Category: Useful Info

Microsoft has just defined the ‘Personal Workspace’

Summary

Windows 11 and Microsoft365 is Digital Workspace+. A Digital Workspace is an aggregation of multiple tools and services into a single pane. MS have just accomplished this with a prettier OS and VDI for everyone.

A journey of realisation

A couple of months ago, I wrote a blog post stating that VDI does not equal a digital workspace. I stand by that, as it was correct when I wrote it.  Since then however, Microsoft has made some pretty fundamental announcements, and I think these change the equation.

Here’s why I’ve changed my mind:

A Digital Workspace can be described very easily: It’s a single point of aggregation of all a user’s IT services, bound together with a single identity. Whether that user needs a SaaS app, a workflow or a full VDI session, it should all be there with no additional authentication overhead for the user. It may include Unified Endpoint Management (UEM), a VDI solution or powerful analytics, but while they are nice to have (and critically important for most enterprises), they are simply additional parts of a Digital Workspace.

What Microsoft has done over the past month or so is to leverage two key solutions to redefine a new type of workspace – the Personal Workspace.

Think about the Personal Workspace at Digital Workspace+. It offers the same capabilities as a traditional Digital Workspace, but also allows more flexibility and personalisation. Let’s explore why and how.

Windows 11

Windows has never been about making it ‘easy’. Too much focus has been put on emphasising the Windows platform itself, with lots of ‘Hey look at this!’ mechanics going on. While Windows was such a key part of Microsoft, that sort of made sense. But now Microsoft is all about Azure, it can afford to remake Windows into something a bit different, to shrink its role while at the same time making it much more relevant for the world we all now live in.

The Windows user journey has always sucked too. There were too many non-intuitive menus and icons. The interface formerly known as ‘Metro’ was an awful beast that stayed around at least 8 years too long. With most iterations of Windows, a lot of time was spent by users and admins trying to undo some of these mistakes. In my experience, a lot of users are still nostalgic for the look and feel of Windows 95!

Windows 11 has changed all that, mainly by removing a lot of the UI ‘bloat’ of Windows 10. Its focus on putting everything the user needs at their fingertips is a breath of fresh air. The icons are easier on the eye, human feedback is more present than ever, and everything is arranged far more neatly, whether that’s a web browser or a productivity app. From what I’ve seen so far, the number of clicks needed just to get something done has been reduced. Here we have, at last, a minimal just-enough interface that qualifies as a Digital Workspace.

It may seem like a small thing, but Windows 11 looks so much ‘cleaner’ than Windows 10. I’m not going to go into the fact that Windows 11 looks like a fatter version of ChromeOS here. The fact is that Microsoft has done what Microsoft does best: it’s seen something better in the market and emulated it.

Another key feature of a Digital Workspace is that it’s a cloud-based service which places few requirements on the end user. There’s been much merriment of the past couple of weeks in the EUC industry, as Microsoft’s Windows365 announcement looked like it was introducing VDI to the world for the first time even though there are probably 10s of millions of seats of Citrix, VMware and other VDI vendors’ products around, and there have been for at the past 15 years or so.

Windows365 does do something different though. It uses Microsoft’s huge heft to get VDI and the concept of Windows-in-the-cloud to the masses. It also promises to make it very simple to administer and use. The big argument (and one that I used before) was that Windows was simply a huge waste of resources when it comes to offering a Digital Workspace service to users. It’s always been complicated to use and is expensive to host. If MS are going to (eventually) offer Windows 11 on a managed cloud desktop for a fixed price, and if that price is competitive, then a lot of that argument is neutralised.

What about this idea of a ‘Personal Workspace’ then?

If Microsoft have truly created a simplified Windows desktop, that’s cloud based, cost effective and dedicated, then the possibilities are much more compelling than just a simple Digital Workspace. All enterprise applications will be available, whether SaaS or locally installed. The desktop will follow you around to multiple devices, irrespective of the OS, location or network. Any changes you make will persist. All the data you work on will be stored locally. Leveraging other MS technology like Windows Information Protection (still needs work, I know), then the Windows desktop could finally become Corporately Owned, Personally Enabled (COPE), like we see with IOS and Android devices.

Windows 11 and Windows365 will finally be the Windows the world has been waiting for, that pushes the envelope for the Digital Workspace. The only question left is which type of endpoints to consume it on. I have an idea on that front…

#IGEL

How to manage other people’s devices

Ever since BYO became a ‘thing’ back in around 2008, the subject of managing BYO devices has been a thorny one.

When it comes to corporately owned mobile devices, the answer is pretty simply: manage the thing. Put an agent on it, manage the device, the applications and the data. If you want to allow the end user to use it also as a personal device, fine, go down the Personally Owned, Corporately Enabled (COPE) route.

Now, there is a pretty traditional solution when it comes to BYO mobile devices too: MAM (Mobile Application Management). As it’s not a corporate device, putting a management agent on it is probably not a route you want to go down. Instead, manage the apps only and inject compliance and security configs directly into them.

Okay, great.

Desktops aren’t that simple. Windows especially, doesn’t have a particularly strict App Store model, meaning that applications, and therefore malware, from a range of sources can be installed with very little effort. So, how do you enable access into your prized, secure systems from an unmanaged, and let’s be clear here, dirty personally owned endpoint?

