Citrix and VMware test the "employee-owned PC" with their own employees

By now most of you know that I love the concept of the "employee-owned PC." If you're not familiar with it, it's the idea that instead of the IT department issuing a standard corporate laptop to their employees, each employee can pick whatever laptop he or she wants, as long as it meets some minimum requirements.

By now most of you know that I love the concept of the "employee-owned PC." If you're not familiar with it, it's the idea that instead of the IT department issuing a standard corporate laptop to their employees, each employee can pick whatever laptop he or she wants, as long as it meets some minimum requirements.

The main driver behind this is employee happiness and the desire for companies to hire and retain younger employees. Also, it's nice to let employees use a version of Windows that isn't totally locked down, and providing a corporate version of Windows via a VM which is separate from the employees' local OS can help with that.

The employee-owned PC concept doesn't necessarily mean that the employee literally owns his or her own computer. In a lot of cases they're given a stipend where they choose whatever they want, but the actual physical asset still belongs to the company. Rather, the employee "owns" the decision about which laptop to use, and in many cases, the employee "owns" the local OS and can do whatever they want to it.

There are two ways the employee-owned PC thing can work.

Option 1: The laptop natively runs whatever OS the user wants, and the user can run and install whatever he or she wants on there. When the user comes into the office, the only network connection available to the native OS is a VLAN that only has Internet access. Corporate apps are either provided via server-based computing or via a locked-down Windows VM that runs as a guest on the employee's laptop. (And of course that guest has the proper credentials to connect to a corporate VLAN.) In this case, the employee "owns" both the decision about which hardware to buy and which software and host OS they run.

Option 2: The employee chooses whatever model of laptop they want, but IT still controls the OS 100%. This option usually involves a client-side bare-metal hypervisor. Employees don't like this as much, because it still means they're running a locked-down version of windows. But IT departments like this better, because it's easier to implement and you don't have to deal with the support of random host OSes. With this option, the employee only "owns" the choice of laptop. The OS is still "owned" by the IT department.

We've been talking about the concept of the employee-owned PC for eighteen months, and last week we started to hear about a few companies who were actually trying it.

First, Information Week's Joe Hernick interviewed Citrix's CIO about the employee-owned PC pilot they're recently launched for internal Citrix employees. This 300-user pilot gives users a $2100 stipend to buy just about whatever they want (as long as it has a three-year support contract). Apps are then delivered via Citrix XenApp. (The article doesn't specify, but one assumes this is via server-based computing, since you can't stream XenApp apps to Macs, and 50% of the pilot users chose Macs.)

Next, VMware's Mike DiPetrillo wrote that VMware's corporate image is nothing more than a VM image. So there's nothing stopping anyone from running on whatever PC or Mac they want. While the employee-owned PC program is not official, many of the SEs just buy their own laptops and use the corporate VM for their official apps.

I guess I could also add that here at The Brian Madden Company, we've been letting employees choose whichever laptop they've wanted since Day One. As it stands right now, the three guys in the company (Gabe, Jack, and I) all insist on Macs, while the two girls (Emily and Lara) don't seem to care and just want something that works. <gasp!> The only "corporate app" we have is Quickbooks, and we deliver that via Citrix Access Essentials 2 on the free VMware Server.

And how about you? Are you buying into the employee owned-PC concept? Are you doing it or thinking about it?

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

there is actually 2 big show stopper we experimented :

- taxes (of course it depend on where you are) but most of the time, the money you give to the employee for the laptop is accounted as salary. Salary could have hge taxes on employee AND on company side which decrease the interest for the employee while increasing the cost for the company.

- productivity : as the employee own and maintain their laptop, what append when laptop broke down or when a software problem occur... In how many time will the user get back to a working laptop ? this is major concern as you do not manage anything now. Of course, if the employee (like me) are good enougth, they can reimage/rebuild/reinstall their laptop is couple of minutes (but not all could prepare that), can have a spare (old) one to work with while the previous is being repaired... but most of the time, the rebuild will append on camapy site and working hour or the repair process will block the user for days. One solution is to provide couple of thin client for spare but if I'm going this way, I prefer tothin-client-ized everybody instead of employee-owned-ized everybody...


Another other option is corporate OS for the physical host, and VM for admin/private use.



... giving users the ability to modify / alter / "own" their laptop or desktop is asking for a lot of trouble. Trusting users to:

- not install pirated software, movie, music (fat chance)

- not keep critical business data on the local hard disk without adequate backup policy, and ensuring user adheres to the policy (yeah right)

- security updates (this includes non managed software)

- not use or install non-certified hardware (there will always be some VIP that buys a gadget that screws the os up).

