For most IT departments it’s an all too familiar story: executives discover the latest gadgets, start using them at home and bring them to work, expecting to access corporate applications, e-mail and data instantly. Then there are employees who have already worked out how to access corporate data using their tablet devices, and are carrying sensitive e-mail around with them, unwittingly placing the organisation at risk.
As employees at all levels drive the requirement for secure access to business information from mobile devices, IT departments find themselves in the inevitable predicament of having neither the right capabilities nor infrastructure to support these new devices. Managing mobility is a challenge as it represents largely uncharted waters and, right now, there is no one-size-fits-all solution or approach.
On the one hand, employee-owned tablets are powerful from a computing perspective, and organisations recognise the value of ensuring these devices can access corporate networks, applications and data, to make it easy for employees to maximise work time. Gartner Research predicts that 90% of organisations will support corporate applications on devices owned by end users by 2014.
However, while mobile devices are ushering in an age of improved productivity, organisations are still somewhat ‘at sea’ when it comes to integrating them from a security and manageability perspective. Meanwhile, users expect a seamless transition between personal and business use, and aren’t concerned about operating system issues. Rather, they want a solution and they want it now.
Desktop virtualisation can help
Effectively controlling and managing end-user devices, whether fixed or mobile and whether they are owned by your organisation or by your employees, involves finding a means to abstract the user experience from the device, the underlying operating system, the applications involved, and the corporate data.
For these reasons, some organisations are moving away from the traditional model of the desktop in search of a fundamentally better way to operate their end-user environments. Many are investigating desktop virtualisation with the aim of storing their data centrally. This core manageability over data provides the key to ensuring users can log on to corporate networks using their chosen device and access data, while meeting mobile requirements and protecting corporate data assets.
Desktop virtualisation has the potential to enhance device security and simplifies IT management. With it, your IT team can provide a well-provisioned desktop in the data centre and can centrally manage and deliver corporate applications and desktops on employee-owned devices. It also enables users to switch between devices easily, removing the need for individual management – and is viable now with tablet devices.
What about the issues around compliance (licensing), architectures (your network), security and governance? As with all new innovations, any changes have to be justified in terms of cost. For organisations seeking to provide access to applications via tablet devices, it means they need to be connected to a server-based computing (SBC) or Server Hosted Virtual Desktop (HVD) infrastructure. It may also require re-development of applications to work on specific platforms, especially if offline access is required.
Achieving buy-in for desktop virtualisation solutions can’t be based on promises of lower upfront costs. Rather, the approach should be to focus on the feature, functionality and business issues that are addressed through these solutions.
Are you covered?
How do you make provision for Microsoft and other third-party business applications that aren’t native to tablet devices, but have to be supported somehow? Providing tablet access to corporate applications means working out the impact on licensing of Microsoft products.
When it comes to alternative or user-owned devices, Microsoft licensing requirements are complex and still not well defined. While the default licence position until now has been device-based client access licences (CALs), it becomes more complicated when employees use their PC and tablet device at the same time, making user-based CALs the better option.
Desktop and application virtualisation removes the need for siloed hardware resources and locally installed applications. At the same time, organisations need to understand the strain this technology can place on their data centre infrastructure, networks and operations – especially when thousands of employees use this platform.
Organisations should assess existing infrastructures before segmenting their user base and providing groups of users with desktops that are tailored to their requirements. If they don’t need a desktop, give them a tablet – something simpler and thinner, which means less in terms of manageability. Remember, some users may need both.
Tools for the job
The most secure and cost-effective way of providing access to corporate applications via tablet devices is to give users access to server-based computing capabilities – either server-based applications or hosted desktops. Successful virtualisation of user desktops allows you to maintain desktop images that remain separate from computing devices.
The result is better security, and improved performance availability that is achieved through well integrated system policies. But how exactly do you do that? Depending on the infrastructure, there are a few options for Microsoft users – both out of the box and through third-party VMware and Citrix technologies. The ability to offer a centralised desktop through a Virtual Desktop Infrastructure suite means you can look after the desktop image centrally and patch it automatically. And because it’s a confined environment, you can manage the system easily and reduce risk.
Mobile management platforms allow IT managers to create separate profiles for employee- and company-owned devices, to separate personal and corporate data, and to remotely configure VPN, WiFi and other critical settings. The challenge for IT professionals is how to integrate new and old technologies (and devices), and implement solutions that will complement what their organisations have in place today.
Certainty of change
The growing number of available client architectures means organisations are likely to use several platforms to meet the varied computing needs of their users. While we don’t expect one to prevail, each of these new technologies comes with its own management requirements and technology capabilities, putting organisations at risk of creating new technical and organisational silos and making them dependent on technical skills.
Organisations should bear in mind that creating separate groups based on platforms is more likely to lead to inconsistent decision making, and may add operational complexity from a support and maintenance perspective, as well as an overall disintegration of standards. With no single suite available to manage all of these platforms, organisations would do well to implement a consistent policy and process, while keeping their long term desire for single management across all user platforms in mind. Getting this right will give users the access they need, and will ensure IT teams are geared for the certainty of more change.
Bradley Bunch, General Manager: Microsoft Solutions, Dimension Data Middle East and Africa
To facilitate BYOD businesses must give employees easy but secure access to the organization's applications from various devices (including iPads, iPhones, Android devices and Chromebooks), while minimizing the intervention required by IT staff. An ideal solution for such a scenario is Ericom AccessNow, a pure HTML5 RDP client that enables remote users to connect to any RDP host, including Terminal Server (RDS Session Host), physical desktops or VDI virtual desktops – and run their applications and desktops in a browser. AccessNow works natively with Chrome, Safari, Internet Explorer (with Chrome Frame plug-in), Firefox and any other browser with HTML5 and WebSockets support.
AccessNow also provides an optional Secure Gateway component enabling external users to securely connect to internal resources using AccessNow, without requiring a VPN.
For more info, and to download a demo, visit: http://www.ericom.com/html5_rdp_client.asp?URL_ID…
Note: I work for Ericom