Let’s not focus on Microsoft365 security for a moment…Let’s focus on the user

When you think about End User Computing, the Modern Workplace, which companies would you relate that to? VMware with their Horizon/Workspace ONE proposition? Citrix, with XenApp and XenDesktop? Both companies even having their proposition coming out of the cloud (Azure and AWS). I bet many people would answer that question with yes, and not a lot of people would mention Microsoft and I cannot blame them. Some people might mention Microsoft’s O365.

Microsoft does have a Modern Workplace unit, which I am part of. Within that unit, there are specialties, like Windows 10, Office/collaboration, Identity & Information Protection, Thread Management and Voice. All of those components make up the Modern Workplace so I fully get that. However, Windows 10, Thread Management, Identity & Information Protection are very security focussed, and so is in general the Microsoft’s Modern Workplace approach.

In my (humble) opinion, Microsoft is not focussing enough on the “other side” of the balance: the end user and the end user experience. In my opinion regarding the Workplace, you need to balance IT/management/security with the end user (experience). IT/Security/Management is the cost side, the “boring (controlling the user, restrictions)” part. The end user side is the “sexy” side- giving users a smooth experience, multiple devices, being more productive etc.

I fully understand why Microsoft is taking the security approach though: their layered Identity, Apps, Data and Devices security approach. It is very solid! I truly like Azure AD’s Conditional Access possibilities- checking on the Identity, sign in risc, device compliance, trusted IP’s, countries etc and securing (granting with MFA or blocking access) applications based on those conditions. I also like Azure Information Protection for securing documents. However, when a customer is asking what’s in it for a user if going for Microsoft365…….I am afraid Microsoft is falling back to the security story again.

And that is unfortunate because the end user experience story with M365 is great! Windows 10 Auto Pilot, Azure AD join, Single Sign on to apps, automatic enrolment into Intune and getting your required apps, the Company Portal giving you optional/additional MSI apps, cloud storage with OneDrive, cross device experiences and device independencies are there!

In this post I would like to show you a couple of short videos showing the end user experience- from onboarding a device, to accessing apps, using a personal iPad, cross device having a meeting etc. It is my goal to show you Microsoft365 can be as “sexy” as other solutions from an end user perspective. That the onboarding of devices is easy, self service, smooth and personal. That M365 does offer great BYO possibilities with the Office apps and also being secure and that it can be very smooth regarding cross device workloads.

1. Windows Auto Pilot: a very quick and easy way of getting a user up and running. From unwrapping the new Windows device, turning it on and moving into Windows. Also with Multi Factor being setup in a very easy way as well:

2. From the moment the user is logged in, the machine is AAD joined, enrolled into Intune and receiving policies (and let’s be quiet about them for now : ) and apps. In this case, Office Pro Plus is being pushed by Intune and so is the Microsoft Company Portal (CC). The CC is giving users additional apps to install. Before everything is downloaded and installed in the background, the user can SSO into O365 and already be productive. Also, when starting the new Office desktop apps, all is very smooth as well- no user names, server names etc:

3. Now, I would like to show you what M365 can do in a BYO(iPad) scenario. Intune is able to control the Windows desktop- and mobile Office apps so users can have the same universal experience across devices- Office apps everywhere. In the next 2 videos it is about using the Office apps on a BYO device- with security measures like allowing copy/paste to the managed Office apps but not allowing it to native apps. Also, allowing company content being saved to the company’s OneDrive but not locally:



4. Working cross devices with, in this example, OneNote. In this case a user starts a meeting on an iPad, types meeting notes and moves, later on to a Windows 10 device, continuing in OneNote with Ink:

5. Lastly, a nice gadget which can make your life a bit easier: Continue on PC. Just a step back, Microsoft is a huge IOS and Android app maker. Search the Apple Store for example and see how many Microsoft apps are on there. One of the “cool” apps is to make it very easy to start reading the news, Twitter etc on your mobile device, and send that article, or link, to your Windows device. No more copying the link, emailing it and opening the article from your email:

I hope you have discovered the smooth, easy, quick onboarding and access to apps with M365. It is a great story and we should mention it more. Combined with the more talked about security story, M365 is a very solidModern Workplace proposition.

