Microsoft’s Oslo initiative, a modeling approach to software development, is one of the pillars of the Microsoft’s dynamic IT strategy. Microsoft’s Azure platform counts on applications that can inform the fabric controller it’s hardware and operating systems configuration needs. The workloads are created and configured based on this information. This concept was explained on PDC 2008 in the quite long but great presentation (see below).
When the applications or services needs are described and modeled, the workloads needed to run them can be created anywhere where the modeling can be translated automatically in infrastructure and workloads configurations. When using modeling, the applications and services can be moved easily from one datacenter to the other, from on-premise testing to cloud production.
Application delivery should be a joint concern for developers and infrastructure professionals. Just like Gartner stated last year, Application Delivery Architects and Engineers Should Be an IT Organization’s Next Key Hires. Developers, application architects and infrastructure architects should work together on making applications and services location independent and making placement decisions better and easier.
Hypervisors for desktops will bring a major change in delivering applications to users. Until today, we had to centralize applications to work with untrusted, privately owned computers. With terminal server or Citrix presented the applications or desktops, without storing data on client machines. The disadvantage was that applications and data couldn’t be accessed offline. By using Operating System virtualization on desktops, especially with the use of hypervisor technology, this is going to change. It’s going to be a big thing.
Both Microsoft, Citrix and VMware are working on bringing bringing virtualization of “Operating System environments” (OSE) to the desktop. These OSE’s can be regarded as “digital work environments”.
On our own laptop (or in the future maybe on any smart device), there is a hypervisor installed, whether or not on a piece of read only hardware. On top of this hypervisor more than one operating systems can be installed. Our privately owned operating system, and for instance a business owned OSE. They can communicate with each-other like non-virtualized computers, and at the same time, each operating system can be fully shielded from the others.
This technique, nowadays applied in server environments, will make it possible to work with our privately owned devices in totally separated work environments. We can work in an OSE, delivered by our company or organization with trusted data, with company owned applications. The virtual machine will be managed by the organization. At the same time, we can work with our private virtual machine. Maybe, one machine can establish a connection to a trusted network, while the other cannot.
On September 25, 2008 Steve Ballmer (Microsoft) stated the following:
“ Does any of this to me mean that in the long run a significant percentage of the kind of computing people do on clients today will move to the server? I don’t think so. It doesn’t mean it won’t happen. It doesn’t mean some of it will be important. We’re certainly investing. But perhaps I think the most important thing is the notion of really using hypervisors on the desktop as a technique to improve the desktop experience, as opposed to let’s just move all computation and recentralize it. I don’t really think in the world where people kind of like their own personal devices, people fall in love with their phones, their PCs, their laptops, I don’t think it all gets recentralized.” (http://www.microsoft.com/presspass/exec/steve/2008/09-25churchill.mspx)
Citrix also plans to deliver the hypervisor in the second half of the year with the first release of a new product code-named Project Independence. “The face of desktop computing will change fundamentally over the next few years. Enterprises have long struggled to meet user demands for flexible computing while controlling costs, improving security and simplifying manageability. Achieving these goals requires the right technology as well as a shift in how IT and the user views desktop computing. Project Independence is a strategic product initiative with partners like Intel, focused on local virtual desktops. “
VMware View is a comparable approach:” Just as virtualization transformed servers in the datacenter, VMware View is transforming the desktop from device-centric to user-centric.”
This is going to happen pretty soon. Application delivery within OSE-containers is a real opportunity to let us work everywhere, for everyone, with or without connections, controlled and uncontrolled, with our most favored equipment. I’m very curious to all the emerging technologies which will arise from this simple decoupling the of the OSE from the hardware on client devices. Probably “to be continued…”
Can we work with untrusted, not managed computers in our networks? There is a shift in thinking about the management of client computers going on for the past years. The well-managed client paradigm will be replaced by the data-protection paradigm. It’s not the client integrity that we should protect, we should protect the data. Why is this important?
Organizations are confronted with an increasing number of privately owned laptops and devices. People, especially the Gen Y, tend to choose their own equipment. You decide what’s good for you.
The productivity decrease that comes along with automatically cutting of non-compliant computers from network resources (like in Network Access Protection) will be unacceptable expensive, while the workers, most of the time, can’t be held personally responsible for working on a non-compliant computer;
It’s really hard to manage all devices. Take printers for instance: there’s an operating system installed on most multifunctionals, without anti-malware software.
Client protection comes along with banning certain possibilities. Unless you work with highly sensitive or secret data, cutting off digital possibilities and opportunities will lead to a decrease of improvement and innovation initiatives;
With the introduction of IPv6 protocol client to server and client to client traffic is direct and IP-Sec protected. Computers are able to exchange data directly, without the use of the corporate (wireless) network. Inspecting the data in transit will be extremely difficult in some cases.
I can surely come up with more examples. The point is: the network itself and client-devices in particular cannot be trusted. A common way to deal with this problem is to create security-zones within a network. In the old days, all equipment like clients and servers, were directly connected. When working with untrusted computers, this must be avoided. The protected data, should be placed in a secure zone, which can be accessed thru firewalls over a limited protocol set like http-https rdp/ica and ssl/vpn. Old-style client-server traffic, as in file-sharing protocols, should be eliminated.
When we build on-premise networks like this, we act just like any internet based provider of applications, systems or network services.
Question is: should we avoid managing client computers/devices at all? Nowadays we provide network users with a desktop and applications, completely centrally managed. We have decoupled the operating system from hardware and the desktop and applications from the operating system. We deliver applications the same way to any solution: desktops, laptops, terminal servers, virtual operating systems. The device itself doesn’t matter that much anymore.
An example: a managed virtualized operating system (VDI-VMWare View), can be accessed in a network by an unmanaged computer. One works on this virtualized computer on premise or thru an internet connection. This virtualized computer can be streamed to a laptop computer for “offline” work.
These solutions will certainly make working with privately owned computers in corporate networks possible. The conclusion is that we can work indeed within corporate networks with untrusted, privately owned computers.
Loading ...