Moving to mobility without torment for IT and ordinary employees.
Mobile revolution has captured all spheres of human life. Smartphones and tablets accompany us everywhere, we are used to solve various tasks with their help, communicate through all possible channels, save the necessary information. Of course, mobility is also valued in business - most users no longer think of workflows without mobile devices and applications. It is strange to talk about this in 2016, but most of the solutions used by employees of the overwhelming majority of Russian companies have nothing to do with the concept of corporate mobility.
Specialized solutions for business began to be introduced with us not so long ago, and first of all, at the “request from above”. Having tried the capabilities of mobile devices in life, managers began to demand solutions for work. They came to IT departments and said: “Make it so that you can work with corporate applications and data from tablets.”
Managers need constant access to corporate email, files, and documents. With such solutions, targeted mobility penetration into the corporate environment began. Well, after that everything began to develop like an avalanche: the deputies looked at the bosses and also wanted to work from mobile devices. Then they joined their subordinates. In the first stage, with the top management, the IT services did not have much choice: the head set the task - it is necessary to carry it out. When the desire for mobility began to penetrate the levels below, the struggle between users and IT began.
')
On the one hand, users can understand - they want to work with what they are used to. Personal Mail works great on a smartphone - and everyone wants the same thing to be with corporate mail. A person goes to various sites from a tablet - so why can't one get inside the corporate portal? And, of course, if you choose between a two-three-kilogram laptop with all charges, and a compact device, the latter seems much more convenient for remote work.
IT services, in turn, see mobility as a problem. How to manage the entire fleet of various devices? What can be done with this in terms of security? The user carries his device to work - but how do you know the IT department, what applications did he put there, what data are collected by this device and where are they sent? Anything potentially harmful on a mobile device can rush straight into the corporate network. Who needs such risks?
The altercations last a long time and are not going to end. For foreign colleagues, this process has gone much further: once mobility increases the efficiency of employees' work, it means that it is necessary to provide it to all employees who need it.
In one of the European countries, mobility has passed the management of the police. Employees now come to the office only to hand over their weapons. Everything else they do in the "fields", working with tablets. They bring incidents into the database, carry out identity checks, draw up documents - everything necessary for their work is in the mobile device. And everything has become much faster and easier.
One of the major Western banks has introduced mobile technology for 20,000 employees. Now workers are not sitting in the office, expecting someone to come to them for a loan. They themselves - along with tablets, on which there is the necessary data - are sent to potential customers and offer their services. That is, it is not the person who goes to the bank, but the bank goes to the person.
In medicine, personnel have access to various types of computer devices where the necessary information and patient data are stored. But when a doctor bypasses the sick, it’s uncomfortable to carry around a laptop. See what assignments were made and what is much easier with the recovery dynamics from the tablet.
Logistics companies used to simply track the location of their cars using GPS sensors. Now, thanks to the use of mobile devices and special applications, it is possible to form the vehicle load dynamically: an order has arrived, we see that the truck carries something from point A to point B and drives past point C; it means he can take something from there. You can redirect the machine and calculate when and what should be delivered.
Tablets supplied pilots of some airlines. In addition to downloading the flight plan to the tablet, you can download all the documentation on the aircraft. Usually the crew has to take with them several suitcases with instructions and documentation. Here, everything you need is loaded into the tablet. This gives a noticeable gain in weight - sometimes tens of kilograms. Not to mention convenience.
The applicability of mobile devices from a business point of view is not always obvious until you begin to dig deeply into this topic. Therefore, if we talk about the very concept of corporate mobility, I would say that it includes everything related to mobile devices in relation to their use in a corporate environment. This is work with applications, data, interaction of employees among themselves.
Some tasks must be solved promptly, and it is convenient to do this from a smartphone. There are tasks that are best performed on the tablet. Finally, there are tasks for which a full-fledged computer is needed. Accordingly, the question arises of the seamless transition of the user from one device to another. Therefore, speaking of the introduction of mobility, it is impossible not to mention the digital workplace as a whole.
Each device is designed for specific purposes. We looked at the mail on the phone, on the tablet it is already possible to work with documents, but to make a large report easier on a PC with a keyboard. You prepared a document on a PC, went on a business trip with one tablet, and suddenly you needed to correct this document and send it to someone. Accordingly, it is necessary that access to the document was on all devices.