Project Enzo: The new, fast, scalable and hybrid workspace solution

Enzo banner

I have to admit, just the name made me curious already. But, after reading about Enzo, seeing the video’s and talking to colleagues, my curiosity went through the roof because everything about Enzo is bold!

Just a couple of statements;

  • From scratch, have the first desktop up and running in an hour,
  • From 1 to 2,000 desktops in 20 minutes,
  • Create 100 desktops in under a minute,
  • No more downtime for app, OS and infrastructure/system updates,
  • Desktops can be placed on premises, in the Cloud or both, and move them back and forth,
  • It will cost less than a cup of coffee…..

So, what is Project Enzo?

Enzo is a new way of building, delivering and managing virtual workspaces (apps and desktops) with a unified, single pane of glass management interface. Administrators can manage these workspaces on premises and in the Cloud, and move the apps and desktops between the 2.

Which components make Enzo?


The ground layer is “Enzo Ready Infrastructure”. The can be EVO:RAIL, EVO:RACK or other Hyper Converged Infrastructure appliance from VMware partners which are Enzo enabled. The intelligence that is responsible for the set up, orchestration and automation comes from VMware Smart Node technology. This will be a virtual appliance, pre configured, sitting on the appliances.

The second layer is the desktop layer. Because of new technologies like instant cloning (and I will write a blog about that soon) Enzo will be capable of getting desktops up and running in seconds. Not only cloning will go incredibly fast, but you most likely will save on vm’s because over provisioning of vm’s will be reduced. Just-in-Time desktop means vm’s will be created when users are demanding them. Nowadays, vm’s are provisioned up front most of the time. With “JIT” desktops, other solutions like App Volumes and VMware User Environment Manager come into play to deliver apps and personalize the desktop.

The 3rd layer is the management layer. It is called the Enzo Control Plane. This web-based portal will be delivered to customers as a cloud based service. It will be hosted on VMware’s vCloud Air platform. Via this portal you can set up your Enzo environment, deliver apps and desktops and monitor all components. And because of this hosted portal, you can connect your private environment to public cloud environments and move apps and desktops from 1 to the other.

A public beta will come out this summer. Visit http://www.vmwhorizonair.com/enzo. There you can register for Early Access and get more info on Project Enzo, watch a video and webinar about Enzo.

More info to come about this amazing project. Stay tuned

VMware Workstation and Fusion: I do appreciate both more now

When I received my invitation for VMworld Barcelona 2012 as booth staff, I noticed I was scheduled for the VMware Workstation 9 and Fusion 5 booth. I honestly have to say that wasn’t my first choice. In VMware I mostly cover VMware View, ThinApp and Horizon. I considered Workstation and Fusion to be more “consumer products” and not enterprise. How wrong was I!

I had the pleasure of talking to the Product Manager of VMware Workstation/Fusion, Jason Joel but also the pleasure of talking to many end users during VMworld. Four things I noticed during my conversations:

  • I noticed that still, there are people who don’t know Workstation/Fusion. Well, let me quickly introduce Workstation and Fusion: Both products are, what we call, a type 2 hypervisor.  So, you install both programs on top of an Operating System. You install Workstation on top of a Windows OS (for example Windows 7 and/or 8) and you install Fusion on top of Mac OSX (for example Mountain Lion). It is called a type 2 hypervisor because you install the programs on top of an OS and not on top of bare metal. Installing a hypervisor on top of bare metal is called a type 1 hypervisor. vSphere/ESX is an example of a type 1 hypervisor.

After installing Workstation/Fusion (and yes, you can install WS on Windows 8 and Fusion on Mountain Lion), you will be able to create virtual machines on top of your desktop/laptop. To give you an idea:

You can run Windows 8, 7, XP, Ubuntu, Server 2012, Hyper-V and vSphere/ESX inside Workstation. Also, you can run Windows 8, 7, XP, Ubuntu, Mountain Lion, Server 2012, Hyper-V, and vSphere/ESX inside Fusion.

