For years we’ve been promised that the era of the PC was coming to an end. If we take Apple’s marketing and their media fanboys seriously, we’re allegedly in a post-PC era. While I might disagree with that statement (so much of iDevice management requires a PC or a Mac), I will agree that we are in yet another period of change. The question is: What will be the result of this change?
In this opinion article, I want to take a look at what is happening, and maybe even have a look at what’s coming (and already arrived) for the enterprise PC. And maybe you can use some of the contained information to give you some context when the expected “2014 will be the year of the consumerization of IT” predictions start being posted by the various outlets at the end of December.
If you look at the PCs since the birth of the PC, you’ll see that there hasn’t been all that much change. Hardware capabilities and shape changed, but little else. Where we did see change was in the operating system. DOS and OS/2 were replaced by Windows. Windows consolidated into Dave Culter’s NT family tree with Windows XP. Computing became easier for your grandmother and the enterprise. XP became Vista (and maybe this is where the problems started), Vista became the superb Windows 7, and then we got Windows 8 and 8.1.
(Image via Old Computers)
Windows changed how the home user, the business user, and the sysadmin worked. Things got easier for the end user with a point-and-click interface. Admins had the ability to deploy standardized images and the ability to push out software and updates. We also had the ability to lock down the user experience and security systems just like was done in the mainframe world. The first commandment in the Aidan Finn IT bible is “Users are stupid” (honestly!), so we need to lock those suckers down hard to stop them from harming themselves or the company. It turns out that users didn’t like this!
Evolution happens all around us, in nature and in industry. Sometimes it is slow and in rare occasions it is quick. Some efforts make no sense and die off. Others lead to specializations for a particular environment. And on rare occasions, a change becomes the norm. We didn’t always have the PC – it replaced the mainframe and green screen terminals. It therefore makes sense that other innovations would try to supplant the PC.
At heart, I think we in IT are all have a little BOFH (Bastard Operator From Hell) in us, and we want to return back to the megalomaniac days of the mainframe. I think it was in 1997 that I attended training on Citrix WinFrame (which went on to become MetaFrame, and eventually XenApp). Citrix offered us the Promised Land: We could fool users into thinking that they had classic Windows, but they were actually working in the land of server-based computing. Only there were problems. Citrix and Microsoft did lots to make the solution work, but for the majority of companies, Remote Desktop Services (and partner add-ons) were a part of the solution, and lo, the PC prevailed.
In 2003, every Microsoft-bashing journalist had his or her time in the sun. The German city of Munich made a big deal about switching from Microsoft software to Linux. As it turned out, they still needed Microsoft Office and Windows virtual machines to run it on, so the entire deal cost them more money. Many people still talk about OpenOffice on Linux as an alternative PC, but Windows still reigns because of the lower total cost of ownership – the price of acquisition is just a small portion of the actual cost. Linux desktops still probably have around only 1 percent of market share (with the usual 1 percent error of margin).
And then every analyst from Gartner to your neighborhood blogger started to proclaim that “<insert next year> is the year of VDI.” Virtual desktop infrastructure blended server-based computing with server virtualization. Just about every CIO on the planet was calling in consultants to ask about this. But as it turned out, VDI was more expensive that the desktop and required more management systems, not less. Once again, it was a niche solution, with Microsoft offering that the desktop was best general option, then RDS, then VDI (which I agree with). Larger enterprises might have all three models, with the PC still reigning supreme. There are exceptions, but they are just that – exceptions.
The Change That Mattered
Apple’s iTunes has a lot to answer for. The shape of the PC had remained relatively unchanged for 15 or so years since the laptop stopped being referred to as “luggable.” One could even argue that this was just a different shape of machine and that the PC hadn’t changed much in a quarter century. But along came Apple with its iPhone, iPad, and iTunes, making end user computing easy – and all without IT being involved.
(Image via Apple Insider)
I once was involved in spinning off a finance company from a classic huge German bank. Our helpdesk offered an SLA of four hours’ response on low priority calls, which stunned our German colleagues. They told horror stories of waiting six weeks for basic software to be installed on a PC. But even today, four hours seems like a long time. Nearly everyone has learned that if they need an app, they can open up an app store, search, find, and install the app right there and then. If business users require changes to do a job, wouldn’t they be better off by working on a device that they own rather than waiting on Helpdesk to process their call in a stack ranked queue?
Forget the IT view in which we have lots of work to do, processes to follow, regulations to comply with, and security to maintain. Even the CEOs who demand all that of us don’t consider those factors. You know what I mean: They were the ones who wanted a Blackberry first. They insisted on having a Macbook Air. They demanded that you support their tablet. The business needs something to compete/operate and it’s our jobs in IT to provide a service. We need to evolve.
But with all the previous technologies that were supposed to end the era of the PC, will this next one really force a change at all?
Consumerization of IT
Otherwise known as bring-your-own-device (BYOD), this is an admin’s nightmare. Imagine a world where we control nothing. The horror! Actually, the user wants ownership and control, but that doesn’t mean that we in IT need to abandon our responsibilities (more on that later).
The concept of BYOD is that users will be able, maybe even encouraged, to purchase their own device and use it for work. They get the device they want and the flexibility to modify it as business needs change. Companies like Citrix employ this policy, even providing a budget for the device as long as it is a business-quality machine with extended support. The user gets a device that they want to use with local admin rights, and they can use and modify it as they see fit.
There are two challenges for IT to enable BYOD.
- Supplying access applications: Are applications installed or remotely accessed?
- Data: The users need to be able to access the business’s data to be able to work. But now they’re doing it from personal devices?
