An in-depth analysis of the Microsoft-Kidaro deal. What does this mean for VMware, Citrix, and the industry? - Brian Madden - BrianMadden.com
Brian Madden Logo
Your independent source for desktop virtualization, consumerization, and enterprise mobility management.
Brian Madden's Blog

Past Articles

An in-depth analysis of the Microsoft-Kidaro deal. What does this mean for VMware, Citrix, and the industry?

Written on Mar 13 2008 13,238 views, 43 comments


by Brian Madden

Yesterday Microsoft bought desktop virtualization vendor Kidaro for an undisclosed amount (although rumors suggest as much as $100M). Kidaro makes virtualization software and management tools that "package" Windows desktop images into VMs that can run locally on users' computers. It's a lot like VMware's ACE product, although Kidaro has much better management capabilities.

First, why would anyone want this technology?

Kidaro is a desktop virtualization vendor, although not in the most traditional "VDI" sense. Whereas the de-facto definition of "VDI" means users connecting via server-based computing protocols to desktops running in a datacenter (VMs, blades, or Terminal Servers), a more broad (and more correct in my opinion) definition of "desktop virtualization" would include ANY technology that separates the OS image from the client computing device. Based on that definition, Kidaro (as well as OS streaming solutions like Citrix Provisioning Server) also play in the VDI space.

So Kidaro is a desktop virtualization vendor. In their system, a user's "desktop" is packaged up into a single file which includes the hypervisor, the Windows OS, applications, and settings. Then this single file can be ported / copied / streamed / executed from just about any computing device. The idea is the user can have an unmanaged computer, and they can visit a Kidaro-based portal and click a link to run their "desktop," which will copy / stream the Kidaro desktop down to their device. Alternatively the Kidaro desktop could be deployed via DVD or even USB stick. (The USB option is a cool concept. Instead of giving your employees PCs, just give them a stick. They can pop it into any Windows PC and run their completely locked-down and managed VM from anywhere. The hypervisor ensures a proper security barrier exists between the VM and the host.

Kidaro is perfect for the whole "Employee-owned PC" thing that I've written about in the past. It lets IT deliver a secure, controlled, locked-down desktop that also works offline (the big FAIL of traditional VDI so far), while leveraging many of the benefits of single-image control and per-user personalization and software streaming.

Note: Please please please remember that one of my "soap box" issues is that there is no single desktop delivery solution or technology that will EVER work for 100% of users. I think the future will see a blend of some local desktops and some remote, some shared (TS) and some single instance, some local apps and some streamed, some online and some offline. To me, the "holy grail" is not a single technology that can be used for all, but a single product (or suite) that's INTEGRATED that lets all of these various technologies work together to truly provide any app, to any device, over any connection. But that is still a dream at this point.

Why did Microsoft buy Kidaro?

The real reason? I think they're scared. They're scared of losing control of how Windows is used and deployed. Windows is [one of] Microsoft's cash cows. They will do anything to protect it. This is why they "pooh-poohed" virtualization until it was apparent that their competitors could actually slide in between Windows and the hardware and control how Windows worked. This is why they ignored application virtualization until they absolutely needed it to help Vista's sales.

I think Microsoft is truly starting to "get it" with regards to virtualization. I don't mean in the big ways because of stupid press releases with a million "look how cool we are" bullets. I mean in the little ways that are not obvious at first, like the fact that they combined the virtualization, SoftGrid, and Terminal Server MVPs into a single "virtualization" group. I think they're starting to finally understand that the world is changing, and if they want to continue to sell very high numbers of Vista licenses (and Software Assurance) to businesses, they have to change too.

So Microsoft has Terminal Services. They add all sorts of cool new features to it in Windows 2008. They buy SoftGrid. They buy Calista. They change their long-held licensing policy and start legally allowing people to run Vista in a VM.

If you take a step back and think about about the entire application and desktop delivery space, how many different technologies / techniques are there?

