Intel's internal IT changes attitude and role on supporting end users

Stop saying 'no,' find a way to say 'yes' without breaking anything important.

At most companies end users have to fit into a niche IT creates to match the technology it has already decided to buy with the job that person's given to do. That method helps IT standardize on certain products to lower costs and reduce support, and gets end users most of the tools they need to do their jobs.

That method is so approximate, though, that it doesn't accomplish either of those things as well as it could, and puts IT and end users into an adversarial relationship that ends up reducing the effectiveness of both.

At least that's the way Dave Bucholz sees it as the principal IT engineer responsible for evaluating new technology Intel employees will use internally.

Until about three years ago, Intel handled users the same way other companies did: give end users a piece of hardware, stack of software and tell them "no" if they complain and ask for something else, Bucholz said.

Intel has been keeping close track of its IT total cost of ownership since 1977 and put a lot of weight on that number. So going cowboy and blowing the IT budget on some exciting new project Was. Not. Done.

Three years ago at Intel you could be high security (and get nothing that hadn't been proven secure and reliable for so long it was probably obsolete), "high availablility" (mostly engineers who could justify all the power they could get, and most of the software, too), and "carpet dwellers" (who get the same technology found in every gray office cubicle in America.

Now it has "8 or 9" major user segments, each with a host of subsegments, and different product profiles for each. (Among the odd ones is the Highly Mobile worker who never leaves campus, but is never in the office, either. They use the 7,000 wireless access points around Intel's campus to stay connected as they move between conference rooms or other offices, but need some of the same tools as Intel's road warriors.)

What forced IT to change its view and behavior was a combination of pressure from end users for more flexibility, presence inside the company of handheld and other non-PC devices it didn't own and couldn't control, and fast-developing desktop virtualization technology that can sometimes eliminate end user/IT conflicts by allowing a choice of One or The Other to become Both.

Intel runs virtual desktops from three different companies: Microsoft, VMware and Parallels. Most of them are Type II virtual machines, meaning they rely on a hypervisor that runs on top of the operating system, like any other application. A guest OS and applications run on top of that.

They're mostly used to let Mac and Linux users get to applications or toolsets that don't run on either platform, or to help coders simulate a different OS than the one on their desktop, to verify compatibility.

The real goal is to use Type I "bare-metal" client hypervisors to put a secure Intel OS and application stack on a machine (owned by either Intel or the employee) and let the employee load his or her own stuff on in a separate VM, Buckholz said.

Ideally the same profile, data and access would move from laptop to smartphone to home-based PC to public kiosk securely, but that capability is a long way off.

So far the best Intel's been able to do is convince employees to look for smartphones or other mobile devices that support Intel's VT-X and VT-D processor-based VM-acceleration features, Microsoft's RDS remote-session protocol or Citrix' XenApp streaming application products. That gives IT a much better hook to connect whatever device the employee wants to buy securely to Intel's net.

"A year or so ago we had about 5,000 smartphones internally, the bulk of them owned by Intel. When employees asked to use their own devices we could have done adaptations to support Android or iPhones or whatever, but all that would have been stovepiped according to OS," Bucholz said. "Using the virtual-client approach, depending on what the device can support, we can send different services to the device, maybe full mail, calendaring and contacts, maybe policies for management, or more access. It's a tiered strategy based on what the phone can do."

Since January, Intel has provisioned 15,000 devices owned by employees, not Intel -- success Bucholz attributes to IT carefully defining and explaining what it would take for users to get what they want, and be willing to give it to them if it helps them do their jobs.

"We actually have people going into the Verizon store and saying 'I want something that supports these technologies.' We've gotten to the point that we're actually controlling how they spend some of their own money and we're seen as more of an enabler of end users , so they tend to embrace us more," Bucholz said.

Kevin Fogarty writes about enterprise IT for ITworld. Follow him on Twitter @KevinFogarty.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon