IT departments facing BYOD or other versions of mobile productivity enablement are learning quickly that they can’t test every type of mobile device to determine if it’s up to par in terms of performance and security standards associated with their organization’s environment.
After all, the CTIA, which is a trade group representing the US wireless industry, reports there are over 100 million smartphones and tablets in operation in the US, and this represents a broad mix of vendors, form factors and versions, operating systems, carriers and connectivity options.
This challenge is driving many CIOs and IT directors I’m speaking with to consider the interesting option of using VDI as a form of Mobile Device Management (MDM).
A critical component of a BYOD, or any mobile device reference architecture, MDM enables a view of devices on the network, in terms of attributes, capabilities and constraints. MDM allows IT departments to monitor how the devices employees are “bringing” to work actually function in the enterprise environment. It’s a complex picture of an increasingly complex scenario.
So how does VDI affect this situation? Simple, it transforms MDM’s view of the device application capabilities by eliminating the issues altogether.
This is not to imply that virtualization teams can simply spin up a VDI instance and solve all BYOD issues. VDI does not always translate well into mobile environments. The applications are generally not optimized for touch interfaces, and for this reason the user experience can be less than ideal. Also, not all mobile devices support the same VDI clients, meaning that administrators have to manage multiple client based access apps on the endpoints.
Nonetheless, VDI has strong appeal from a security perspective. VDI on a mobile device is almost like Outlook Web Access on a traditional PC. Email administrators aren’t generally worried about which web browser or PC type the application is running on. They simply manage the backend server environment. This creates a separate logical space where the endpoint is agnostic.
Further, VDI provides similar access methodologies to those of mobile devices. The argument for VDI also includes the notion that it can be sandboxed, which means it is running its own contained process, separate from the native processes of the host device.
The bottom line is organizations do not need to care what happens on the user’s endpoint. Keeping with the Outlook Web Access example I used above, an administrator can treat all endpoints indiscriminately, and as long as the endpoint can connect to the VDI environment, the administrator only needs to manage the server-based environment.
I think this is a great solution because it takes the administrative burden of managing mobile devices out of the hands of administrators. They can truly implement a BYOD solution free of many traditional endpoint concerns. The ability to sandbox the VDI space adds tremendous value, but it’s only part of the story. The broader benefit is the ability to enable users to work and interact with their devices in an unconstrained manner. This sustains the essence of BYOD’s appeal and creates optimal results in terms of personal preference and efficiency.
There is no reason why MDM solutions cannot compliment VDI solutions. After all, the basic challenge of delivering the Wi-Fi settings, certificates, and basic native applications to a particular smartphone is easily addressed with MDM solutions that allow administrators to accomplish the task by simply send an email, text message, or URL to the user. The user will click on the URL and automatically get their device configured for access. They do not need to worry about downloading the right applications, entering the right settings, or any setup issues.
It should be noted that some applications just don’t work well in a smartphone/VDI only type environment, such as office productivity suites, and in these cases administrators must use MDM to push out and configure specific mobile applications that are functioning in the user’s environment. This process uses the same push methods described above, and requires no user interaction. Sometimes referred to as the zero touch method because users are not required to know anything about the environment, they will simply click on the link sent to them by the administrator and enter their username and password to get their device configured.
MDM and VDI should not be an either/or discussion. MDM is not inherently a security component of a BYOD program, and VDI offers full security capabilities. As such, both solutions complement each other well, and increasingly I’m seeing environments where both are being used. VDI is being used to handle application security and user context, while management of device provisioning and user settings is handled with MDM. This balance will be interesting to observe and help shape as BYOD and mobile productivity continue to ramp up.