Remoting platforms such as Citrix Virtual Apps & Desktops and VMware Horizon have been the traditional solution here. Keeping your Windows desktops and apps locked away in your DC or in the cloud means that the workload is abstracted from the endpoint. Anything dodgy on the endpoint cannot (unless there’s some careless misconfig) get access to the Windows session running on the virtual session.

Sometimes however, especially in environments requiring a high level of compliance, or a secure environment that cannot take the risk of losing credentials and data via key loggers etc, there needs to be some management of the endpoint to ensure compliance with security standards and to mitigate risk.

In the past End Point Analysis (EPA) tools have been used to ensure this level of compliance. Think about it though. With EPA tools checking BYO devices, all you’re really doing is leveraging indirect control of a personally owned device by mandating that certain controls need to be in place before they can connect. Yes, you are not ‘touching’ the endpoint, but you are still trying to enforce policies.

What can you do in this situation?

Well guess what? I have a solution. What if you could have complete control and management of that BYO device, but only at the point that the owner / user wanted to connect to your services?

Introducing the IGEL UD Pocket!

The UD Pocket is a very simple solution. It’s a bootable USB-A / C key that you can pop into almost any x86 based device (including x86 Mac) and boot from. This then boots into IGEL OS, which is a secure, light OS built for SaaS and VDI. Once in, and leveraging centralised management, you can connect straight into corporate apps securely. Even better, the IGEL OS is read only, meaning that it is very difficult to compromise. Restart the machine or remove the stick, and the machine boots back into its default OS, whether that’s Windows or Mac.

Here’s a simply tagline: Want to enable your users to use any of their desktop / laptop devices for secure access to your services? Give them an IGEL UD Pocket for On-Demand Management.

Watch my video, I dare you:

Surely IGEL OS is only useful on the LAN?

That’s what I thought too. When I had my initial chat with the team at IGEL, my though process was very much that IGEL wasn’t relevant due to the pandemic. That’s a Thin Client OS, right? Turns out I was wrong (very rarely happens).

In fact, IGEL had one of its best years ever when everyone was locked up at home.

Why?

IGEL started moving away from hardware several years ago, and is now firmly in the edge OS camp. And an edge OS is pretty rubbish if it can’t be deployed at, well, the edge.

One of the core components of the IGEL platform is the Universal Management Suite, or UMS. It provides all of the device registration, configuration and management tasks for the edge devices. In a LAN environment, devices running IGEL OS will just connect directly to the DNS name of the UMS server(s) or the load balancer. When a device is external however, that’s gets a lot more difficult, and you definitely don’t want to expose a management tool like UMS directly to the internet.

The IGEL platform includes a capability known as the IGEL Cloud Gateway, or ICG. It’s this little box of magic that allows devices outside of the corporate LAN to still be managed by UMS.

This is a great way of extending the secure OS or bubble of an enterprise anywhere the user is, rather than tying them to a location, or forcing them to use a VPN.

Here’s a quick video I put together to show what this looks like:

Arm you say? Running IGEL OS? With Workspace ONE??

Yep!

My view (stated probably too much in this blog) is that our job in EUC is to make tech as invisible as possible for the end user. For too long, humans have had to put up with fat, bloated operating systems sitting on awesomely powerful devices, simply to get access to what actually amounts to low resource-intensive apps.

A lot of the time these days, these apps aren’t even doing a great deal locally, as most of the processing is done in the ‘cloud’.

The Digital Workspace is one such cloud-enabled solution to getting access to apps and services. What if we could almost dispense with the requirements at the user-side (User-End Computing? I think I’ll trademark that)? Well, we can, by shrinking the OS and the device to its bare minimum.

Introducing VMware Workspace ONE running on IGEL OS on a Raspberry Pi 4-based NComputing RX420(IGEL) device:

EUC Licensing Simplified – VMware Horizon

VMware Horizon has undergone a LOT of changes in version 8. Some of the older technologies have been EOL’d, so say goodbye to Composer and Persona Manager. With this change though, some of the previously Enterprise features have now dropped into Standard, meaning that Instant Clones and some features of Dynamic Environment Manager are now available for all.

There are some notable omissions too; vROPs for Horizon is no more, with instead a new partnership announced with ControlUP.

Also, perpetual licensing is being phased out in favour of subscription. The below graphic calls out Term & Universal licensing, the two main methods for licensing Horizon 8. Universal also includes the ability to use Horizon Cloud on Azure, Horizon Cloud on Azure VMware Solution, Horizon Cloud on VMC on AWS and Horizon Cloud on Google Cloud VMware Engine.

As always, if you want the animated Powerpoint version of this, give me a shout!

EUC Licensing Simplified – VMware Workspace ONE

Software licensing can be an absolute nightmare to get your head around, especially when you need to bolt together solutions from different vendors. I’ve played with multiple different formats for displaying licences, but by far the best is the one below. This is the first in a series of licensing posts which will include VMware Horizon, IGEL OS and Citrix Workspace.

If you want a Powerpoint version of this or any of the other licensing overviews, get in touch and I’ll send you the link!