At the same time, it is necessary to ensure work with various applications, with data, and take into account that some of the devices used by an employee may not be corporate. It is one thing when the device was given out at work - here the employer has the right to apply his policies, to restrict the installation of everything that can or be allowed to work only with those applications that are installed by the IT department. Prevent the installation of external applications, prohibit the use of flash drives and so on. But when a user comes home and sits down at his home computer or takes his personal tablet and comes with him to the corporate environment - this is where the question arises: how to share personal and corporate on one device.
Let's talk about the most relevant solutions for managing corporate mobility.
MDM solutions (Mobile device management) are designed to manage devices; for prescribing policies that determine how the device will connect to the corporate network; to distribute various certificates for connection (for example, to corporate Wi-Fi); define security policies for access to the device (for example, so that the PIN code is at least 6 characters), etc.
MAM is the next step in implementing mobility. These solutions are related to the writing and protection of applications for mobile devices for iOS and Android. In fact, this SDK is a set of features that are given to developers so that they can prepare their mobile applications, created for one of the mobile platforms, for use in a corporate environment.
For example, you can allow or deny the application to exchange data with other applications, prohibit copy / paste operations from corporate applications to applications that the user has installed on their own. That is, we can draw an invisible boundary between what is personal on the device — what the user sets up and installs and what the company has provided for working within the corporate infrastructure with confidential data.
You can also use the technology of building micro-VPN-tunnels - in cases where we do not want to give the entire device the ability to connect to our corporate network (in this case, all that the user had incomprehensible could get into our network). With the help of the SDK, we can open the application access only to a specific corporate service. Everything else, as it went past the corporate network, remains outside the micro-VPN tunnel.
When we work with legacy applications - with Windows applications, various web services or external SaaS, here we can talk about the use of virtual solutions. From a personal computer, from mobile devices, from a thin client, we connect to the infrastructure deployed either in our data center or service provider, and work with terminal Windows applications, with Windows or Linux desktops that employees need.
When covering all types of users and all options of work, one should speak not only about corporate mobility, but also about virtualization. This is a good option for using devices that are not corporate. Policies are executed on the side of the data center. The administrator in this case controls not the user's device, which can be personal, but those policies that affect the security of the connection and work with remote resources.
Before introducing something - think: what exactly do you need? Sometimes our partners, sales specialists say: our customer needs a solution to X. I ask - why exactly? “Because he thinks he needs it” is not the right answer. The customer must have a task that our product X will help solve.
It often happens that the customer just heard about some kind of decision that turned out to be in the wake of "fashion". He projects it on his infrastructure and decides that he needs it. A vivid example: a few years ago, when the topic of desktop virtualization was just beginning to sound, customers came and said: we need desktop virtualization. The first question I asked them - why do you think you need it?
We start to dig deeper. We find out what tasks the person faces, what he wants with the help of technology, what licensing conditions will suit him, whether he has limitations in the current infrastructure. Often, as a result of such a conversation, it turns out that in fact the customer simply needs remote access to certain resources. And the task of organizing this remote access can be solved in different ways: through a terminal server, through a virtual desktop, through a mobile application.
Here is the approach that I have formulated over the years:
- Carefully formulate the task. We understand what we want and for what;
- We learn about the limitations of technology - and they are always there, and if you don’t know them, you can break away from reality;
- Choose the optimal solution for a particular case.
If we talk about Citrix solutions, then to say that any one set will do for everyone is absolutely impossible. If you have a need for mobility only, you probably don’t need a complete set of tools and will adequately restrict yourself to XenMobile.
Citrix has a separate mobile device management solution — XenMobile MDM Edition. If you also need mobile application management, the choice falls on XenMobile Advanced Edition, which includes mobile application management (MAM).
If you plan to cover all users and all tasks - then you can make a choice of the Citrix Workspace Suite solution, which includes mobility, desktop virtualization, and secure remote access from the point of view of building SSL VPN tunnels to the data center.
I repeat: the Workspace Suite is needed if all or most of the users in the company need both mobility, and desktop virtualization, and terminal services.
You can delve into things like licensing. It can be by competitive users or by users / devices. Technically, both licenses are the same - they provide the same functionality for work. At a cost, by convention, a user / device license is approximately twice as cheap as competitive licensing. To choose, you need to understand how many employees will use the solution and how many of them will work simultaneously.
Example for calculation:
- The customer has 400 employees who need to provide work. If 100-110 people work at the same time, you can buy 110 competitive licenses, and any user can connect to the infrastructure, the main thing is that there should be no more than 110 people at a time.