The list could go on and on. 

 This is similar in principal to the way in which banks self-regulated themselves, look where that got them and us.



Yes. Consumerization is the Future.

I would opt for a more blended (less rigid) approach to option 1. Option 2 is out of the question because this is not a employee owned P(ersonal) C. In my opinion employees should (in some cases) also be able to select their own tools at work.

Focus on the apps and the related user environment. Make sure that if apps break down (because of personal software installs etc), the coorporate app's (and the related user\coorporate environment parts) are reinstalled, streamed or repaired automatically.
With all application virtualization and user environment management software in the market today, this would not be to hard to achieve I guess. This way all personal and coorporate apps could work nicely together and your employee would be able to work with his personal favorites (Foxit Reader in stead of Adobe Reader etc).

This does not solve an OS broken by the employee. Need to think about that.


My personal gut reaction is,
as it has always been, that I love the idea of the personal PC. I have no doubt
that it would make me a happier (if slightly less productive) employee.


Unfortunately, I can’t help
thinking that it would probably also make me an ex-employee. I couldn’t in all seriousness
propose that we give people a wad of cash to go off and buy their own kit and
simply ‘trust’ them not to install any old rubbish they fancy, or use it to
work with corporate data in an uncontrolled way. It’s simply not viable to
suggest, in the current climate of ever tightening governance and control, that
we could take this approach. Not only do we have to make sure all corporate
data is secure, we also have to be able to DEMONTRATE that it is secured. How
can I do that if I’ve let you buy your own laptop that I have no control over? It’s
a fine idea to say all the apps and data will be delivered through a virtual
service, but how complex and expensive would the controls have to be to prevent
me copying data somehow to my laptop and working with it?


The licensing issue is still
a problem even if the laptop is actually employee owned and purchased. If we,
as an organisation, expect that employee to use his or her laptop for corporate
activities, we may be liable for all the dodgy software they have installed,
even if it’s not really our PC (never underestimate the ability of regulators
to assign blame to you for things you didn’t think were your responsibility in the
first place).


I can see option 2 as a way
of starting to address these issues, but I don’t see any huge benefit for the
employee in this option unless they’re uncontrollably dazzled by having the newest
shiniest toy (which, in my experience, is …..very very likely)

p.s. Sorry about the fugly font. Don't know how that happened ;-)

What a nightmare. Support for such a thing would increase IT time and budget in the long run....

Standard Images, Standard Line of PC's and controlled environment keeps things running smoother, longer and keeps the employees more productive....

I can see it now. " All i did was install limewire and now my pc doesnt work"


Main question is: can we ignore it or wil it become a fact of (IT)life

The Citrix employee owned program requires Windows or Mac and the program is still ramping up. When my day comes, I'm figuring on putting Ubuntu Linux on the machine and then figuring out a way to demonstrate and develop Citrix Application Streaming via Unix ;-).

Macs seem to be popular choice and this is contributing to the drive for continued improvements to the Mac ICA client, which is goodness. 

Most Mac users are using Parallels to run the Windows apps that are required. 

I have a strange view: Mac OS + Parallels = the worlds largest Windows OS Loader. I mean, it is somewhat humerous to see Windows desktops on Mac machines, for people that are really happy to be "trendy" running their Mac!

I guess it s better than carrying multiple machines.


I agree 100%!  There's a huge knowledge-gap between Citrix/VMWare employees and our insurance brokerage employees.


I have worked for customers leveraging a VM instance running from my local laptop within VMWare Workstation.  The VM I built matched the HD requirement of the customer, encrypted the VM "hard drive", install the VPN and you are on your way.  IT departments have been doing this for some time for the IT professional working remote.  As IT professionals, our personal lab environments are generally a bit more well endowed than the organizations offerings.  In the end, the VMWare instance running within my own lab at home offers a better foundation for support of the network overall than reliance on a fixed hardware instance delivered to the end user.  Joe Nord's comment above is also an example of this reality in my view.  Thanks.


Good call on the taxes. Citrix's Rich Crusco blogged a bit more about that today.

Have you considered nettops?  The chief objections - beside taxes - appear to be maintaining and installing local apps.  Nettops are good enough for access, limited local apps.  Has it struck anyone else that they are nearly priced at the same cost of a smartphone today?

From a recent El Reg:

"Most netbooks were sold through retail, the market watcher said. But it
noted a growing number of units coming through mobile phone carriers
and telcos who subsidised the products on the back of monthly broadband
subscription fees."

