Brian Madden Insights: 10 WAYS TO EVOLVE FROM VDI ......but they don’t build models, so they...

WHITE PAPER

BRIAN MADDEN INSIGHTS: 10 WAYS TO EVOLVE FROM VDI AND EMM TO A DIGITAL WORKSPACE

https://www.vmware.com

W H I T E PA P E R | 2


Table of Contents1. Not All Users Are Created Equal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4

2. Devices Shouldn’t Matter, but They Do (Which Means They Don’t) . . . . . . . . . . .4

3. Mind the App Gap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

4. Modern Management Straight Ahead . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

5. Experience Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6

6. Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

7. Artificial Intelligence (AI) Overload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

8. Work Smarter, Not Harder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

9. Assess What to Leave Behind . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

10. Change . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9

About the Author . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9



For years, the End-User Computing (EUC) community was divided into two segments—desktop virtualization and Enterprise Mobility Management (EMM). Each of these segments was further subcategorized—VDI, app publishing, and RDSH for desktop virtualization; and Mobile Device Management (MDM), Mobile Application Management (MAM), and Mobile Content Management (MCM) for EMM. But broadly speaking, everything in the EUC world was either about desktop virtualization or EMM.

After a while, people got tired of saying “desktop virtualization and EMM.” They also realized that the phrase “desktop virtualization” didn’t include the hundreds of millions of laptops and desktops that had Windows installed locally (but that still had to be managed), so the industry began to adopt a new term: Unified Endpoint Management or UEM. (Not to be confused with user environment management, which shares the acronym UEM but is something else completely.)

UEM is a much better term than “desktop virtualization and mobility,” because UEM is broader and can include all types of user endpoints (laptops, desktops, mobile devices), all platforms (Windows, macOS, Linux, iOS, Android, Chrome), and all delivery methods (local, remote, cloud, streamed, virtualized, and more).

That said, an argument could be made that even the term UEM is still limited because it’s just about endpoint management (that is, the devices), whereas in addition to endpoints, the EUC community has to deal with additional things like user identity, the so-called “perimeterless” network, conditional access based on more than just user ID, access from non-trusted and non-owned devices, and the fact that users are generally able to do whatever they want, with or without IT’s support or knowledge (for example, “the consumerization of IT” or “shadow IT”).

To address this expanded EUC landscape, VMware has started using the more-inclusive term “digital workspace” to describe the apps, data, devices, identity, security, and work productivity that coalesce to form what EUC IT pros are thinking about now.

In this paper, we’ll take a look at how the ways of thinking about “legacy” desktop virtualization and EMM are evolving to become today’s digital workspace.



1. Not All Users Are Created EqualIn the old days (5–10 years ago), EUC-focused IT projects were based around broad classifications of users. Sometimes these classifications were departmental—legal, accounting, engineering—while other times they were based on the assumed sophistication of the users—power users, knowledge workers, or task workers. While this wasn’t ideal, the bucketing of users was necessary due to the technical limitations of the day (static base images, locked-down corporate-owned devices, and so on).

Today’s world is different. In 2018, if an organization needs to support 1,000 users, they will have to support 1,000 unique “personalities.” (For example, a user might be in the legal department, but they do patents, so they also need the engineering apps, but they don’t build models, so they don’t need a GPU.)

Combine that with the fact that some users need Macs, some prefer Macs, some prefer Windows, some want ultralights, some want convertibles, and you’ve got a complex set of user buckets.

Of course, the digital workspace is not just about desktops and laptops. Every user has a phone, many users also have tablets, and most users will want to be able to at least occasionally work from home using who-knows-what type of computer. It doesn’t take long to realize that if you have 1,000 users, you could actually have two or three thousand buckets you’d need to support!

In 2018, we no longer have the luxury of saying, “Here are the five template use cases we’ll support. Which one are you?” Instead we need to support all buckets of all users, regardless of the devices they choose, the apps they use, where they work, or when they work.

2. Devices Shouldn’t Matter, but They Do (Which Means They Don’t)These days, there’s a lot of hype about how “devices don’t matter anymore.” While that makes for a great marketing slogan, the reality is that every interaction between users and their applications and data is going to occur on some type of device. So, rather than talking about how devices don’t matter, a better slogan might be: “You have to support every device, because who knows what the users will want to use!”

The only thing we can be certain about is that the days of dictating what device types or platforms a user can use are long gone. Instead, you need to be able to secure, manage, and deliver apps and data to all types of devices (laptops, desktops, tablets, phones, and more) across a wide variety of platforms (Windows, macOS, iOS, Android, Chrome, and so on).