- If we understand that of these 400 users, more than half should work simultaneously - in this case, we'd better buy 400 licenses for a user / device. There are more licenses, but since they are cheaper, the total cost of the project will be the same or lower.
One customer needs 400 XenDesktop licenses and 100 XenMobile licenses, another one needs a different ratio. We can name the project price only after we communicate with the customer and understand what he really needs. Of course, there is an option when the task has been set, the budget has been allocated, and you can buy at least 500, at least 1000 licenses, but actually implement a hundred. The rest will be dead weight. But it seems to me that such times have passed forever.
The decision to choose a supplier depends, again, on many factors. If we are not talking about cases of super-large customers who are willing to pay for consulting and an “individual approach”, then usually the vendor works through partners — integrators, who help to decide.
According to the specifications, the solutions of various providers of the corresponding services look about the same. And in order to understand the difference, you have to literally touch it with your hands. The differences are in the flexibility of settings, usability, compatibility with other products.
If a customer needs a lot of things - not only MDM, but also MAM and desktop virtualization, as a rule, we are ready to provide remote access to our demo, and the integrator can deploy you a pilot version so that you can be sure how comfortable and everything works .
The customer may have their own preferences when choosing a vendor. For example, there is already experience in using the products of this vendor, some part of the infrastructure has already been deployed. If we are talking about mobility, and the customer already has our terminal services, then Citrix can offer some more favorable conditions - an upgrade, switching to a new version will always be cheaper than buying a large number of licenses from scratch. Or we can show that what the customer wants to buy will be perfectly integrated with what the company already has.
Virtualization of desktops and applications is usually associated with the transition to new versions of operating systems. The customer’s greatest fear in this case is that he doesn’t know how his working applications will behave in the new infrastructure. Within Citrix solutions, there is a component such as AppDNA, which allows you to automatically verify application compatibility when upgrading to new versions of operating systems, when transferring them from client to server, when wrapping these applications into the Microsoft App-V container. When the customer has hundreds of applications, he does not have to manually install and check how everything will work in any given environment, in one combination or another. Instead of spending hundreds or even thousands of man-hours for testing, the customer gets a ready-made matrix in a few days, and he only needs to check the options where the system predicted potential problems.
I always say that careful preparation of the project neutralizes many problems that may appear in the future. Tested - reduced the project time, simplified the deployment process, saved money, saved nerves.
Specialized solutions for business began to be introduced with us not so long ago, and first of all, at the “request from above”. Having tried the capabilities of mobile devices in life, managers began to demand solutions for work. They came to IT departments and said: “Make it so that you can work with corporate applications and data from tablets.”
Managers need constant access to corporate email, files, and documents. With such solutions, targeted mobility penetration into the corporate environment began. Well, after that everything began to develop like an avalanche: the deputies looked at the bosses and also wanted to work from mobile devices. Then they joined their subordinates. In the first stage, with the top management, the IT services did not have much choice: the head set the task - it is necessary to carry it out. When the desire for mobility began to penetrate the levels below, the struggle between users and IT began.
')
Pros and cons of mobility
On the one hand, users can understand - they want to work with what they are used to. Personal Mail works great on a smartphone - and everyone wants the same thing to be with corporate mail. A person goes to various sites from a tablet - so why can't one get inside the corporate portal? And, of course, if you choose between a two-three-kilogram laptop with all charges, and a compact device, the latter seems much more convenient for remote work.
IT services, in turn, see mobility as a problem. How to manage the entire fleet of various devices? What can be done with this in terms of security? The user carries his device to work - but how do you know the IT department, what applications did he put there, what data are collected by this device and where are they sent? Anything potentially harmful on a mobile device can rush straight into the corporate network. Who needs such risks?
The altercations last a long time and are not going to end. For foreign colleagues, this process has gone much further: once mobility increases the efficiency of employees' work, it means that it is necessary to provide it to all employees who need it.
Corporate Mobility Applications
In one of the European countries, mobility has passed the management of the police. Employees now come to the office only to hand over their weapons. Everything else they do in the "fields", working with tablets. They bring incidents into the database, carry out identity checks, draw up documents - everything necessary for their work is in the mobile device. And everything has become much faster and easier.
One of the major Western banks has introduced mobile technology for 20,000 employees. Now workers are not sitting in the office, expecting someone to come to them for a loan. They themselves - along with tablets, on which there is the necessary data - are sent to potential customers and offer their services. That is, it is not the person who goes to the bank, but the bank goes to the person.
