In my first blog article on digital workspace, I described three of the industry drivers for change in end-user computing. Let’s recap quickly…
Employee personalization and choice is demanded by a younger workforce educated in a variety of operating system platforms, hardware devices and productivity software. Forcing employees to standardize on one corporate-chosen platform, device or software is not an effective means for allowing employees to be innovative in solving problems with tools they understand and are passionate about.
Support for mobility and flexible work styles continues to grow. For even the slowest adopters out there, access to productivity tools like email outside the traditional corporate network perimeter is now commonplace. More line of business applications and services will be demanded to be accessible from anywhere as the newest generations of our workforce start to gain a solid foothold in management/leadership roles. Younger workforces have grown up with the expectation that the tools necessary to communicate and collaborate are only a pocket’s reach away and are accessible at any time, not just Monday through Friday, eight to five.
The days of IT choosing applications and software and forcing the organization to conform are numbered. The vast amounts of choice that employees have in their personal computing lives via mobile device app stores and Software-as-a-Service (SaaS) web applications will continue to bleed into the enterprise. We label this change consumerization and self-service access. If IT cannot support integrating apps and services into the enterprise quickly and efficiently, employees will simply seek their own path outside the secure boundaries of the enterprise. This creates a governance nightmare for organizations.
Our traditional tools and methods for supporting end-user computing cannot be used effectively as-is in this new model. We must adapt and adjust not only the tools we use, but also our strategy and methodology for how we support end-users. For some traditional IT folks like myself, this will be an exercise in breaking outside the comfort zone and reconsidering why we are doing things the way we always have. Change is necessary to promote growth and efficiency as the computing world around us changes.
Let’s start by laying out the necessary components of end-user computing and some of the challenges we encounter when supporting digital transformation.
“Change is necessary to promote growth and efficiency as the
computing world around us changes.”
If we are fully embracing transformation at the end-user level, we are allowing individuals to leverage familiar hardware devices they personally own in the enterprise. If we think broadly about types of devices, we can put them into categories such as mobile phones, tablets, laptops, desktops, ruggedized and even wearable devices. Each category brings its own support challenges such as screen size, connectivity limitations and portability. Also, in most cases employees will leverage more than one device from multiple categories. Our solution for providing digital workspace must support each category of hardware device and allow users to toggle between them with ease.
Microsoft may have the strongest foothold in the enterprise operating system platform space, but it’s certainly not the only operating system we will need to support. Employee operating system platform knowledge and experience may vary depending on the school district where they attended primary school and on their choice of higher education institution. Windows is still heavily used in the enterprise today but faces a lot more challengers than in the past. MacOS is now a bigger part of most enterprise environments, especially for individuals in digital imaging, marketing, video production or development roles. Chromebooks are becoming popular with consumers and enterprises alike due to their ease of management, portability and cheap price-point. Our digital workspace solution must support these major operating system platforms in addition to the most popular mobile device platforms: iOS and Android.
All organizations have a wide variety of application types that IT must support. This list grows exponentially as we undergo workforce transformation and bring in new operating system platforms and hardware devices. Let’s take the same approach to applications as we did for devices and break them down by major type.
- Win32 – The most common form of applications in the pre-cloud era were Win32 applications. These applications have been around forever, and they are still a big part of enterprise IT deployments. The application runs locally on the Windows platform and must be installed in some manner by IT.
- DMG – For applications running on macOS, this is the most common form and parallels can be drawn with Win32 apps. The application runs locally on the macOS platform and must be installed in some manner by IT.
- Software-as-a-Service (SaaS) – A big recent challenger to Win32/DMG apps is something we refer to as SaaS Apps. These applications are hosted in the cloud, accessed via the Internet and provided by subscription model where someone else takes care of the updates and maintenance on our behalf. We still need a method to direct users to these applications but the requirements for delivering traditional software to the operating system platform do not exist here.
- Mobile Apps – Because we have a requirement to support the major mobile platforms- iOS and Android- we also have a requirement to support native mobile applications that are downloaded and installed by the platform vendors’ app stores. Many of these applications may also have a companion Win32 or SaaS application for the traditional PC/macOS model.