For desktops:

  • Remote Terminal Server-based desktops
  • Remote single-instance desktops (Blades or Vista / XP VMs)
  • Streamed desktop disk images running locally on native hardware
  • Desktop images running in VM wrappers on local hardware (This is what we're talking about in this article)

For applications:

  • Traditionally-installed local applications
  • Streamed / virtualized / isolated local applications
  • Remote Terminal Server-based applications
  • Remote single-instance based applications

If you look at these eight items, where does Microsoft play today? They have something to offer in most of these spaces. And the places they don't have, you can bet they will either (a) partner, (b) build / acquire this capability, or (Secret Option "C") partner until they decide the market is right, then buy a competitor the the company they've been partnering with up until that point.

Microsoft's strongest partner in this new age-y desktop and application delivery space is Citrix. Up until yesterday, Microsoft+Citrix could do 7 of the 8 things on that list. What was missing? Item # 4, "Desktop images running in VM wrappers on local hardware." Could Microsoft ignore that? Sure. Except for the fact that VMware had an offering (ACE), and VMware is Microsoft and Citrix's #1 competitor in this space.

(If it was so obvious, then where was my article about this two months ago? Um... It's around here somewhere I think! :) Ahh, hindsight! I'm an analyst, not a predictor of future trends apparently.) Regardless, you had to know something was coming in this space. There's just too much juice for Microsoft not to take a sip. (And then to punch and kick everyone else sipping from the same pitcher, and then to take over the juice factory and fruit growing operation, and then to offer people all the juice they want for $250 per year while stopping the sale of juice in one-off cartons.)

What Microsoft will do with Kidaro

Unlike the Calista aquisition (where Calista didn't actually have any shipping products), Kidaro has something for sale today. Microsoft is changing the name of the Kidaro product to "Microsoft Enterprise Desktop Virtualization," and instead of selling it as a stand-alone product, they're bundling with the "Microsoft Desktop Optimization Pack" (or "MDOP"). MDOP is sort of a random hodge-podge collection of cool software that Microsoft has bought from other companies over the years. As of now it includes:

  • Microsoft SoftGrid Application Virtualization (SoftGrid)
  • Microsoft System Center Desktop Error Monitoring
  • Microsoft Asset Inventory Service (AssetMetrix)
  • Microsoft Diagnostics and Recovery Toolset (Winternals Administator’s Pak)
  • Microsoft Advanced Group Policy Management (DesktopStandard GPOVault)
  • And today, Microsoft Enterprise Desktop Virtualization (Kidaro)

The price of the MDOP is only $8 per user, so it's essentially free. The catch is that you can't just go out and buy an MDOP. It's only available for people to do a multi-year desktop software "lease" via Microsoft's Software Assurance program. And you can't just lease MDOP. You have to be paying for SA on desktops first, and then you can add-on MDOP. And if you ever stop paying, you lose access to these technologies and products. (With Windows 7 looking more and more like a 2010 release, you gotta have something to offer customers who pay for SA!)

Then again, if people are subscribing to SA with MDOP already, it's just another product for free!

(Thanks Tim for suggesting some clarifications to the MDOP description.)

How will this impact VMware?

Like I said, VMware has a product that competes with Kidaro: VMware ACE. It seems that Kidaro has more manageability than ACE, and with it being bundled into the MDOP, this could be trouble for them.

Rumors have been circulating that VMware was going to cancel ACE because it hasn't really taken off like they expected. (Of course virtual appliances haven't really taken off either, but this didn't stop them from dedicating a whole conference to them in France a few weeks ago, so who knows?) Will this speed ACE's demise, or will this "validate" the technology and reinvigorate those who like the concept but love VMware even more?

One of the coolest features of Kidaro is the ability to hide the desktop window of the guest OS, creating a very cool user experience where guest application windows run seamlessly within the host's desktop. This is a feature (called "Unity") that VMware offers in their Mac version of VMware Workstation (called "VMware Fusion). If VMware wants to keep ACE, they're going to need to create a Unity-like features.

More importantly, though, is that VMware also will need to do something to improve the administration and management experience of ACE. They need to make it just as simple and easy to deploy desktops via ACE as it is via VDM2. Actually, they should just combine these into a single product, allowing a single desktop image via a single management tool to be used for remote (VDI) and local (ACE) use.

