View? No thanks, I’ll just use Appblast

The title of this article was one of the statements I heard last week. I also heard another interesting statements: “why use View? I will wait for Horizon”.

Back in February 2012, I published an article about VMware’s End User Computing vision and journey. In my opinion, that vision/journey hasn’t changed and still applies with the recent announcements at VMworld 2012. However, I have the feeling that the vision/journey need to be explained once again and maybe even more often, so people understand the vision and where EUC products fit in that vision/journey.

In a nutshell, VMware’s EUC vision starts with the future platform: The Horizon Suite- The Platform for the Mobile Workforce … applications, data and users in the post-PC era. Be aware that this Suite, or platform, contains multiple products/techniques, which are integrated with each other: View, ThinApp, Horizon Data, Horizon Mobile, Appblast and Horizon App Manager.

I have the idea that some people think they will be able to pick 1 product/technique and standardize on that: “All people will use Appblast for everything. There won’t be any need for VDI anymore”, as an example. That’s not true or even possible in today’s world. There isn’t 1 ultimate vehicle/technique to bring apps and data to any device in a secure and efficient way. A user’s workspace will deliver that user applications and data to any of his/her devices. Different products/techniques will be used to do so, to give that user the best experience to do his/her work on the device of that moment.

VMware calls it the Post-PC era but don’t think the PC, aka Windows is going away soon. Again, Windows won’t be as dominant as before anymore in the enterprise. The desktop (physical and/or virtual) won’t be the only place where users do their work. More devices, different platforms, less OS-dependent apps, but Windows will be there for a long time. That’s the reason for step #1: Optimize. That’s also the reason VMware keeps improving VMware View and introduce cool features like AppShift. Again, although Windows will not be as dominant, it still will be part of an enterprise user’s workspace environment

Now the journey: how do you get to that Post-PC era platform? VMware defined a 3-step journey:

  1. Optimize what you have,
  2. Embrace your/the Cloud,
  3. Escape to your/the Cloud

In my opinion, it doesn’t make sense to skip a step. You cannot “Embrace your/the Cloud until you have “Optimize what you have”. In other words, it doesn’t make sense to get Horizon (Suite and/or App Manager) before you use ThinApp and View. Technically, you could though. You could use Horizon App Manager for SaaS apps, you could use Horizon Data with the Horizon Suite with physical desktops. But, why wouldn’t you “Optimize what you have” first, virtualize applications, virtualize desktops, separate data and apps from physical desktops. Remove silos. Get savings out of that and become more efficient, more agile at the same moment. Then, invest those savings in more Cloud based apps: Saas or web service apps. Use a services broker like Horizon App manager. Distribute ThinApps via Horizon as well. Create a workspace where all techniques come together. Move to the your EUC cloud step-by-step.

Make Project Octopus available via Horizon App Manager 1.5

In June 2012, VMware released Horizon Application Manager 1.5.

In the beginning of this year, 2012, VMware’s Project Octopus went beta; http://blogs.vmware.com/euc/2012/05/project-octopus-public-beta-now-available.html

Via Horizon you can give users access to enterprise applications. Think about ThinApp’d and SaaS apps.

Octopus is another application you can make available via Horizon App Manager. Octopus is a on-premise virtual appliance but nevertheless, you can give your users access to this Octopus appliance via Horizon.

I created a document (with help from some of my VMware colleagues) to make Octopus available via Horizon. I aware Octopus is still beta and not every one can have access to the code. However, I would like to show beta participants how to make Octopus available via Horizon.

Click on the below file to read the step=by-step guide to add Octopus to your Horizon implementation:

Octopus via Horizon App Manager

Horizon App Manager- 3. Prepare desktop(s) and install/configure the Horizon agent

During the beta of Horizon App Manager 1.5, I created 3 Horizon step-by-step guides for myself;

  1. Step-by-step: Install and configure the Horizon Service-va 1.5
  2. Step-by-step: Install and configure the Horizon Connector 1.5
  3. Step-by-step: Prepare desktop(s) and install/configure the Horizon agent

Because I do get questions about the installation of Horizon App Manager, I will share the guides with you.

Follow the steps in the guides and start with installing the Service, then the Connector and lastly, prepare your desktops and install the Horizon agent. This always has worked for me.

Comments are welcome if you are running into issue.

First, download your copy of Horizon App Manager agents here.

Do read the release notes here.

Also, the official VMware installation guide can be found here.

