We are moving to mobility without pain for IT and ordinary employees
The mobile revolution has captured all spheres of human life. Smartphones and tablets accompany us everywhere, we are used to solve all kinds of tasks with them, communicate through all possible channels, save the necessary information. Of course, mobility is also valued in business - most users no longer think of work processes without mobile devices and applications. It is strange to talk about this in 2016, but most of the decisions that are used by employees of the vast majority of Russian companies have nothing to do with the concept of corporate mobility.
Specialized solutions for business began to be introduced with us not so long ago, and first of all by “request from above”. Having tested the capabilities of mobile devices in life, managers began to demand solutions for work. They came to the IT departments and said: “Make it so that you can work with corporate applications and data from tablets.”
Managers need constant access to corporate mail, files, documents. With such solutions, the targeted penetration of mobility into the corporate environment began. Well, then everything began to develop like an avalanche: deputies looked at the chefs and also wanted to work from mobile devices. Then their subordinates joined in. At the first stage, with top management, IT services did not have much choice: the boss set the task - it must be completed. When the desire for mobility began to penetrate to lower levels, the struggle between users and IT began.
On the one hand, users can be understood - they want to work with what they are used to. Personal mail works fine on a smartphone - and everyone wants the same thing with corporate mail. A person visits various sites from a tablet - so why can't you get inside a corporate portal? And, of course, if you choose between a two-three-kilogram laptop with all the charges, and a compact device - the latter seems much more convenient for remote work.
IT services, in turn, see mobility as a problem. How to manage the entire fleet of various devices? What can be done with this in terms of security? The user carries his device to work - but how does the IT department know what applications he put there, what data is collected by this device and where it is sent? Everything potentially malicious that is on the mobile device can directly rush into the corporate network. Who needs these risks?
Bickering lasts a long time and is not going to end. For foreign colleagues, this process went much further: since mobility increases the efficiency of employees, it means that it is necessary to provide it to all employees who need it.
In one of the European countries, the police department switched to mobility. Employees now come to the office just to hand over weapons. They do everything else in the "fields", working with tablets. Incidents are recorded in the database, they carry out an identity check, they draw up documents - everything necessary for their work is located on a mobile device. And everything has become much faster and easier.
One of the largest Western banks has introduced mobile technology for 20 thousand employees. Now workers are not sitting in the office, expecting someone to come to them for a loan. They themselves - together with tablets on which there is the necessary data - are sent to potential customers and offer their services. That is, not a person goes to the bank, but the bank goes to the person.
In medicine, staff have access to various types of computer devices, where the necessary information and patient data are stored. But when a doctor bypasses patients, carrying a laptop with him is at least inconvenient. See what appointments were made and what’s with the dynamics of recovery is much easier with the tablet.
Logistics companies used to simply track the location of their vehicles using GPS sensors. Now, thanks to the use of mobile devices and special applications, it is possible to form the vehicle loading dynamically: an order has arrived, we see that a truck is transporting something from point A to point B and passes by point C; that means he can pick up something from there. You can redirect the car and calculate when and what should be delivered.
The pilots of some airlines are equipped with tablets. In addition to downloading the flight plan to the tablet, you can download all the documentation for the aircraft. Usually the crew has to take along a few suitcases with instructions and documentation. Here, everything you need is downloaded to the tablet. This gives a noticeable gain in weight - sometimes tens of kilograms. Not to mention convenience.
The applicability of mobile devices from a business point of view is not always obvious until you start digging this topic deeply. Therefore, if we talk about the very concept of corporate mobility, I would say that everything related to mobile devices with regard to their use in the corporate environment applies to it. This is work with applications, data, the interaction of employees among themselves.
Some tasks need to be solved promptly, and it is convenient to do this from a smartphone. There are tasks that are best done on the tablet. Finally, there are tasks that require a complete computer. Accordingly, the question arises of a seamless transition of the user from one device to another. Therefore, speaking of the introduction of mobility, one cannot but mention the digital workplace as a whole.
Each device is designed to fulfill certain goals. We looked at the mail on the phone, on the tablet you can already work with documents, but making a large report is easier on a PC with a keyboard. You prepared a document on a PC, went on a business trip with one tablet, and suddenly it was necessary to correct this document and send it to someone. Accordingly, you need access to the document on all devices.