To know more about Workstation, read here: http://www.vmware.com/products/workstation/overview.html

To know more about Fusion, read here: http://www.vmware.com/products/fusion/overview.html

  • The second thing I noticed is that a lot of people are running either one or both products privately. User who are using Workstation and/or Fusion on their private laptops, testing software, getting familiar with new Operating Systems, following courses and have to do tests. Although I expected this use case, I still was impress with the amount of people who are using these products this way
  • The use case in #2 also expanded to the enterprise: users using WS/Fusion on their corporate desktops/laptops for testing purposes. I do have to admit, I didn’t expect this use case with this amount of users. I know many customers giving developers/testers a View desktop besides their “normal” laptop.
  • Fourth, I do expect WS/Fusion to become way more “enterprise”, meaning, both products are very separate from the rest of VMware EUC now, but I do think it is coming together. During the EUC keynote with Steve Herrod and Vittorio Viarengo, VMware View and Mirage merged. So, what is the place for WS/Fusion? BYOD!  Today, you could install Fusion on a private BYO Mac, install a Windows OS, Mirage agent and the company can stream a corporate image to your Mac. Yep, cool, but still too manual to my liking. I would like to see a system where, via Mirage, an image is being streamed with WS/Fusion wrapped around it. Yes, like WS Ace Edition had with VMware Player in the old days : ). Maybe it even is an idea to make a Mirage Image available via PXE: turn on Fusion, PXE boot and get the initial image. Another option is to manually install WS/Fusion, and IT sends you a link to a streamlined Windows package with the Mirage agent. Click, download, open and run it. Maybe thinking out of the box, maybe there are tools like Apple Remote Desktop to push Fusion and then the VM.

After spending a week with the VMware team and partners/customers I have the feeling WS/Fusion is a bit under estimated, under valued maybe not recognized although it won many awards. Both products aren’t just for people at home. It also is for the enterprise. I agree, both need more features around policies like expiration dates, policies around physical and virtual networks etc. Work to be done, yes. Know that WS/Fusion are evolving, are great products and can be used in the enterprise. Do read about the features like “restricted VM’s”.  Also, do understand both products are great test environments for View and vSphere.An example is the video driver. In all products this driver is the same and has been tested in WS/Fusion first before it comes into View/vSphere.

Lastly, do check out WSX. WSX makes it possible to remotely connect to your hypervisor/VM and show a VM’s content to, for example a tablet. Read more about it here.

I became to appreciate WS/Fusion a lot more after talking to Product Management, customers and partners. It is a great and mature products which will integrate with more products.

View? No thanks, I’ll just use Appblast

The title of this article was one of the statements I heard last week. I also heard another interesting statements: “why use View? I will wait for Horizon”.

Back in February 2012, I published an article about VMware’s End User Computing vision and journey. In my opinion, that vision/journey hasn’t changed and still applies with the recent announcements at VMworld 2012. However, I have the feeling that the vision/journey need to be explained once again and maybe even more often, so people understand the vision and where EUC products fit in that vision/journey.

In a nutshell, VMware’s EUC vision starts with the future platform: The Horizon Suite- The Platform for the Mobile Workforce … applications, data and users in the post-PC era. Be aware that this Suite, or platform, contains multiple products/techniques, which are integrated with each other: View, ThinApp, Horizon Data, Horizon Mobile, Appblast and Horizon App Manager.

I have the idea that some people think they will be able to pick 1 product/technique and standardize on that: “All people will use Appblast for everything. There won’t be any need for VDI anymore”, as an example. That’s not true or even possible in today’s world. There isn’t 1 ultimate vehicle/technique to bring apps and data to any device in a secure and efficient way. A user’s workspace will deliver that user applications and data to any of his/her devices. Different products/techniques will be used to do so, to give that user the best experience to do his/her work on the device of that moment.