In medicine, personnel have access to various types of computer devices where the necessary information and patient data are stored. But when a doctor bypasses the sick, it’s uncomfortable to carry around a laptop. See what assignments were made and what is much easier with the recovery dynamics from the tablet.
Logistics companies used to simply track the location of their cars using GPS sensors. Now, thanks to the use of mobile devices and special applications, it is possible to form the vehicle load dynamically: an order has arrived, we see that the truck carries something from point A to point B and drives past point C; it means he can take something from there. You can redirect the machine and calculate when and what should be delivered.
Tablets supplied pilots of some airlines. In addition to downloading the flight plan to the tablet, you can download all the documentation on the aircraft. Usually the crew has to take with them several suitcases with instructions and documentation. Here, everything you need is loaded into the tablet. This gives a noticeable gain in weight - sometimes tens of kilograms. Not to mention convenience.
The applicability of mobile devices from a business point of view is not always obvious until you begin to dig deeply into this topic. Therefore, if we talk about the very concept of corporate mobility, I would say that it includes everything related to mobile devices in relation to their use in a corporate environment. This is work with applications, data, interaction of employees among themselves.
Digital workplace
Some tasks must be solved promptly, and it is convenient to do this from a smartphone. There are tasks that are best performed on the tablet. Finally, there are tasks for which a full-fledged computer is needed. Accordingly, the question arises of the seamless transition of the user from one device to another. Therefore, speaking of the introduction of mobility, it is impossible not to mention the digital workplace as a whole.
Each device is designed for specific purposes. We looked at the mail on the phone, on the tablet it is already possible to work with documents, but to make a large report easier on a PC with a keyboard. You prepared a document on a PC, went on a business trip with one tablet, and suddenly you needed to correct this document and send it to someone. Accordingly, it is necessary that access to the document was on all devices.
At the same time, it is necessary to ensure work with various applications, with data, and take into account that some of the devices used by an employee may not be corporate. It is one thing when the device was given out at work - here the employer has the right to apply his policies, to restrict the installation of everything that can or be allowed to work only with those applications that are installed by the IT department. Prevent the installation of external applications, prohibit the use of flash drives and so on. But when a user comes home and sits down at his home computer or takes his personal tablet and comes with him to the corporate environment - this is where the question arises: how to share personal and corporate on one device.
MAM, MDM, VPN, virtualization
Let's talk about the most relevant solutions for managing corporate mobility.
MDM solutions (Mobile device management) are designed to manage devices; for prescribing policies that determine how the device will connect to the corporate network; to distribute various certificates for connection (for example, to corporate Wi-Fi); define security policies for access to the device (for example, so that the PIN code is at least 6 characters), etc.
MAM is the next step in implementing mobility. These solutions are related to the writing and protection of applications for mobile devices for iOS and Android. In fact, this SDK is a set of features that are given to developers so that they can prepare their mobile applications, created for one of the mobile platforms, for use in a corporate environment.
For example, you can allow or deny the application to exchange data with other applications, prohibit copy / paste operations from corporate applications to applications that the user has installed on their own. That is, we can draw an invisible boundary between what is personal on the device — what the user sets up and installs and what the company has provided for working within the corporate infrastructure with confidential data.
You can also use the technology of building micro-VPN-tunnels - in cases where we do not want to give the entire device the ability to connect to our corporate network (in this case, all that the user had incomprehensible could get into our network). With the help of the SDK, we can open the application access only to a specific corporate service. Everything else, as it went past the corporate network, remains outside the micro-VPN tunnel.
When we work with legacy applications - with Windows applications, various web services or external SaaS, here we can talk about the use of virtual solutions. From a personal computer, from mobile devices, from a thin client, we connect to the infrastructure deployed either in our data center or service provider, and work with terminal Windows applications, with Windows or Linux desktops that employees need.
When covering all types of users and all options of work, one should speak not only about corporate mobility, but also about virtualization. This is a good option for using devices that are not corporate. Policies are executed on the side of the data center. The administrator in this case controls not the user's device, which can be personal, but those policies that affect the security of the connection and work with remote resources.
What and how we implement
Before introducing something - think: what exactly do you need? Sometimes our partners, sales specialists say: our customer needs a solution to X. I ask - why exactly? “Because he thinks he needs it” is not the right answer. The customer must have a task that our product X will help solve.