At the same time, it is necessary to ensure work with various applications, with data, and take into account that some of the devices used by the employee may not be corporate. It’s one thing when the device was issued at work - here the employer has the right to apply its policies, restrict the installation of everything that is possible or allow work only with those applications that are installed by the IT department. Prohibit the installation of external applications, prohibit the use of flash drives and so on. But when a user comes home and sits down at a home computer or takes his personal tablet and comes with him to the corporate environment - here the question arises: how to separate personal and corporate on one device.
Let's talk about the most relevant corporate mobility management solutions.
MDM solutions (Mobile device management) are designed to manage devices; to prescribe policies that determine how the device will connect to the corporate network; to distribute various certificates for connection (for example, to corporate Wi-Fi); defining security policies for accessing the device (for example, to have a PIN code of at least 6 characters), etc.
MAM is the next step in implementing mobility. These solutions are related to writing and protecting applications for mobile devices for iOS and Android. In fact, this SDK is a set of features that are given to developers to prepare their mobile applications created for one of the mobile platforms for use in a corporate environment.
For example, you can enable or disable the application to exchange data with other applications, prohibit copy / paste operations from corporate applications to applications that the user has installed independently. That is, we can draw an invisible line between what is personal on the device - what the user sets up and sets, and what the company has provided for working within the corporate infrastructure with confidential data.
You can also use the technology of building micro-VPN tunnels - in cases where we do not want to give the entire device the ability to connect to our corporate network (in this case, everything that the user had incomprehensible can get into our network). Using the SDK, we can open the application access to a specific corporate service only. Everything else that walked past the corporate network remains outside the micro-VPN tunnel.
When we work with legacy applications - with Windows applications, various web services or external SaaS, here we can talk about the use of virtual solutions. From a personal computer, from mobile devices, from a thin client, we connect to the infrastructure deployed either in our data center or at a service provider, and we work with terminal Windows applications, with Windows or Linux desktops that employees need.
When covering all types of users and all work options, it is necessary to talk not only about corporate mobility, but also about virtualization. This is a good use case for devices that are not corporate. Policies are executed on the side of the data center. In this case, the administrator does not manage the user's device, which may be personal, but those policies that affect the security of the connection and work with remote resources.
Before you implement something - think: what exactly do you need? Sometimes our partners, sales specialists say: our customer needs a solution X. I ask - why exactly? “Because he thinks he needs it” is not the right answer. The customer should have a task that our product X will help to solve.
It often happens that the customer just heard of a solution that turned out to be in the wake of the “fashion”. He projects this on his infrastructure and decides that he needs it. A vivid example: a few years ago, when the topic of desktop virtualization was just starting to sound, customers came and said: we need desktop virtualization. The first question I asked them was - why do you think you need it?
We begin to dig deeper. We find out what tasks a person faces, what he wants to solve with the help of technology, what licensing conditions will suit him, whether he has limitations in the current infrastructure. Often, as a result of such a conversation, it turns out that in fact the customer just needs remote access to certain resources. And the task of organizing this remote access can be solved in different ways: through a terminal server, through a virtual desktop, through a mobile application.
Here is the approach that I have formulated over the years of work:
- We carefully formulate the problem. We understand what we want to receive and why;
- We learn about the limitations of technology - and they are always there, and if you do not know them, you can break away from reality;
- We choose the optimal solution for a particular case.
If we talk about Citrix solutions, then to say that any one set is suitable for everyone is categorically impossible. If you have a need solely for mobility, you probably do not need a complete set of tools and it will be more adequate to limit yourself to a set of XenMobile.
Citrix has a stand-alone mobile device management solution — the XenMobile MDM Edition. If you also need to manage mobile applications, the choice falls on XenMobile Advanced Edition, which includes mobile application management (MAM).
If you plan to reach all users and all tasks, then you can choose the Citrix Workspace Suite solution, which includes mobility, desktop virtualization, and secure remote access in terms of building SSL VPN tunnels to the data center.
I repeat: Workspace Suite is needed if all or most of the users in the company need mobility, desktop virtualization, and terminal services.
You can delve into things like licensing. It can be by competitive users or by users / devices. Technically, both licenses are the same - they provide the same functionality for work. At a cost - conditionally, a user / device license is about half as cheap as competitive licensing. To choose, you need to understand how many employees will use the solution and how many of them will work at the same time.
Example for calculation:
- The customer has 400 employees who need to provide work. If 100-110 people work at the same time, you can buy 110 competitive licenses, and any user can connect to the infrastructure, the main thing is that there should be no more than 110 people at a time.