VMware calls it the Post-PC era but don’t think the PC, aka Windows is going away soon. Again, Windows won’t be as dominant as before anymore in the enterprise. The desktop (physical and/or virtual) won’t be the only place where users do their work. More devices, different platforms, less OS-dependent apps, but Windows will be there for a long time. That’s the reason for step #1: Optimize. That’s also the reason VMware keeps improving VMware View and introduce cool features like AppShift. Again, although Windows will not be as dominant, it still will be part of an enterprise user’s workspace environment

Now the journey: how do you get to that Post-PC era platform? VMware defined a 3-step journey:

  1. Optimize what you have,
  2. Embrace your/the Cloud,
  3. Escape to your/the Cloud

In my opinion, it doesn’t make sense to skip a step. You cannot “Embrace your/the Cloud until you have “Optimize what you have”. In other words, it doesn’t make sense to get Horizon (Suite and/or App Manager) before you use ThinApp and View. Technically, you could though. You could use Horizon App Manager for SaaS apps, you could use Horizon Data with the Horizon Suite with physical desktops. But, why wouldn’t you “Optimize what you have” first, virtualize applications, virtualize desktops, separate data and apps from physical desktops. Remove silos. Get savings out of that and become more efficient, more agile at the same moment. Then, invest those savings in more Cloud based apps: Saas or web service apps. Use a services broker like Horizon App manager. Distribute ThinApps via Horizon as well. Create a workspace where all techniques come together. Move to the your EUC cloud step-by-step.

VMware Horizon Suite; it’s all coming together- overview

Day 2 of VMworld 2012 in San Francisco. VMware’s CTO Steve Herrod and Vice Preseident Marketing End User Computing Vittorio Viarengo are on stage. They talk about and show the Horizon Suite: an integrated platform for the mobile workforce where they can access their apps and data from any device, any time, anywhere. To review the keynote, click here

Déjà vu! Didn’t you hear that last year as well? So, what is the big news? To me, that is 1 word and what that word is supposed to represent: Suite! To me a suite is a bundle of products, which are all integrated. Last year, VMware showed a bunch of cool products (well, more projects). They were more or less point solutions. With the Horizon Suite, all these point solutions are coming together as 1 integrated platform, and that is a big thing!

During the keynote, specific products were shown and discussed like VMware Mirage and IOS capabilities within Horizon Mobile. I will not discuss these details now because I would like to give you an overview first.

The Horizon Suite, currently is alpha code. During the keynote, Steve Herrod mentioned Horizon Suite will go beta at the end of 2012. That’s quite quick!

So, Horizon Suite is a bundle of products but which ones? The keynote and video mentions the following products:

  • Horizon App Manager: the universal services broker
  • VMware View: VMware’s VDI solution
  • VMware ThinApp: VMware’s application virtualization product
  • Project Appblast: HTML5 remoting of desktops and applications
  • Horizon Data, aka project Octopus: the follow me data solution or as mentioned before, Dropbox for the enterprise
  • Horizon Mobile: VMware’s solution to make BYO mobile devices possible and secure.

So, can you imagine, 1 place, where you can access your data, desktop(s) and apps. One place which is your starting point, every day, your follow me workspace?! Accessible via a browser or native app. Check out the Horizon Suite video on Youtube to get an idea.

Horizon Suite short demo VMworld 2012

We just have seen Horizon Suite from a user perspective in the video. Now, think about the admin side. IT now can deliver IOS, Windows, ThinApps, SaaS and Android apps via 1 central managed way, and add policies to them. Well, apply policies to a user to be more specific. The user is the central figure. Policies should apply on him/her and the device that person is using.

To conclude this article, I believe Horizon Suite is a major step in the right direction and is a huge deal. It isn’t easy to integrate all those products but it is a must do. Yes, just like you I still have very specific questions around the integration of products, like, will I be able to save files to Horizon Data when I working via an app which I access through Appblast technology. When I access my workspace via a Mac, will I still see ThinApp apps or will they be removed because intelligence is build in. Time will tell and I’m very confident.

“Links” section update Bright-Streams

Today I updated the “links” section on Bright-Streams. Products has been added to the VMware End User Computing portfolio over the last years. I added links to these product/technical resource/blog pages.

I also would like to mention the new whychooseview.com website, VMware launched recently. Videos, blog posts (also 3rd party) and other content is available there. Do check it out.

The updated links cover the following products:

  • VMware Corporation
  • VMware End User Computing
  • VMware View
  • VMware ThinApp
  • Zimbra
  • VMware Horizon App Manager
  • VMware Mirage
  • VMware Socialcast
  • Horizon Mobile

VMware Zimbra: cloud messaging & collaboration overview

When you think about VMware End User Computing, most people will think of VMware View and ThinApp. That’s great but there is more…. Zimbra!

