Why Microsoft could let AppContainer take over Windows
In my mother's kitchen, a "container" was Tupperware, a brand of resealable plastic containers sold at private in-home parties that sometimes got a little out of hand after a few rounds of gin and tonic. Tupperware was perfect for those leftovers that you were sure you'd eat the next day, but were more likely to be found growing fuzzy mold by the time you'd think of them again. The great thing about Tupperware was that it sealed tightly so that none of that nastiness could affect the rest of the fridge.
That brings me to Windows 8 and 8.1. The "Modern UI," or whatever Microsoft is calling it this week, is really just a layer over something called AppContainer. AppContainer has a lot in common with Tupperware because, well, it contains things -- mainly apps and data -- and it keeps digital beasties from spoiling the rest of the stuff outside the container like, oh, the operating system.
My point is that this AppContainer is where it's at. That's because I believe that Microsoft's most critical disruption risk is the management and maintenance complexity of the legacy Windows desktop environment. On one hand it's as familiar to most of us as the toasters in our kitchens, but on the other it's as challenging and time-consuming to look after as a 5-year-old.
You see, the Windows desktop adds significant management and compliance drag. In the U.S., the EU and elsewhere, complex, restrictive laws regulate the Windows desktop environment and add to the challenges with the traditional Windows desktop. The U.S. National Institute of Standards and Technology (NIST) provides a comprehensive list of control points for desktop and laptop operating systems, widely used as a guide for regulators globally. To comply with the U.S. Government Baseline Configuration (USGCB) requirements, for example, means electronically enforcing some 360 control points on a Windows PC, from antivirus to individual Registry settings. That's a lot of work and kills much of the PC's utility. But there is no direct USGCB analog for newer smartphone and tablet operating systems. True, the current NIST guidance calls out roughly 63 control points for them, but most are pretty simple to enforce, such as requiring a device lock passcode for device configuration to be considered adequate.
But here's the thing: A Windows 8 tablet still falls under the NIST guidelines for a full desktop or laptop OS because the Windows desktop environment makes it a PC. But I'd bet my mom's Tupperware that the Windows 8 AppContainer on its own (without the Windows desktop) would fall under the lighter compliance requirements for a mobile OS because it is its own self-contained execution environment. In other words, if Microsoft could see enough applications for AppContainer to make a Windows device valuable and desirable without the Windows desktop, it could strip out the Modern UI and probably get out from under the audit controls that currently apply to the PC. Incidentally, the corporate PC experience could get a serious boost.
This would be brave self-disruption on Microsoft's part. AppContainer, the technology driving Microsoft's tablet experience, slides in alongside competitors Apple and Google. But embracing it to the point of dumping the desktop environment is serious, because even as Microsoft must forge a relationship of delight and happiness with users of that tablet experience, it must not alienate its enterprise IT customers and internal influencers like Configuration Manager admins.
It's a delicate balancing act. I'm looking forward to watching the story unfold and finding out just how long this Tupperware called AppContainer can save Microsoft's bacon.
David K. Johnson is a principal analyst at Forrester Research serving infrastructure and operations professionals.
Read more about operating systems in Computerworld's Operating Systems Topic Center.