That said, it’s not necessary for the device landscape to be the Wild Wild West. Security vulnerabilities (and their related patches) constantly remind us that there are legitimate reasons to block certain devices at certain times from accessing sensitive data and apps. So, a modern digital workspace solution must be able to incorporate characteristics of the device to decide what’s exposed to the user.

The same is true about device ownership. Some devices will be owned by the organization, and others by the users. It’s important to be able to vary what IT can see, and to respect various privacy levels, based on ownership. (For example, maybe IT can see the GPS location of a corporate-owned device, but not a user’s personal device.)

The bottom line is that in 2018, “The device doesn’t matter” is code for “Every device matters.” If a user can walk into a retail store and buy it, then IT has to support it.



3. Mind the App GapPundits and naysayers have been predicting “the death of Windows” for decades. (First it was the web that was going to kill them. Then it was Java. Then it was mobile apps…) The reality is that traditional Windows desktop applications are going to be around for a long time—especially in the business world. Sure, most new apps are cloud-native, web-based, and/or mobile, but that doesn’t mean that traditional Windows desktop apps are going away. In fact, all the Windows desktop apps that could easily be replaced by other apps have been already, so any remaining Windows desktop apps you have will likely be around awhile. So, even though you might not be delivering full Windows desktops to every user, most likely you still need to be able to deliver a traditional Windows desktop app here and there.

Of course, none of this matters to users. They don’t care what underlying technology an app is based on—they just want their app. When thinking about a digital workspace, it’s important that you have a way to publish all types of apps (Windows, web, mobile, and so on) to all users on all devices in a common and unified way.

Doing this means that you’ll need to deliver Windows desktop apps via multiple technologies. In some cases (for certain devices, use cases, or locations) you might want to virtualize the app, other times you might want to stream it, and in others you might want to install it locally onto a laptop or desktop (which may be managed or unmanaged).

Being able to deliver, manage, secure, and monitor any application—regardless of type—to any user on any device from any location is a critical aspect of the digital workspace. You can’t just focus on the new types of apps and ignore the legacy Windows apps that are still critical today.

4. Modern Management Straight AheadWindows desktops (and laptops) have been managed in more or less the same way for the past 25 years. They were domain-joined, and it was assumed that they had a network connection back to the domain controllers and file servers. This arrangement was fine in the Nineties, but as users became more mobile, the model became problematic.

For example, laptop users grew to hate the VPN and would avoid it at all costs, but when they were finally forced to connect (due to something like a mandatory end-of-quarter reporting app or to file their expenses), their computer was worthless for the next seven hours as it downloaded required updates over their dial-up connection.

The challenge grew as users started trying to use their own laptops and home computers. Should they be added to the domain? Does that make the organization responsible for what users are doing on their home computers? But if they’re not in the domain, how is security enforced?

It was a mess.

When mobile OSs (iOS and Android) hit the scene about 10 years ago, they allowed a more “modern” way of management that did not require the organization to take over and take full control. Rather, users could still control “their” stuff, and the organization could control theirs. This meant, for example, that IT could remotely wipe the corporate stuff but not personal contacts, photos, and text messages. IT could audit the use of corporate apps, but not read texts or location history.



So basically, phones were awesome, and everyone thought, “Gee, it would be cool if laptops could be managed this way, too.”

That’s exactly what Microsoft did with Windows 10, introducing a collection of features and changes they collectively calls “Modern Management.” Windows 10 lets organizations treat the computer more like a modern mobile device, allowing IT to manage or enforce certain aspects while not requiring the computer to be domain-joined or always connected.

Windows 10 management is extensible and open. VMware has built upon this to provide cloud-based Windows 10 management that doesn’t require the device to be domain-joined, doesn’t require a constant network connection, and deploys app packages and updates from cloud-based CDNs and peer-based updates, meaning that individual companies no longer need to build out huge networks of package distribution servers, update points, and network infrastructure.

All this means that Windows 10 endpoints can be managed in a much more effective way, while at the same time being easier and cheaper for IT.

5. Experience MattersFive or six years ago, the phrase “consumerization of IT” was all the rage. (It was also called “shadow IT” or “FUIT.”) Put simply, we believed that users could essentially do whatever they wanted, and IT was powerless to stop them.