How will this impact Citrix?

Some people have suggested that Citrix missed the boat on this--that Citrix should have bought Kidaro. But I don't think that's true. Citrix really has a lot of the elements they need to offer something similar. They have Provisioning Server which can stream images down to a workstation. They have some experience in Xen which can maybe be used to re-purpose the Xen hypervisor so it will run in Windows.

But most importantly, Citrix has a friendship with Microsoft. With Microsoft buying Kidaro, I think there's a plausible case to be made that now Citrix doesn't have to "worry" about ACE at all. They can let Microsoft roll-out Kidaro, and then Citrix can "embrace and extend" it by integrating with Provisioning Server, Citrix XenApp, etc. (Pete, when is Provisioning Server going to let users take images offline?)

If Microsoft really did pay $100M for Kidaro, then that's all the more reason that Citrix made the right move by letting them go to Microsoft.

Other interesting links about this Microsoft / Kidaro deal

The official Microsoft press release

The Microsoft virtualization team's blog post

 
 




Our Books


Comments

Paul Wegiel wrote no title
on Thu, Mar 13 2008 8:47 AM Link To This Comment

Thanks Brian - that's a great analysis.

One more thing this acquisition does is validates once again the strategic importance of Virtualized Desktop industry.

Guest wrote Unity
on Thu, Mar 13 2008 11:11 AM Link To This Comment
Unity is already in the vmware 6.5 workstation beta
Pete Downing wrote Nice
on Thu, Mar 13 2008 11:33 AM Link To This Comment
I bet Brian wants a response... ;-) or he thinks I don't read his site!
Brian Madden wrote Re: Nice
on Thu, Mar 13 2008 12:20 PM Link To This Comment
Yep! sooooo..... what's your response? ;)
Neil Spellings wrote PVS offline version
on Thu, Mar 13 2008 12:23 PM Link To This Comment

Given provisioning sever is really disc remoting and not OS streaming, I think it would require quite a few changes to the product to allow off-line use. I guess time will tell if an offline version ever makes an appearance, but I can't imagine Citrix putting alot of effort into this now they can just set on top of the Microsoft technology (like they do with TS)

Cheers

Neil

Pete Downing wrote Re: PVS offline version
on Thu, Mar 13 2008 1:29 PM Link To This Comment
Please expand on your term 'disk remoting'... I am very curious to see what you mean. 
Guest wrote Citrix continues to have no offline story and fails to take a leadership position
on Thu, Mar 13 2008 1:41 PM Link To This Comment
They are MSs ***. They should added the mgmt stuff to Netscalers and done some real cool stuff. This would have been an easy win for them. They waited around and did not ACT as usual missing the boat again. This could have really boosted sales for them in an area where MS was not, increased their valuation for their shareholders etc. Instead they continue to be the MS ***.
Guest wrote Re: Citrix continues to have no offline story and fails to take a leadership position
on Thu, Mar 13 2008 1:53 PM Link To This Comment
Wow... VMWare must be paying you a lot to make educated comments like so.  While I agree with your insight to a point, must we use the demeanor of a 10 year old at recess to convey a message that is neither here nor there.  Come on!
bjorn bats wrote curious why brian always stands up for citrix
on Thu, Mar 13 2008 1:57 PM Link To This Comment

Brian,

to me it always looks like you stand up for citrix?, its my opinion to say that citrix already missed the boat sereval times and forgot the focus on their cashcow --> presentation server. the last 1,5 year they did acquisition after acquistion and mr templeton always talked about billion company here and there but never had a real strategy to me. but you hear and see more from citrix so maybe i am wrong. so give us your opinion on how citrix will fit in.

i think that citrix is not flexibel and accurate enough to win the fight to get all the products together. provision networks has a better strategy, you can see it already on the people they are hiring.

 

 

Guest wrote Remote single-instance based applications?
on Thu, Mar 13 2008 2:51 PM Link To This Comment

Brian,

What do you mean with "Remote single-instance based applications" ? Any examples?

