User Installed Applications – won’t they just cause me a huge headache?

November 12, 2009

Do we really want to allow our users to have the ability to self provision / install applications? Won’t this just cause mayhem and anarchy? How will we ensure that we are licensed to install the applications that the users choses to install?

These are a small sample of some of the obvious and key issues that the IT administrator needs to seriously consider when thinking about allowing the user to install applications of their own choice.

Just this week, @HarryLabana asked the following question via twitter – “Are user installed apps a compliance nightmare waiting to happen?”. A very sensible question that effectively is asking, “WHY should we even consider allowing the user to install their own stuff?”

To labor on the need briefly, it is relatively simple as to why we need to cater for it (we don’t need to agree with it but we do have to accept it to a certain degree :-( ). Bottom line is that for years, there has been a challenge with packaging all the applications required by a user to conduct their daily duties. This is a challenge that traditional desktop managers have had for years, and now with desktop virtualization it is perhaps getting more noise. Unfortunately it is not going away any time soon, in fact may be getting worse as time progresses and the number of applications increases. If we choose to not allow users to install their own stuff, then how do we ensure that the user does not fall foul downstream of an application not being available and hence their inability to conduct their work? An obvious example would be the corporate user who uses Microsoft Live Meeting to conduct online meetings, who has a meeting booked with an organization that uses Citrix GoToMeeting. The GoToMeeting client would not be installed, and hence the user would only find this out 5 to 10 minutes before the session, and hence would be unable to join :-(

@coldroyd wrote about the various user installed applications a month or so ago and is well worth a read – http://appsense.wordpress.com/2009/10/05/what-is-a-user-installed-application-and-why-should-we-care/

So, now we have accepted that we need to cater in some form or another, we can move on to consider HOW. The key aspects to delivering users with the ability to install their own apps is CONTROL – it would be insane (most would argue) to allow ALL users with the ability to install their own stuff. Very quickly the enterprise would find themselves in a situation where literally 1000’s of applications have found their way in, and are posing a serious legal issue. It is [mostly] true that a typical enterprise using laptop devices has this very issue today, since the majority of users of laptop devices are administrators of them. There is usually a solid business reason [from years gone by] as to why the user is an administrator, whether that reason being a requirement to install printer drivers [pre Vista] or something like that. Typically, once a user has admin rights, it is nigh impossible to get them back again :-(.

Arguably this is all part of something called “User Rights Management” as well as “Personalization”. Both of these are clearly becoming markets in their own right with vendors appearing in it regularly, and many other vendors morphing their solutions to fit the model(s) also ;-)

In order to deliver against the need, but to do so in that all important controlled manner, we need to enable / allow for the following (there will be more – these are just the key areas);

  • Only allow certain users to install apps (AD group based / end point device based)
  • Only allow those users to install from certain [internal] network location(s) – that way the enterprise can control exactly WHAT a user who is authorized to install can install
  • Only allow those users to install applications from certain vendors
  • Full reporting is required to enable the administration team to be able to see what is out there in a quick snapshot
  • Full administrative override to enable rapid removal of any applications as necessary

The overriding point here is simple – user installed applications is NOT for everyone, but it will be for a significant portion of the user population, so we need to provision for it in some way – simply saying no will not cut it.


AppSense Spotlight on Citrix TV

November 4, 2009

Since first working with Citrix 10 years ago, AppSense have always found the partnership to be positive and productive.  I’m sure it’s not gone unnoticed however, that the AppSense-Citrix relationship has gone to a new level in 2009.  Key teams from both companies are working together to ensure the technology links seamlessly, joint events run efficiently and the combined solution is messaged clearly.

 Check out the Citrix TV pages to hear the latest about how AppSense and Citrix are working together; http://www.citrix.com/tv/#videos/1311

 


TS / VDI – are we really needing VDI yet? Doesn’t TS deliver similar stuff?