That’s all pretty much true today, too. The difference in 2018 is that we (as IT) actually have a plan that lets us deal with this now. That plan, in a nutshell, is that we need to offer the same services, apps, quality of service, ease of use, and overall experience that users could get on their own.

For example, in the early days of the consumerization of IT, we talked about how, rather than using corporate file shares behind a VPN, users were just going out and expensing Dropbox on their own. The way to solve that is not to try to ban or block Dropbox, but rather to either (1) use Dropbox at the corporate level, or (2) use something else that is like Dropbox at the corporate level.

Most of these “new” apps that users want to use were initially consumer-focused in their early days, but almost all of them now support SAML-based authentication, enterprise-grade encryption, and everything else larger organizations need to be able to depend on them. So now apps like Dropbox, Microsoft Office, Slack, Evernote, Basecamp, and others can be easily integrated into the organization’s SSO, self-service, and over-the-air (OTA) systems.

This means that users can discover, provision, and start using these apps on their own, and IT can provide the service that users expect.

Furthermore, most apps have APIs, which allow organizations to build mobile workflows that connect apps to accommodate the ways users use them. (Think of these as “IFTTT” for business.) So, a user could take a photo of a receipt, get it scanned and OCRed with a scanner app, have it saved into Dropbox, and then Concur could pick it up from there and automatically add it to an expense report based on the current trip it pulls from TripIt. All of this ends up being more powerful than what users can do on their own and makes using the corporate apps a pleasure.

While you’re thinking about apps, don’t forget that in 2018, the underlying Windows 10 OS is treated more like an update with frequent updates, and you need to be able to deliver, manage, secure, and monitor it as you do any app.



6. SecuritySecurity is obviously important in IT and even more important in a digital workspace world because users can essentially work from anywhere, at any time, from any device. The challenge comes from the fact that traditional security tools operate in silos. They watch failed password attempts, or scan emails, or track clicks and data within a Windows desktop session, or decide at app launch whether a user is entitled to that app at that moment in time.

But now that the user workspace has broadened, security needs to as well. Users can use devices that run Windows, macOS, iOS, Android, or Chrome, so the security solution must be able to work with all those. Users can run web apps, mobile apps, and Windows apps, so the security solution must as well. Users might be connected, or they might not be. They might be in the office or they might not be. The security solution must handle all this, too.

It’s also important that the security solution is able to operate at multiple levels—within an app, within the OS, within the network, and within the VM.

Furthermore, the security solution needs to understand that all of this—the device, apps, data, location, and even user identity—can change at any given moment. Maybe users were entitled to use an app when they first launched it because they were at work, but they just closed the lid of their laptop, went home, and opened it again to pick up where they left off. The fact that the user’s location changed must trigger a security re-evaluation.

The security solution for a digital workspace must be extensible as well. Every environment is different, in terms of the apps used and the regulatory and security requirements. It’s critical that the security solution is extensible, allowing third-party products to plug in, and working with standard APIs, to ensure that an organization’s specific needs are met.

7. Artificial Intelligence (AI) OverloadThe term “AI” is overused in IT today, sort of like “virtualization” was 15 years ago and “cloud” was five years ago. But just because a term is overused doesn’t mean it’s all hype.

For example, in a digital workspace, AI can be used as part of the security solution to sift through millions of log entries and alerts to determine what requires action and what can be ignored. It can also help identify suspicious behavior that should be tagged from a single user across multiple devices, applications, platforms, and activities.

In addition to security intelligence, AI can be used to analyze performance and suggest remediation options, including analysis of the “last mile” of the environment based on the client device performance and network.

In all cases, AI helps IT professionals be more productive by letting them focus on more interesting things rather than spending hours trying to make sense of all the data.

8. Work Smarter, Not HarderEverything covered so far works together to make the user and admin experience better. For example, the same Windows app can be packaged and deployed into a static VM, an instant clone, in an RDSH desktop session, an RDSH app, a VDI desktop, or a Windows 10 local desktop. This means that IT can package an app once to deploy anywhere. The user environment can be standardized across all types of delivery



methods, meaning a user can configure something once and get it everywhere. Intelligence can be used to deliver a native iOS app to iOS users, an Android app to Android users, and the web app to users connecting from other platforms, automatically, so users don’t have to waste time searching for the right type of app for every device they use.

The digital workspace includes a lot of different pieces, platforms, devices, and delivery mechanisms, so it’s important to have the options to leverage what makes sense for each use case and to automate and streamline what you can.

