A spider web on the patio of a restaurant shines in spring sunshine in Bratislava on May 12, 2011.... [+]
All over the world, IT departments are struggling to cost effectively and securely manage an ever growing list of devices. The task has become overwhelmingly complex because it involves integrating and then reliably operating layers of infrastructure components, applications written using different methodologies, and operating systems for the various devices, all from different generations. And this must be achieved within complicated security and legal frameworks, without negatively impacting the user experience.
For more than 20 years, Microsoft was the glue that held everything together. Enterprises bought Windows-compatible hardware and ran Windows applications. The secret for reducing costs was to standardize hardware and software configurations and to optimize processes for commissioning, maintenance and support, and decommissioning.
(Stefan Dietrich, see full bio at the end of this article, has joined CITO Research as a contributing analyst. This is his fourth post.)
Over the years, despite standardization, nonstandard hardware and applications crept in. Executives insisted on adopting more devices, and Windows-only application compatibility became a thing of the past. Applications today require not only a minimum Windows version, but also a complicated mix of certain versions of additional components, like Flash or Java, or certain Windows service packs and configurations to run. Various solutions were developed to address these issues; OS and application virtualization proved especially invaluable. However, despite vendor promises and IT’s best efforts to simplify the systems, complexity and management costs continued to increase. Bottom line: IT is trapped in a web of legacy constraints from implemented technology and on-going licensing contracts.
During the last two years, while IT was busy integrating the new generation of non-Windows mobile devices, it has also learned a simpler approach: a deployment strategy based on firmware updates and dynamic application updates.
Improve the Game or Change the Game?
When IBM reported that its Tivoli image management suite for Windows exceeded its expectations, achieving a 78% decrease in security incidents (well above the 50% that had been forecasted), a 60% reduction in patch cycles, and 98% compliance with software updates, it was seen as a victory. Enterprises rejoiced at the potential for millions in cost savings. However, companies continued to spend millions managing Windows end-points, and continued to live with the risks of 2-5% of devices remaining unpatched for extended periods of time. Even with all the tools, managing Windows end-points remains very expensive. While this cost of doing business is generally accepted in the industry, it is often forgotten that any savings achievable below the industry average provides a direct competitive business advantage.
In the last two years, enterprises have been implementing mobility and “bring your own device” strategies, and, despite a rough start, realized that managing end-points does not have to be so complex. Instead of managing patches to operating systems, mobile devices simply replace the firmware. Applications have become “apps”: lightweight, purpose driven and downloaded as needed. Data is (more or less securely) stored in the cloud and available from anywhere at anytime. With extended use of virtualization, even isolation of business and personal data is possible, and apps that leverage open web standards are now fairly independent of the underlying hardware.
Applying the Mobility Paradigm to Windows
Windows devices could be equally simply managed if the whole operating system layer were provided as a quasi firmware update. Devices would come pre-installed, users would add applications and any required OS or application updates would be downloaded as needed. Data would live in the cloud, locally cached, available anytime, anywhere.
But in practical terms, this is not so straightforward, owing to the approach of patching and monitoring the operating system and applications on a device controlled and managed by IT using utility software running on the device itself. It would require a drastic change to established methods and procedures in order to achieve this type of simplification.
Roadblocks to Simplicity
IT is understandably reluctant to move away from their large investment in today’s established image management solutions. And IT staff has been trained extensively in operating end-user devices management under the current paradigm.
At a more fundamental level, Microsoft’s product and licensing structures are perhaps the biggest roadblock to change. As long as Microsoft bundles its traditional approach to image management practically for free within the software suites sold to large customers, it remains the preferred first choice for most IT departments. Furthermore, Microsoft’s licensing structures severely restrict how Windows could be used. For example, Microsoft requires that Windows images run in a third party data center be licensed per user with the licenses being owned by the enterprise, and not, for example, by a hosting company. Microsoft vigorously defends this model. Just a few months ago, the OnLive iPad app, which provided a hosted Windows 7 virtual desktop in the cloud, was forced to switch to a Windows Server backend. While such a change may appear a formality, it forces enterprises to test their single user applications in a more complex multi-user driven server OS environment. In addition, Microsoft simply will not commit to the same user experience for applications on their server platform as on their desktops.
Obvious alternatives, such as migrating Windows applications to the Web, are often infeasible or make no commercial sense over the projected remaining life of an application.
Microsoft and Citrix - The Same Old Story
Citrix has become the leader in providing enterprise grade solutions for virtual application delivery using a robust communication protocol and, in partnership with Microsoft, expanded its product line into direct virtual machine approaches. A myriad of vendors drive solutions in this space providing derivatives of these solutions or proprietary, sometimes patented, add-ons. They all make the same promise: a device-independent workspace, and user, rather than device, centricity. It sounds good, but delivery falls short of the promises, as deployment remains complex and expensive. It’s really the same old story.
VMware Changes the Game
When VMware acquired Wanova earlier this year, it showed that VMware’s management deeply understood the inevitable technical solution: provide images centrally from the cloud, deliver them to virtual and physical machines, with users being able to access applications and data from anywhere. VMware leverages image layering to assemble images in the background and deploys them to the devices on reboot, just like a firmware update. After rebooting, the device is 100% compliant and matches the target image identically. Best of all, without on-device virtualization, the Windows license for that device remains valid.
The implications are greater still. As Wanova’s solution ultimately replaces the need for client based software installation services, solutions such as Microsoft SCCM or IBM Tivoli may be needed in only very few cases. Microsoft and IBM will certainly assert that the client-based approach offers unique benefits, but VMware's solution offers a rare opportunity to escape from the Microsoft licensing web. Your business, compliance, and audit groups will thank you as you will save instead of sinking money into managing Windows end-points the old way.
Given the scale of the costs involved, you cannot delay your response. Waiting for Microsoft to change or applications to be moved into the cloud is not a realistic option either. Microsoft is living well under their licensing model, and enterprise Windows applications are difficult to change drastically, so there will be a long road ahead.
We need more vendors that aggressively choose the right technical solution, particularly those that target immediate business benefits with out of the box thinking. VMware has brought the mobility management paradigm to the desktop, and it should get credit for doing so and getting ahead of the problem.
CITO Research Contributor Bio: Stefan Dietrich has been a financial services technology executive for 16 years. He is a former managing director of AXA Technology Services’ office of the CTO, where he led the technology strategy for the world’s largest insurance and financial services provider. At AXA, he designed and instituted major technology transformation programs, such as network simplification and green computing, and fostered the transition into non-Windows mobile device platforms and cloud-based services. Since 2002, he has provided consulting services to CEOs of high-value small- and medium-sized businesses, aligning business goals with new technology strategies, and managing implementation programs. He has also held C-level leadership and senior technologist positions at eVantage Solution LLC, a spinoff of Deutsche Bank, and Reuters’ Effix risk division in Paris.
Dan Woods is CTO and editor of CITO Research, a publication that helps CIOs and CTOs optimize the present and build the future. For more stories like this one visit www.CITOResearch.com.