August 13, 2009

There have been lots of very interesting posts on this subject over the past few months, varying in focussing in on the TCO of the solutions to comparing the technical abilities of each technique of delivering applications to users. However, we are seeing quite a few (read a lot :-)) of posts quoting the similarities between what we are actually delivering in VDI to that of the “old” TS model….

Some of the more recent articles such as Brian Madden’s “Madden’s Paradox” (http://www.brianmadden.com/blogs/brianmadden/archive/2009/08/12/introducing-madden-s-paradox-the-gotcha-of-the-vdi-versus-ts-debate.aspx) of just a few days ago, and the one which is linked into Brian’s post written by Jim Moyle of VisionApp (http://www.jimmoyle.com/2009/05/why-is-vdi-changing-into-terminal-server/) some time before then, tend to hit the nail on the head rather well.

So, is that all bad?  Well, no – the TS model worked then and guess what, it continues to work well now, and hence why these folks out there are kind of coming to the same conclusion as Jim.

The point now being, we need time to consider the reality of what VDI will do for us?

OK, so assuming that the Personalization Management is dealt with [and I think it is fair to say that all the posts seem to focus in on AppSense, RES, RTO, TriCerat and Scence to fulfill these capabilities,] the other area that keeps coming up is that of User Installed Applications.

If there were some technology that would deal with the user installed application sets, including those apps that have filter drivers etc, where would we be? Would we remain scared and concerned about the stability of our TS platform or might we be prepared to embrace the opportunity?

 Certainly a year or so ago I would have been very afraid of this proposition. However, if you consider the vast improvements we have seen recently with the performance and scalability of the platform(s), and pay particular attention to the new performance management features of Server 2008 R2, then actually much of the scalability concern has been removed, since no user installed application would be able to “steal” resource away from the other core applcations / users. These are the handy lessons Microsoft perhaps learned from Citrix (with the Aurema technology OEM) and AppSense with their Performance Manager product.

If that User Installed Application technology could guarantee that the applications are “sandboxed” and will *never* tarnish that shiny gold build of your TS farm, don’t we begin to have a rather handy solution that could just could keep our costs low, delivering most of what we are presently thinking we are wanting from VDI? 

Keep your eyes peeled, at AppSense we are working on the technology that may well unlock this wonderful opportunity.

Perhaps this just gives us all the time to really rethink exactly what it is that the VDI solutions are going to do better for us, as Jim states?


The Disposable Laptop Project – reducing the cost for the AppSense user base

July 23, 2009

One of the things that I have been driving here at AppSense for some time now is something that I call the “Disposable Laptop project”. 

Let me set a scene;

At AppSense we have made use of the Remote Desktop Services and XenApp technologies since inception of the business back in 1999 (OK, so the technologies had different names back then, but in essence delivered a desktop and application set to the user population – much like they continue to do for us today :-) ).  One of the significant factors for our using this technology was that we would reap the rewards of low cost computing with regards to the end point devices that we used.  Back in ’99, we had a dozen or so thin client devices in the business (probably cost $500 each back then) that didn’t ever require any IT support time really at all.  IF they broke down, we replaced with another device with around 10 minutes downtime for the user, and we were off again.  I say IF, because we still have most of those devices today, and if it weren’t for their inability to deal with scrolling etc in the likes of Microsoft Excel, they would still all be in use.  What a fantastic return on investment we have had from those devices. We all know this story, since we most likely all have made use of the same technology and reaped those same rewards over the years.

