69% of employees say they are accessing business apps on personal devices organizations say 34% of...
TRANSCRIPT
How to develop a successful Flexible Workspace Strategy (BYOD, Consumerization, VDI, Tablet ... )
Eduardo KassnerPrincipal, Enterprise StrategyMicrosoft Corporation
WCA-B318
• What is your strategy• Current Reality• How to Resolve the new Paradigms• Real World Examples• Summary
What is your … BYOD strategy… Mobile Device Management strategy… Virtual Desktop Infrastructure
… What is your Workstyle Strategy
A tale of opposites
69% of employees saythey are accessing business apps on personal devices
Organizations say 34%of their employees are accessing business apps on personal devices
Who do you think is right??? (1)
Source: (1) Microsoft Customer Survey 2011, (2) Gartner: Using Peer-to-Peer communities to Drive BYOD self-support; Aug 3, 2012(3) Cisco: The Everywhere Employee: Increase of Business Devices
34% 69%Information workers will have 3.3 connected devices in 2014 – up 18% from 2.8 in 2012 (3)
3.3
88% Employees are using their personal computing technologies for business purposes today (2)
88%
Work is not a location or a screen anymore…
Sources:International Telecommunications Union, “Tablet Demand and Disruption” Morgan Stanley, IDC Source for both:, IDC, “2011 Consumerization of IT Study : Closing the ‘Consumerization Gap’”, July 2011, VentureBeat
2.4 Billion Mobile Internet device today in the world
2/3 of companies world wide have adopted tablets
Only 20% of tablet owners use the device for content
creation
Around 400+ Million Computers Sold in 2012
Around 6 Billion Cell phones Worldwide
1.1 Billion Smartphone Subscribers, 13% of world wide
total Internet traffic
Work is just one more activityIn our day
THIS IS CONSUMERIZATION
BUT NOT CONSUMERIZATION OF IT
Current Client Strategies
Virtual Desktop (Non-Persistent)
Remote Desktop Services (RDS / Citrix)
Virtual Desktop (Persistent)
Windows or Non-Windows DevicesCurrentOffering
Executive
brought devices
Need to Upgrade
LocalData
Local Applications
Local Settings
Local Browser
At what cost did you enable Agility ?
How do we sustain TCO while enabling flexibility and provide compliance?Personas / Profiles, Access & Security, Data Rights Management, Application lifecycle
Mobile Device Management
Windows Environment
LocalData
Local Applications
Local Settings
Local Browser
Physical
LocalData
Local Applications
Local Settings
Local Browser
VirtualSome Cloud
Offerings
BYOD
Deploy OS / Apps, Standardize, Patch, Lockdown user
LocalData
Local Applications
Local Settings
Local Browser x4
Tablet Phone
Physical Virtual x4
Reduce
TCO per user
Raise
d TC
O
per u
ser
Benefits:• Enable choice • Agility & Flexibility• Stay Compliant• Take advantage of Cloud• Encourage Mobility
World Class Services to any Device
TCO
Agility
Managed PC
Agility
TCO
Synchronization Exchange Active Sync SkyDrive Pro User Experience Virtualization SharePoint
Data Protection and Compliancy Group Policy Data classification Rights Management Data encryption BranchCache Application White Listing
Virtualization Application Virtualization Remote Desktop Services Virtual Desktop Infrastructure
Secure Access Server and domain isolation Network Access Protection Unified Access Gateway Direct Access Remote device management
ProvideCost Effective World Class Continuous Services to Any Device
Tablet Phone
Physical Virtual x4LocalData
Local Applications
Local Settings
Local Browser x1
What is your strategy?• Bring your own
computer• Thin clients• VDI• Consumer devices• Smart phones• Managed desktops• Managed laptops
desktop …mobile services
Work on any PC anywhere
Work on your own device
Work on many devices
ENABLE
What is your device strategy
What was once different …
Is now the same …
Empower People-centric IT
Your apps and data delivered
DEVICE-OPTIMIZED APPS
WEB APPS
VIRTUAL DESKTOPS + APPS
Personalized experience
Any device, anywhere
Secure & well-managed StartStartStart
StartStartStart
StartStartStart
Sell 150,000 Tickets in 10 Seconds
• http://www.microsoft.com/casestudies/Windows-Azure/Flavorus/Ticketing-Company-Scales-to-Sell-150-000-Tickets-in-10-Seconds-by-Moving-to-Cloud-Computing-Solution/4000011072
A NewParadigm
Office WorldMobility
Data Center CloudServices
Desktop ScreensDevices
User / Password
Profile / PersonaAccessFrom To
Access Strategy
Access to data depends
on user, device and
location
WHO
UserProfile
Compliance
WHAT
ApplicationCollaboration
Communication
WHERE
DeviceLocation
If user, device and locations are trusted access is
granted
Direct Access
RRASVPN
SSL VPN
CORPORATE NETWORK
Windows 7/8
Myriad mobile devices
Down-level Windows clients and mobile
devices.