- Web Apps – Many organizations have internal-based web apps perhaps bought off the shelf or written in-house. These applications are accessed via a web browser and typically contain sensitive organizational data. Many network administrators will be very hesitant to publish these apps through the firewall and make them accessible to the outside world, primarily due to the nature of the content and the fact that most web apps aren’t regularly patched with security updates. This presents IT with the challenge of finding another access path when users are mobile.
- Virtual Desktop Infrastructure (VDI) – Virtual Desktops continue to be a popular choice for providing secure access to applications for end-users. IT can control every aspect of the user’s experience within the virtual desktop environment using traditional management tools coupled with VDI software solutions. Industry-leading VDI solutions, such as VMware Horizon, can be accessed from multiple operating system platforms and devices. VDI also ensures that data never leaves the confines of the enterprise
datacenter, as users are only seeing a screen capture of the virtual desktop on their local device.
- Virtual Apps – A further extension of the virtual desktop infrastructure model, virtual apps offer the ability to consume traditional Win32 applications on any device without the bulk of a full desktop Windows experience. The app appears to be running
locally,but is simply a screen capture of the application running on virtual desktop infrastructure in the enterprise datacenter.
- App Isolation Instances – Sometimes web apps require a legacy version of a web browser. This may be the case if the apps were never updated to stay current with the browser landscape. Modern era operating systems, however, standardize on later versions of browsers for security and usability. Since these legacy web applications don’t support the latest browser versions, we are left with a situation where users can no longer use the legacy web apps. We need a way to allow access to these legacy web applications via a legacy web browser running in a model where its exposure is limited, and it can only be used to access the legacy web application. This deployment model is known as app isolation.
If we are going to bridge the gap between enterprise IT and the consumer world via digital transformation, we also need functionality for end-user self-service. We don’t want users forced into calling IT every time they want access to a pre-approved application. That frustrates the end-user, as it creates an additional, unnecessary barrier and adds time to the provisioning cycle. We want individuals to be able to go into a catalog or, better yet, an app store experience, click on the application and have it delivered to their device instantly.
The MOST important component of supporting end-user computing is security. IT governance over where data is stored and who accesses it and how is not simply a nice feature to have, but a requirement for most organizations led by industry regulatory compliance or strong internal security methodologies. A secure digital workspace environment must provide a means to secure any organizational data stored on devices, to deliver applications to end users’ devices in a secure manner, to allow for the elimination of data from any lost, stolen, or terminated employees’ devices, and to enforce access policies that ensure only authorized users can access applications and data from approved devices.
Since every application or service requires authentication, we also need a way to centralize and secure it. Users then only need to remember one set of credentials and can use non-traditional, more secure methods of authorization such as biometrics.
This seems like a monumental task, but it becomes easy with the correct tools and identity access management solution. While there are many combinations of devices, platforms and applications, the one common element between all of them is identity and authentication. Every user needs to authenticate before gaining access to a resource, so identity inherently becomes the new security perimeter for the enterprise.
Choosing a Management Platform
After this exercise in inventorying the components of digital workspace, it’s easy to see why digital transformation can cause so much angst for IT. The combination of operating system platforms, device types, application models and need for security across all components is a bit overwhelming, especially when trying to tackle with traditional IT solutions. Fortunately, there are tools on the market that IT can leverage to provide this digital workspace environment for end-users.
While there are several good solutions in the marketplace, our preferred solution at Candoris is VMware Workspace One. Workspace One provides a complete platform for managing devices, operating systems, applications and data in a single, secure platform. VMware does not have a horse in the race, so to speak, when it comes to hardware devices, applications or operating systems. Their solution provides the most agnostic approach in the marketplace and can work with all the major hardware, OS and application players. Already an industry leader in virtual desktop infrastructure, mobility management and identity management, VMware has a distinct advantage to solving for digital workspace challenges.
So far in this series, we’ve looked at the major drivers of change in end-user computing as well as the challenges faced by IT in supporting a digital workspace environment. In the next few articles, we will start to dig into the nuts and bolts of VMware Workspace One. First up is modern management of Windows 10 devices! I hope you’ll continue to join us on this journey of better understanding digital workspace and how VMware Workspace One combines identity, mobility and application management to provide frictionless and secure access to all the apps and data that employees need to work, wherever, whenever, and from whatever device they choose!