There was a time not long ago when the end-user’s client device was the most predictable component of the IT infrastructure.

Whether it was a desktop or a laptop, it was certain to be running Windows and would most likely be configured according to the IT department’s precise specifications. Even when employees started using BlackBerrys in the mid-2000s, it was still simple enough for the IT department to exert centralised control over the devices and how they were used.

Today, however, the client-computing environment is poised to become the most complex, diverse and changeable element of business infrastructure.

The most obvious blame figure is Apple. The runaway success of the iPhone and the iPad mean that many users have powerful devices of their own, with interfaces they actually enjoy using.

When their Android-based copycats are also taken into consideration, IT departments now have two new form factors and two new operating systems to contend with that barely existed five years ago.

This would not be so much of an issue were it not for the fact that it is often the CEO who is demanding access to corporate systems from his or her personal device. For some organisations, the sophistication of employees’ personal devices opens up a tempting possibility – to stop providing a work-mandated computer altogether. When users are frustrated by their ageing work laptops and enthralled by their home devices, ‘bring your own device’ seems an obvious solution, especially when the money to refresh the end-user computing estate is hard to come by.

But this introduces yet more complexity. Securing company data becomes a matter of either enforcing security policies on employee devices or creating safe environments through which data can be accessed securely.

Meanwhile, the growing sophistication, portability and energy performance of devices in general is enabling a more mobile workforce. That can lead to productivity enhancements, operational efficiencies and improved customer performance, but also means that the network through which employees access corporate systems is unpredictable.

As discussed below, there are technological methods available that can address all of these issues individually. The dilemma for CIOs is that most of these solutions will take a few years to deliver a return on investment. And with the rate of change in the end-user client environment being what it is, who knows what employees will be working on in a few years’ time?

What is needed is a long-term strategy for client computing. Various providers are proposing alternatives, but most are incomplete. It seems that this is something that CIOs are going to have to figure out for themselves.

Device management

The most visible issue in client computing is the proliferation of mobile devices.

According to IT market researcher IDC, global shipments of smart mobile devices (smartphones and tablets) overtook PC shipments last year, and by the end of 2011 will outsell PCs by over 120 million devices. That is now translating into the workplace.

Two to three years ago, the average mobile worker carried two devices with them. Today, that number is up to four, IDC finds.

Meanwhile, the number of mobile workers itself is increasing. In Western Europe, IDC says, around 50% of the workforce is mobile, and that figure is growing by 5% to 10% each year.

How are businesses addressing this? Some organisations are embracing the diversity of client devices, says IDC’s research director for enterprise mobile strategies, Nicholas McQuire.

“Organisations that are ahead of the curve are moving away from the traditional path of highly standardised technology and blanket policies towards more mixed devices and more varied policy frameworks,” he says. “But the vast majority of businesses are in reaction mode.”

The most common reaction is to allow users to access email via the Microsoft Exchange server, and use Exchange as the management console. “You can do some very simple management through Exchange,” says McQuire. “This is the most popular approach today, but it is also far and away the most risky. You can’t manage devices with any granularity, you don’t have the ability to selectively wipe corporate data and you can’t monitor the device in real time.”

Next>>> ‘Sandboxing’ and virtualisation

Page 2 of 3

Another approach is sandboxing. This involves installing a ‘sandbox’ application on the device through which the user can access corporate email systems and an approved web browser.

“The banks, for example, love this approach, because it allows them to separate business and personal data,” says McQuire. “There’s no incursion into the private side of the device, which limits the risk of privacy issues.”

However, users often react badly. “It means that they can’t use the native email client or browser for work, and they can’t ship contacts back and forth between the profiles,” McQuire says. “Users are saying, ‘This is rubbish.’”

This user kickback means that some organisations are now pursuing a third alternative, namely native device management. In this approach, a software client is installed on the device that allows more sophisticated management, security and monitoring features. “Companies like MobileIron, Sybase and Zenprise are focusing on this route, and it is really taking off,” says McQuire.

Even so, a divide remains between mobile device management tools and the systems used to manage conventional PCs, creating duplicated effort and management complexity.

“Organisations are looking to the likes of IBM, HP and Microsoft, whose System Centre is the most popular IT asset management platform, to support mobile devices, but they have been really slow,” McQuire explains. “The tools will inevitably come together, but organisations are going to have to use dedicated mobile management systems as a starting point.”

Desktops on mobiles

One way to control the mobile environment in accordance with desktop policy and strategy is to serve virtual desktops to mobile devices. So far, this has proved a less popular strategy than explicit mobile management, says McQuire.

But there are some examples out there, such as Bolton College, which allows staff to access virtual desktops from their personal smartphones and tablets using VMware’s View software.

In its most simplistic form, serving a virtual desktop on a mobile device is like pushing a square peg into a round hole. The Windows desktop has been designed for use with a mouse, not the touch-based interface of smartphones and tablets.