3. Step by Step; Prepare your Desktop for Horizon

Horizon App Manager- 2. Install and configure the Horizon Connector 1.5

During the beta of Horizon App Manager 1.5, I created 3 Horizon step-by-step guides for myself;

  1. Step-by-step: Install and configure the Horizon Service-va 1.5
  2. Step-by-step: Install and configure the Horizon Connector 1.5
  3. Step-by-step: Prepare desktop(s) and install/configure the Horizon agent

Because I do get questions about the installation of Horizon App Manager, I will share the guides with you.

Follow the steps in the guides and start with installing the Service, then the Connector and lastly, prepare your desktops and install the Horizon agent. This always has worked for me.

Comments are welcome if you are running into issue.

First, download your copy of Horizon App Manager Connector here.

Do read the release notes here.

Also, the official VMware installation guide can be found here.

2. Step by Step; Install and Configure Horizon Connector 1.5

Horizon App Manager- 1. Install and configure the Horizon Service-va 1.5

During the beta of Horizon App Manager 1.5, I created 3 Horizon step-by-step guides for myself;

  1. Step-by-step: Install and configure the Horizon Service-va 1.5
  2. Step-by-step: Install and configure the Horizon Connector 1.5
  3. Step-by-step: Prepare desktop(s) and install/configure the Horizon agent

Because I do get questions about the installation of Horizon App Manager, hereby I will share the guides with you.

Follow the steps in the guides and start with installing the Service, then the Connector and lastly, prepare your desktops and install the Horizon agent. This always has worked for me.

Comments are welcome if you are running into issue.

First, download your copy of Horizon App Manager Service-va here.

Do read the release notes here.

Also, the official VMware installation guide can be found here.

1. Step by Step; Install and Configure Horizon Service-va 1.5

Horizon Application Manager- Overview

On June 13th 2012, Horizon Application Manager 1.5 became general available.

Horizon Application Manager is a cross-platform end-user management solution that unifies, secures and controls access to SaaS, enterprise web and Windows applications across different end-user devices.

That’s a nice sentence (I copied it to be honest), but what does that mean?

I see Horizon App Manager as a services broker, meaning, it can broker different kinds of services. A service can be SaaS applications, Enterprise web apps and ThinApps, to name few. VMware View on the other hand, can only broker VMware View virtual desktops. No matter where I am, I can connect to my View installation and connect to my desktop, which is running somewhere in a datacenter. Great but there are other services as well which can provide applications to end users and which don’t require a full Windows desktop to do so. Think about SaaS applications. Yes, I could logon to my virtual desktop via View and then access that SaaS app but that isn’t the smartest way of doing things, right.

You can access SaaS apps with a browser and every device (laptop, desktop, virtual desktop, smart phone and tablet) has a browser. I can access that SaaS app from every device and from anywhere. That’s cool…. But there are some downsides.

What if a company is using multiple SaaS apps? A user connects to those apps directly. Every SaaS app provider has an account for that user. Let’s assume that user leaves the company. The company’s IT department needs to delete that account with every SaaS provider manually. If they forget an account, the user will still be able to access the company’s resources. I bet the IT department would like to use a method to disable a user at 1 place and that user, from that moment on, cannot use any resource anymore.

Also from a user perspective there are some downsides. Let’s go back to the SaaS app example: To use these SaaS apps, the user needs to logon/authenticate every time he/she wants to use these apps. No Single Sign On. Also, no real overview of which services/apps you can use. Wouldn’t it be great, when you start your working day, to logon to a portal, see all your apps you can use, just click on them and they start without authenticating every time, over and over again!?

This is where Horizon App Manager comes into play. Basically, Horizon App Manager 1.5 is an on-premise solution (it is running in the customer’s environment/behind the firewall). It provides a central place for IT to manage users and apps. IT can entitle groups and users to different apps and also remove these entitlements from 1 place. No more managing accounts which exists at different providers

Horizon also is a user’s central workspace/portal, where he/she can access his/her

applications and services. One central portal you access in the morning and use during the day to access all your resources.

For the record, at this moment Horizon is able to broker SaaS, enterprise web and Windows apps. With Windows apps I mean Windows applications which have been ThinApp’d. Do I think Horizon should also broker other services like XenApp, VMware View, a data service like Octopus (which still is in beta)? Yes, Horizon should! That would make sense, right.

