VMworld 2010 – Project Horizon / End User Computing Thoughts
Today, we (the attendees at VMworld) were introduced to the "future" of user environment.
In any Corporate environment, the IT department is tasked with ensuring that the data and environment is secure and operating as expected. This is accomplished by security and approved end point devices. However, as pointed out during the keynote, users are being inundated with new technologies that allow them to exist in the world. iPads, smartphones, laptops, netbooks, Android devices, etc… More and more of these devices exist and they are converging on the Corporate network. Any number of users are taking it upon themselves to adopt these devices and expect them to be supported and approved.
The expected reaction from an IT department is ‘Heck No… these devices are not allowed and are a security risk.’ But, I believe the paradigm is changing… and it needs to. The amount of processing power, portability, and availability of these devices is hard to ignore. Locating the data, protecting the data, and protecting the services is key to everything moving forward. Ultimately, end point selection and usage is not necessarily needed.
VMware has really identified this paradigm shift and embraced it. Enter… Project Horizon.
The End User Computing and Advanced Development groups are in the process of developing some amazing technology to abstract the user device and present the applications regardless of the device. This product, Project Horizon, is the fruit of their labor. At this point, this appears to be aggregation of View for remote sessions, ThinApp for application virtualization, and various client logic.
Conceptually, an application is virtualized and placed into the VMware equivalent of an App Store (ala Apple or Android). These applications are "entitled" to a user for usage and access. In a Windows environment, an agent runs on the machine and presents the applications via shortcuts. Depending on the application type, it is either streamed to the machine locally (ThinApp) or presented via the web browser (in the event of a SaaS application).
However, in the event that you are on a client that does not support execution, the application is still made available via other methods…
like remote control (eg: published applications). SaaS applications are becoming more and more prevalent in the ecosystem. These services are more generic and exist outside of the corporate environment. So, being able to control access to the services and the data inside is critical. Horizon addresses this issue very well.
The SaaS applications are "entitled" to users in the same way as a more standard application. However, APIs and security exists for single sign on. So, the SaaS application, while still generic, incorporates the your local security (Active Directory) for authentication, provisions and deletes remote accounts, and forces all access through the Horizon environment.
A great example of this is Google applications. It is entirely plausible to have Google email (Gmail) for your environment. By using the Horizon environment, you are able to ensure that everyone uses Horizon to access the environment. While you can pull up Gmail via the browser, you cannot log into it remotely.
Data security is another issue to contend with that Horizon addresses very well. Check out this example: When someone gets an iPad, one of the first thing they do is setup email. However, they cannot get access to their data from the device… instead they email it to themselves. What happens to that data? How can you get it back? How can you protect it? Very difficult proposition, right?
With storing the data on the network and presenting the applications to the clients, any data sent to the client is encrypted and only available via the application accessing it.
The ability for the client and the Horizon environment to logically apply determine the best distribution method for applications based on the device is massive. It really represents a change in the paradigm for computing and end user compute nodes.
Occasionally, we have a discussion in my IT department surrounding the power of the smartphones that exist. Imagine users being able to bring in their own devices, sit at their desk, and connect in. Amazing proposition. And, it looks like VMware is ready to tackle it.
Please check out the my keynote session notes as well as my Press Session Notes for some additional details. I welcome and look forward to this shift.