As time has moved on however, our challenge has morphed, because our sales and marketing folks now have differing needs from the IT systems that we provide to them, and the key change is that of mobility.  So as a result, where in 1999, 75% of our employees used thin client devices accessing a Server Based Computing solution (the remaining 25% being developers with powerful laptops or workstations), we find that TODAY, only 20% of our workforce operate solely from a thin client terminal, with laptops now being almost the defacto for new starters in the business.  So over the years the cost to support and maintain our workforce has gradually been creeping up for all the usual reasons (even though the acquisition cost of the mobile device is slowly dropping);

  • Administrative requirement to enble the user to add printer drivers etc
  • User installed applications causing stability issues on the laptops
  • User data and security – how to manage our data and back it up suitably
  • Laptop theft / damage causing downtime for the user while they await a new device – only to find their data was not backed up suitably and that they would have to create the document(s) from scratch / memory

I don’t think these challenges are any different from those that other organisations also deal with on a daily basis, but that does not detract from the pain caused for the end user at the time, and the cost that it is implying onto the IT group, and hence the AppSense business.

The reason that we were so able to reap significant rewards was simply that the SBC solution allowed us to deliver a standardized desktop to the user population that enabled them to do their job.  The fact it was standardized, meant we were far more effective with our use of IT resources. 

Back in 1999, nobody spoke of standardization and my analogy of Lego (see recent posting – “Standardization / Lego blocks – crucial for managing desktop infrastructure?” – http://appsense.wordpress.com/2009/07/22/standardization-lego-blocks-crucial-for-managing-desktop-infrastructure/) just plain would not have worked out so well, since the closest anybody came to standardization was low level imaging of servers and applying a new server name and the all important SID to each new “imaged machine”.

So, now the scene it set, let me get back to the point ! :-)

As we step forwards, we are now seeing technology arise that allows the Lego analogy to function and will allow me to drive my new project within the company that I know will have significant value to most other enterprises – the project is simply this – “The Disposable Laptop Project“. 

I want to continue to be able to provide IT in the form of a mobile device (as appropriate of course)  to our user population that enables them to deliver upon their job function.  However, I want to do it in a way that is (from the IT Group’s perspective) as controlled as the deliverable back in ’99, but that offers the freedom of today, where the user “feels ownership” over their corporate laptop, having the freedom to personalize it as much as they do their home PC.

By using the Lego approach, we can ensure that we have;

  • Single Standard Operating System
  • Core application set layered on top of the above
  • User installed applications managed as a separate layer on top of the above
  • User personalization to ensure look and feel of all the above remains personal to the user
  • User data management – managing the data that all of the above are actually (and ultimately) there to serve

As a note I accept that it most likely will not be possible to only have one shared OS image, but the point remains – we have (for example) just 4 images to manage rather than 1,000’s.

By enabling the management of each of these layers individually, we are able to quickly construct the mobile device operating environment on behalf of the user seamlessly.  This makes the mobile device no different from a hosted virtual desktop incidentally – I could be talking about either environment or BOTH of course.

So, in the situation where user Oliver has just had his laptop stolen from the trunk of his car, the IT group can allocate Oliver a new device, provision an OS and the core apps to the device.  As soon as Oliver logs on to the device for the first time, his own user installed applications will be applied, as will be his personality information as well as the data that is ultimately used by all his applications.  The point is that within 30 minutes, Oliver will be set to work without needing to worry about any of the things that enable him to work in the first place.  This is a huge saving for Oliver as he does not now need to go off and find the tools / utilities that he requires, download all the data (worse still, re-write the data), and then spend days making the whole environment look just like it did yesterday.

You get the picture – so how is the project getting on in AppSense?

 Well, my own laptop TODAY has a base OS delivered to it, the applications are actually locally installed (soon to be delivered to the device via an application virtualization technology) I have my personalization dealt with by one of our own products (Environment Manager) and I curently employ standard Microsoft Offline Files within Vista to deal with my user data.  I am also making use of a very early user installed applications product that AppSense are working on (demoed recently at the BriForum event in Chicago) to manage my own user installed aplications.