A NewParadigm
Unclassified Classified & ProtectedData
Office WorldMobility
Data Center CloudServices
Desktop ScreensDevices
User / Password
Profile / PersonaAccess
From To
Data classification resources
Low
Moderate
Cost of data breach• $204 per compromised
record• $6.75 million average total
cost• 40% of cases are people
mistakes*Source: Ponemon Corp, January 2010
Public infoMarketing info
Email addressIP address
Fax number
Social security #Credit card info.Aggregate Data
Health infoUsername/PW
Recommendations by International Accounting
Standards Board
US: SOX, PCI-DSS, GLBA, FISMA, Joint Commission and
HIPAAEU: Basel Accord I, II, IIUK: Data Protection Act,
FSA, Freedom of Information Act 2000, Australia: ARPA, Canada: C-SOX , China: CCC Mark, Japan: J-SOX,
and others
HIGHBusiness Impact
HBI
MODERATEBusiness Impact
MBI
LOWBusiness Impact
LBI
Information classification wizardhttp://www.windowsphone.com/en-us/store/app/infoclasswiz/cca5583a-a3cc-4e89-a11b-3d348d6b04ec
Microsoft Data Classification ToolkitSolution Acceleratorhttp://www.microsoft.com/en-s/download/details.aspx?id=27123
A NewParadigm
Device Policy EnforcementSecurity
Office WorldMobility
Data Center CloudServices
Desktop ScreensDevices
Unclassified Classified & ProtectedData
User / Password
Profile / PersonaAccess
From To
System Security & Compliance
Encryption• Deploy, provision, recover
BitLocker encrypted systems.
• Deploy desktop OS pre-configured for BitLocker
AV and Compliance• Device policy control and
compliance through enforced PINs or remote wipe
• All Windows AV and system configurations managed in a single interface
• Device discovery and inventory
Hardware and BootWindows and DriversAnti-Virus
ConfigMgr/SCEP and Windows Intune
MDOP (MBAM,
AppLocker)
Data Encryption
Windows 8 device
DirectAccess/
Forefront UAG
Applications & Data
Server
Network
Device
Start
Start
Devices & Platforms
IT
Windows Intune
Single adminconsole
Mac OS X
Windows PCs(x86/64, Intel SoC),
Windows to Go
Windows RT, Windows Phone 8
iOS, Android
Simplifying Management across Platforms
A NewParadigm
Locked Down ControlledAgility
Office WorldMobility
Edge WorkloadSecurity
Data Center CloudServices
Desktop ScreensDevices
Unclassified Classified & ProtectedData
User / Password
Profile / PersonaAccess
From To
Agility and ProductivitySocial Tools in the Enterprise
+ Information Protection
Connected productivity:
• Share and edit Office documents directly using Windows Phone
• Use Lync on all major smartphone platforms
• Take notes with text, pictures and voice with OneNote Mobile for Windows Phone and iPhone
• Work online together with others on Office documents from anywhere with Office Web Apps
Integration with external social networks
Best productivity on Windows
And best-in-class
on other devices
Microsoft Exchange
Microsoft SharePoint
Windows Server 2012
Active Directory Rights Management ServicesPersistent, identity-centricuse policies and encryption embedded with the data
Windows Server 2012 Dynamic Access ControlData governance across file servers• Control who can access
information• Audit who has accessed
informationStart
Start
without Compromising Security
ConfigMgr
Windows Intune
On Premise & in the Cloud
A NewParadigm
CorporatePurchased
Any DeviceCOIT
Office WorldMobility
Locked Down ControlledAgility
Edge WorkloadSecurity
Data Center CloudServices
Desktop ScreensDevices
Unclassified Classified & ProtectedData
User / Password
Profile / PersonaAccess
From To
Consumerization of IT Strategy
Any deviceNo policies
Choose Your Own
White-listing devices Loose
policies
Predefined Device Strict
policies
Freedom of devices Loose
policies
UN- MANAGE
D
MANAGED
Primary DeviceSecondary DeviceMobile / Smart Phone
Mobile Device Management
Access / Data / Security ManagementConfiguration & Compliance Management
Application Deployment (Virtual App, VDI, RDS, ect)