Guest wrote Re: Remote single-instance based applications?
on Thu, Mar 13 2008 3:46 PM Link To This Comment
Maybe locally installed (instead of virtualized) apps on an non-TS remote desktop?
Brian DaBinett wrote Citrix are on the right track...
on Thu, Mar 13 2008 3:46 PM Link To This Comment

Microsoft are the gorilla in the space and they have an enviable track record of coming from behind (Office vs. SmartSuite, IE vs. NetScape) and in this instance they needed a better way to control and provision VM's and that's what Kidaro has given them, it brings them level in one snse with VMware and ACE but more importantly as mentioned above it builds on MDOP as a way to increase/maintain software assurance revenues which makes Kidaro a steal.

The problem with ACE (imho), Moka5, Kidaro et al (before being owned by MS) is that is great to be able to go round with an O/S on a USB mass storage device there are licensing implications, patching requirments and administration overheads. The problem with streaming is bandwidth, I don't care how clever the technology is if you want to run Windows your going to need a good chunk of data to do it, then when you go offline you have an issue maintaining the build, patchng when you reconnect to the system (you drop into a kiosk and notice a slow repsonse as the new service pack downloads) and if your mobile or on a slower ADSL connection it will hinder performance.

For me that's why I like the use of ICA in the Citrix model, although they too have a desire to be able to fix the offline problem, but is it a case of technology people trying to be too clever?

After all if you need to be truly offline why wouldn't you be using a laptop? Certainly until hardware becomes more ubiquitous and bandwidth prevalent e.g. jump on Amtrak and there is a connected machine at the table in the carriage (did anyone else see the pesentation at iForum Edinburgh 4 or 5 years ago on ths subject?).

At the moment there is still a reality gap between the dream and achievable, at the moment, for non-IT users remote access is akin to the early days of networking workgroups in corporates in the mid-90's, as far as IT staff were concerned the problem was fixed you have IPX, NetBEUI or maybe this TCP thing and you could connect to remote drives and share documents, but still 12 years later there isn't a ubquitous single document management system (be it sharepoint, groove, file shares, public folder, or the miriad of options from other vendors), but it is a lot easier now and a lot of the rough edges have been knocked off the process so that most people can get by.

But look at remote access, I consider the problem fixed. I can walk up to a machine (and provided I have a decent VPN in place) can probably logon. I have to do some tweaking, add things to trusted sites, OK some dialogs, install some components, but essentially it works. But if you are a regular user who isn't IT savvy what then? Its the same problem as thos early days of networking, all the tools are there but they aren't joined up and made simple for the user.

MDOP with Kidaro is compelling but Microsoft aren't in the game yet of solving the last of inch of delivery they are still focused on maintaining their revenues and pushing ot their new O/S (Which is fine) but Citrix have the toolset to enhance it into an application delivery platform offering secure, flexible and dynamic access, which until hardware and bandwidth are ubiquitous is the best option available.

What Citrix need to do is fix that last inch of delivery, making the deployment and logon process for the user seamless (I'm not talking about the app reciever client, although its a step in the right direction) if Citrix can offer a easy way for a user to go to any device and logon without worrying about downloads, bandwidth and leaving a footprint behind then they will have fixed a significant problem which Microsoft and the other players (VDI and VPN) aren't focusing on at the moment.

Anyway that's my two cents, thanks if you managed to get this far!

Guest wrote Re: Citrix continues to have no offline story and fails to take a leadership position
on Thu, Mar 13 2008 4:00 PM Link To This Comment

Warning: Light hearted attempt at humor to follow. 

Citrix is MS' ***.

Brian is Citrix' ***.  Why did you remove the blog and link about MS working with Ericom?

Oh - I get it - the people posting as "guest" are the "Cowardly Lion." :) Excellent sublimonal humor!

