The next generation of personal computing is here, and it looks a lot like the holiday shopping list of a tech-obsessed teenager.
But the consumerization of IT isn't the only trend complicating the personal computing picture for IT management. There is the whole Windows 7 migration issue, questions about desktop and application virtualization technologies, bring-your-own-PC scenarios, and the big hairy issue of how to make a user's desktop persona accessible from a variety of business and consumer devices.
After all, for many workers the desktop of the future will no longer be a physical device that houses all their critical productivity tools, all their data, all their contacts, all their secure network connections to core corporate resources. The "desktop", if we may even still call it that, will be available from any device, anywhere, anytime, allowing access to both personal and work applications without running afoul of IT security and compliance policies.
Consider the rise of smartphones and tablets. Worldwide, shipments of business smartphones rose from 54 million to 77 million between 2009 and 2010, and are expected to rise to 166 million by 2014, according to IDC research published in September. Thirty percent of IT shops are already piloting or planning programs for iPads and similar tablets, and another 43% are interested in doing so, Forrester says.
Of course many employees are already accessing work systems from a variety of devices. Intel employee Matt Primrose, for example, reports using a work-issued laptop, a variety of tablets owned by Intel's lab team, and an iPhone he purchased himself.
"If I'm just going to a regular meeting I leave my laptop at my desk and take my iPhone," says Primrose, an Oregon-based engineer on Intel's business client prototype team. "I'll potentially take a tablet if I have one that's registered to get my e-mail account, and if I want to look at a document while I'm in the meeting. The only time I take my laptop these days is if I need Live Meeting for collaboration, or if I'm presenting something. I take whichever device I think I need at the time."
While workers like Primrose can use multiple devices in a piecemeal manner to get their jobs done, the "desktop" is not yet universally available across all platforms, so productivity and efficiency aren't what they could be.
Building the universal desktop won't be easy, but businesses are taking interim steps, largely because they are being forced to by the influx of employee-owned devices.
Ford Motor Co., for example, has instituted a program it calls ePOD - email on Personally Owned Devices. So far, Ford is supporting employee use of iPhones, iPads and BlackBerries, and is considering whether to support Android, Symbian and Windows Phone 7.
In an ideal world, employees could have a unified view of all their personal and corporate information from a single interface, while IT could manage and secure the corporate bubble and leave the personal side alone, says Randy Nunez, mobile computing lead at Ford.
In fact virtualization vendors VMware and Citrix are working on hypervisors for mobile phones that create separate user profiles for business and personal applications and e-mail. But Nunez says this approach, while solving a security problem, may end up being cumbersome because it requires users to switch from one interface to another when they move from work to personal applications and vice versa.
In the future, perhaps an encrypted sandbox approach, or a cloud computing service that stores data remotely and makes it viewable on a smartphone on as-needed basis, could address the security and usability problems, Nunez speculates.
"Personally owned devices are quite challenging because the individual owns the asset and they want to do whatever it is they want to do with it," Nunez says. "But when you're interfacing with corporate environments, the corporation has certain rules of engagement they need to follow from a security and compliance perspective."
Just saying "no" to rank-and-file workers that want to use personal devices to access corporate systems doesn't address the problem, because users will find a way to get what they want. If you own an Android phone and want to avoid Exchange ActiveSync requirements such as PIN entry and remote wipe capabilities, you can download programs that remember your Outlook Web Access username and password and store e-mail in the phone's memory, which may not be encrypted.
You can use management tools to try to block such workarounds, but engaging employees in conversation may be even more effective in preventing unauthorized access. "If people know you're going to take a hard line right from the start, they're going to take a hard line," says Neil Clover, CTO of Arup Americas in New York, a design and engineering firm.
Instead, Clover and his IT team work with employees to educate them on which personal devices meet the corporation's security requirements and which do not. Intel takes a similar approach in a program it began in January 2010. Previously, nearly all smartphones connected to Intel's e-mail system were issued by IT. Now most e-mail-connected devices are owned by employees.
"We're approaching 15,000 devices in our environment and almost two-thirds of them are personally owned," says Intel principal engineer Dave Buchholz.
Intel tells employees which devices are eligible for corporate e-mail access. Some users even bring a printout of that list to the store when they buy a new phone.
"We're actually affecting the user's buying cycle now," Bucholz reports. "It's still consumerization of IT, but it's also almost the IT-ization of consumers. I think there's still going to be this tension [between IT and employees], but the tension will be a little bit less four or five years from now."
Employee self support
IT-ization of consumers may not be a bad description, especially when you consider that employees are taking on more support responsibilities. And that self-sufficiency may prove crucial in paving the way for IT to support universal desktop access from a mix of work and personal devices.
There are simply too many types of mobile devices for a typical IT shop to provide the support expected in a desktop-centric environment. According to the Aberdeen Group, the average enterprise supported about two mobile operating systems a year ago, but that number has risen to just about three and within 12 months enterprises will support an average of almost four.