It often happens that the customer just heard about some kind of decision that turned out to be in the wake of "fashion". He projects it on his infrastructure and decides that he needs it. A vivid example: a few years ago, when the topic of desktop virtualization was just beginning to sound, customers came and said: we need desktop virtualization. The first question I asked them - why do you think you need it?
We start to dig deeper. We find out what tasks the person faces, what he wants with the help of technology, what licensing conditions will suit him, whether he has limitations in the current infrastructure. Often, as a result of such a conversation, it turns out that in fact the customer simply needs remote access to certain resources. And the task of organizing this remote access can be solved in different ways: through a terminal server, through a virtual desktop, through a mobile application.
Here is the approach that I have formulated over the years:
- Carefully formulate the task. We understand what we want and for what;
- We learn about the limitations of technology - and they are always there, and if you don’t know them, you can break away from reality;
- Choose the optimal solution for a particular case.
If we talk about Citrix solutions, then to say that any one set will do for everyone is absolutely impossible. If you have a need for mobility only, you probably don’t need a complete set of tools and will adequately restrict yourself to XenMobile.
Citrix has a separate mobile device management solution — XenMobile MDM Edition. If you also need mobile application management, the choice falls on XenMobile Advanced Edition, which includes mobile application management (MAM).
If you plan to cover all users and all tasks - then you can make a choice of the Citrix Workspace Suite solution, which includes mobility, desktop virtualization, and secure remote access from the point of view of building SSL VPN tunnels to the data center.
I repeat: the Workspace Suite is needed if all or most of the users in the company need both mobility, and desktop virtualization, and terminal services.
You can delve into things like licensing. It can be by competitive users or by users / devices. Technically, both licenses are the same - they provide the same functionality for work. At a cost, by convention, a user / device license is approximately twice as cheap as competitive licensing. To choose, you need to understand how many employees will use the solution and how many of them will work simultaneously.
Example for calculation:
- The customer has 400 employees who need to provide work. If 100-110 people work at the same time, you can buy 110 competitive licenses, and any user can connect to the infrastructure, the main thing is that there should be no more than 110 people at a time.
- If we understand that of these 400 users, more than half should work simultaneously - in this case, we'd better buy 400 licenses for a user / device. There are more licenses, but since they are cheaper, the total cost of the project will be the same or lower.
One customer needs 400 XenDesktop licenses and 100 XenMobile licenses, another one needs a different ratio. We can name the project price only after we communicate with the customer and understand what he really needs. Of course, there is an option when the task has been set, the budget has been allocated, and you can buy at least 500, at least 1000 licenses, but actually implement a hundred. The rest will be dead weight. But it seems to me that such times have passed forever.
Supplier selection
The decision to choose a supplier depends, again, on many factors. If we are not talking about cases of super-large customers who are willing to pay for consulting and an “individual approach”, then usually the vendor works through partners — integrators, who help to decide.
According to the specifications, the solutions of various providers of the corresponding services look about the same. And in order to understand the difference, you have to literally touch it with your hands. The differences are in the flexibility of settings, usability, compatibility with other products.
If a customer needs a lot of things - not only MDM, but also MAM and desktop virtualization, as a rule, we are ready to provide remote access to our demo, and the integrator can deploy you a pilot version so that you can be sure how comfortable and everything works .
The customer may have their own preferences when choosing a vendor. For example, there is already experience in using the products of this vendor, some part of the infrastructure has already been deployed. If we are talking about mobility, and the customer already has our terminal services, then Citrix can offer some more favorable conditions - an upgrade, switching to a new version will always be cheaper than buying a large number of licenses from scratch. Or we can show that what the customer wants to buy will be perfectly integrated with what the company already has.
Virtualization of desktops and applications is usually associated with the transition to new versions of operating systems. The customer’s greatest fear in this case is that he doesn’t know how his working applications will behave in the new infrastructure. Within Citrix solutions, there is a component such as AppDNA, which allows you to automatically verify application compatibility when upgrading to new versions of operating systems, when transferring them from client to server, when wrapping these applications into the Microsoft App-V container. When the customer has hundreds of applications, he does not have to manually install and check how everything will work in any given environment, in one combination or another. Instead of spending hundreds or even thousands of man-hours for testing, the customer gets a ready-made matrix in a few days, and he only needs to check the options where the system predicted potential problems.
I always say that careful preparation of the project neutralizes many problems that may appear in the future. Tested - reduced the project time, simplified the deployment process, saved money, saved nerves.
Source: https://habr.com/ru/post/316950/
All Articles