Brian Madden wrote Re: Citrix continues to have no offline story and fails to take a leadership position
on Thu, Mar 13 2008 5:21 PM Link To This Comment

I only removed one link about Ericom in the past few months. I forget which article is was for.. I think "meet the TS team" or something like that, and the comment was just a link to a press release about Ericom. It had nothing to do with the article, and no words other than the link, so it was just comment spam. If someone posts a link like that that is not relevant with no explaination, it will be removed. It doesn't matter whether it's Ericom, MS, Citrix, or anyone. 

Brian Madden wrote Re: Remote single-instance based applications?
on Thu, Mar 13 2008 5:23 PM Link To This Comment
No I mean app publishing from a single-instance OS, like XP or Vista. In other words, app publishing from VDI. Or "Presentation Server" for desktops. Provision is the only company that does this now. It's kind of cool because you can get the advantages of VDI (non-TS compatible apps, maybe dedicated HW blades, provisioning on-demand, etc.), but still have the seamless windows fully integrated experience of the remote app with the local desktop and other local apps.
Dan Shappir wrote Re: Remote single-instance based applications?
on Thu, Mar 13 2008 5:52 PM Link To This Comment

> Provision is the only company that does this

The latest version of Ericom's PowerTerm WebConnect has built-in VDI support and provides this feature as well

Guest wrote Re: Remote single-instance based applications?
on Thu, Mar 13 2008 9:41 PM Link To This Comment
Oh good. . .Ericom is advertising again!!
Guest wrote Re: Unity
on Thu, Mar 13 2008 10:02 PM Link To This Comment
I figured it would be....I myself personally tried to extract the VM Tools from Fusion with intent of installing it on a Windows version of VM Workstation to see if I could hack the feature into a Windows system....I haven't get that far with it yet.  I got side tracked when I saw that VirtualBox could do it, and do it for free.  Way to go Sun!
Brian Madden wrote Re: Remote single-instance based applications?
on Thu, Mar 13 2008 11:19 PM Link To This Comment

Thanks for this post Dan.

This is a case where I'm happy to hear from a vendor. Dan't comment was correcting something I said and 100% relevant to the conversation. So thanks!

Neil Spellings wrote Re: PVS offline version
on Fri, Mar 14 2008 2:54 AM Link To This Comment

My understanding of provisioning server is that it implements a virtual disc driver on each client which redirects disc access over your LAN to a remote disc image stored on your PVS - hence "disc remoting"

Given nothing actually gets "streamed down" to the client, and only delta's get cached locally (if local caching is enabled and local storage is available) I don't see PVS as OS streaming.

OS streaming (to me) implies the OS is downloaded on-demand (like app streaming) and then remains on the local device until an admin pushes out a change or new OS image. 

Cheers

 

Neil 

Guest wrote Re: Remote single-instance based applications?
on Fri, Mar 14 2008 6:41 AM Link To This Comment

The link back to his site was unnecessary.

Brian Madden wrote Re: Remote single-instance based applications?
on Fri, Mar 14 2008 7:15 AM Link To This Comment
Oh please... did the color of the blue text offend you? We wrap comment links with "nofollow" tags, so it's not like linking there wins points with Google or anything.
Guest wrote Re: Citrix continues to have no offline story and fails to take a leadership position
on Fri, Mar 14 2008 7:17 AM Link To This Comment

Brian:

I first of all want to say - I really appreciate you and your contributions to the industry. Without your site, dabcc.com, and thethin.net we would all be in the dark where Citrix wants us.

I was interested in the link you removed because we all have to pay attention to what MS does more so than just what Citrix does. If MS is working closely with Ericom or another software manufacturer we all need to know this. I would like it if you could research the link that you removed to see if there is any substance to this. You have the connections and I do not. Now I can't find the link anymore. I would like to see a discussion around the MS/Ericom link. Citrix may be in trouble if MS starts working with another vendor.

Citrix is really hurting themselves with the growing high prices of her products, the bundling of her products (we want alacart - each product should stand on its own merits), and their arrogant attitudes of not listening or caring to listen to her partners.

If there is going to be a switch from Citrix - it will be on the Windows 2008 platform. I just want to know my options. 

