BYOC: How do you make it work?

January 29, 2010

So if you’ve read the first four parts of the BYOC discussion (i.e., the last four blogposts), you know that there are some pros and cons of a company paying for an employee to buy their own computer — which belongs to the individual, not to the company.

In summary, some of the pros are:

• Lower costs (PC inventory, help desk, purchasing)
• Attracting “Echo Generation” employees
• Happier employees
• Increased workforce mobility

Some of the cons are:

• Increased legal issues
• Conflict between company discovery and individual privacy
• Non-standard hardware: either end user or IT staff must be responsible for fixing problems

Those companies who have been successful implementing BYOC programs took two important steps:

1. They took on these potential “cons” in the company policy. HR, legal, and management sat down and banged out an information policy that addressed the legal, privacy, and e-discovery issues.
2. Secondly, they took a look at their infrastructure, and in some cases, completely redesigned it.

A note on corporate policies for company-owned computers: A 2009 survey uncovered that most people simply don’t follow their corporate security policies. About half access personal web-based e-mail accounts; three-quarters copy information onto portable storage devices to work on at home; more than half installed their own software onto their company-owned machine–just like they would in a BYOC model. The takeaway? If IT departments think their current model is protecting company information and adequately addressing privacy issues, chances are that they’re wrong. In these cases, creating policies and changing infrastructure to support the BYOC model would go a long way toward protecting company data and address these issues today.

visionapp has assisted our clients to implement the BYOC model in various stages and variations. Those customers who redesigned their infrastructure made it possible for just about everyone to do all their work on a central network. In those cases, the end users don’t have to keep any applications or files on their laptop — they can stop in the middle of a task on their thin-client at work, drive home, and pick up where they left off on their home computer. Contractors and third-party partners can bring their own laptop to the company, and those workers have access to all the appropriate resources, but none of the company-proprietary resources.

One of the commenters on a previous blogpost mentioned running two virtual machines on the laptop — one personal, and one corporate. That approach has its use cases, and may be appropriate for some companies (and some end users). We haven’t encountered a client who has had the exact same requirements as another client — sometimes one VDI vendor is the best for a client, sometimes another one is. Sometimes clients need a mix of app virtualization, streamed apps, hypervisors, and so forth. Sometimes the end users can be most productive on web-based portals; other times, a desktop approach works best. Sometimes the BYOC model isn’t a fit, but thin clients at the work site and mobile device access on the road or at home works best.

As with any major project, this can require a significant up-front investment, but we’ve seen that the return on that investment can be recaptured quickly. We had one enterprise client invest more than $10 million up front, but they saved almost $50 million in IT operations costs over the first 36 months–well beyond BYOC savings. They’ve been able to save on server management costs. Some clients use a unified desktop that has increased their user productivity 20%.

One other point: Some of our clients believe they should have made these infrastructure investments years ago. When our initial assessment determined that their employees were treating their company-owned laptop as a personal laptop anyway–like the aforementioned survey found–visionapp worked with the company to update their information access and security policies, and create an infrastructure that supported those policies.

Obviously, I don’t have the numbers (or approaches) for organizations who aren’t our clients. And obviously, the BYOC approach — as Citrix’s Tedd Fox says — isn’t for everyone. But more and more organizations are considering BYOC, and realizing that reworking their infrastructure can provide a lot more than BYOC savings.

Resources:

1. Ponemon Institute/IronKey Survey, July 2009
2. BYOC Demystified: Part 1 / Part 2 / Part 3
3. Is the World Ready for BYOPC?
4. visionapp’s BYOC approach
5. Case study: visionapp’s approach with Barclays PLC (PDF, 233kb)

BYOC: Intel’s David Buchholz weighs in

January 18, 2010

Late last week, Intel’s David Buchholz posted a BYOC discussion on his IT@Intel blog, and IT Business Edge interviewed Buchholz in late December about the BYOC phenomenon. Many of the pros and cons he talks about are similar to the pros and cons I put up last week as well.

Buchholz does not discuss the particulars of making BYOC happen, however. He says that it’s “not ready for corporate prime time” yet. However, I personally know that several companies — and not just Citrix — are making this happen today. Buchholz is looking at the applications and resources that a user needs for their corporate work running in isolation from their personal stuff — but that having the user manage both their personal environment and the isolated environment is difficult.

It sounds to me like many IT pundits think that BYOC means that security solutions and policies have to be layered on top of the current corporate PC and laptop model. That approach is fraught with problems — it’s a band-aid solution at best, and a corporate nightmare at worst. (On this, I think the naysayers and I agree.)

And think about it: with the advent of the PC in the 1980′s, we had a completely locked-down environment. You had to be at one single station in order to do your work. As connectivity has been steadily opening up the corporation, we’ve been stacking security and data solutions on top of that model for more than a decade. And — we’ve been dealing with the shortfalls of that (users not backing up, hard drives getting corrupted, etc.) because the intrinsic model of the PC wasn’t built to accommodate both full connectivity and full security.