- If we understand that of these 400 users, more than half should work at the same time - in this case, we better buy 400 licenses for the user / device. There are more licenses, but since they are cheaper, the total cost of the project will be the same or lower.
One customer needs 400 XenDesktop and 100 XenMobile licenses, while another requires a different ratio. We can name the price of the project only after we communicate with the customer and understand what he really needs. Of course, there is an option when the task was set, the budget was allocated, and you can buy at least 500, at least 1000 licenses, but actually implement a hundred. The rest will be dead weight. But it seems to me that such times have passed irrevocably.
The decision to choose a supplier depends, again, on many factors. If we are not talking about cases of super-large customers who are willing to pay for consulting and an “individual approach”, then usually the vendor works through partners - integrators who help to decide.
According to the specifications, the solutions of various providers of the corresponding services look approximately the same. And in order to understand the difference, you need to literally touch it with your hands. The differences are in the flexibility of settings, usability, compatibility with other products.
If the customer needs a lot of things - not only MDM, but also MAM, and desktop virtualization, then, as a rule, we are ready to provide remote access to our demo, and the integrator can deploy a pilot version for you so you can see how convenient and everything works .
The customer may have their own preferences when choosing a vendor. For example, there is already experience in using the products of this vendor, some part of the infrastructure has already been deployed. If we are talking about mobility, and the customer already has our terminal services, then in this case Citrix can offer some more favorable conditions - an upgrade, upgrading to a new version will always be cheaper than buying a large number of licenses from scratch. Or we can show that what the customer wants to buy will integrate perfectly with what the company already has.
Virtualization of desktops and applications is usually associated with the transition to new versions of operating systems. The biggest fear of the customer in this case is that he does not know how his working applications in the new infrastructure will behave. Inside Citrix solutions, there is such a component as AppDNA, which allows you to automatically check application compatibility when switching to new versions of operating systems, when transferring them from client to server, when wrapping these applications in a Microsoft App-V container. When a customer has hundreds of applications, he does not have to manually install and check how everything will work in a particular environment, in one or another combination. Instead of spending hundreds, or even thousands of man-hours testing, the customer receives a ready-made matrix in a few days, and he only needs to check those options
I always say that careful preparation of the project will neutralize many problems that may arise in the future. Tested - reduced project time, simplified the deployment process, saved money, saved nerves.
Specialized solutions for business began to be introduced with us not so long ago, and first of all by “request from above”. Having tested the capabilities of mobile devices in life, managers began to demand solutions for work. They came to the IT departments and said: “Make it so that you can work with corporate applications and data from tablets.”
Managers need constant access to corporate mail, files, documents. With such solutions, the targeted penetration of mobility into the corporate environment began. Well, then everything began to develop like an avalanche: deputies looked at the chefs and also wanted to work from mobile devices. Then their subordinates joined in. At the first stage, with top management, IT services did not have much choice: the boss set the task - it must be completed. When the desire for mobility began to penetrate to lower levels, the struggle between users and IT began.
Pros and Cons of Mobility
On the one hand, users can be understood - they want to work with what they are used to. Personal mail works fine on a smartphone - and everyone wants the same thing with corporate mail. A person visits various sites from a tablet - so why can't you get inside a corporate portal? And, of course, if you choose between a two-three-kilogram laptop with all the charges, and a compact device - the latter seems much more convenient for remote work.
IT services, in turn, see mobility as a problem. How to manage the entire fleet of various devices? What can be done with this in terms of security? The user carries his device to work - but how does the IT department know what applications he put there, what data is collected by this device and where it is sent? Everything potentially malicious that is on the mobile device can directly rush into the corporate network. Who needs these risks?
Bickering lasts a long time and is not going to end. For foreign colleagues, this process went much further: since mobility increases the efficiency of employees, it means that it is necessary to provide it to all employees who need it.
Corporate Mobility Areas
In one of the European countries, the police department switched to mobility. Employees now come to the office just to hand over weapons. They do everything else in the "fields", working with tablets. Incidents are recorded in the database, they carry out an identity check, they draw up documents - everything necessary for their work is located on a mobile device. And everything has become much faster and easier.
One of the largest Western banks has introduced mobile technology for 20 thousand employees. Now workers are not sitting in the office, expecting someone to come to them for a loan. They themselves - together with tablets on which there is the necessary data - are sent to potential customers and offer their services. That is, not a person goes to the bank, but the bank goes to the person.