Identity & Profile Management
Device Trends – Perspective
Choose Your Own
Employee Purchased Company Purchased
Employee Managed Company Managed
Employee Indifference
Company Influenced
RISKAccess
Freedom
Control
Workforce Segmentation
Secure and compliant environment
LOB Applications Business value Collaboration needs Mobility
CompliancyEnterprise
enablement
Account Manager
Business value Collaboration needs LOB Applications Engagement with
technology Mobility
Enterpriseenablement
Proxi LOB applications
Public Collaboration Mobility
Simplifiedenablement
Nothing
Enablement
Embrace Bring Your Own DeviceA variety of solutions that fits your organization
VDI: Access to corporate image
ConfigMgr: User/device-specific management
Windows To Go: Consistent Windows 8 experience on any PC* from USB
Windows Intune: Cloud management for Windows-based PCs & tablets
Embrace BYOD
* Any device certified for use with Windows 7 or Windows 8,. Software Assurance (SA) for Windows required
A NewParadigm
CorporateEnvironment
Any ApplicationApplications
CorporatePurchased
Any DeviceCOIT
Office WorldMobility
Locked Down ControlledAgility
Edge WorkloadSecurity
Data Center CloudServices
Desktop ScreensDevices
Unclassified Classified & ProtectedData
User / Password
Profile / PersonaAccess
From To
Enabling an employee means allowing more not less
Examples
Consumer LOB ISVCustom LOB
Expense Approva
l
Headtrax
Company News
Used by Consumer Business
Built by
Distribution
Tech Companies, Publishers, Brands
Windows Store Windows Store
Tech Company
Windows Store or Side-loaded
Enterprise
Side-loaded
PLM
B2C and B2B
A NewParadigm
Lowest Costs
ControlledCostsTCO
CorporatePurchased
Any DeviceCOIT
Office WorldMobility
CorporateEnvironment
Any ApplicationApplications
Locked Down ControlledAgility
Edge WorkloadSecurity
Data Center CloudServices
Desktop ScreensDevices
Unclassified Classified & ProtectedData
User / Password
Profile / PersonaAccess
From To
Unman
aged
PC
Som
ewha
t Man
aged
PC
Moder
atel
y Man
aged
PC
Lock
ed a
nd W
ell M
anag
ed P
C
SBC W
indo
ws R
DS
SBC R
DS & C
itrix
Xen
App
Smar
tpho
ne (P
latfo
rm)
Tabl
et (P
latfo
rm)
Smar
tpho
ne (C
oncie
rge)
0
500
1000
1500
2000
2500
3000
3500
4000
4500
5000
25262162
1797
1067 973 834487.4 487.4 487.4
1874
1869
1787
16131494
1493
1426.49952.85
2918.51
End-User Costs Direct Costs
TCO Comparison of several architecturesUnits: US $ per Device per year. Based on analysts documents from Nov 2011 – April 2012 … several sources including MS studies
-39%
-5%
-8%
-28%No Data Plan
16%With Corporate Security
-17%No Corporate Security
Impact of Storage
not reflected. Read this post
Check out: VDI Smackdown v1 3 (ENG) (feb
2012).pdf
-39% -44% -47% -57% -67% +23%
137:1 151:1 169:1 221:1Staffing Ratios (Users per FTE)
DESKTOP HOSTEDDESKTOP
(RDS, VDI)
SMARTPHONE, TABLET
Recommended reading material• Gartner:
• Desktop Total Cost of Ownership: 2011 Update, Published: 16 November 2010, ID:G00208726
• Notebook Total Cost of Ownership: 2011 Update, Published: 17 November 2010 ID:G00208793
• Total Cost of Ownership of Mobile Devices: 2012 Update, Published: 20 March 2012, ID:G00229907
• Client Computing Total Cost of Ownership, 2011: A Chart of Accounts, Published: 3 March 2011,
ID:G00210895
• Total Cost of Ownership Comparison of PCs With Hosted Virtual Desktops, 2011 Update, Published: 14
December 2010, ID:G00209403
• Total Cost of Ownership Comparison of PCs With Server-Based Computing, 2011 Update, Published: 14
December 2010, ID:G00209456
• PQR VDI Smackdown v1 3 (ENG) (feb 2012).pdf
• PQR Understanding how storage design has a big impact on your VDI (updated Septembe
r 2011)
The top best practices to achieve consumerization
1. Workforce Segmentation2. Service Portfolio3. Assess the Impact4. Evaluate your Current Capabilities5. Build a Roadmap6. Start delivering services to your
