Modern workplace management with Enterprise Mobility + Security- part 1

How to do (modern) workplace management is a continuous question which keeps me busy. It is a great topic to think about and to try to figure out how you can make workplace management easier and give the user a better experience.

New technologies arrive, old ones disappear, new insights, new use cases, new devices, new cloud services etc. The “workplace” is evolving and it should, but that means you need to evolve with it to support the change. Trying to put the new world inside the old management framework, isn’t the right thing to do. Users will be unhappy because you can’t provide them with features they have at home. I’m fully aware that stepping out of the known management framework isn’t easy. It requires change of mindset and that’s always uncomfortable. So, let’s be open minded together and see if new possibilities can work in your organization. This post, for sure, isn’t meant to tell you this is the only right way of doing things. I’m prejudiced, of course, because I do work for Microsoft, but I also like this topic.

One thing I have learned though, is that there isn’t a 1 size fits all solution. I wish, but the fact is, in a lot of organizations, there are some (small groups) which require something special. However, don’t let those specials be leading in the decisions you make around workplace management. Treat them as an exception.

So, let’s define a workplace because you can make that definition a lot bigger when you include the actual office space for example, or the area at home where you work. That I won’t touch, although, it is a very part of the workplace. In my definition, the workplace consists of:

  1. Identity,
  2. Client apps and cloud services,
  3. Content/data,
  4. Devices,

The order above isn’t randomly chosen by me. In my opinion identity is the most important part of the workplace today followed by client apps/cloud services and data. To me, numbers 2 and 3 are equal. The devices however don’t have the same importance to me anymore what it used to have in terms of management. To manage and secure modern workplace, you need layers of control. With layers, think about Azure Active Directory, conditional access, Identity Protection, Mobile Application Management, Mobile Device Management, rights management and access management on data, data labeling and classification etc. I know I’m prejudiced but I believe Microsoft Enterprise Mobility + Security platform is the integrated platform to realize this modern management by providing you the layers of controls for management, security and also gives a great end user experience.

Next, Modern workplace management with Enterprise Mobility + Security- part 2

Windows 10 Creators update: Office Mobile App Management happiness!

In my previous post, I discussed one of the great possibilities in Intune: managing the mobile Microsoft Office apps on Android and IOS. I truly like this feature and immediately I was thinking; what if….what if this would be possible on Windows 10 as well?! What I totally missed was an official blog post from Microsoft discussing the Windows 10 Creators update. Among many cool updates, there will be a great new feature: Mobile App Management for the Office apps on Windows 10. All the features I discussed i the previous post for IOS and Android will apply for Windows 10 as well. You won’t need to enroll your personal Windows machine anymore to access corporate resources/data in a secure way. The MAM policies will give you a great experience, setting up the apps and accessing emails and data and providing security for corporate data. Do check out the clip.

 

The Post-BlackBerry Era

A great article has been posted on the VMware CTO Office’s blog site by VMware’s Srinivas Krishnamurti.

http://cto.vmware.com/the-post-blackberry-era/

Personally I still think Horizon Mobile is the way to go for mobile devices. Yes, Mobile Device Management tools could help enterprises a lot but is that the way to go? Would you allow enterprise management tools on your own personal mobile device? Even if you use that device for your work related activities?

Personally, I wouldn’t accept that. However, a corporate phone, pushed on top of my own phone as a virtual machine..yes…I could deal with that. Assuming my employer doesn’t have access to the “personal side” of my phone..my phone, my Facebook ( oh wait, I don’t use FB), my Twitter, my private email, Google+ etc. With Horizon Mobile, that’s the case.

Again, (people keep asking this), will Horizon Mobile move to iPhone, iPad and other Tablets? I really can’t tell. My wish: yes..now. please. In fact, I would prefer Horizon Mobile to become available on tablets more than on phones… but that’s a very personal opinion.

Before I forget this (and I have had several discussions about this before) I see Horizon Mobile as a great solution to separate work and private activities on one single device. I’m not discussing mobile devices as an access point to access Virtual Machines and push corporate apps etc…That’s a whole different story.

