ThinkVirt

Since December of last year I have been using a tablet device as my primary computing device (other than my iPhone) on a daily basis.  With this new tablet-focused approached, walking into meetings is no longer encumbered with a hefty laptop bag full of a few thousand dollars worth of gear.  Now, I walk around with a tablet in hand and a VGA/HDMI output adapter in my suit coat pocket, as well as my Dagi stylus. 

This much more streamlined method of computing allows me to do my most major functions, both internal and customer-facing, including:

• Read email with complex attachments
• Give presentations, potentially with animations
• Whiteboard from a computing device as a means of interacting with an audience
• Play Angry Birds
• Check VMware’s stock price

For additional reading, here are a few articles I’ve written on tablet and offline computing include:

• Thirty Days with VMware View Local Mode: A Business Traveler’s Perspective
• Thirty Days Working Exclusively with the Apple iPad: A Business Traveler’s Perspective
• Why the US Government Should Buy Up all the iPad 1’s

I now have two tablets to choose from, an iPad 1 armed with the Zaggmate bluetooth keyboard case, and an Asus Transformer with the optional keyboard dock.  I’ve been carrying the Transformer a lot more lately, for those keeping score at home.

In my, “Thirty Days Working Exclusively with the Apple iPad: A Business Traveler’s Perspective” article, I wrote about the Data Prison, whereby tablet-created content lives on the tablet. 

The above diagram was for my original tablet+vDesktop setup, an Apple iPad with the Wyse RDP client that supports VMware View.

As both Citrix and VMware are currently touting their own VDI clients for both iOS and Android as a way of keeping the data in the datacenter (thanks to the inherit benefits of VDI), using native tablet applications (such as Sketchbook Pro) circumvents the process by creating and then storing this content locally to the tablet itself and not inside the vDesktop.

So what’s the easiest way to contain content created on the tablet in the datacenter?  Run the application from the datacenter.

Published Applications

Do you immediately think Citrix when you hear the term, “published applications?”  If you don’t, you probably should.  When I worked at Citrix close to a decade ago I had the privilege of working on some of the pieces of their published application and secure gateway solutions.  Citrix was the leader then and they are still the leader now when it comes to published applications.

Published applications are applications that run on a server and who’s video, audio, and input control are sent to another device, such as a laptop, an Apple iPad, et cetera.  These published applications typically run inside of a terminal session on a Windows-based server. 

Published applications deliver applications only as opposed to a full desktop experience.

In the above diagram, the user of a tablet device launches an app on their tablet’s workspace and it in turn connects, over a display protocol (e.g. HDX,  RDP, …) to the application running on a server in the datacenter.  The x86 application, running on an x86 server in the datacenter is being visually streamed to the tablet device.  The tablet device typically connects to an application running in an isolated session on a Windows-based server.  That same Windows-based server may be supporting many other users in their own isolated sessions.

Published Desktops

Published desktops are, as the name implies, a full blown desktop, typically running as a virtual machine in the datacenter that a user’s tablet device connects to over a display protocol.  The tablet device is connecting to an individual virtual machine running a desktop OS.  That individual virtual machine is supporting only one user at a time. Applications within the virtual machine may be natively installed in the OS or they may be delivered through an application virtualization solution such as VMware ThinApp, Microsoft App-V, or Citrix XenApp.

Why Published Applications for Most Users?

Most users that have tablets need access to a certain application, such as, Microsoft Word, a medical DICOM viewer, a SaaS app such as Salesforce, or a collaboration tool.  By forcing the user to first connect to a vDesktop, navigate within the vDesktop to find the specific application, and then launch the application (and manage its window sizing, closing the app properly, et cetera), the IT staff adds unnecessary overhead (in time) to a user’s experience.  The end user simply wants to run an application, they don’t want to click Start, then Programs, then Microsoft Office, then Word.  While clients such as the VMware View client for Android or the Citrix Receiver for iOS are great pieces of software, it should be noted that there is a learning curve for the end user community.  As I demonstrated for a few folks at yesterday’s Federal VMUG, even someone such as myself who uses a tablet device all the time, are prone to miss clicks and swipes adding additional time to get to my application.

Most end users are accustomed to a keyboard and mouse/touchpad.  By giving that user a tablet device and then asking them to connect into a Windows-based virtual desktop, they are effectively connecting into a known workspace with an unknown input tool (the tablet itself).  Devices such as the Asus Transformer with keyboard dock help this adoption by including a built-in touchpad.  Thanks again to Sung Cha and Brad Maltz for strongly encouraging me to buy the device. 

Since most organizations are deploying iPads as their tablet solution of choice (for now at least), the end users will still need to be extremely comfortable with touch-based navigation.  I’ve monitored the way many end users navigate throughout a Windows desktop and I’ve made the following observation more than once:

1. User places a shortcut on their desktop to a given application
2. The only way a user knows how to access said application is by double-clicking, sometimes repeatedly, the shortcut on their desktop
3. If that shortcut is deleted the end user has extreme difficulty in locating or launching the application (e.g. “The application has been uninstalled!”)

I’m sure anyone that has ever worked a Help Desk can vouch for the above observation.

Therefore, if the IT staff can remove the added clicks, finger swipes, mis-clicks, and more finger swipes associated with navigating a Windows desktop with a tablet device, the end users will likely have a more favorable experience.  As someone who has been using a tablet device everyday for half a year now, I can assure you that I still have plenty of mis-swipes, especially over a latent connection.

Why Published Desktops for Admins?

I bounced the premise of this article off a few smart folks, like Andy Murphy and Elvedin Trnjanin; both gentlemen said that many of the tasks they did as an IT Admin required access to a full blown desktop, such as command-line interaction (doesn’t actually require a published desktop), group policy administration, troubleshooting, Windows setting tweaks, service management, et cetera.  While navigating a full desktop via a tablet does require more skill, there are certainly other benefits to be realized from using a virtual desktop over a published application in a shared terminal session, such as:

• Complete application isolation (Running in a, “shared” memory versus running in, “isolated” memory space)
• Familiar administrative toolsets (for those already used to managing a VI)
• Potentially greater user density per physical server
• Multi-monitor support (how many IT admins only use one monitor)?
• I’m not aware of any tablet that can do multi-monitor out properly, yet
• Side-by-side applications
• High interest in the market / business funding for VDI projects

The complete application isolation (afforded by the use of individual virtual machines as opposed to terminal sessions) is one of the more compelling reasons to go with a published desktop.  Another reason (thanks @amurph182) is that administrators often like multiple applications open on their screen so that they can compare data from Application_A to Application_B, perform data entry, or keep a work related application open while playing Minesweeper.

VMware has a great feature in their Type 2 products VMware Workstation, VMware Player, and VMware Fusion called, "Unity," where applications running in a Guest OS (virtual machine) appear on the host machine as native applications.  Instead of showing the entire desktop of the Guest OS, Unity only displays the active window of a particular application giving the appearance that the application is integrated into the host machine.  Unfortunately, this feature is only available for Type 2 hypervisor products and not available in their VDI offering.

Presenting applications from the Guest OS of a virtual desktop and displaying them in a Unity-like manner on another machine is not a current feature of VMware View or Citrix XenDesktop.  This is a potentially powerful feature that would enable an end user to either access their full desktop or applications running within the desktop (native or published) through a central portal.  In the above diagram, a Windows 7 virtual desktop has several applications.  Offering a Unity-like capability in a VDI scenario would allow the following:

• End user is connecting from a laptop, they login to the central portal and launch their full blown desktop
• A laptop is an easy device to use for navigating a full Windows desktop due to input options and (typically) screen real-estate
• End user is connecting from a tablet, they login to the central portal and launch an application running inside their virtual desktop
• An end user is connecting from a tablet, they login to the central portal and launch an application running inside their virtual desktop
• A full blown desktop is not as easy to navigate with a tablet device

