In my last post on BYOD management and catalogs, a couple commenters opined that bring-your-own-device programs...
should never limit end user choice. Their argument is that freedom of choice drives productivity. But this isn't an option for all organizations, especially those that face strict regulatory requirements.
So, virtualization vendors including VMware Inc. and Citrix Systems Inc. preach the use of virtual desktop infrastructure (VDI) as a solution to secure BYOD. The advantages to VDI are fairly obvious. Solutions like VMware View and Citrix' XenDesktop and XenApp allow you to deliver a consistent end user experience to every device profile supported by the platform.
Read Keith's Virtualized Geek blog
Keith breaks down VXLAN networking clearly
This means the Windows desktop experience on an Apple iOS device is the same as the desktop experience on an Android or Windows phone device. VDI also allows end users to access data hosted in the data center without storing the data locally on the phone. The organization can shut off access to data at will. Seemingly the only drawback is the lack of offline access.
You may be saying, "Sounds great! To whom do I make out the PO?"
But slow down before you spend potentially more than $100,000 on infrastructure and software, only to roll out a product that your end users may not accept or use. Remember that end users choose Android and iOS devices instead of BlackBerry smartphones and Windows Phone devices for a reason. Users have voted and are continuing to vote that they want a mobile experience other than Windows and BlackBerry. If they wanted phones running Windows, Nokia would be in excellent financial standing. Shouldn't that mean that we look for solutions that take a non-Windows approach and allow users to function in the mobile device OS they've chosen?
Read more Fast Packet bloggers
Jim Frey wonders if cloud application performance tools really work
Brad Casemore says northbound OpenFlow applications are on the way
To reduce power consumption, Greg Ferro says, Cisco must rethink chip design
One such option is the use of native mobile applications with a virtualized data container. An example of such an application is the Good email service, which allows organizations to deliver corporate email and calendar services via an encrypted data channel from both a network transport and a local data store. You get many of the advantages of VDI and mobile device management like that of a BlackBerry solution. On top of these corporate advantages, the end user gets to use the native interface of their chosen platform and offline support (think airplane mode).
I've used both approaches, and each has advantages and disadvantages. We've discussed the pros and cons of VDI. Applications with virtualized data containers, such as Good, allow a closer native device experience. Good allows access to intranet-based applications within your corporate environment as well. This approach does have a limited level of integration with each mobile device platform. Since the data resides in an encrypted virtual container, other native applications don't have access to it. While this approach allows system administrators to prevent sensitive data from being uploaded to services like Dropbox, a user can't have Siri make a call to a contact inside the corporate mail system.
I believe as more solutions like Good become standard, some of these challenges will be overcome, which is why I tend to lend toward the virtualized container approach. VDI is a great solution for certain verticals, but for BYOD we need a new set of infrastructure tools.
What approach has your organization taken to provide secure access to enterprise data over non-company-owned devices? Let us know.