The answers up to now have been:
- Mobile Device Management (MDM): Yet another point solution to be deployed on premise in the era of cloud computing, this time for noncorporate devices. How do users enroll their personal machines for management? Is there another user name and password?
- Security Model: This is the nasty one. Can the user download data? Can we securely wipe the device? Where on the network does the device live? What about encryption? How do they authenticate and get authorization?
There have been many (I’m being polite here) interim solutions to enable BYOD in the enterprise. MDM products have been popping up overnight like mushrooms. Some of those products have been acquired by large players such as Citrix. Some offerings promise the sun and stars, but give only a disappointing ISON.
On the app side, the offering has been a 1990s solution: use something like RDS or Citrix XenApp. I’m sorry, but as nerdy-cool as a remote desktop client on an iPad might be, it’s a pretty awful experience when you need to use a keyboard/mouse to interact with the app.
This might all sound irrelevant to you. Most companies have a policy to ban personal devices on the network. However, it appears that whether you’re allowing it or not, most companies have personal devices on the network. Just as with cloud computing, it’s time for IT to evolve, adapt, and embrace – or face extinction.
Developers and Windows Server admins rejoice! Microsoft have given us a vision of a complete solution in Windows Server 2012 R2.
The Microsoft Vision
As I like to remind folks, you don’t have to like the entire menu to enjoy a restaurant. While I might criticize Microsoft for certain things, I think it employs amazing innovators that can produce fantastic business solutions within a bigger vision. I think Microsoft has accomplished this again with Windows Server 2012 R2 (WS2012 R2).
Microsoft has been championing the “enabling the user” cause since System Center 2012, when it introduced a company manage app store for enterprise PCs in System Center 2012 Configuration Manager. I loved showing that feature to customers: Imagine an app store that IT manages and enables end users to get what they need (sometimes subject to license approval), when they need it. And the bigger System Center solution even included processes to enable budget owners (not necessarily IT) to have that approval for subject-to-license software such as Adobe Photoshop. That was the start of a vision.
Hyper-V, cloud computing, storage, and networking get all the marketing noise in Windows Server. But Microsoft’s vision includes several pillars, and when you look at them, you’ll see that enabling the modern end user is critical. For several years, Microsoft has warned us about the next generation of employees, known as Millennials, and how they don’t work like we do. These Millennials have learned how to acquire and process information in an uncontrolled fashion on personally owned laptops, tablets, and phones. They don’t use email; they IM or post on social networks. They don’t know how to work in the constrained environment that we’ve grown up with. This is why a key piece of Windows Server is enabling mobile and modern end users.
I’m not going to get into great detail here, but I’d like to share the vision. There are several pieces to the solution from Microsoft.
- Device Registration: We’re used to domain join, but Microsoft now offers Workplace Join. This can be done in Settings on Windows 8.1 or via a web portal on other devices including iOS and Android. It doesn’t offer the deep management of a domain join, but Workplace Join does download a certificate to identify a user on a device. This can be used to authorize and authenticate or authorize a device/user against Active Directory where a device registration object is created. Note that all the user needs is a URL (supplied by IT), and their domain username and password.
- Web Application Proxy (WAP): The WAP (not Windows Azure Pack) is a new remote access service that allows devices/users to securely access corporate resources from an external or edge network. Maybe there is a BYOD wireless network, or maybe the user is roaming on the Internet. The WAP might allow roaming users to enroll their device, or provide access to on-premise web apps. All the user needs is a URL, and their domain username and password.
- Work Folders: End users can synchronize their own folder from a file server across their personal devices. Think of this as a SkyDrive that is powered by an on-premise file server, giving you control and compliance that you might not get from a public cloud. You can selectively wipe this content from a user’s devices.
- Windows Intune: Intune is Microsoft’s MDM solution, as well as being a great product for managing branch offices. Once again using the user’s domain username and password, the end user can enrol their device (all the major OSs) for management. This allows them to get access to antivirus (for Windows), and IT supplied apps via a private app store. This isn’t another point solution for IT; Intune integrates deeply into System Center 2012 R2 Configuration Manager so that IT has a single console for corporate and BYO devices.
The Microsoft vision of BYOD in Windows Server 2012 R2.
You’ll notice that this is a single sign-on vision – the last thing we need is more usernames and passwords that require resets every Monday morning. Active Directory Federation Services (AD FS) in conjunction with a PKI infrastructure enables this.
For security, we have features including:
- SSL: X.509 certificates are mature and trusted, and are a central piece to the security model.
- Active Directory: A trusted and mature platform based on Kerberos for authentication and authorization, capable of being synchronized to Windows Azure Active Directory for hybrid cloud implementations.
- Selective Wipe: Imagine this: A user leaves with personal data on their laptop. You remotely wipe that device, along with their only copy of their family photos and financial records – now, there’s a lawsuit you’ll lose. Microsoft offers a selective wipe where you make synchronized data unavailable to the end users without damaging their personal files.
The Microsoft vision is that we move away from classically installed programs and towards the app-driven model with backend web services. Apps are easily deployed via app stores, such as Windows Intune, and web services are nothing new to developers. Data never really downloads to the device; results are displayed in the app. I think IT security and compliance officers should like that.
Whether you stick with corporate-owned PCs or embrace a new BYOD model, the days of domain membership might be coming to an end. Do I know this for certain? No. Do I think the Microsoft offering is complete? Probably not. But this is an impressive version 1.0 and as we know (Hyper-V, for example) Microsoft has a habit of nailing it with version 3.0. And no one else has yet offered such a complete vision that accounts for the needs of the user and of the business.