Thus far, I find that the offline files are OK, but I am unable to store Outlook PST files on them since they will not synchronize as I have them open most of the time.  This for me is a bit of a showstopper as the files that are possibly the most important to me will not ever be synchronized and hence in laptop failure / theft, I would still be left high and dry :-(

My personalization follows me beautifully between the laptop (MS Vista), the XenApp solution (Windows 2003 Server) that AppSense have at my disposal and the hosted virtual desktop solution (MS Windows XP) that I also make use of occasionally.  If we look at that again quickly, we may just notice the subtle point here – I am able to use both V1 and V2 of Microsoft profiles here and share my settings across the two without actually worrying (or indeed caring) that there are two versions in use.   This is actually a very key point for the Environment Manager solution since our user population are not ALL Windows XP OR Windows Vista, hence we need to cater for both.

The final piece for me is the user applications, and the new product I mentioned is managing this well enough for me presently to accept that I now have the very first “Disposable Laptop”.

The places that we need to work on now are the user installed applications and better management of the actual user data itself.  Once these two key components are under the belt, the cost for mobile computing within AppSense will have dropped significantly and the end users will be receiving a far superior service from the IT group. 

Watch this space!


Standardization / Lego blocks – crucial for managing desktop infrastructure?

July 22, 2009

There have been quite a few postings around the various application virtualization technologies over the years, but more recently something called “standardization”. This post is really to remind us of the importance of this “standardization” and how it affects our consideration of how we will build and support our IT infrastructure downstream.   It is also to set the scene for a future article :-)

We are all being pushed to ensure that the IT operation has a closer and more direct link to the business strategy of the enterprise, but that this must be achieved (of course)  for a fraction of the cost of the traditional delivery techniques. 

So, looking back to standardization – a great example of recent postings in this space would be the article from the AppSense Strategist, Martin Ingram, found at http://www.dabcc.com/article.aspx?id=9225.  While it was written back in November 2008, it really hits home with a few key points;

  • Standardization is key to delivering improved quality and service at reduced cost
  • Once you have standardized the components, you can leverage an automation technique to reduce spin up costs
  • Standardization AND automation will enable the cost of delivery to tumble

Martin uses a Ford Model T as his example which I believe  is really quite simple to understand.  Although to bring it a little closer to modern day, I like to view standardization as the “Volkswagen Group A Platform”- the standard group platform that multiple Volkswagen Group vehicles are based on – such as the Audi A3, Audi TT, Volkswagen Golf, Bora/Jetta, Bettle, Eos, Scirocco, Caddy and Touran as well as the SEAT Altea, Leon and Toledo and not forgetting the Skoda Octavia.  In my example, the Volkswagen Group have created a standardized platform that can be quickly adapted by all of the group companies to great effect, reducing cost and delivery times of their products.  Let’s face it, in today’s marketspace, this sort of cost reduction is a key consideration to a company being able to stay in business.

If we bring this back to IT service delivery, as Martin suggests, this is becoming far more critical to the enterprise since the ability to rapidly create/build desktop environments for users [consisting of base operating systems, applications, users settings for example] is a key requirement to deliver against the business needs.  At all times the user must be able to do his or her own thing and truly believe that the desktop is their own desktop that they can modify or personalize without much or indeed any compromise.  The IT Service team would now be managing a small number of building blocks (I refer to as Lego blocks – everybody knows Lego blocks and understands how to build things with them :-)) rather than worrying abut handling 1,000’s of desktop devices or laptops that are in a disarray of configuration, each of which requires one to one management as and when issues arise. 

The Lego already exists to manage the Operating System delivery (Citrix, VMware to name a couple of headlining acts), and the application virtualization Lego exists to deliver known applications on top of that layer (App-V, ThinApp, Citrix Streamed, Altiris SVS, InstallFree to name a few).  This leaves the user personalization Lego (AppSense Environment Manager fills this gap today), User Installed Applications Lego and of course last but by no means least, the User Data Lego. 

Over the next year or two, this is really going to become reality as the technology /Lego begins to evolve, and hence  allows the administrator to really be in a position to begin to manage all the Lego.

Let’s all prepare to play with the Lego! :-)


Follow

Get every new post delivered to your Inbox.