Guest wrote DMOP
on Fri, Mar 14 2008 10:02 AM Link To This Comment

MDOP is just a way of skirting Anti-trust suits to Microsoft.  THey'll charge $8 a seat then later slip it in a Server OS.  We're already seeing that with two of the technologies in MDOP.  It is an underhanded way of trying to make a monopoly ligite.

 

Kevin Wilson wrote MDOP Clarification
on Fri, Mar 14 2008 11:56 AM Link To This Comment
MDOP is $8 per year. This makes it a major consideration when you have 24,000 desktops like we do.
Brian Madden wrote Re: MDOP Clarification
on Fri, Mar 14 2008 2:06 PM Link To This Comment
Yeah but with 24,000 desktops, everything is a major decision. Sure, 8 x 24,000 is a lot. But if this product was, for example, previously $100 per user, and now it's thrown in with a bunch of other stuff that is combined for $8, that's still "almost free" in my book.
Guest wrote vThere is another product in this space
on Fri, Mar 14 2008 4:53 PM Link To This Comment

I was intrigued by the comments above about solving the "last inch".  I would like to point out another product in this space named vThere from Sentillion which we believe solves this "last inch" problem for end users.  If you Google on it you will find product reviews and lots of other information.  Gartner refers to this virtualization approach to as "Packaged Desktop Virtualization".

 

vThere uses Parallels as the underlying virtualization engine.  It provides the same administration capabilities as Kidaro and goes further.  All security settings are controlled by policies.  A vThere image that is prepared for delivery can be can be sent to multiple users.  It can be burned to DVD (we create a standard ISO) or it can be uploaded to our hosted web service, vthere.net, which leverages Amazon's S3 data services behind the scenes.  A user simply clicks on a URL that is sent to them and can have the image stored on their hard drive or on a portable drive.

 

On first use the image completes a sysprep (you need a unique SID of course) and joins the AD domain (not easy joining the AD domain from a computer that is not on the LAN).  We also integrate the VPN connection into the Gina login so the user does not have to do that separately.  This also avoids giving the user a local account for one time use that allows them to spin up a VPN connection so they can save an AD cached credential for subsequent logins.  We also provide a virtual print driver so the user does not have to be given admin access to install a local print driver and they can print to any printer on the host that they choose.

 

If an administrator wants to revoke a vthere image, they simply check select that on the user’s image and the vThere image will be automatically deprovisioned.  This feature leverages our vthere.net hosted web service.

 

I apologize for the product plug but I thought I would share this with the group since I did not find any info on your site about vThere and to let you all know there are other products in this space other than Kidaro and ACE.

 

Let me know if you would like further information.

 

David Fusari

CTO

Sentillion, Inc.

Brian DaBinett wrote Re: MDOP Clarification
on Fri, Mar 14 2008 6:23 PM Link To This Comment
I thought I had read that MDOP was FOC if you had software assurance in place on the desktop O/S or is that not the case? Brian's point is a good one, when you have 24,000 desktops nothing is cheap or going to be implemented on a whim without substantial testing and business cases, but MDOP is a powerful solution set for enterprises.
Brian DaBinett wrote Re: vThere is another product in this space
on Fri, Mar 14 2008 6:48 PM Link To This Comment

Hi David,

When I mentioned the last inch I was referring specifically to the need to offer zero footprint, non-admin right access to the corporate resources, so that there is no impact on the end point that is being used for access.

The solution you guys offer is solid (based on the install bse you quote on the website), but unless I have missed something, it still has the same underlying issues around licensing and administration (patching and polution for example) of the virtualized O/S that you are running on top of parallel's as ACE or Kidaro doesn't it?

When you refer to the Sysprep and domain joining I guess that is all automated so there is no need for user intervention? Given the problems a lot of healthcare IT providers have with retisence of the user base to move beyond their comfort zone in terms of understanding or learning to deal with new IT tools that are directly linked to their job.

I also struggle to see how the solution would outpoint a properly implemented VDI solution delivered via ICA for the remote users that you seem to be targeting. But if you would like to chat about it further drop me an email.