In this new model, it may make more sense for IT to provide the means of hooking a device up to a network and then letting users fend for themselves when minor glitches pop up. A self-help or community support model might also relieve the IT burden while letting employees embrace multiple types of devices, Nunez suggests.
Users are becoming self-sufficient enough to make this idea work, Clover says. "To me, it's the beginning of self-sufficiency," he says. In many cases, employees aren't even relying on IT to set up their ActiveSync connections. They just do it themselves. "We're not even touching their device. There's a shift there, and I think it's a very efficient shift. A lot of this stuff is no longer a black box. The way I look at it is we've got these weekend IT warriors."
Clover also views mobility as a de facto disaster recovery plan. If a major event prevents employees from accessing an office or region, they may still be able to log onto e-mail via smartphones, he reasons.
But while smartphone users accessing corporate resources is an interim step toward ubiquitous access to the universal desktop, it's still only the tip of the iceberg. Corporations will be asked to provide more than e-mail on mobile devices, and they can't claim it's not possible because employees are increasingly aware of technologies that allow smartphones to access core enterprise applications such as Oracle, SAP and Microsoft SharePoint.
For example, there are VPN clients for the iPhone and iPad, Citrix Receiver and Wyse Pocket Cloud provide remote access to desktops and enterprise apps from smartphones and tablets, and Microsoft's new Windows Phone 7 devices can access Office, SharePoint and the like. Android phones using VMware's mobile hypervisor will hit the market sometime in 2011, and Android-based tablets will be eligible for the same technology.
IDC chief analyst Frank Gens says the firm's latest research predicts shipments of smartphones and tablets combined will surpass sales of PCs in the next 18 months..
Managing multiple devices
Desktop virtualization makes it possible to host the "desktop" on servers, making them accessible remotely from thin clients, PCs, and potentially smaller devices like phones, tablets and netbooks.
While this server-hosted desktop virtualization model will enable employees to access applications from a greater number of devices, it won't accommodate all types of users, particularly those with a need for greater processing power and offline access.
That's where client-based hypervisors come in. A hypervisor installed on a PC allows installation of virtualized operating systems on the device itself, letting users run multiple workspaces on the same piece of hardware and giving them the option of swapping a VM from one computer to another. Benefits include the ability to harness the local device's computing power, while letting users work offline and sync changes to the server when an Internet connection is re-established.
Client hypervisors come in two varieties: one that installs virtual machines directly onto the computer's "bare metal," and another in which VMs are installed as guest operating systems on top of the host OS. Client hypervisors will be enticing to employees who need to run two operating systems, for example a Windows virtual machine on a Mac laptop.
Desktop virtualization of all flavors can also provide enhanced IT management capabilities. The ability to move a user's application, data and settings to a new computer in case of hardware failure or PC upgrade, centralized patching, disaster recovery, segregation of personal and work data, and enforcement of security policies are among the potential benefits.
IT vendors like VMware, Citrix, Parallels and Microsoft, and a raft of upstarts, are selling numerous types of virtual desktop technologies.
Start-up MokaFive, for example, offers a centralized management suite that integrates with client-based hypervisors of the customer's choice. Bring-your-own-PC models are enabled under this scenario, because an employee-owned computer can run a work environment in a secure, virtual container, says MokaFive CEO Dale Fuller.
Fuller, who was GM of Apple's PowerBook division in 1995 and 1996, says it used to be that "Getting Apple into the enterprise was very difficult because Windows was the de facto standard." But those barriers are breaking down and virtual desktops will obliterate them, he says. Fuller's long-term vision is for a "self-healing computer environment" in which employees can use any device they'd like.
An IT shop "can't manage the 14 new devices coming out tomorrow, so you want to look at virtualization as a way you can standardize," Fuller says. "As long as virtualization works on that machine, I'm fine, because I'm only managing the virtual part of the machine." In other words, a virtual workspace can be carved out on an employee's home computer, creating a secure connection to the corporate data center that can't be compromised by the personal portions of the computer.
Beyond extending corporate security policies to home machines, MokaFive's larger goal is to merge the benefits of the client hypervisor and server-hosted models, letting users install whichever operating system suits their needs and work online or offline, while giving IT the means to push out patches, enforce policies and perform other desktop management tasks from a central location. By combining access to work and personal applications on one device, MokaFive and other virtual desktop technologies might also help consumers avoid being overwhelmed by the feeling of having too many devices..
In the Cisco Connected World Report, a survey of 1,300 IT decision makers worldwide found that 27% of companies will make desktop virtualization an important initiative over the next three years. Mobile access to information for employees will be a bigger priority, with 33% of companies making it a key initiative. Cisco also surveyed 1,300 workers, finding that three out of five employees believe they don't need to be in the office to be productive, but that IT policies may be preventing true mobility.
Desktop virtualization, at least the server-hosted model, requires a strong data center infrastructure and a shift in IT administrator mindset, "from managing a fleet of physical endpoints to managing the virtual machine that lives on the server," says IDC analyst Ian Song.