cases, users will not turn on their device with a USB drive in place. Additionally, boot-time antivirus tools can often prevent malicious code from activating during the boot process.
If an organization believes that the cost of another major access device failure outweighs the risk of a single device booting from a non-authorized USB device, the MSP can collaborate with the customer’s IT department. Together, they can implement a manageable and secure method for booting from USB devices to provide the necessary access to remote desktops.
The MSP needs to maintain the USBs at a suitable level. However, since these devices serve a single function—providing access to the remote desktop fully managed by the MSP—this task is likely to be low-impact and low-cost. The MSP can host the image on its own site and inform customers that a new image is available. Customers should then download the image to their own USB drives.
Maintain business continuity
The idea here is not to necessarily bring all users back up and running when there is a PC outage. Although moving customers over to remote desktops can be a good revenue stream for MSPs and can provide better user management for customers, having a few thousand users ready to boot from USB devices is probably not a good idea. The approach should be to ensure that key workers in the areas that are strictly necessary for an organization to maintain a level of business continuity have such a capability to access their systems.
When a similar outage situation takes place in the future, MSPs should be looking at what this offers as opportunities for themselves, although in this case, it may first appear that client-side issues are not as easy to deal with as MSP platform-side ones, where there is a need, there will generally be some form of a viable solution.
Photo: Cagkan Sayin / Shutterstock
