View? No thanks, I’ll just use Appblast

The title of this article was one of the statements I heard last week. I also heard another interesting statements: “why use View? I will wait for Horizon”.

Back in February 2012, I published an article about VMware’s End User Computing vision and journey. In my opinion, that vision/journey hasn’t changed and still applies with the recent announcements at VMworld 2012. However, I have the feeling that the vision/journey need to be explained once again and maybe even more often, so people understand the vision and where EUC products fit in that vision/journey.

In a nutshell, VMware’s EUC vision starts with the future platform: The Horizon Suite- The Platform for the Mobile Workforce … applications, data and users in the post-PC era. Be aware that this Suite, or platform, contains multiple products/techniques, which are integrated with each other: View, ThinApp, Horizon Data, Horizon Mobile, Appblast and Horizon App Manager.

I have the idea that some people think they will be able to pick 1 product/technique and standardize on that: “All people will use Appblast for everything. There won’t be any need for VDI anymore”, as an example. That’s not true or even possible in today’s world. There isn’t 1 ultimate vehicle/technique to bring apps and data to any device in a secure and efficient way. A user’s workspace will deliver that user applications and data to any of his/her devices. Different products/techniques will be used to do so, to give that user the best experience to do his/her work on the device of that moment.

VMware calls it the Post-PC era but don’t think the PC, aka Windows is going away soon. Again, Windows won’t be as dominant as before anymore in the enterprise. The desktop (physical and/or virtual) won’t be the only place where users do their work. More devices, different platforms, less OS-dependent apps, but Windows will be there for a long time. That’s the reason for step #1: Optimize. That’s also the reason VMware keeps improving VMware View and introduce cool features like AppShift. Again, although Windows will not be as dominant, it still will be part of an enterprise user’s workspace environment

Now the journey: how do you get to that Post-PC era platform? VMware defined a 3-step journey:

  1. Optimize what you have,
  2. Embrace your/the Cloud,
  3. Escape to your/the Cloud

In my opinion, it doesn’t make sense to skip a step. You cannot “Embrace your/the Cloud until you have “Optimize what you have”. In other words, it doesn’t make sense to get Horizon (Suite and/or App Manager) before you use ThinApp and View. Technically, you could though. You could use Horizon App Manager for SaaS apps, you could use Horizon Data with the Horizon Suite with physical desktops. But, why wouldn’t you “Optimize what you have” first, virtualize applications, virtualize desktops, separate data and apps from physical desktops. Remove silos. Get savings out of that and become more efficient, more agile at the same moment. Then, invest those savings in more Cloud based apps: Saas or web service apps. Use a services broker like Horizon App manager. Distribute ThinApps via Horizon as well. Create a workspace where all techniques come together. Move to the your EUC cloud step-by-step.

VMware Horizon Mobile- IOS support

I have written several articles on VMware Horizon Mobile. My last article ended with the question if and when Horizon Mobile would move to IOS. During the keynote on day 2 at VMworld 2012 in San Francisco, that question got an answer… Yes, Horizon Mobile is moving to IOS.

The Horizon Mobile team posted a great video of its IOS support on Youtube. Also, Srinivas Krishnamutri posted a great article on this topic and in general why Horizon Mobile is a great solution when you talk about mobile devices, BYOD, data leakage and apps.

First thing I would like to mention here is the difference between Horizon Mobile on Android and Horizon Mobile on IOS.

As you have noticed, with Android devices, a complete virtual phone is pushed on a personal Android device. Inside that virtual phone, you will find your enterprise apps and data.

The IOS approach is different. Via Horizon Mobile you don’t push a virtual IOS phone but in stead, you push IT-managed, secure apps to a personal IOS device. These apps are wrapped in a container in which policies can be set and are isolated from personal apps. Data inside these apps is encrypted and also communication from and to these apps is encrypted. Because IT manages these apps, they can remotely wipe and update them as well.

