Citrix and VMware test the "employee-owned PC" with their own employees

there is actually 2 big show stopper we experimented :

- taxes (of course it depend on where you are) but most of the time, the money you give to the employee for the laptop is accounted as salary. Salary could have hge taxes on employee AND on company side which decrease the interest for the employee while increasing the cost for the company.

- productivity : as the employee own and maintain their laptop, what append when laptop broke down or when a software problem occur... In how many time will the user get back to a working laptop ? this is major concern as you do not manage anything now. Of course, if the employee (like me) are good enougth, they can reimage/rebuild/reinstall their laptop is couple of minutes (but not all could prepare that), can have a spare (old) one to work with while the previous is being repaired... but most of the time, the rebuild will append on camapy site and working hour or the repair process will block the user for days. One solution is to provide couple of thin client for spare but if I'm going this way, I prefer tothin-client-ized everybody instead of employee-owned-ized everybody...

Another other option is corporate OS for the physical host, and VM for admin/private use.

... giving users the ability to modify / alter / "own" their laptop or desktop is asking for a lot of trouble. Trusting users to:

- not install pirated software, movie, music (fat chance)

- not keep critical business data on the local hard disk without adequate backup policy, and ensuring user adheres to the policy (yeah right)

- security updates (this includes non managed software)

- not use or install non-certified hardware (there will always be some VIP that buys a gadget that screws the os up).

The list could go on and on. 

 This is similar in principal to the way in which banks self-regulated themselves, look where that got them and us.

Yes. Consumerization is the Future.

I would opt for a more blended (less rigid) approach to option 1. Option 2 is out of the question because this is not a employee owned P(ersonal) C. In my opinion employees should (in some cases) also be able to select their own tools at work.

Focus on the apps and the related user environment. Make sure that if apps break down (because of personal software installs etc), the coorporate app's (and the related user\coorporate environment parts) are reinstalled, streamed or repaired automatically.
With all application virtualization and user environment management software in the market today, this would not be to hard to achieve I guess. This way all personal and coorporate apps could work nicely together and your employee would be able to work with his personal favorites (Foxit Reader in stead of Adobe Reader etc).

This does not solve an OS broken by the employee. Need to think about that.

My personal gut reaction is, as it has always been, that I love the idea of the personal PC. I have no doubt that it would make me a happier (if slightly less productive) employee.

Unfortunately, I can’t help thinking that it would probably also make me an ex-employee. I couldn’t in all seriousness propose that we give people a wad of cash to go off and buy their own kit and simply ‘trust’ them not to install any old rubbish they fancy, or use it to work with corporate data in an uncontrolled way. It’s simply not viable to suggest, in the current climate of ever tightening governance and control, that we could take this approach. Not only do we have to make sure all corporate data is secure, we also have to be able to DEMONTRATE that it is secured. How can I do that if I’ve let you buy your own laptop that I have no control over? It’s a fine idea to say all the apps and data will be delivered through a virtual service, but how complex and expensive would the controls have to be to prevent me copying data somehow to my laptop and working with it?

The licensing issue is still a problem even if the laptop is actually employee owned and purchased. If we, as an organisation, expect that employee to use his or her laptop for corporate activities, we may be liable for all the dodgy software they have installed, even if it’s not really our PC (never underestimate the ability of regulators to assign blame to you for things you didn’t think were your responsibility in the first place).

I can see option 2 as a way of starting to address these issues, but I don’t see any huge benefit for the employee in this option unless they’re uncontrollably dazzled by having the newest shiniest toy (which, in my experience, is …..very very likely)

What a nightmare. Support for such a thing would increase IT time and budget in the long run....

Standard Images, Standard Line of PC's and controlled environment keeps things running smoother, longer and keeps the employees more productive....

I can see it now. " All i did was install limewire and now my pc doesnt work"

The Citrix employee owned program requires Windows or Mac and the program is still ramping up. When my day comes, I'm figuring on putting Ubuntu Linux on the machine and then figuring out a way to demonstrate and develop Citrix Application Streaming via Unix ;-).

Macs seem to be popular choice and this is contributing to the drive for continued improvements to the Mac ICA client, which is goodness. 

Most Mac users are using Parallels to run the Windows apps that are required. 

I have a strange view: Mac OS + Parallels = the worlds largest Windows OS Loader. I mean, it is somewhat humerous to see Windows desktops on Mac machines, for people that are really happy to be "trendy" running their Mac!

I guess it s better than carrying multiple machines.

I agree 100%!  There's a huge knowledge-gap between Citrix/VMWare employees and our insurance brokerage employees.