Even on a laptop, the strict network access policies that often accompany virtual-desktop deployments can lead to negative user experiences for mobile workers, says David Johnson, Forrester Research’s senior desktop and mobile analyst. “We see a lot of companies trying to force virtual desktops on mobile workers, and they don’t understand the productivity implications that has,” he says.

The virtualisation providers acknowledge that basic desktop virtualisation is not the solution to the growing heterogeneity of client devices and are developing alternative strategies to address the issue.

Citrix’s strategy revolves around Receiver, a free client that sits on any kind of device (or any of the 1.5 million supported devices) and can be used to access virtual desktop and virtualised applications.

“With Receiver, we want anyone to be able to access their apps and desktops on whatever operating system they’re on, on whatever device they happen to be running on, at any given point in time,” says vice president for product strategy Mick Hollison. Customers include Emory Hospital in Atlanta, Georgia, which uses Receiver to grant surgeons access to virtualised medical applications on iPads.

Accompanying Receiver is CloudGateway, a management layer that allows IT organisations to offer users the ability to self-provision both internal and hosted applications while controlling identity and access from a single console, the company says.

VMware, meanwhile, is pursuing a similar goal with its Horizon client computing strategy. “Employees want access to the tools and information they need any time, anywhere, on any device,” CEO Paul Maritz explained at the company’s recent VMworld Europe conference. “What we’re trying to do with Horizon is provide a collection of technologies that allow precisely that.”

So far, VMware has unveiled two products bearing the Horizon moniker. The first is Horizon Application Manager, a hosted service comparable to Citrix’s CloudScaler that allows the IT department to manage employee access rights and monitor usage across multiple applications. As yet, however, Horizon Application Manager only supports software-as-a-service applications.

The second is Horizon Mobile Manager, which allows companies to install and manage a virtual mobile client on a user’s personal device. This has the same benefits of the ‘sandbox’ approach to mobile device management, but may also suffer from the same drawbacks.

Furthermore, the Horizon Mobile client needs to be installed on the device at the point of manufacture and therefore requires the cooperation of the carriers. To date, VMware has signed partnerships with O2- owner Telefónica in Europe and Verizon in the US.

Next>>> User-centric computing and going "all cloud"

Page 3 of 3

Both Citrix and VMware have so far addressed the challenge of providing universal access to applications and data, regardless of device, with piecemeal application or device management tools.

An alternative strategy, and one that is looking increasingly apposite in the face of growing device heterogeneity, is to focus on the user. The theory of so-called ‘user-centric computing’ proposes that security and access policies should be defined according to the user, once properly authenticated, not the device they happen to be using.

Two companies tackling this head on are ‘user virtualisation’ providers AppSense and RES Software.

Their tools extract a user’s ‘persona’ from their desktop and applications so that it can be ported to another device or operating systems. This persona includes anything about their desktop environment and applications that they have personalised. According to Martha Bennett, head of strategy at UK IT analyst company Freeform Dynamics, the killer application for user virtualisation today is the migration of desktops to Windows 7.

“User virtualisation allows you to harvest the user settings and behaviour patterns from an XP machine, and then automatically apply them to the Windows 7 machine,” she explains. “The alternative is an enormous IT management overhead as you try to set everyone’s machine up how they need it to be.”

The other common use case for the technology is in conjunction with desktop virtualisation software, as it allows users’ personalisations to be superimposed on standard virtual desktop images.

So far, user virtualisation only applies to mobile devices when used in combination with desktop virtualisation. According to chief technology officer Harry Labana, AppSense’s tools can be used to improve the experience of a Windows-based desktop on a touch-driven device.

“If you want to render a Windows application so it’s more friendly on a mobile device, we can control the application so that the windows are a different size, so the icons are bigger, so the colours are different,” he explains.

In future, however, AppSense plans to offer technology that allows organisations to support more mobile devices, Labana says. The UK-headquartered company received £43 million in investment from Goldman Sachs (where, as head of desktop engineering, Labana oversaw the world’s first desktop virtualisation project).

Some of that money has gone towards “a team of Android and iOS developers based in California”, he says. “In the next six months, you will begin to see the early fruits of that labour.”

Until then, however, AppSense is in danger of overstating the relevance of user virtualisation in the mobile domain, says Bennett. “You can’t sell futures,” she says. For the sake of completism, there is another, theoretically possible, approach to delivering applications and data across heterogeneous end-user devices – using entirely web-based applications and data.

Clearly, though, there is much that stands in the way of this. Legacy applications would need to be converted into web apps, something that may not always be possible, let alone affordable, and the environment in which those web apps run must still be secured.

Where the puck is going

Any substantial investment in client computing, such as desktop virtualisation, enterprise-wide mobility or a ‘bring your own device’ programme, will take a number of years to generate a return on investment.

CIOs therefore need some idea of how the requirements of users, and of the IT department, will change over the next few years. In other words, they must skate to where the puck is going, not where it is today.

Unfortunately, there is as yet no viable model for client computing that solves all the problems associated with heterogeneous devices and operating environments.

Until that arises, if it ever does, ensuring that client computing is productive, usable and secure will be a matter of applying diverse management solutions to problems as they arise.