I like this last approach a lot. At the end, all I want as a user are apps: personal and enterprise apps. That brings me to my last comment: why not use this approach on Android as well? One common way of handling mobile devices. Apparently that’s difficult to do on the Android platform. It is very fragmented. There are many different Android flavours versions, OEM/carriers/Google updating them at different times, for different devices. Creating a virtualization platform will normalize that complexity by giving enterprises a stable and secure version of Android. Maybe a Unity kind of view on Android devices will be an answer. The approach will still be different but the view/experience will be the same as on an IOS device. All that said, it’s great to see Horizon Mobile IOS support.

The Post-BlackBerry Era

A great article has been posted on the VMware CTO Office’s blog site by VMware’s Srinivas Krishnamurti.

Personally I still think Horizon Mobile is the way to go for mobile devices. Yes, Mobile Device Management tools could help enterprises a lot but is that the way to go? Would you allow enterprise management tools on your own personal mobile device? Even if you use that device for your work related activities?

Personally, I wouldn’t accept that. However, a corporate phone, pushed on top of my own phone as a virtual machine..yes…I could deal with that. Assuming my employer doesn’t have access to the “personal side” of my phone, my Facebook ( oh wait, I don’t use FB), my Twitter, my private email, Google+ etc. With Horizon Mobile, that’s the case.

Again, (people keep asking this), will Horizon Mobile move to iPhone, iPad and other Tablets? I really can’t tell. My wish: please. In fact, I would prefer Horizon Mobile to become available on tablets more than on phones… but that’s a very personal opinion.

Before I forget this (and I have had several discussions about this before) I see Horizon Mobile as a great solution to separate work and private activities on one single device. I’m not discussing mobile devices as an access point to access Virtual Machines and push corporate apps etc…That’s a whole different story.



“The Dark Side of BYO”; Spot on! Solutions please!

Today I have been reading an interesting article about Bring Your Own Device. I loved the title; The Dark Side of BYOD and it covered Privacy, Personal Data Loss and Device seizure. Do read it for the complete story. It is spot on!!

The article covered what could happen to your personal device, like a phone or tablet when you also use it for work related activities. Companies will enforce ActiveSync policies like use of a password, remote wipe and lock. What happens when a relative doesn’t know the password and used the wrong password 3 times? Your phone could get wiped because of company policies. Your company data is sensitive so I do understand the policy. Most likely company data can be restored but what about your personal data like music and pictures?

Also, think about privacy. What when an investigation is going on at your company and they require your device? What about your personal data, bookmarks, music (legal/illegal), pictures of your family and also data around location tracking? Do you really want your company to know/see all that?

So, how do you handle “the dark side”? I have to say, this is keeping me busy. Is there a perfect way of handling BYOD and can you use this for all different devices? Perfect might not be the right word. User freedom/usability and security/privacy are competing and how strictly do you want to separate the personal and corporate side?

Let’s start with mobile devices; phones and tablets. I wrote and article about VMware Horizon Mobile a while ago. Still in beta but I do believe this is the solution for mobile devices. VMware Horizon Mobile is basically putting a corporate virtual Android phone on someone’s private Android phone.  IT only controls the vPhone and can only monitor what’s happening on there. Also, wiping the vPhone is the only wiping they can do. Privacy shouldn’t be an issue as well. Personal data and corporate data are separated and it should be possible to have separate billing of voice and data. Even without separate billing of voice and data, privacy should be covered in my opinion. The company being able to find out where you have been isn’t that big of a deal to me.

VMware Horizon Mobile is about Android but what about iPhones? I don’t have a answer on that. Maybe Horizon Mobile will become available for IOS as well. Maybe companies can provide specific, more intelligent applications, which they can manage individually instead of just wiping the complete phone. But then again, what about privacy? Just accept that part?

Another challenge are BYO-laptops. What solutions are there today to separate personal and corporate identity and secure privacy?

Of course, email is most likely accessible with an application and you can generate data when you want locally. You probably won’t have the remote wiping issue because I can’t see my company wiping my MacBook. But, it isn’t secure and also privacy can be an issue.  IT can’t set policies on my personal device. Also, there are applications, which for example don’t run on Mac OSX.

