The Cloud is the Device: Towards Ubiquitous End-User Computing
Today I’m in Boston speaking at the IEEE: Rockstars of Mobile Cloud conference on the concept of “the cloud is the device.” This talk was inspired by the AirWatch/VMware integration efforts I blogged about last week. The title itself is an evolution of the tagline Sun used for years: “the network is the computer.”
This tagline was a somewhat iconic description of Sun’s aspirations, where all computing intelligence lived on servers and applications were remotely delivered to network-connected “dumb” client devices. It was certainly an ambitious vision, perhaps somewhat ahead of its time. But it never materialized because Sun fundamentally underestimated the power of end-point devices and the compelling use cases for executing applications and services locally as well as remotely.
So today the question is how we can improve on this vision.
If we look at the landscape of end-user computing, we see many different types of applications. No longer is it just Windows apps, but web and SaaS apps, and, increasingly, mobile apps. And the nature of data is changing, from large databases to “magic folders” that are synced seamlessly across many devices.
Today devices fall largely into two categories: desktop and mobile. While users frequently switch between devices during the day, the reality is that there is a great deal of disparity between desktop and mobile devices. Mobile devices don’t always have the application support and application fidelity of desktops and desktops don’t have the ease of use of mobile, touch-friendly interfaces. Similarly, desktop and mobile devices are approached by admins very differently, with different management paradigms, admin consoles, and granularity of policy and control.
The goal for both users and admins is to achieve a reality where “a device is a device.” Users shouldn’t have to compromise functionality when moving between devices and admins should enjoy a similarly seamless experience, with one management model for all devices.
Specifically for users, “a device is a device” means ubiquity across devices, similar to what we all experience today with Netflix: you can start playing a movie on your TV, pause it, switch to a laptop or tablet, and start the movie right where you left off. This user expectation is naturally bleeding into the enterprise as users want the same, seamless experience with their corporate applications and data.
Unfortunately for users, it’s anything but a seamless experience today. A user may be editing a PowerPoint presentation on their Windows desktop, then move to an iPad and open the same file on Office for iPad only to find out the editing capabilities they need to finalize the slides before a customer meeting aren’t available yet. Or maybe it’s a SaaS or web app that renders fine on a desktop but provides only very limited functionality on mobile devices.
It’s not any better for admins – today desktops are managed by one group and mobile another. The tools, knowledge and areas of expertise are completely distinct, and the capabilities of desktops and mobile devices are totally different. Rather than being able to create a consistent policy across all devices, IT has to handle different types of devices completely separately, creating significant overhead and inconsistency.
The good news is we have a very clear vision of what is needed to help solve these problems. It starts with the idea that a device can just be a device. If different devices can get access to the same applications and data and be managed in a consistent manner, then it’s a huge win.
Second, it’s about managing from the cloud and pushing down policy, applications, and content to the devices.
This means new devices can be instantaneously provisioned – with all of a user’s apps, data, and everything else. All physical devices will just be a representation of a canonical device defined in the cloud. A new device, once registered, will have the same apps and data as all of the user’s other devices. If a user loses or breaks a device, he or she can immediately pull out a new device and it will automatically self-update to the same state as the lost device without missing a beat.
I want to point out here the importance of supporting all types of devices. It’s typical for many in the industry to focus only on mobile, as if all the millions of desktops will suddenly vanish. But desktops are important too! Many people (including me!) vastly prefer to create content on a desktop rather than a mobile device. And while mobility management has enjoyed a great deal of innovation lately, we haven’t seen as much in the desktop space. So seamlessly supporting desktop is a key aspect of our vision.
The admin’s life is also dramatically simplified in this model. Instead of having to manage desktops and mobile devices in separate ways, here the admin can manage across devices in a consistent manner.
To realize our vision, we need to pull together a numb Horizon Workspace that supports SaaS and web apps, Windows local apps, Windows remote apps (both XenApp and now Horizon ), and services such as data/files. We’d also like it to include mobile apps. This way, a user has a single portal and app catalog for all the enterprise apps they’ll need.