 

 

Fling; VMware Zimbra for Android

VMware Zimbra for Android (VZA) has been around for a while but it’s not known that well.  It is an email client for Android devices which supports Zimbra backends. At this moment the VZA is a “fling”; a client to test drive, officially not supported.

I have been using the VZA for a while now and I can say it’s a decent client. I find it easy to install and use. It gives me my work email, calendar, tasks and Briefcase. I have my corporate email and files available in 1 app. On top of that, I run the VZA on my Samsung Galaxy SII  and Galaxy Tab 10.1.

The VZA runs on Android 2.1 and above and the current version is 1.28. The app does require an ActiveSync enabled email client on your Android device (on most devices that’s the case). Also, because the VZA is available outside the Android Marketplace, you will need to enable your device to install applications from “unknown sources”.

You can download the client on http://labs.vmware.com/flings/vza More information is available on that site like comments and a video.

If your email environment is Zimbra and you have an Android device, go ahead, download the app and test it.

Cloud based data solutions- Are they forgetting about VDI?

If you follow VMware’s End User Computing strategy/vision, you probably have read that a computer consists of building blocks; Hardware, Operating System, Applications, Data/Settings. Traditionally these layers are tied together and it is very smart to untie them by using virtualization.

Nothing new so far. it is smart to decouple layers. You will be able to manage each piece separately. Users will be more flexible; Any time, any device, anywhere users will be able to get access to apps, settings and data.

So, let’s focus on data for a sec.

We know and understand you shouldn’t lock data in a PC. It’s a bad thing to do. You need to be behind that PC to be able to access that data. So, it’s common to redirect data to a file share inside the company. Now you can access it from any PC inside your company (Folder redirection and Roaming Profiles are mostly used together so that’s my assumption; Folder Redirection and Roaming Profiles/Persona Management are in place).

The limitation with Folder Redirection is that you can’t access it from any device, access it easily from outside your company nor share it easily. The solution for that; Dropbox, Box.net, Mozy Stash and Project Octopus, to name a few. It has to be mentioned; Mozy Stash and Project Octopus are beta/alpha products, not generally available. If you would like to know more about the differences and benefits between Stash/Octopus and Dropbox, click here.

What’s the beauty of the mentioned products? Your data is located in the “Cloud”, and “Cloud” can be on or off premise. Data is residing on a platform which is accessible. All you need to have are Clients on your devices, configured to access your account and your data. Go to the Dropbox or Mozy website and you will be able to get Clients for Mac, Windows, iPad, iPhone and Android (and maybe even other platforms). Great!! You can access your data from all of your devices. Exactly what we all want!

But…what about VDI environments…and let me stick to what I know best..VMware View environments? What about it?, you might ask. Just install, for example Dropbox for Windows and a user is good to go. I noticed a tiny little issue and I wanted to see if it is just me seeing this as an issue. I’m curious about your thoughts.

I do believe the most efficient and user centric way of computing is to use Linked Clone Floating pools with a delete/refresh after first use. All users will get a clean VM, the VM won’t grow much and will revert to its original size. Via ThinApp users will get their apps and Persona Management/Roaming Profiles will give the user’s look and feel. With traditional Folder Redirection, every time you logon to a new VM, you will be able to access your data from a share. I truly like this mechanism and encourage everyone to aim for this method.

So, no Folder Redirection but let’s use Dropbox in stead. I should install Dropbox in my golden image/my parent VM. Then deploy a pool from that parent and everyone should have Dropbox. Configure it and data should be available to that user. Your configuration should be saved in a part of your profile that roams, like AppData\Roaming. Persona Management/Roaming Profiles will save this setting and it will be there on every VM, so you only configure it 1 time. To go easy on the size of your profile, the Dropbox folder will be redirected to a share (default installation is user\My Documents\Dropbox).

Well, I really thought this would make sense but no! The case with Dropbox is that is gets installed in the user’s profile. It’s a per user installation (and to me, also very much per device, so per user-per device). Install it in your golden image and your users won’t even see Dropbox being installed.