In medicine, staff have access to various types of computer devices, where the necessary information and patient data are stored. But when a doctor bypasses patients, carrying a laptop with him is at least inconvenient. See what appointments were made and what’s with the dynamics of recovery is much easier with the tablet.
Logistics companies used to simply track the location of their vehicles using GPS sensors. Now, thanks to the use of mobile devices and special applications, it is possible to form the vehicle loading dynamically: an order has arrived, we see that a truck is transporting something from point A to point B and passes by point C; that means he can pick up something from there. You can redirect the car and calculate when and what should be delivered.
The pilots of some airlines are equipped with tablets. In addition to downloading the flight plan to the tablet, you can download all the documentation for the aircraft. Usually the crew has to take along a few suitcases with instructions and documentation. Here, everything you need is downloaded to the tablet. This gives a noticeable gain in weight - sometimes tens of kilograms. Not to mention convenience.
The applicability of mobile devices from a business point of view is not always obvious until you start digging this topic deeply. Therefore, if we talk about the very concept of corporate mobility, I would say that everything related to mobile devices with regard to their use in the corporate environment applies to it. This is work with applications, data, the interaction of employees among themselves.
Digital workstation
Some tasks need to be solved promptly, and it is convenient to do this from a smartphone. There are tasks that are best done on the tablet. Finally, there are tasks that require a complete computer. Accordingly, the question arises of a seamless transition of the user from one device to another. Therefore, speaking of the introduction of mobility, one cannot but mention the digital workplace as a whole.
Each device is designed to fulfill certain goals. We looked at the mail on the phone, on the tablet you can already work with documents, but making a large report is easier on a PC with a keyboard. You prepared a document on a PC, went on a business trip with one tablet, and suddenly it was necessary to correct this document and send it to someone. Accordingly, you need access to the document on all devices.
At the same time, it is necessary to ensure work with various applications, with data, and take into account that some of the devices used by the employee may not be corporate. It’s one thing when the device was issued at work - here the employer has the right to apply its policies, restrict the installation of everything that is possible or allow work only with those applications that are installed by the IT department. Prohibit the installation of external applications, prohibit the use of flash drives and so on. But when a user comes home and sits down at a home computer or takes his personal tablet and comes with him to the corporate environment - here the question arises: how to separate personal and corporate on one device.
MAM, MDM, VPN, virtualization
Let's talk about the most relevant corporate mobility management solutions.
MDM solutions (Mobile device management) are designed to manage devices; to prescribe policies that determine how the device will connect to the corporate network; to distribute various certificates for connection (for example, to corporate Wi-Fi); defining security policies for accessing the device (for example, to have a PIN code of at least 6 characters), etc.
MAM is the next step in implementing mobility. These solutions are related to writing and protecting applications for mobile devices for iOS and Android. In fact, this SDK is a set of features that are given to developers to prepare their mobile applications created for one of the mobile platforms for use in a corporate environment.
For example, you can enable or disable the application to exchange data with other applications, prohibit copy / paste operations from corporate applications to applications that the user has installed independently. That is, we can draw an invisible line between what is personal on the device - what the user sets up and sets, and what the company has provided for working within the corporate infrastructure with confidential data.
You can also use the technology of building micro-VPN tunnels - in cases where we do not want to give the entire device the ability to connect to our corporate network (in this case, everything that the user had incomprehensible can get into our network). Using the SDK, we can open the application access to a specific corporate service only. Everything else that walked past the corporate network remains outside the micro-VPN tunnel.
When we work with legacy applications - with Windows applications, various web services or external SaaS, here we can talk about the use of virtual solutions. From a personal computer, from mobile devices, from a thin client, we connect to the infrastructure deployed either in our data center or at a service provider, and we work with terminal Windows applications, with Windows or Linux desktops that employees need.
When covering all types of users and all work options, it is necessary to talk not only about corporate mobility, but also about virtualization. This is a good use case for devices that are not corporate. Policies are executed on the side of the data center. In this case, the administrator does not manage the user's device, which may be personal, but those policies that affect the security of the connection and work with remote resources.
What and how to implement
Before you implement something - think: what exactly do you need? Sometimes our partners, sales specialists say: our customer needs a solution X. I ask - why exactly? “Because he thinks he needs it” is not the right answer. The customer should have a task that our product X will help to solve.
