CHICAGO – While many IT pros hate the idea of allowing end users to bring their own PCs to work, executives and...
other employees are using netbooks, iPads and other devices without their companies' blessings.
At Briforum 2010, a desktop virtualization conference held here this week, skeptical administrators expressed angst over the concept of bring-your-own-PC (BYOPC). The concerns are over security breeches, hardware and software management, licensing and a host of other potential problems that come when there is no corporate standard.
One IT engineer said BYOPC begs important questions such as who owns the data generated on a user-owned device. There are also application, software and hardware support issues to contend with.For instance, if there is a hardware problem on an employee-owned Mac that corporate IT can't fix, the employee could be unable to work for a period of time.
"The only benefit I see with a BYOPC policy is that they can't complain about hardware issues, because they chose it," said Joseph Dropkin, a senior server engineer with Norwalk, Conn.-based PriceLine.com.
Some IT pros just want to give up control over end-user hardware and accept the consequences. Others said they think end user choice over hardware is something they need to accept and learn to work with.
"BYOPC is a challenge, but also a reality," said Rick Dehlinger, a virtualization technologist based in Sacramento, Calif. "Users are driving the IT world more and more [every] day."
It appears that high-tech giants, like Intel and Citrix Systems, are among the companies leading the way to allow end users to work on their own devices. Citrix gives employees $2,100 to use towards the device of their choice, and of the 50% of employees participating in BYOPC, 40% of the time, they choose Macs.
Virtualization technologies are one way to bring applications to any type of device. Citrix delivers its corporate applications using its own virtualization software, XenApp, which streams apps to users without having to install anything on the end-user owned device. This also means if the employee leaves the company, Citrix can simply stop streaming apps to that device.
But it's not for everyone, as application virtualization doesn't offer cross-platform support and it isn't the most secure way to deliver apps, said John Whaley, CTO of the desktop virtualization management company, MokaFive.
Another way to deliver corporate apps to unsupported devices is to port everything to the Web. But, since it takes a long time to rewrite enterprise apps for the Web, legacy apps probably won't work and end users will only be able to access apps when they are online, said Whaley, speaking at a session here.
Desktop virtualization is another way to deliver desktops to heterogeneous devices, but this method requires significant backend infrastructure investment and, as with the Web, users typically can't access their apps offline.
The answer to providing offline access appears to be client hypervisors, which exist from small third-party vendors and should be generally available from Citrix and VMware this year. Client hypervisors offer a secure, personalized desktops that run locally both on and offline, and appears to be a good option for BYOPC. But Whaley observed that this emerging technology has certain minimum hardware requirements for CPU (Intel vPro) and memory.
BYOPC: The bad
Whatever the delivery method, end-user owned devices have to be treated as un-trusted devices, so connecting with the corporate VPN could get sticky, Whaley said.
There must be a quick way to kill access to corporate data when an employee leaves a company, which is fairly simple with a Web-based delivery approach. Administrators can also set access policies for virtual desktops, and some companies give employees removable storage from which to run apps rather than allowing them to install corporate data on end-user owned machines.
"You don't want to be hunting people down for corporate data after they've left" Dropkin said.
Windows shops often find it difficult to support Macs because Apple doesn't have similar management tools for OSX as exists for the Windows platform. He said one possible option is to deliver an isolated corporate Windows environment in a virtual machine using desktop virtualization.
BYOPC: The good
Though the notion of BYOPC is anathema to IT shops, Walley said he believes it does make end users happier and more productive. According to some polls and studies, employees are willing to do more work at home and on weekends when they get to do it on their own machine, he said. And surprisingly, IT pros don't get more help desk calls for employee-owned devices.
"You'd think when you give end users a lot of rope they end up hanging themselves with it, but support calls actually go down, because [end users] are more willing to take issues into their own hands when they bought the machine," Whaley said. "They are also less likely to lose the device when they are the ones who bought it."