With this capability a user could select either an app running in their virtual desktop or the full virtual desktop itself.  With today’s technology, an IT staff may find themselves managing both an App-V environment for the application publishing (which runs in shared sessions, not individual virtual machines) and a VMware View environment for the VDI. One way to drastically improve the management of a hybrid AppVirt + VDI solution is to use AppVirt (e.g. Citrix XenApp) for allapplications within an environment. That way, whether users are connecting to their desktop (that then streams the packaged apps down via XenApp) or connecting through via a client like Citrix Receiver, the apps and entitlements are always the same. Something outside the scope of this article is how to maintain settings, data, and versioning across applications published both within a vDesktop and by themselves on a web portal.

The Future of End User Computing?

I think it’s fair to say that IT orgs will need to support an increasing variety of end devices as well as support a far more mobile workforce.  Desktops appear to be dying an amazingly slow death for many mainstream use cases.  Traditional desktop devices are dying in way of more mobile devices such as laptops, and perhaps more importantly, tablets and phones (especially in developing countries).  Many organizations are looking to implement a mobile workforce strategy which typically uses a web browser to deliver a productivity tool, circumventing the need for a desktop operating system (as users now just need a browser).  That’s not say consumers won’t still have a desktop or iMac at home, but businesses are definitely looking at new ways to enable workforce mobility as the supporting technologies mature.

While the current market is hyper-active for VDI, and for good reason, anyone following Catalyst 11 via Twitter (#CAT11) will see the discussions are all about a user-centric model for application delivery as opposed to a device-centric model.  This means the focus is on delivering applications to end users (who actually use the applications) as opposed to vendors focusing on delivering applications to specific devices.  Future solutions such as VMware's Project Horizon focus on application aggregation and delivery, meaning that applications are corralled into a single storefront, or portal.  These applications can be applications streamed from the datacenter, SaaS delivered web-based applications (e.g. Sliderocket), full published desktops (e.g. VMware View client for Android), or potentially even native applications on the device itself.  While people are starting to recognize the importance of this one stop shopping app storefront for any device, the technology isn’t quite there yet.  Not to mention, to provide published applications to end devices and provide connectivity into a published desktop, organizations will be forced to implement a hybrid and non-integrated solution like Citrix XenApp with VMware View.

Citrix is likely the vendor that’s most close to this Project Horizon-type Nirvana, with a lot of the pieces already in the portfolio (including NetScaler Cloud Gateway), but VMware's acquisition of Tricipher may provide a more robust cloud-based single-sign-on solution than what’s part of the NetScaler Cloud Gateway solution.  Once Project Horizon is freely available to all for both external and internal SaaS and VDI solutions, I will compare the two and post my findings.

 

The above diagram illustrates the direction in which end user computing is shifting; notice that applications and desktops are being delivered to users and that the device simply shouldn’t matter.  An end user accesses and successfully authenticates against his corporate-managed appstore.  This corporate-managed appstore follows company IT policies and is the central authoritative force behind access to all applications in the corporate environment.  In today’s world, if an employee is terminated the workflow for disabling all of the user’s accounts, both to internal applications and external SaaS applications, can be extremely cumbersome.

If there was a central authoritative mechanism (where hopefully Tricipher comes into play), the IT admin would login to the corporate-managed appstore, disable the user once, and that would disable the user’s access everywhere.

For end users not using or ever looking to use tablet devices (e.g. most call centers), worrying about published application and published desktop access aggregation may not be important.  However, for power users, executives, sales reps, et cetera, tablets and device flexibility are extremely important to maximizing productivity and end user happiness.

To anyone designing, selling, or evangelizing solutions like an Apple iPad connecting to a virtual desktop, I strongly encourage you to use the solution for a full week and try to accomplish all of your daily tasks without the use of your laptop.  For most people, including myself, it will be an eye-opening experience to the importance of a solution like Project Horizon that promises to bring together published apps (internal/external) and published desktops into a single appstore interface.