VMware Fusion and Workstation could be used. Everything will be separated perfectly but is that the way to go? I have to say, from a user perspective it works, at least for me. I have a MacBook Pro, which I use personally. I ran VMware Fusion and on Fusion I have my corporate vDesktop. The only downside it, that I use Windows as my corporate VM. It isn’t about Windows specifically but I can’t use the OS I’d prefer when I want complete separation. From a company perspective I can imagine this isn’t what they want. Companies give employees an amount of money for them to buy a personal device and on top of that companies need to develop, roll out and maintain vDesktops to remote devices. I can see a win for companies but is it significant enough?

What solutions are there when you leave Tier 2 solutions like Workstation and Fusion out of the picture? Yes, of course, VDI!! Complete separation, secure and privacy secure. But also in this case, Windows might not be the OS users want to use. Also, connectivity might be an issue. Offline desktop/Local Mode isn’t available for Mac devices.

Anything else, that might help? Well, Horizon App Manager might be the solution for BYO-laptops.  “Might be” because in-depth details are still unknown or not publically available. Also not all planned features are currently in Horizon App Manager. Horizon App Manager is a central user portal with strong identity management, which has different techniques to bring applications to end points. VDI might be a technique but also, ThinApp, XenApp, Terminal Service etc. On top of that policies can be set; which application will be available, when, on which devices, from which location. Integrate Octopus for data and this could be a secure solution for BYO.

It’s interesting to see, in my opinion that the security/privacy and data loss risk with BYO-mobile devices, currently is high for the user and not for the company but this is vice versa when you talk about BYO-laptops. Today, secure BYO is difficult to realize on mobile devices and laptops. It’s either, take that risk of wait for a complete solution.  I will try to be careful, separate as much as possible and use Cloud services as much as possible. Now it is time to stop thinking about it and wait patiently. Now, that’s a challenge.


User Virtualization in the Post PC-era?

Today I ran into an article which had an interesting quote;

 Persona Management isn’t mature enough yet, and VMware knows it, Dunkin’s Brennan said. The company probably added it just to “check the box”, but he speculated that VMware would get profile management up to speed by making an acquisition

We can have a discussion about the the first part in another article but especially the acquisition part caught my attention.

So, will VMware acquire another company to speed up its profile management? I think that is an interesting question. A different question but related to the first 1 could be; how important will User Virtualization be in, let’s say, 5 years? Yet another question; will you still need User Virtualization in 5 years?

First, let’s take 1 step back for a minute; Once upon a time, there were Windows PC’s and in Windows NT the profiling scheme was introduced. Then there were roaming profiles, mandatory profiles, default user profiles and Group Policies; all mechanisms to control the user, control and save their settings like printers/wallpaper, their permissions to shares and folders, what they are or aren’t allowed to do like accessing Control Panel. Also, store profiles centrally and users will have the same look and feel from any Windows PC. Separate the user from the Operating System.

Third party vendors like RTO, Appsense, RES and LiquidWare got into this space as well to fill gaps and add new features, moving on where standard Microsoft profiles and GPO’s stopped.

But, all the tools have 1 thing in common; Windows. That’s not a bad thing but it isn’t the only platform anymore to run applications. IOS/Android phones/tablets and Macs are out there in the enterprise, even privately owned ones. The world is changing and I believe it is the Post PC-era already.

Management will change. It has to change. Applications and data will be delivered to different devices in different ways; you access ThinApp apps via VMware View from your private Android Tab 1 moment. Next, you access a SaaS app on your corporate iPhone.

Instead of managing most things on a Windows level/device level, you have to take that management up a couple of levels. To me, that’s the user level. It will become more important who is allowed to access which application/data from what device and place. The underlying Operating System and device will become less important. Horizon App Manager will be that Universal Broker where you set those user based rules.