9. Assess What to Leave BehindLike most large and transformative IT projects, implementing a true digital workspace isn’t something that’s going to happen in a single step.

This is no different from how it’s been for years, of course. Back when we were talking about VDI in 2012, we talked about how it was important not to change your desktop estate from physical to virtual at the same time you migrated from Windows XP to Windows 7 at the same time you moved from persistent to stateless desktops. (Those needed to be three separate projects.) The same is true in 2018 when thinking about a digital workspace.

It’s important to think about a phased approach, as getting to every user with every use case could take years.

10. ChangeEveryone talks about how “change is the new constant” and how IT needs to continue to adapt. While that’s certainly true, there are some more specific changes to the IT mindset when it comes to digital workspaces.

Some of the changes were covered already. (For example, changing how we think about Windows desktops from domain-joined always connected to non-domain joined rarely connected.)

The real change is the change in culture around how IT approaches users. In the modern world, IT needs to serve at the pleasure of the users. When VMware IT staff members talk about how they use their own VMware products internally, they talk about the goal of “delighting” the users. A few years ago, a phrase like that would lead to eye rolls. But today, with a digital workspace, it’s actually possible to delight users. They can use any device, running any platform, from any location. Sign on and authentication is seamless. Onboarding new devices is easy (and the users can do it themselves). Finding, provisioning, and installing new apps is simple.

If it seems impossible, think about how far we’ve come. Five years ago, everyone ran their own Microsoft Exchange Servers. Now people who don’t use Office 365 get weird looks. Ten years ago, IT departments supported only BlackBerrys and the idea of an employee-owned iPhone being able to access corporate data and apps was laughable. Now it’s common.

Five years ago, mobile phones and laptops were completely separate silos that were unrelated in IT. Now we’re actually able to manage them with a single environment with common controls.



SummaryAs you can see, there are many compelling reasons to start moving your users to a digital workspace. VMware Workspace ONE™ is the platform for the digital workspace that can address everything outlined in this paper.

Workspace ONE provides truly unified endpoint management, whether corporate-owned or BYO, including Windows, macOS, iOS, Android, and Chrome devices, delivering apps to them and managing them over-the-air in a modern way via the cloud. Windows desktops and apps can be integrated and delivered to any device type, whether they’re installed locally, remoted from an RDSH session, or remoted from the cloud, either as an RDSH session or a VDI instance.

Workspace ONE takes full advantage of a Windows 10 device’s modern management capabilities to provide full PC lifecycle management (PCLM) and a great user experience even for devices that never join the domain and that rarely have connections. For RDSH and VDI-based Windows environments, disk images can be built on demand, ensuring they’re always up to date and fully patched.

Native mobile apps (iOS and Android) can be secured, customized, and delivered with Workspace ONE right along with web and Windows apps, providing a native user experience, all from a single app catalog. It supports password-free single sign-on (SSO) to all apps across all platforms.

Workspace ONE allows IT to secure apps and data as needed, with user ID management and multifactor authentication (MFA), and includes AI-based security analytics that protect, detect, and remediate modern-day threats.

Taken together, Workspace ONE can help you delight your users while providing access to the apps and data, whether new or old, on-premises or off, to be the platform for the digital workspace in your environment.

Learn more about empowering the digital workspace >

Join Us Online:

GET STARTED TODAY

About the Author

Brian Madden is a technologist in the VMware EUC CTO office. Brian has been in the EUC industry for more than 20 years. He founded BrianMadden.com and created the BriForum conference series. He has also authored six books about desktop virtualization, VDI, and DaaS, thousands of articles and blog posts, and has given hundreds of speeches around the world.

https://www.vmware.com/it-priorities/empower-digital-workspace.htmlhttps://www.vmware.com/it-priorities/empower-digital-workspace.htmlhttps://twitter.com/workspaceonehttps://www.facebook.com/vmwareworkspaceone/https://blogs.vmware.com/euc/products/workspace-one

VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.comCopyright © 2018 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies. Item No: EDW-0920_VM_Brian-Madden-Insights-10-Ways-To-Evolve-From-VDI-And-EMM-To-A-Digital-Workspace_WP 07/18
https://www.vmware.comhttps://www.vmware.comhttp://www.vmware.com/go/patents

Brian Madden Insights: 10 WAYS TO EVOLVE FROM VDI ......but they don’t build models, so they...

Documents

Transcript of Brian Madden Insights: 10 WAYS TO EVOLVE FROM VDI ......but they don’t build models, so they...