Second, users want access to any app on any device. Obviously there are pragmatic problems here, as apps will only run on the OS for which they are built. However, applications can be run remotely and their UI streamed down to any device. Since Windows apps are pervasive in the enterprise, it makes sense to first focus on delivering Windows app in this manner. Our Horizon View and Horizon DaaS products provide this functionality: a Windows desktop running on a server, with the UI beamed down to a device. We even handle the problem of trying to access a Windows application designed for point-and-click interactions through a touch-focused mobile device: it’s called Unity Touch. Unity Touch effectively re-renders parts of the Windows UI so that the UI is more touch friendly and interactive.
Finally, for desktops, VMware also offers full virtualization products like VMware Player Plus and VMware Fusion Professional that allow users to run corporate Windows apps locally and totally locked down according to IT’s standards.
With one place for end-users to access all their apps and data, and ubiquitous access on any device, we’ve solved the core end-user problems. But we also need to help admins.
And our big challenge with admins is to bridge the manageability divide between desktops and mobile. Desktop management is focused on image management – which embeds application, configuration, and policy – using legacy tools that require a lot of scripting and deep Windows knowledge. Historically, IT has tried as much as possible to create a single Windows image for everyone – a one-size-fits-all approach that never quite worked, because everyone has slightly different preferences as to what apps they use and how they want their desktop configured.
We need a new approach and the one we have in mind is to adopt the mobility management paradigm for desktop. Users of AirWatch love the simplicity and power of the product and its ability to manage many different types of devices all in one place.
So what does “mobility management paradigm” mean exactly? Well, when managing mobile devices, admins can focus on three areas: users, policies (which may include device-specific policy), and apps and content. Policies are just a list of attributes that can be enabled, disabled, or configured easily by the admin. It’s all data-driven. Then it’s just a mapping exercise for the admin between users, policies, and apps/content. Our customers have loudly said they strongly prefer this simplified yet still as powerful mobility management model and would like this for all devices in their companies. And we agree.
But how can we bring desktop into the mobility management paradigm? Well, it all goes back to Windows. As we know, Windows has been around for many decades and suffers from some historical baggage. In particular, it was never designed to properly isolate applications from one another. When applications are installed, they “tattoo” the system by copying DLLs into the system folder and adding registry keys into the registry. Applications can conflict with one another when they try to use different versions of the same DLL, or when registry settings collide. I like to describe Windows as a bit of a “hairball” because of the tangled mess that installed applications can become.
Fundamentally, to fix Windows desktop management, we need to fix this hairball aspect of Windows.
To do this, we need two new key technologies. The first is called layering. Layering untangles the hairball by decoupling a Windows image into separate layers. For instance, there can be a base Windows layer, then a layer for each application, and finally a user data layer. These layers can be injected to Windows without needing to install any of the apps, meaning no tattooing occurs. In addition, each layer is isolated, eliminating the application conflict problems that occurred previously. Through layering, managing Windows desktop becomes very much like mobile – a simple mapping exercise between user and apps.
However, apps are only half the battle. The reality is the user data layer is itself a bit of a hairball today. The user data layer consists of everything in a user’s profile: policies and permissions, printer settings, network and VPN settings, application configuration information, user-installed applications, wallpaper selection, and much more. We need to simplify the management of this piece as well if we are to tame desktop management.
These problems can be solved through a set of technologies generally called user environment management (UEM). UEM focuses first on enabling simple, data-driven policy management for Windows. It allows admins to configure policy around VPN, printer, application white/blacklist, and much more. It can do nifty things like automatically choose the closest printer to a mobile user and automatically configure it for them. UEM can also add additional security capabilities to Windows such as privilege escalation for situations pre-defined and allowed by admins. These are the exact same sort of security capabilities that iOS offers, and now it’s available on the desktop.
By combining layering and UEM, an admin can manage a desktop just like a mobile device: all they need to think about are users, policies, and apps and content. All the configuration information is stored in the cloud, so whenever a user gets a new device, that device will receive the policy, apps, and content appropriate to it automatically, and the user is off and running.
In the end, I think Sun was pretty close: a device is more powerful and useful if it’s connected. However, they underestimated the power and diversity of devices. The mobile-cloud era is really a 1+1=3 combination where the whole of mobile and cloud together is greater than the sum of the parts.
I’ve called this The Cloud is the Device, because to us at VMware, it’s not just about mobile devices, but about all devices a user uses. We think this new model for EUC management will transform the industry and we’re excited that we’ll be bringing this vision to life through the VMware and AirWatch integration efforts.