Why a virtual desktop is the solution to workforce mobility
For years we have been hearing that tablet sales are outstripping PC sales, and projections that the PC platform will die, leaving all of us using tablets for all our computing needs. There has been a rush by organisations to equip staff with mobile devices (or let them bring their own device), and then they work out how to redesign all their applications to be mobile enabled, or even performing business practice re-engineering to change work practices to suit the new form factor of tablets and mobile devices. However, I believe that a virtual desktop is the solution to workforce mobility.
Why use a virtual desktop instead of apps?
It’s true that there has been a positive trend to move away from bloated and feature intensive multi-purpose applications (like office suites) towards work practice focussed tools that leverage back-end automation and only exposing the functionality that is actually required. However, there are many times where the cut-down capabilities of an app designed to work with fat fingers on a phone screen just won’t cut it.
There is definitely a place for mobility of the workforce, for Work 2.0 initiatives such as work from home or activity based working, and a tablet may be applicable to facilitate this flexibility. However, for the work that needs to be done, apps probably won’t cut it, and you need a desktop instead – but how do you get that on a tablet?
That’s where a virtual desktop comes in. The desktop is not running on the tablet, it is instead in a central datacentre (just like the back-end processing for most apps, Software-as-a-Service, and of course websites). A desktop instance can be dedicated to a user, so when they disconnect from the view of the virtual desktop – it still runs (along with the apps), ready to be connected to again, even from a different device. The virtual desktop is just another instance of Windows, running on your corporate network, and works just like an office computer would.
Microsoft tried to forced encouraged us all into a touch-enabled world with Metro Modern Windows 8, with a strong push back from end users who actually have a mouse and keyboard. It turns out that there really are two paradigms here; work and play.
Play is not Work
Whilst it might be good to play at work, it’s not actually work. Many IT managers and CTOs who first investigated tablets and smartphones as a work tool often responded that it was more of a toy than a tool (also from my own personal experience, during exposure to touch devices from 2008-2011). It also seems that the current financial results are showing this to be true – Why are PC sales up and Tablet sales down – Techcrunch 24 Aug 2014.
People often buy a tablet for the apps, the games, the personal reasons that they would like the device. Organisations may make device selections based on the personal preference of the CTO, head of IT or other advisers, and then they select iPad (sales slow 19 Aug 2014) or other mainstream devices for staff to use, with an eye towards end-user adoption and acceptance. A major factor in selection of device is; will staff want to use it [the device]?
Then, when the organisation focusses on technologies such as MDM, MAM or other controls over the staff member’s device (even if they did buy it themselves!), then the number one complaint from staff is that they can’t install/run their preferred game or app, or their Angry Birds scores are not syncing, or iTunes loses their purchases. IT is trying to exert their control down to the device, and then the staff member does not like or accept that control.
Does this not all indicate that the tablet / mobile device is perceived by employees as their plaything? Is it appropriate for business to assume responsibility for these non-business issues? A virtual desktop is the solution to workforce mobility because it seperates work into a new window.
A Window to work
Many people may disagree (choose your pro/anti-Microsoft religion now), but my view is that Windows desktops are a business tool. There have been many years of development of applications and capabilities, based on Windows software, where the paradigm of mouse and keyboard input grew and evolved from typewriter and pen office tools. My [current] view is that touch-based apps on mobile devices are limited in their applicability for business tools.
If you need to do your work, often you need to do it with Windows. Or at least Windows based applications. Employees need to have a View to their virtual desktop, so that they can complete their job tasks in a fully-featured environment.
With products like VMware Horizon View, Citrix or Microsoft Remote Desktop Services through VDI, the virtual desktop is their work – then the employee can use whatever device they want to access the View of their work. So, the mobility solution is in their hands, and the desktop (and the data) is in the corporate network. No worries about redesigning each application to work in a mobile touch device, no fears about opening up hundreds of security exceptions to allow any Internet address to access web-enabled applications – just one window to work. A virtual desktop is the solution to workforce mobility, because it gives an encapsulated view.
Security as a benefit
Mobility and BYOD and remote access are all approaches that are plagued with concerns over security. It’s well founded, because as soon as there is a device that has an association to the workplace, then this in not simply a vulnerability for attack, it’s a risk that it discloses information that would assist an attack.
Imagine this; a tablet gets stolen, and the hacker is able to see what is installed – a MobileIron MDM, a Juniper VPN, a Citrix receiver app, an SAP app, a managed anti-virus/malware app – all of these inform a hacker what product they need to research for vulnerabilities that they can attack – either through the mobile device or directly to the business. It’s for this reason that I advise people not to install a banking app on their phone – it informs someone who can get access to the phone about which institution you bank with…
Businesses will address this with techniques such as an MDM to remotely control a device, or provide a remote wipe capability. If it’s lost, destroy all business data and possibly all personal data too.
However, what if there is no business data on the device at all? How about all the business data and applications are all in a virtual desktop and you know that it’s all still in the datacentre, never on a device? All you need to do is change the password for the user or disable their account – and all the hacker knows is that this device belongs to someone at company.com – but not what security software or mobility solution they use.