I expect other products to have similar issues (I know some do). Either the installation is in someone’s profile or the configuration is device dependent (either saves under AppData\Local or under HKLM, result; not roaming). You don’t want to configure your Data repository every time you logon to a new VM, I assume.

I can access my data from an iPad and iPhone but I can’t access it from my main work environment, a VM. Maybe I’m missing something here and is something totally different coming, solving this issue completely or making it irrelevant. If it isn’t, then I truly hope “they” won’t forget VDI solutions.

Do I eat my own dog food?

Customers and partners do ask me what I use on a daily base. Do I use ThinApp, Socialcast, Sliderocket, View etc etc? In other words, do I eat our own dog food?

Well, first of all, the base. My laptop is a personal Mac Book Pro. For the geeks (just like myself); a 2.66Ghz Core i7, 8GB Ram and a 256GB SSD and Snow Leopard. Yeah baby, I love my MBP. It’s quick!

On top of Snow Leopard I have installed VMware Fusion 4. I installed Windows 7 Enterprise inside Fusion. This VM is my VMware Workspace. So my VMware Workspace is completely separated from my personal Mac environment. This way you can apply the “Bring Your Own Device” concept securely.

I don’t have a corporate vDesktop yet. Basically the only reason is I’m offline too much of the time and the current View Client for Mac doesn’t support Local Mode. I do have a vDesktop on our European demo environment though. I can connect to it from my personal Mac side with the Mac View Client and from inside my Windows VM with the Windows View Client.

So, what am I using inside my VM? Of course email. My email resides on a Zimbra backend and I either use Google Chrome (my default browser) or the Zimbra Desktop Client Application to connect to Zimbra. Because there is hardly no difference between the browser and application way of connecting, I use Chrome to connect to Zimbra basically all the time. I can use my email independent of an OS and App and have the same experience every time by using a browser.

For my presentations I do use Sliderocket. I converted my most important PPT’s into Sliderocket and threw away all my presentations. All new presentation I create from scratch in Sliderocket.  Give yourself a bit of time with creating presentations and converting PPT’s. Not everything will go smoothly from the start but I love Sliderocket now. I’m still not a guru but I wasn’t a guru with Powerpoint either. I tried to create a small story here. Just in case I don’t have a connection, I have cached all my presentations into my Sliderocket Player application. You can download it for Windows, Mac and iPad.

Everyday I also use VMware App Manager. Via App Manager I can easily connect to several SaaS applications VMware provides me, like for example VMware Socialcast.  I intensely use Socialcast to collaborate with my colleagues. You can read about my Socialcast experience here. To connect to Socialcast I do use a browser but I have to say the Socialcast App is looking pretty good.

For my data I use Mozy Stash. Stash is in beta at this moment. This new technology keeps my data synced across all my devices. You can compare it with Dropbox. I will elaborate on Stash soon.

Lastly, I use a couple of ThinApp-ed applications, like Google Chrome and Adobe Reader.

I try to use as much VMware End User Computing technology as possible. When new technologies arrive I will continue to try to use them as quickly as possible. I can’t wait to use Horizon Mobile, Appblast and Octopus.

 

BYOD and the Nirvana phone

It’s has been a long time since I heard about the Nirvana phone for the first time. After that, it became very quiet around it. Last week I heard about it again. In this article I want to share my thoughts about BYOD and the Nirvana phone. I used some information from Brian Madden’s article from the beginning of this year.

What is the Nirvana phone? Basically the Nirvana phone is a 1; regular mobile phone with all the common capabilities, and it isn’t tied to a specific vendor and 2; a device which can handle a USB/Bluetooth keyboard/mouse and where you can connect a monitor to and change it into a thin client/PC. With the appropriate app (Citrix Receiver/VMware View Client) you can connect to a corporate desktop. Citrix’s Chris Fleck has been writing about this concept for while now. Click here to see a demo video.

When I first heard about it I wanted to have “it”. Without thinking about it I was thrilled about the concept. Combine it with Bring Your Own Device, and the concept became even better; get your favorite mobile phone, one you like and can operate and also use it to access your corporate desktop. That’s sweet!

Then I started to think about the concept and quickly I became less cheerful.

My first concern is the docking, cabling, keyboard, mouse and monitor issue; do I need to carry all that around myself? The cables, adapters, mouse and keyboard are small and could fit in my bag but a monitor? Never. I visit customers and partners a lot and I’m pretty sure of 1 thing; I’m not going to ask for a monitor before I go into a meeting. Same with hotels though. Yes there is a TV but I don’t want to use that as my monitor. I prefer to work and listen to the TV, switch channels etc. I haven’t seen a separate monitor in many hotel rooms. Besides the monitor, wouldn’t it be a lot easier to grab a laptop or even a tablet in stead of setting up everything so you can work on your phone?

So what if I don’t have a monitor, too much hassle to setup everything or you can’t connect to your vDesktop? I could just work on my mobile phone. But that is a very small screen and basically not usable (that’s the reason for that monitor!). Let’s assume you have very small fingers and it’s very easy for you to type for an hour on your 4” screen during a meeting. Remember I combined the Nirvana phone and BYOD concept. So basically, this is your personal phone and because you can’t connect to a remote desktop you want to use your phone for work. This means you will use local apps for work. Local apps you normally use for private things. Private and corporate data will mix. IT doesn’t have control over you personal device and can’t set policies. With the Nirvana concept, I’m missing something to fill this gap. I believe that when it comes to BYOD, VMware Horizon Mobile is a must have, essential, can’t live without it. Think about it; when you open a confidential corporate document, do you want it to be cached inside a corporate vPhone or just on your private phone? You can read more about Horizon Mobile here. Again, VMware Horizon Mobile comes into play with BYOD and not specifically the Nirvana concept but I combined the 2 because I think BYO will get huge!

Also, when you do have all the gear in place to hook up your phone, how would you make phone calls. Well it is possible to be connected and make calls at the same time. However, you need to put it on speaker or use a headset. Putting it on speaker isn’t an option in many cases. People around you, noise, the nature (confidential/private) of your conversation will stop you from putting it on speaker. A headset will solve the issue but again, another gadget I need to carry around and keep charged battery wise. I don’t use a headset otherwise.

Users who don’t need local horse power and don’t need offline capabilities don’t need a laptop and a mobile phone, provided by the company. That is very true. I personally would give those users a Thin Client (more robust than a mobile phone, static setup, no hassle) and access to a VMware View Desktop with a soft phone installed inside it. Unified Communications is supported inside a VMware View 5 environment with Avaya, Cisco and Mittel. So you need 1 devices; a thin client with a headset.

Undocking and docking your phone because of whatever reason shouldn’t be an issue. Time out settings inside your vDesktop can easily handle that. Also, current mobile devices can output a high quality resolution so that shouldn’t be a issue as well.

At this moment my feeling is we have passed this Nirvana phone station. Too much hassle with gear and it isn’t a solution when, for example a monitor or vDesktop isn’t available and you need to work offline; your screen is way too small. New device like tablets are common now and will take care of tasks more easily/efficiently that could/couldn’t have been done by the Nirvana phone. It must be said that VMware Horizon Mobile for tablets needs to be available before the BYOTablet concept can happen big time though. Also on a tablet you want a secure corporate space to access/read/modify data and access apps.

The small screen will be an issue with app remoting techniques as well. Right now, Connecting to a vDesktops is part of the Nirvana phone concept. The thing is that a vDesktop won’t be the only technique to access corporate resources/application. For example, VMware also announced Project Appblast during VMworld 2011. Appblast is a application remoting technique. So basically you remote apps via HTML5 to a browser. Great stuff!! But what about my Nirvana phone? Again, without a monitor the phone screen is too small. Same as with remoting a vDesktop. Displaying a vDesktop or an app is so much easier on a tablet.

Because of all previously said I believe most people will end up with 3 devices; smart phone, tablet and laptop. This could be 2 depending on how tablets will evolve. Maybe the laptop will be replaced by the tablet eventually, who knows.