Don’t get me wrong, I believe Windows will be around for a long time as a platform to execute specific applications. But will that platform be considered to be big enough for VMware to invest in a Windows profile management tool? Again, interesting questions.

Fling; VMware Zimbra for Android

VMware Zimbra for Android (VZA) has been around for a while but it’s not known that well.  It is an email client for Android devices which supports Zimbra backends. At this moment the VZA is a “fling”; a client to test drive, officially not supported.

I have been using the VZA for a while now and I can say it’s a decent client. I find it easy to install and use. It gives me my work email, calendar, tasks and Briefcase. I have my corporate email and files available in 1 app. On top of that, I run the VZA on my Samsung Galaxy SII  and Galaxy Tab 10.1.

The VZA runs on Android 2.1 and above and the current version is 1.28. The app does require an ActiveSync enabled email client on your Android device (on most devices that’s the case). Also, because the VZA is available outside the Android Marketplace, you will need to enable your device to install applications from “unknown sources”.

You can download the client on More information is available on that site like comments and a video.

If your email environment is Zimbra and you have an Android device, go ahead, download the app and test it.

BYOD and the Nirvana phone

It’s has been a long time since I heard about the Nirvana phone for the first time. After that, it became very quiet around it. Last week I heard about it again. In this article I want to share my thoughts about BYOD and the Nirvana phone. I used some information from Brian Madden’s article from the beginning of this year.

What is the Nirvana phone? Basically the Nirvana phone is a 1; regular mobile phone with all the common capabilities, and it isn’t tied to a specific vendor and 2; a device which can handle a USB/Bluetooth keyboard/mouse and where you can connect a monitor to and change it into a thin client/PC. With the appropriate app (Citrix Receiver/VMware View Client) you can connect to a corporate desktop. Citrix’s Chris Fleck has been writing about this concept for while now. Click here to see a demo video.

When I first heard about it I wanted to have “it”. Without thinking about it I was thrilled about the concept. Combine it with Bring Your Own Device, and the concept became even better; get your favorite mobile phone, one you like and can operate and also use it to access your corporate desktop. That’s sweet!

Then I started to think about the concept and quickly I became less cheerful.

My first concern is the docking, cabling, keyboard, mouse and monitor issue; do I need to carry all that around myself? The cables, adapters, mouse and keyboard are small and could fit in my bag but a monitor? Never. I visit customers and partners a lot and I’m pretty sure of 1 thing; I’m not going to ask for a monitor before I go into a meeting. Same with hotels though. Yes there is a TV but I don’t want to use that as my monitor. I prefer to work and listen to the TV, switch channels etc. I haven’t seen a separate monitor in many hotel rooms. Besides the monitor, wouldn’t it be a lot easier to grab a laptop or even a tablet in stead of setting up everything so you can work on your phone?

So what if I don’t have a monitor, too much hassle to setup everything or you can’t connect to your vDesktop? I could just work on my mobile phone. But that is a very small screen and basically not usable (that’s the reason for that monitor!). Let’s assume you have very small fingers and it’s very easy for you to type for an hour on your 4” screen during a meeting. Remember I combined the Nirvana phone and BYOD concept. So basically, this is your personal phone and because you can’t connect to a remote desktop you want to use your phone for work. This means you will use local apps for work. Local apps you normally use for private things. Private and corporate data will mix. IT doesn’t have control over you personal device and can’t set policies. With the Nirvana concept, I’m missing something to fill this gap. I believe that when it comes to BYOD, VMware Horizon Mobile is a must have, essential, can’t live without it. Think about it; when you open a confidential corporate document, do you want it to be cached inside a corporate vPhone or just on your private phone? You can read more about Horizon Mobile here. Again, VMware Horizon Mobile comes into play with BYOD and not specifically the Nirvana concept but I combined the 2 because I think BYO will get huge!