It often happens that the customer just heard of a solution that turned out to be in the wake of the “fashion”. He projects this on his infrastructure and decides that he needs it. A vivid example: a few years ago, when the topic of desktop virtualization was just starting to sound, customers came and said: we need desktop virtualization. The first question I asked them was - why do you think you need it?
We begin to dig deeper. We find out what tasks a person faces, what he wants to solve with the help of technology, what licensing conditions will suit him, whether he has limitations in the current infrastructure. Often, as a result of such a conversation, it turns out that in fact the customer just needs remote access to certain resources. And the task of organizing this remote access can be solved in different ways: through a terminal server, through a virtual desktop, through a mobile application.
Here is the approach that I have formulated over the years of work:
- We carefully formulate the problem. We understand what we want to receive and why;
- We learn about the limitations of technology - and they are always there, and if you do not know them, you can break away from reality;
- We choose the optimal solution for a particular case.
If we talk about Citrix solutions, then to say that any one set is suitable for everyone is categorically impossible. If you have a need solely for mobility, you probably do not need a complete set of tools and it will be more adequate to limit yourself to a set of XenMobile.
Citrix has a stand-alone mobile device management solution — the XenMobile MDM Edition. If you also need to manage mobile applications, the choice falls on XenMobile Advanced Edition, which includes mobile application management (MAM).
If you plan to reach all users and all tasks, then you can choose the Citrix Workspace Suite solution, which includes mobility, desktop virtualization, and secure remote access in terms of building SSL VPN tunnels to the data center.
I repeat: Workspace Suite is needed if all or most of the users in the company need mobility, desktop virtualization, and terminal services.
You can delve into things like licensing. It can be by competitive users or by users / devices. Technically, both licenses are the same - they provide the same functionality for work. At a cost - conditionally, a user / device license is about half as cheap as competitive licensing. To choose, you need to understand how many employees will use the solution and how many of them will work at the same time.
Example for calculation:
- The customer has 400 employees who need to provide work. If 100-110 people work at the same time, you can buy 110 competitive licenses, and any user can connect to the infrastructure, the main thing is that there should be no more than 110 people at a time.
- If we understand that of these 400 users, more than half should work at the same time - in this case, we better buy 400 licenses for the user / device. There are more licenses, but since they are cheaper, the total cost of the project will be the same or lower.
One customer needs 400 XenDesktop and 100 XenMobile licenses, while another requires a different ratio. We can name the price of the project only after we communicate with the customer and understand what he really needs. Of course, there is an option when the task was set, the budget was allocated, and you can buy at least 500, at least 1000 licenses, but actually implement a hundred. The rest will be dead weight. But it seems to me that such times have passed irrevocably.
Supplier Selection
The decision to choose a supplier depends, again, on many factors. If we are not talking about cases of super-large customers who are willing to pay for consulting and an “individual approach”, then usually the vendor works through partners - integrators who help to decide.
According to the specifications, the solutions of various providers of the corresponding services look approximately the same. And in order to understand the difference, you need to literally touch it with your hands. The differences are in the flexibility of settings, usability, compatibility with other products.
If the customer needs a lot of things - not only MDM, but also MAM, and desktop virtualization, then, as a rule, we are ready to provide remote access to our demo, and the integrator can deploy a pilot version for you so you can see how convenient and everything works .
The customer may have their own preferences when choosing a vendor. For example, there is already experience in using the products of this vendor, some part of the infrastructure has already been deployed. If we are talking about mobility, and the customer already has our terminal services, then in this case Citrix can offer some more favorable conditions - an upgrade, upgrading to a new version will always be cheaper than buying a large number of licenses from scratch. Or we can show that what the customer wants to buy will integrate perfectly with what the company already has.
Virtualization of desktops and applications is usually associated with the transition to new versions of operating systems. The biggest fear of the customer in this case is that he does not know how his working applications in the new infrastructure will behave. Inside Citrix solutions, there is such a component as AppDNA, which allows you to automatically check application compatibility when switching to new versions of operating systems, when transferring them from client to server, when wrapping these applications in a Microsoft App-V container. When a customer has hundreds of applications, he does not have to manually install and check how everything will work in a particular environment, in one or another combination. Instead of spending hundreds, or even thousands of man-hours testing, the customer receives a ready-made matrix in a few days, and he only needs to check those options
I always say that careful preparation of the project will neutralize many problems that may arise in the future. Tested - reduced project time, simplified the deployment process, saved money, saved nerves.