So, outside of this, what is needed on the IT side to make a BYOC model happen? Yes — making significant changes to infrastructure does need to happen, and I think the IT leaders have to be willing to make these significant changes.

In my next post, I’ll talk about what is needed on the IT side to make a BYOC model happen. At visionapp, we’ve seen at visionapp implement BYOC successfully, and it has required a different approach, and it some cases a significant rearchitecting of the IT infrastructure. But this new approach has also saved some of our customers millions of dollars — something that couldn’t be done by bootstrapping products on top of what was already there.

BYOC: One of the scariest trends in America?

January 13, 2010

Now that I’ve talked about the potential benefits of the Bring-Your-Own-Computer concept, I’m going to give some time to the counterpoint. Most of the skepticism I’ve seen about BYOC amounts to, “What are ya, crazy? It’ll never work!”

But Patrick Cunningham, a long-time corporate records manager and the author of Above the RIM, an information management blog, has given a lot of thought to why BYOC is a Pandora’s box. Cunningham believes that there are many thorny business issues that move to the forefront when a company implements a BYOC program. He explains that legal issues are the biggest problem, followed by security and investigation issues.

When I emailed Cunningham, he didn’t provide examples — so I’ll give a few samples of some of the problems I think are created by BYOC.

One example of a BYOC legal issue is internet pornography and a hostile work environment. In many jurisdictions, an employee who uses a work computer to access online pornography can create a hostile work environment, and the company can be sued if it does not address the issue properly. But if the computer belongs to the individual, how can the company be assured that a hostile work environment won’t be created? The company can discuss the specifics (e.g., not on company time; not on company property — just like an individual can’t bring a Playboy to work), but a company’s legal and HR departments have to spend time crafting a policy for this.

One example of security and investigation issues could be trying to stop proprietary information from falling into the wrong hands. With a work-owned laptop, the company can demand a full search of the laptop — remote or otherwise — at any time. When an individual owns the laptop, suddenly there are privacy issues. In the USA, individuals can be protected by the fourth amendment that prohibits illegal search and seizure.

In Cunningham’s original post about BYOC, he also believes that IT departments can deliver a much better user experience than users who pick and configure their own laptops. He contemplates the difficulty of telling the office spreadsheet whizzes that “they have to turn off the corporate proxy setting when they go to Starbucks with their laptop.” Cunningham concludes that if the IT department properly configures the laptop, it will reduce help desk calls much more than a BYOC program.

Tedd Fox, the coordinator of the BYOC program at Citrix, believes that a BYOC program can’t exist in a vacuum. “I cannot stress enough that planning and deep analysis is the imperative to a successful programme,” says Fox. “We had many long discussions and meetings to make sure we took everything into consideration.” That included bringing HR, legal, and management into the planning sessions, to craft policies that dealt with legal concerns and e-discovery.

Fox also agrees that IT had to change its approach over the way it delivered information to users. In Fox’s case, the company provides all the back-end infrastructure, and many, if not most, employees have all applications and data living in shared servers. Virtualization technology and “cloud computing” has made much of this possible.

“Remember the times before VPN?” says Fox.  “People had to physically be in the office to work, because data had to stay inside the corporate walls. When VPN was introduced, IT people all over the world had these same concerns [legal, discovery, privacy].  The concept still took off because users wanted this functionality and IT made it happen.”

Cunningham still calls BYOC “one of the scariest trends in corporate America,” but concedes that end users are demanding it and “the IT buzz is increasing every day.” One thing both Fox and Cunningham agree on is that the IT architecture has to radically change to support the BYOC model. While Fox embraces the change, Cunningham sees the BYOC model requiring “an incredibly disruptive and restrictive environment”–in a program that’s touting the freedom of choice.

BYOC: If you love your computer, you’ll complain less

January 8, 2010

"Since I was able to choose my own laptop, I feel like a kid again!"

It’s been almost a year since the concept of “Bring-Your-Own-Computer” started getting attention in the media. I have to be honest: when I heard about the concept, I wasn’t sure why a company would choose to pay for a computer that belongs to the user, not the company.

Sure, I’ve bitten, clawed, and scratched my way at previous companies to buy a different kind of computer than the vanilla PC they wanted to give me. I’ve written pages of documentation about how my choice will save the company money and allow me to be more productive. In most cases, I’ve won, even when it meant running on a different OS than everyone else. But I was one of a small minority to even attempt it, and even now, looking back, I think the company gave in with a sigh because it was less trouble than continuing to fight me.