Also, when you do have all the gear in place to hook up your phone, how would you make phone calls. Well it is possible to be connected and make calls at the same time. However, you need to put it on speaker or use a headset. Putting it on speaker isn’t an option in many cases. People around you, noise, the nature (confidential/private) of your conversation will stop you from putting it on speaker. A headset will solve the issue but again, another gadget I need to carry around and keep charged battery wise. I don’t use a headset otherwise.

Users who don’t need local horse power and don’t need offline capabilities don’t need a laptop and a mobile phone, provided by the company. That is very true. I personally would give those users a Thin Client (more robust than a mobile phone, static setup, no hassle) and access to a VMware View Desktop with a soft phone installed inside it. Unified Communications is supported inside a VMware View 5 environment with Avaya, Cisco and Mittel. So you need 1 devices; a thin client with a headset.

Undocking and docking your phone because of whatever reason shouldn’t be an issue. Time out settings inside your vDesktop can easily handle that. Also, current mobile devices can output a high quality resolution so that shouldn’t be a issue as well.

At this moment my feeling is we have passed this Nirvana phone station. Too much hassle with gear and it isn’t a solution when, for example a monitor or vDesktop isn’t available and you need to work offline; your screen is way too small. New device like tablets are common now and will take care of tasks more easily/efficiently that could/couldn’t have been done by the Nirvana phone. It must be said that VMware Horizon Mobile for tablets needs to be available before the BYOTablet concept can happen big time though. Also on a tablet you want a secure corporate space to access/read/modify data and access apps.

The small screen will be an issue with app remoting techniques as well. Right now, Connecting to a vDesktops is part of the Nirvana phone concept. The thing is that a vDesktop won’t be the only technique to access corporate resources/application. For example, VMware also announced Project Appblast during VMworld 2011. Appblast is a application remoting technique. So basically you remote apps via HTML5 to a browser. Great stuff!! But what about my Nirvana phone? Again, without a monitor the phone screen is too small. Same as with remoting a vDesktop. Displaying a vDesktop or an app is so much easier on a tablet.

Because of all previously said I believe most people will end up with 3 devices; smart phone, tablet and laptop. This could be 2 depending on how tablets will evolve. Maybe the laptop will be replaced by the tablet eventually, who knows.


Horizon Mobile- basics

It’s been a while since VMware announced it is working on developing a virtual platform for mobile devices. At that time this platform was called “Mobile Virtualization Platform” or MVP. This mobile hypervisor technology became VMwares after the aquisition of Trango. During VMworld 2011 in Las Vegas, MVP was rebranded to Horizon Mobile.

So, what is Horizon Mobile? Why would you want it?

More and more, employees want to use their own smart phones at work, in the corporate environment. They don’t want to carry around with their private phone and their corporate phone. “Bring Your Own” is getting popular more and more. I believe this is a good thing; let user work with a device they know, like and are used to. This is a challenge for IT; Personal documents/email, corporate documents/email, access to personal and corporate resources, all contacts are melting together on that personal device. Also, how to support all these different devices, secure the corporate resources and manage those devices? Corporate IT can’t really touch and control those devices.

With Horizon Mobile IT departments can push a encapsulated corporate environment onto a personal mobile phone. This environment is a Virtual machine, a vPhone. IT can provide corporate applications like email, readers etc inside this VM so users have all the resources to do their jobs. Also, setting and policies can be applied to that VM, like the use of a PIN or password, encryption, update frequency etc. Of course IT can only monitor, control and update this VM and not the personal phone of a user.

With Horizon Mobile it also is possible to have a personal phone number and a corporate phone number on 1 device. Of course you can have your personal number. it is your phone, your SIM card so people can call you. With Mobile, you also can have a corporate virtual SIM and phone number so your colleagues and customers can call you on that number. This way you completely separate personal and corporate.

One of the first partners VMware announced was LG. Later on, also Samsung was announced as a partner. With these partners, it should be very easy to deploy Horizon Mobile on their Android based mobile phones. Telefonica in Europe and Verizon Wireless in the US will be the first carries who will support Horizon Mobile.

Currently there is a beta running in the US. Stay tuned for more information about beta’s and availability in Europe.