Thanks

Brian DaBinett

Guest wrote Re: vThere is another product in this space
on Fri, Mar 14 2008 8:22 PM Link To This Comment

Thanks for your comments Brian.  I will drop you a line to discuss further but I will also clarify a few things for the forum.

You are correct that Windows licensing and patching are issues.  Perhaps the Kidaro purchase will cause Microsoft to ease desktop licensing for use in a virtual environment, but since Microsoft SA is required for the new desktop virtualization solution based on Kidaro and SA is the only way to get reasonable pricing for a virtualizable version of XP we will have to wait and see.

Our goal is to provide a secure endpoint when data is accessed remotely.  I do not want my healthcare data accessed from an unknown endpoint like at an airport kiosk.  Imagine someone that worked at Bank of America that could access your information from anywhere with no understanding of the device being used.  Because we focus on healthcare, we believe the confidentiality of healthcare information is paramount and because healthcare fraud continues to grow, any data leakage or data theft must be mitigated. 

vThere is a different approach from data center centric solutions and as Brian Madden nicely points out, there is no one solution.  The benefits for vThere are the same as have been described above: no servers in the data center where power and cooling costs continue to grow, off line access, better application response, better security from a remote location using a fully virtualized environment.  The bottom line is that a vThere instance is just another PC on your LAN and managed in the same way with all the existing tools and processes you use today for managing physical desktops.

Thanks,
David Fusari

Guest wrote Re: Remote single-instance based applications?
on Fri, Mar 14 2008 9:49 PM Link To This Comment
The color of the blue text did not offend.  The link back to the site was unnecessary.
Guest wrote Geeks outta reality
on Sun, Mar 16 2008 11:17 AM Link To This Comment

I have observed and educated myself on the technologies and offerings within this area, yet I fail in understanding the point.
Furhermore I just hate the "kiosk claim - emplyees do not work from internet cafees or other public places. The occational email check is unnecessary as it is handled by your phone. To keep it short and thwart different meanings let's throw in the security hammer (no comment).

That said and on to my point: When subtracting it all comes to this end; Deliver a laptop with the OS and needed productive offline applications and remote everything else. It's neither sexy nor modern but still the most rational choice in these scenarios.

/just some dude

 

Guest wrote Re: Geeks outta reality
on Mon, Mar 17 2008 10:36 AM Link To This Comment

Hi,

I agree that the kiosk claim is somewhat unreasonable.  I seriously hope that a healthcare employee would not be looking up my colonoscopy results at an airport kiosk.  ;-)

Can you elaborate more on your organization and network environment?  If you view these technologies as just new approaches for solving the same fundamental problem of getting users access to applications while maintaining security and easing administration, why do you feel that the laptop-based approach is *better* than the other approaches?

How would you respond to the following issues:

  • Maintaining and securing the laptops
  • Risks with off-premises laptop use (theft, loss, etc.)
  • Downtime and possible data loss due to device failure
  • Cost of upgrading and replacing/fixing laptops
  • Need for users to be untethered to a particular device 
Guest wrote Re: Citrix continues to have no offline story and fails to take a leadership position
on Mon, Mar 17 2008 11:52 AM Link To This Comment
Not sure you've been reading the posts here lately. Brian is the last person that I would accuse of being Citrix's ***. If anything, I was beginning to thing he'd taken a covert position with VMware, with some of his postings...
Guest wrote I thought Parallels solved the licensing issue...
on Mon, Mar 17 2008 12:32 PM Link To This Comment
At least that's what their sales reps are telling us! Just install Server 2k3 Enterprise Edition but pay for DataCenter Edition => unlimited virtual machines...
Guest wrote Guest to some other guest
on Mon, Mar 17 2008 12:39 PM Link To This Comment

At least use some handle so I wont have to respond to a generic guest. Here goes....