environment
Asses the Impact on your Organization
Security
••
••
•
•
•
•
••
••
•
•
•
Policies
• • • •
Health
• •
•
•
•
•
•
Financial Compliance Data
Apps IT Infra
Windows 8 Supports Flexible Workstyle
Simplify Virtual Desktops 2
Productivity with Tablet
WinRTEnterprise Apps
Help Secure YourEnvironment 4
Your PortableWorkspace 2
EmbraceBYOD Scenarios
Support Mobile Workforce
Work Anywhere 1,2
No Compromise Business Tablet1
New Possibilities in Mobile Productivity
Enhanced End-to-End Security
Management and Virtualization
Help Secure YourDevices & Data 4
1 Internet access required2 Software Assurance (SA) for Windows required
3 Microsoft Desktop Optimization Pack (MDOP) required
4 Windows 8 Pro required
Your Data and Apps On Any Windows-based Device 3
Customer Options are Expanding
Microsoft IT Supplying a digital foundation to Microsoft
120MIMs per month
224,000SharePoint sites
19PBStorage
568 Buildings
8Datacenters
107 Countries
27,000Servers
108,000Windows 7 seats
45,000Windows Phone devices
2,900Applications
193,000Exchange mailboxes
17,000Wireless access points
690,000Lync calls per month
MyWorkSpace 1.0 MyWorkSpace 2.0
Follow Me Desktop
Windows 8 (Tablet/OS) AssessmentEnterprise Ready
Windows 8
Voicemail in Email
Follow Me Settings
Follow Me Printing
Video Phone
Device Consolidation
Follow Me Apps
Automated App Request
Office 2013
Follow Me DocsOutlook Offline
MyDevices
MyApps
MySettings
MyDocs
Q1 Q2 Q3 Q4 2014 Q1
MyWorkSpace – Implementation Timeline Enable better decisions faster and enhance productivity by providing secure anytime,
anywhere, access to MyApps, MySettings, and MyDocs from MyDevices
Thin Clients
MyDevicesEnterprise Ready Window 8Video Phone (CHK Campus)Device Consolidation
MySettingsFollow Me Printing
MyAppsFollow Me AppsOffice 2013Internet Explorer 10
MyDocsOutlook Offline
MyDevicesFollow Me DesktopWindows 8 (Tablet/OS) AssessmentThin Clients
MySettingsFollow Me Settings
MyAppsVoicemail in Email
MyDocsNo Change
2013
Internet Explorer 10
MyWorkSpace 3.0MyDevicesNo Change
MySettingsFollow Me Printing
MyAppsAutomated App Request
MyDocsFollow Me Docs
Example #2 … User ProfilesProfile Device(s)/Scenario Apps Data
Executives Laptop or Tablet running Windows 7/8 or Mac OS
ARM Tablet running Windows RT or iOS
Windows: Streamed (App-V)Mac: Local InstallWindows RT: AZ App Store, Sideloaded, Windows StoreiOS: iTunes AppStore, Citrix XenApp or XenDesktop
Office 365Skydrive ProFolder Redirection
Corporate Laptop or Desktop running Windows 7/8 Streamed (App-V)Citrix XenApp (Remote App)
Office 365SkyDrive ProFolder Redirection
Commercial ARM Tablet running Windows RT or iOS
Windows-to-Go
Windows RT: AZ App Store, Sideloaded, Windows Store
iOS: iTunes AppStore, Citrix XenApp or XenDesktop
Office 365Skydrive or Skydrive Pro
R&D Laptop or DesktopTransient between clean lab and office environment
Windows: Streamed (App-V)Linux: Citrix XenApp
Office 365Skydrive ProFolder Redirection
Contractors Windows-to-Go Streamed (App-V)Citrix XenApp (Remote App)
Office 365 KioskFolder Redirection
Manufacturing Kiosk running Windows 7/8 Streamed (App-V)Citrix XenApp (Remote App)
Office 365 Kiosk
Example #2Pub
lic Clo
ud
Serv
ices
MANUFACTURING Kiosk
Office 365
SkyDrive Pro
On-P
rem
ise S
erv
ices
CORPORATEWindows 7/8
EXECUTIVEWindows 7/8
Laptop, Mac, or Tablet
Streamed App-V AppsDirectAccessSync’d Data & SettingsXenApp/RemoteAppBitLocker
Streamed AppsXenApp/RemoteApp
COMMERCIAL
Win Rt or iOS
Windows-to-Go
Streamed AppsDirectAccessBitLocker/RT Device EncryptionXenApp/RemoteApp
Streamed App-V AppsDirectAccessSync’d Data & SettingsXenApp/RemoteAppBitLocker
CONTRACTORNon-AZ device, Windows-to-Go
Streamed AppsXenApp/RemoteAppBitLocker
Streamed App-V AppsSync’d Data & SettingsXenApp/RemoteAppR&D
Transient among devices
SkyDrive
SCCM 2012
What is your workstyle strategy?