I have worked for customers leveraging a VM instance running from my local laptop within VMWare Workstation.  The VM I built matched the HD requirement of the customer, encrypted the VM "hard drive", install the VPN and you are on your way.  IT departments have been doing this for some time for the IT professional working remote.  As IT professionals, our personal lab environments are generally a bit more well endowed than the organizations offerings.  In the end, the VMWare instance running within my own lab at home offers a better foundation for support of the network overall than reliance on a fixed hardware instance delivered to the end user.  Joe Nord's comment above is also an example of this reality in my view.  Thanks.

RTE

Have you considered nettops?  The chief objections - beside taxes - appear to be maintaining and installing local apps.  Nettops are good enough for access, limited local apps.  Has it struck anyone else that they are nearly priced at the same cost of a smartphone today?

From a recent El Reg:

"Most netbooks were sold through retail, the market watcher said. But it noted a growing number of units coming through mobile phone carriers and telcos who subsidised the products on the back of monthly broadband subscription fees."

The answer - manage the device like you manage your enterprise cell contracts.

Now to ensure ubiquitious access....

-RPC 

Not sure what happened  –  will use proper punctuation next time  J

In most environments that I have supported, the "savy" end user is the one you need to lock down the most. Giving users too much latitude and permissions is a nightmare. Productivity across the board would decrease. How can you justify locking anything down on an employee owned PC? When they cannot connect, or the PC doesnt boot up....when does the finger pointing as to whose issue it is to fix the problem stop? By the time you figure just that piece out, you could have had them up and running on another PC, Thin Client, Laptop Etc....

I hate the idea....but it may be inevitable. Thankfully I dont have to support these things anymore and can just design.

Nightmare!

I agree with most of the comments saying that it will be a support nightmare. I think vendors forget what they are trying to achieve with SBC, VDI and VM infrastructure and that is to deliver a safe, consistent and workable environment to the user. Allowing users to install applications that conflict with the running of the corporate image stifles the productivity of the environment.

Back in the day when I actually did desktop support there were instaces of the before mentioned Limewire install as well as implementation of multiple virus scanners bringing a computer to a screaming halt, or maybe that custom firewall application that stopped all network traffic.

Here is an idea:  The Host OS is the side that should be locked down and run corporate apps. The guest OS is were free range should take place. If the user screws (more likely) that up then it just gets to be re-deployed with a base image.

 Summary: virtualise what is more likely to go wrong. Not least likely.

That’s certainly one approach but then you would have a VM(s) running within your corporate image and how would you manage the VM’s out of the corporate image.

I would suggest leaving the Personnel PC OS as-is and deliver the corporate image down to that.  This could be through a Web Interface, streamed or delivered to a Hypervisor.

Then you can protect your network because you’re dealing with a bunch of desktop devices at Layer 3.

For me I like to be in that kind of company, you may say it’s more challenging and of course additional work in our part ( IT ) when managing is concern. But if we can tell our not so savvy users that if their pre owned laptops will have some kind of problems or malfunction in the way they handled it, it’s their RESPONSIBILITY to fix it, I think before they ( companies )will implement this kind of “employees benefit” there must be a proper company meeting you know “DO and Do NOT, IF THEN ELSE etc….if the employee deserves it don’t deprive him/her  

eba

Most medium to large corporations have a regulatory requirement to protect customer data.  To do that, AV, anti-spyware and firewalls need to be in place and if that asset was to leave a secure premise, then the hard drive would need to be encrypted. There's no way that you can expect that a corporation could both control the employee-owned asset and on the other hand let the user do what they want with it.

Adding a VM onto this Employee-Owned PC (EOPC) would seem to be the next logical step, but that doesn't address possible support issues and still requires the corporation to take responsibity for at leats part of the EOPC.

So in essence, you'll can't have the employee-owned PC to "natively" access the corporation's data and network and still maintain the regulated level of security required.  Next on the "virtual path" is central virtual desktops like XenDesktop.  The problem I see there is that the corporation now had to both spend money on the EOPC and now has to pay for the VDI and support it.  So no savings and in fact it costs more.  And no comapny is going to jump on an initiative if it has no benefits (except fluffy ones) and no savings.

Thus, in order to implement an employee-own initiative, then you must virtualize the actual

Just a thought but wouldn't it be cheaper to order 1000 laptops with one call than call 1000 times for one laptop.

I also agree with the support problems, 1000 end users installing funky apps off the internet would cause chaos.

Citrix Delivery Center allows employees to connect to the data centre remotely from any asset, such as their home PC, with a multitude of P2P and unsanctioned software on it. BYOC is nothing more than bringing your home PC to the office and connecting it to the Internet at your desk. The security implications are the same as they would be for a  teleworker.

 Antivirus, intrusion prevention, patch level, all things that can be checked before granting access. Once connected to the data center, access can be restricted to the point that file transfer with the end point is not possible. The Citrix portfolio makes this possible.