  • Maintaining and securing the laptops
    Usual things. Bitlocker if nothing else or 3 party disk encryption,the normal combo of antivrii/malware/local FW.
    By beeing offline the laptop (and any other solution) is by definition unmanaged. That said, the mere fact of physical access certainly enables the savvy to override the "controlled" system. So fine, use a USB stick and save your offline stuff and keep it deerly and close.
  •  Risks with off-premises laptop use (theft, loss, etc.)
    As there is no "kiosk" thing  Ofline/Roaming users have laptops, simple as that.
  • Downtime and possible data loss due to device failure
    Yep, that's part of the deal. Use the USB stick thing, and deal with the possible failure of that. Not so much more options unless doing the online remoting thing.
  • Cost of upgrading and replacing/fixing laptops
    Yeah, well. What can you do about it anyways? 
  • Need for users to be untethered to a particular device
    Remoting? Or are we back to the "kiosk claim"? 
  • /just some dude

    Guest wrote Re: MDOP Clarification
    on Mon, Mar 17 2008 10:02 PM Link To This Comment
    No, you have to first pay for SA then you have the "right" to buy MDOP.  Not my definition of free!  First the high cost of SA then $8 per year!
    Guest wrote Re: MDOP Clarification
    on Wed, Mar 19 2008 12:27 AM Link To This Comment
    I don't get it.  How is it a high cost?  We have SA and can also purcahse MDOP and it still costs less than my Citrix CALS.  It's all relative.  SA and MDOP add value for my org. 
    Guest wrote Re: Geeks outta reality
    on Wed, Mar 19 2008 10:02 AM Link To This Comment

    Hi /just some dude

    I agree that the kiosk model is on the extreme.  But it makes a point that all organizations should consider when providing remote access to information.  Web apps can be viewed anywhere then you should assume the data could be stolen.  If VPN access is required there is still the possibility of spyware.  If the endpoint is scanned (NAC/NAP) to ensure it is up to snuff then the bar has been raised but to scan an entire endpoint can be very time consuming.

    But there is another angle to consider which is compatibility.  We recently had a home user where their children had downloaded so much crap into IE that it could not run the web application.  Of course you all might respond with the machine should be locked down for your kids but home computer users are not that sophisticated.  So application compatibility also comes into play. 

    By providing a remote user a locked down corporoate managed virtual environment using vThere the organization has a secure and controlled environment for remote access. 

    David Fusari.

    Guest wrote Re: MDOP Clarification
    on Thu, Mar 20 2008 3:27 PM Link To This Comment

    Here is what you don't get... a company that does not have SA and is interested in anything in MDOP would have to sign on for SA EVERY YEAR, then pay $8 per seat EVERY year.  If you are already on SA then yeah, MDOP could be more cost effective but if you are not it is expensive.

     

    Guest wrote Brian Madden = MS cool-aide drinker.
    on Sat, Mar 29 2008 1:22 PM Link To This Comment

    The more I read your posts, the more I become aware of this. You have lost a LOT of credibility to me during the time that I have been working with VMware products.

    Truth is that ACE is a perfect solution for what it does, and that is always going to remain a very small niche.

    Show me how you can deploy a MS/Kidaro solution to just about ANY hardware from a 4GB USB key and have it run completely encrypted and encapsulated from the host OS, all controlled remotely from the ACE management server and I'll eat my words. 

    MS gained LITTLE IP with the  aquisition of Kidaro.But hey, that's what they do... they buy technolgoy instead of pioneer it.

     

    (Note: You must be logged in to post a comment.)

    If you log in and nothing happens, delete your cookies from BrianMadden.com and try again. Sorry about that, but we had to make a one-time change to the cookie path when we migrated web servers.

    Trackbacks

    Brian Madden wrote The desktop and application virtualization 2008 year in review
    on Wed, Jan 7 2009 11:58 AM

    Another year has ended. We did a "year in review" article in 2005 and 2006 (not sure what happened

    wan acceleration technologies wrote wan acceleration technologies
    on Mon, Jan 26 2009 4:21 AM

    Understanding Web 2. 0 Attacks Protecting the Crown Jewels With Database Security-- Rothman Chats With Ted Julian What\'s So Scary About CSRF? Plenty! Rothman Talks to Nitesh Dhanjani What You Need to Know About Source Code Analysis: Mike Rothman Talks