I noticed that I didn’t write anything about Zimbra so far. Strange, because the fact is, I’m using Zimbra every day, on all my devices and I can say I’m both a happy user and Zimbra admin (although there isn’t much to admin, it really just works).

In this article I want to give you an overview of Zimbra, get you introduced to Zimbra

In January 2010 VMware acquired Zimbra. At that time, Zimbra was part of Yahoo! Yahoo! Mail and Calendar is based on Zimbra technology.  In 2010 Zimbra has 55 million paid mailboxes and 150,000 customers worldwide: Comcast, NTT Communications and University of Pennsylvania to name a few.

VMware CTO Steve Herrod wrote a great blog why VMware acquired Zimbra. Basically, there were 2 reasons:

  1. It is VMware’s mission to simplify IT and removing complexity. With Zimbra, VMware believes it can simplify one of the core services that IT provides to end users: email and collaboration. Zimbra can be downloaded as a virtual appliance. Setup and configuration is very simple and straightforward. Besides that, it is intended for small and large organizations, so, it is very scalable in an easy way. Also, as a customer you have an option how to use Zimbra: on-prem or from the Cloud. Zimbra has proven to be a great Cloud based email and collaboration platform.
  2. The second reason is the vCloud initiative.  An initiative to develop an ecosystem of telecom, hosting and service providers that offer cloud based solutions based on VMware technology. With Zimbra, service providers now can offer email/calendaring/collaboration as a service.

In January 2010, version 6 just shipped. Today, August 2012, Zimbra 8 is in beta. New features in v8 will be the integration of Zimbra with Mitel and Cisco UC solutions: call someone straight from your email client to name an example. Also, the UI looks amazing. Very clean!

The interface is one of the strong points though. On my desktop, laptop and mobile devices I always have the same interface. It doesn’t matter if I use the web interface or the Zimbra Desktop Client. Of course you also could use the native email clients on your IOS/Android device. There even is a Zimbra Client for Android (http://bright-streams.com/?p=348)

Another great feature are Zimlets. Zimlets add functionality to Zimbra and create integration between Zimbra and other tools/applications. For example, I do have a Google Translate Zimlet installed (it sits on the backend, on the Zimbra server).

After activating the Zimlet, a Google Translate button appears in the menu bar. When I receive an email, and it is in a language I don’t understand, I simply click on the Translate button and can chose to which language I want that email to be translated. Other examples are: Salesforce and Webex zimlets.

Zimbra has too many features to discuss during this overview. I do want to mention thought, that Zimbra can be added as a service to Horizon Application Manager. That way, users can access their email and collaboration platform via their Horizon based workspace.

With this article, I just wanted to give you a brief overview on Zimbra. It is a serious email and collaboration platform and for sure worth taking into consideration. Below I will add additional information so you can continue getting to know Zimbra.


The Post-BlackBerry Era

A great article has been posted on the VMware CTO Office’s blog site by VMware’s Srinivas Krishnamurti.


Personally I still think Horizon Mobile is the way to go for mobile devices. Yes, Mobile Device Management tools could help enterprises a lot but is that the way to go? Would you allow enterprise management tools on your own personal mobile device? Even if you use that device for your work related activities?

Personally, I wouldn’t accept that. However, a corporate phone, pushed on top of my own phone as a virtual machine..yes…I could deal with that. Assuming my employer doesn’t have access to the “personal side” of my phone..my phone, my Facebook ( oh wait, I don’t use FB), my Twitter, my private email, Google+ etc. With Horizon Mobile, that’s the case.

Again, (people keep asking this), will Horizon Mobile move to iPhone, iPad and other Tablets? I really can’t tell. My wish: yes..now. please. In fact, I would prefer Horizon Mobile to become available on tablets more than on phones… but that’s a very personal opinion.

Before I forget this (and I have had several discussions about this before) I see Horizon Mobile as a great solution to separate work and private activities on one single device. I’m not discussing mobile devices as an access point to access Virtual Machines and push corporate apps etc…That’s a whole different story.