More and more information about Horizon is becoming available. To see a nice video which shows the user’s workspace/app portal side, go here.  Also, attached the official data sheet;

VMware-Horizon-App-Manager-Datasheet

 

“The Dark Side of BYO”; Spot on! Solutions please!

Today I have been reading an interesting article about Bring Your Own Device. I loved the title; The Dark Side of BYOD and it covered Privacy, Personal Data Loss and Device seizure. Do read it for the complete story. It is spot on!!

The article covered what could happen to your personal device, like a phone or tablet when you also use it for work related activities. Companies will enforce ActiveSync policies like use of a password, remote wipe and lock. What happens when a relative doesn’t know the password and used the wrong password 3 times? Your phone could get wiped because of company policies. Your company data is sensitive so I do understand the policy. Most likely company data can be restored but what about your personal data like music and pictures?

Also, think about privacy. What when an investigation is going on at your company and they require your device? What about your personal data, bookmarks, music (legal/illegal), pictures of your family and also data around location tracking? Do you really want your company to know/see all that?

So, how do you handle “the dark side”? I have to say, this is keeping me busy. Is there a perfect way of handling BYOD and can you use this for all different devices? Perfect might not be the right word. User freedom/usability and security/privacy are competing and how strictly do you want to separate the personal and corporate side?

Let’s start with mobile devices; phones and tablets. I wrote and article about VMware Horizon Mobile a while ago. Still in beta but I do believe this is the solution for mobile devices. VMware Horizon Mobile is basically putting a corporate virtual Android phone on someone’s private Android phone.  IT only controls the vPhone and can only monitor what’s happening on there. Also, wiping the vPhone is the only wiping they can do. Privacy shouldn’t be an issue as well. Personal data and corporate data are separated and it should be possible to have separate billing of voice and data. Even without separate billing of voice and data, privacy should be covered in my opinion. The company being able to find out where you have been isn’t that big of a deal to me.

VMware Horizon Mobile is about Android but what about iPhones? I don’t have a answer on that. Maybe Horizon Mobile will become available for IOS as well. Maybe companies can provide specific, more intelligent applications, which they can manage individually instead of just wiping the complete phone. But then again, what about privacy? Just accept that part?

Another challenge are BYO-laptops. What solutions are there today to separate personal and corporate identity and secure privacy?

Of course, email is most likely accessible with an application and you can generate data when you want locally. You probably won’t have the remote wiping issue because I can’t see my company wiping my MacBook. But, it isn’t secure and also privacy can be an issue.  IT can’t set policies on my personal device. Also, there are applications, which for example don’t run on Mac OSX.

VMware Fusion and Workstation could be used. Everything will be separated perfectly but is that the way to go? I have to say, from a user perspective it works, at least for me. I have a MacBook Pro, which I use personally. I ran VMware Fusion and on Fusion I have my corporate vDesktop. The only downside it, that I use Windows as my corporate VM. It isn’t about Windows specifically but I can’t use the OS I’d prefer when I want complete separation. From a company perspective I can imagine this isn’t what they want. Companies give employees an amount of money for them to buy a personal device and on top of that companies need to develop, roll out and maintain vDesktops to remote devices. I can see a win for companies but is it significant enough?

What solutions are there when you leave Tier 2 solutions like Workstation and Fusion out of the picture? Yes, of course, VDI!! Complete separation, secure and privacy secure. But also in this case, Windows might not be the OS users want to use. Also, connectivity might be an issue. Offline desktop/Local Mode isn’t available for Mac devices.

Anything else, that might help? Well, Horizon App Manager might be the solution for BYO-laptops.  “Might be” because in-depth details are still unknown or not publically available. Also not all planned features are currently in Horizon App Manager. Horizon App Manager is a central user portal with strong identity management, which has different techniques to bring applications to end points. VDI might be a technique but also, ThinApp, XenApp, Terminal Service etc. On top of that policies can be set; which application will be available, when, on which devices, from which location. Integrate Octopus for data and this could be a secure solution for BYO.

It’s interesting to see, in my opinion that the security/privacy and data loss risk with BYO-mobile devices, currently is high for the user and not for the company but this is vice versa when you talk about BYO-laptops. Today, secure BYO is difficult to realize on mobile devices and laptops. It’s either, take that risk of wait for a complete solution.  I will try to be careful, separate as much as possible and use Cloud services as much as possible. Now it is time to stop thinking about it and wait patiently. Now, that’s a challenge.