The answer - manage the device like you manage your enterprise cell contracts.

Now to ensure ubiquitious access....



Not sure what happened  –  will use proper punctuation next time  J

Taxes may not be a problem if the company is loaning the employee the money to purchase the computer.  The company then deducts the cost of the computer from their paycheck over a three-year period to repay the loan.
I would even go further and let them own the physical computer, for notebooks.  This provides a greater incentive to not do something goofy like leave it in a car where it will be stolen, or accidentally drop it or spill something on it.

In most environments that I have supported, the "savy" end user is the one you need to lock down the most. Giving users too much latitude and permissions is a nightmare. Productivity across the board would decrease. How can you justify locking anything down on an employee owned PC? When they cannot connect, or the PC doesnt boot up....when does the finger pointing as to whose issue it is to fix the problem stop? By the time you figure just that piece out, you could have had them up and running on another PC, Thin Client, Laptop Etc....

I hate the idea....but it may be inevitable. Thankfully I dont have to support these things anymore and can just design.




I agree with most of the comments saying that it will be a support nightmare. I think vendors forget what they are trying to achieve with SBC, VDI and VM infrastructure and that is to deliver a safe, consistent and workable environment to the user. Allowing users to install applications that conflict with the running of the corporate image stifles the productivity of the environment.


Back in the day when I actually did desktop support there were instaces of the before mentioned Limewire install as well as implementation of multiple virus scanners bringing a computer to a screaming halt, or maybe that custom firewall application that stopped all network traffic.

Here is an idea:  The Host OS is the side that should be locked down and run corporate apps. The guest OS is were free range should take place. If the user screws (more likely) that up then it just gets to be re-deployed with a base image.

 Summary: virtualise what is more likely to go wrong. Not least likely.


That’s certainly one approach but then you would have a VM(s) running within your corporate image and how would you manage the VM’s out of the corporate image.

I would suggest leaving the Personnel PC OS as-is and deliver the corporate image down to that.  This could be through a Web Interface, streamed or delivered to a Hypervisor.

Then you can protect your network because you’re dealing with a bunch of desktop devices at Layer 3.


For me I like to be in that kind of company, you may say it’s more challenging and of course additional work in our part ( IT ) when managing is concern. But if we can tell our not so savvy users that if their pre owned laptops will have some kind of problems or malfunction in the way they handled it, it’s their RESPONSIBILITY to fix it, I think before they ( companies )will implement this kind of “employees benefit” there must be a proper company meeting you know “DO and Do NOT, IF THEN ELSE etc….if the employee deserves it don’t deprive him/her  



I see very limited adoption of this. Gadget guy/gal may want this. The average idiot user doesn't care and will expect support no matter what. As an IT dept getting average idiot to agree to no support is unlikely to be that much of a hit. I think people like the service even if they complain. I would guess 15% adoption rate as an average.

Most medium to large corporations have a regulatory requirement to protect customer data.  To do that, AV, anti-spyware and firewalls need to be in place and if that asset was to leave a secure premise, then the hard drive would need to be encrypted. There's no way that you can expect that a corporation could both control the employee-owned asset and on the other hand let the user do what they want with it.

Adding a VM onto this Employee-Owned PC (EOPC) would seem to be the next logical step, but that doesn't address possible support issues and still requires the corporation to take responsibity for at leats part of the EOPC.

So in essence, you'll can't have the employee-owned PC to "natively" access the corporation's data and network and still maintain the regulated level of security required.  Next on the "virtual path" is central virtual desktops like XenDesktop.  The problem I see there is that the corporation now had to both spend money on the EOPC and now has to pay for the VDI and support it.  So no savings and in fact it costs more.  And no comapny is going to jump on an initiative if it has no benefits (except fluffy ones) and no savings.

Thus, in order to implement an employee-own initiative, then you must virtualize the actual

Forget that last bit of a sentence.  It was a thought that I forgot to edit out.
fooking nightmare!

Just a thought but wouldn't it be cheaper to order 1000 laptops with one call than call 1000 times for one laptop.

I also agree with the support problems, 1000 end users installing funky apps off the internet would cause chaos.


Citrix Delivery Center allows employees to connect to the data centre remotely from any asset, such as their home PC, with a multitude of P2P and unsanctioned software on it. BYOC is nothing more than bringing your home PC to the office and connecting it to the Internet at your desk. The security implications are the same as they would be for a  teleworker.

 Antivirus, intrusion prevention, patch level, all things that can be checked before granting access. Once connected to the data center, access can be restricted to the point that file transfer with the end point is not possible. The Citrix portfolio makes this possible.