But, man, when I had a PC that I didn’t choose at that company, I complained constantly. My biggest complaint: as a graphics manager, I constantly had to use special characters that I could only access through Windows’ Character Map. On the Mac — which is what I ended up getting — an option-shift-bracket or an option-8 gave me what I needed almost instantly — instead of spending 1 or 2 minutes digging through the character map to find the typographer’s quote or bullet. Yeah, I know I was annoying. Yeah, I know the IT department (Hi Peter!) gritted their teeth every time my name showed up on their caller ID.

As it turns out, that’s one of the reasons why companies like Citrix have implemented the BYOC program. According to Citrix, BYOC “will greatly increase user satisfaction by giving employees the freedom to choose the exact mix of options, features and styles that match their personality and individual computing needs.”

Earlier this week, I had a conversation with Tedd Fox, a Technology Evangelist who coordinates the BYOC program for Citrix. “We designed the program for the Echo Generation,” Fox says. ” They are the people raised with TiVo and the Internet, who have lived online for a good chunk of their life.  They know their way around a computer and usually have strong opinions about the laptop and OS they use. Most of the time, they have an awesome laptop that they love to use already.”

Although Citrix doesn’t come out and say this directly, I believe the thinking goes along these lines: If you love your computer, you’ll complain less. That equates to fewer help-desk calls and more productivity. I’m not sure if any companies have done a cost-benefit analysis taking this into account, but it makes a certain amount of intuitive sense.

From personal experience, after I got my Mac, I think I called our IT help desk considerably less. Part of the reason for this is that the IT people said, “Listen, we’ll buy the Mac for you, but we don’t have people here who know the Mac. So if you have an issue, we probably can’t solve it.” But because I’ve been a Mac user since ’89, I was comfortable with that; with PC’s, I didn’t know a .dll from a hole in the ground, so I couldn’t even begin to troubleshoot it.

Cost reductions are in many places in the BYOC model, says Fox. Some of the cost reductions that were outlined:

1. No hardware help-desk calls. Citrix requires 3-year coverage on all purchased laptops, and the employee deals directly with the laptop supplier, not with IT, when they have a hardware issue.
2. Reduced inventory of laptops. Fox says the company still maintains a fleet of loaner laptops for when employees have to send their laptops in for repair, but that they’ve been able to reduce their inventory because they do not need to maintain a fleet of laptops for new employees.
3. Infrastructure savings. In order for the BYOC model to meet all the HR and legal requirements, including Sarbanes-Oxley and other data security measures, Fox says that there was a lot of top-down planning involved. Citrix makes a lot of back-end software that supports a model where all the user’s applications, resources, and data live offline, however, so I think the nature of their business probably made it easier for them to implement BYOC. This type of planning allowed Citrix to take advantage of the savings that technologies like virtual desktops offer. Trying to shoehorn BYOC into an organization where companies require corporate data to live on the user’s hard drive probably doesn’t make sense. “In effect, you have to quarantine the physical end point in some fashion and restrict information usage to a ‘safe’ computing arena that the organization can manage and maintain,” says Patrick Cunningham, a long-time corporate records manager and the author of Above the RIM, an information management blog. (Cunningham’s initial post about BYOC appears here; more of his feedback about BYOC will appear in a future blogpost.)

Fox reports that the first year of the program has been successful. The roll-out of BYOC wasn’t all at once–Citrix did it by geographic area, which also allowed them time to tailor the program to different countries’ privacy and data security laws. Fox also points out that BYOC is not for everyone, and isn’t required. “If users are happy with the laptop, support mechanisms, and need a bit of extra handholding,” says Fox, “they can stay with the IT delivered device and service offerings.”

I would also like to point out that Citrix doesn’t need to pay to eat its own dog food–their back-end infrastructure software that supports the BYOC model is free to them, which obviously positively affects their ROI. Other companies would have to pay to change their infrastructure into something that can support this. There are many options available, of course–Citrix isn’t the only player in the virtualization or management space. But Citrix’s software outlay was significantly less than other companies.

Not only is this not for everyone, but I’m not sure it can be appropriate for all roles. Adobe Creative Suite (Photoshop, Illustrator, etc.), for example, which most graphics and marketing people use on a daily basis, doesn’t work over most application virtualization technologies. (Not usably, anyway; plus, it sometimes violates the software’s license agreement.) If you still have to have Creative Suite or other software run locally, and save files locally, there might be fewer positives for the BYOC model in that situation, and there might be legal issues for storing corporate files on a personal machine.

Next up: the cons of the BYOC concept.

Photo credit: Patricia Dekker for Stock.xchng

The decade of Bring-Your-Own-Computer

January 7, 2010

In the next 18 months, I think we’re going to see a significant percentage of companies give their employees a stipend for their own computer or device–a device which does not belong to the company, but belongs to the user.