• Bring your own …• Thin clients• VDI• Consumer devices• Smart phones• Managed desktops• Managed laptops
SAY YES TO ALLRESPONSIBLY
There are many ways we can help
Microsoft Services
Assessment & RoadmapTactical Solutions
Strategic SolutionsSupport
Risk Assesment
Solution Accelerator
• Microsoft Assessment and Planning (MAP) Toolkit
• Microsoft Deployment Toolkit (MDT)• Security Compliance Manager (SCM)• Infrastructure Planning and Design
(IPD)• Microsoft Operations Framework (MOF)• Governance, Risk, & Compliance (GRC)
Infrastructure Planning & Design Guides
• DirectAccess• Dynamic Datacenter• Exchange Online—Evaluating Software-
plus-Services• Exchange Server• File Services• Forefront Identity Manager 2010• Internet Information Services• Malware Response• Microsoft Application Virtualization
4.6• Microsoft Enterprise Desktop
Virtualization (MED-V)• Print Services• Remote Desktop Services• Selecting the Right NAP Architecture• Terminal Services• Windows Optimized Desktop
Scenarios• Windows User State Virtualization
Online Resources
Toolkits
• Microsft Application Compatibility Toolkit• Microsoft Assesment and Planning Toolkit• Windows 7 Application Compatibility • Springboard - Aplication Compatibility• Microsoft Deployment Toolkit• System Center Configuration Manager• Proof of Concept Jumpstart
Calculators
• Calculators• Windows 7 ROI Tool• Microsoft MDOP Business Value Analyst
Tool• ROI Tool Application Virtualization• Enterprise Learning Framwork
Windows Track ResourcesWindows Enterprise: windows.com/enterprise
Windows Springboard: windows.com/ITpro
Microsoft Desktop Optimization Package (MDOP): microsoft.com/mdop
Desktop Virtualization (DV): microsoft.com/dv
Windows To Go: microsoft.com/windows/wtg
Outlook.com: tryoutlook.com
msdn
Resources for Developers
http://microsoft.com/msdn
Learning
Microsoft Certification & Training Resources
www.microsoft.com/learning
TechNet
Resources
Sessions on Demand
http://channel9.msdn.com/Events/TechEd
Resources for IT Professionals
http://microsoft.com/technet
System Center 2012 Configuration Managerhttp://technet.microsoft.com/en-us/evalcenter/hh667640.aspx?wt.mc_id=TEC_105_1_33
Windows Intunehttp://www.microsoft.com/en-us/windows/windowsintune/try-and-buy
Windows Server 2012 http://www.microsoft.com/en-us/server-cloud/windows-server
Windows Server 2012 VDI and Remote Desktop Serviceshttp://technet.microsoft.com/en-us/evalcenter/hh670538.aspx?ocid=&wt.mc_id=TEC_108_1_33
http://www.microsoft.com/en-us/server-cloud/windows-server/virtual-desktop-infrastructure.aspx
More Resources:microsoft.com/workstylemicrosoft.com/server-cloud/user-device-management
For More Information
Evaluate this session
Scan this QR code to evaluate this session and be automatically entered in a drawing to win a prize
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.