Last year, there were several articles written about Citrix’s decision to give money to employees to buy their own laptop, rather than having one supplied by their company. Most of the articles were skeptical to some degree, with blogger Patrick Cunningham boldly stating that a bring-your-own-computer model is “penny wise and pound foolish.” (One of his commenters more boldly states that it’s “truly one of the worst corporate ideas I’ve ever heard.”)

1. ZDNet: Bring Your Own Computer–Citrix’s Experiment in Computing
2. Above the RIM: Bring Your Own Computer
3. Miami Herald: Bring Your Own Computer to Work?
4. WindowsITPro: Bring Your Own Computer

Over the next few blogposts, I’ll start a discussion of BYOC, since it’s been about a year since Citrix and Intel kicked it off. I’ll talk to one of the biggest proponents of BYOC, the Citrix technologist who coordinates the program, and I hope to get some dissenting voices as well. (Let me know if you’re one of these dissenting voices, especially if you have experience with a BYOC program at your company.) I’ll talk about not just the pros and cons of BYOC, but the business, security, and technology issues that must be addressed for any BYOC program to be implemented.

But I believe this idea is going to take off this decade (and probably over the next 18 months) for the simple reason that users will demand it. The bring-your-own-computer concept is popular with young end users, who have grown up with a computer keyboard and who’ve never known a world without cell phones. These, after all, are the future rising stars.

Stay tuned as this discussion continues. Next up: the pros of the BYOC programs.

Want to use another protocol in vRD 2009?

February 18, 2009

vRD 2009 has added support for many more protocols in addition to RDP (including VNC, Citrix ICA, Telnet, SSH, and HTTP/S). If you want to use another protocol–no matter what the default protocol is for the object–follow these directions.

Choose another protocol for a connection.

To connect via a different protocol, select the connection, then right–click. Next, select Connect with Protocols…, and choose the protocol you want to use.

Go to the vRD 2009 site and click Try Out to download the evaluation version today!

Shortcuts in vRD 2009

February 12, 2009

If you’ve begun to use visionapp Remote Desktop 2009, there are a few shortcuts to some of the new functionality!

To quickly refresh sessions and find out who is connected to any/all of the computers in a folder, right-click on the folder and select Refresh Sessions All.

Organize the contents of folders by choosing the folder, then right–click and select Sort Alphabetically.

Since vRD 2009 can now support a lot more protocols than just RDP (including VNC, Citrix ICA, Telnet, SSH, and HTTP/S), how do you figure out which protocol each connection uses? Easy — just hover over a connection to see which protocol it will use by default!

Go to the vRD 2009 site and click Try Out to download the evaluation version today!

Webinar: XenApp 5 and visionapp Server Management

November 24, 2008

If you are looking to see the stuff in the “Migrating to XenApp 5″ white paper in real live action, visionapp is hosting an hourlong Webinar on December 2, 2008.

The everyday operation of Citrix XenApp farms and maintenance of machines, software and settings can be tiresome. Keeping servers up-to-date and consistent can be a challenge. Best practices for migrating to XenApp 5 from older versions of Citrix include having properly maintained machines as well as careful planning and testing. The webinar will show how vSM 2008 performs migration to XenApp 5 and day-to-day maintenance of Citrix farms – in a standardized, reliable, reproducible and documented way.

This webinar is mainly intended for technical audiences; basic knowledge of Citrix products is recommended.

Sign up here.

Migrating to XenApp 5

November 21, 2008

If you and/or your customers have questions about migrating to Citrix XenApp 5, visionapp has just published a paper detailing best practices and how to enforce an effective migration methodology. The paper is available on a few sites, including eMediaUSA, KnowledgeStorm, and BitPipe.

Here’s one of the links:
Citrix XenApp 5: Preparing for a Successful Migration (registration may be required)

Write a comment to let us know what you think!

Geek Speak Live in Des Moines, Iowa

November 19, 2008

The Citrix Geek Speak Road Trip is coming back to Iowa, and visionapp Chief Technologist Rick Dehlinger is one of the featured presenters!

Event Details:
Thursday, December 4th
Sessions: 1:00PM – 4:00PM
Drinks and Hors D’oeuvres, 4:00PM – 5:00PM
Location: The Des Moines Golf and Country Club
1600 Jordan Creek Parkway
West Des Moines, IA 50266

visionapp is also sponsoring the food and drink at happy hour. If you attended the Citrix Synergy 2008 event and the June Geek Speek event, then you are aware of the craze over Geek Speak Live.

visionapp business partner Alliance Technologies is bringing Geek Speak back to Des Moines this December, giving you facilitated learning from thought leaders and tech experts, including visionapp Chief Technologist Rick Dehlinger, as well as industry experts Doug Brown, Rich Crusco, and Michael Keen.

This open forum event gives the audience the chance to run the show and will include discussions and input from experts in the infrastructure delivery community.

You can find more info on the Geek Speak event here.