Why "Identity" will be the next big thing in desktop virtualization

Most of us have probably heard of phrases like "identity management" and "identity" in the context of IT. And if you're like me, you probably heard those things and thought something along the lines of "I'm glad that's not anything I have to deal with as a 'desktop' person.

Most of us have probably heard of phrases like "identity management" and "identity" in the context of IT. And if you're like me, you probably heard those things and thought something along the lines of "I'm glad that's not anything I have to deal with as a 'desktop' person." Guess again! One of the things I realized at BriForum 2011 London last week was that (1) identity matters, and (2) it matters to us, as 'desktop people.'

My realization that "identity" will be important for desktop virtualization is based on a few things that have been happening over the past few years.

First is that the concept of the desktop is changing. For the past twenty years or so, "the desktop" was "The Microsoft Windows OS that includes system bits, apps, data, and personalization." Sure, desktop virtualization has evolved that a bit, but even a VDI desktop is still a tradition Microsoft Windows desktop. (That old desktop is what I call the Desktop with a capital "D.") But if you think about what a desktop is really, it's not about the Microsoft Windows OS -- it's about the display and collection of a user's apps, data, and personality. So in the past it was manifested as a Microsoft Windows OS instance (whether static or dynamic), but moving ahead it could be an iPad, a Mac, a phone.. whatever. (I call that new thing the "desktop" with a lowercase "d.") So in a future desktop (lowercase "d") world, the concept of the user identity is even more important. (And hence more important to us, as we evolve from "Desktop architects" to "desktop architects.")

And of course I'm not the first to realize this. (It's just that now I realize it! :) Look at what VMware is doing with Horizon, what Citrix is doing with OpenCloud Access, and what companies like Centrix are putting together. All of these products are fundamentally about extending your corporate identity out to all the apps and data that will make up your future desktop (small d). You could even say that one of the core tenets of my "user virtualization for all platforms" fantasy is identity management.

At BriForum last week, I gave a session with Harry Labana about the "Future of the desktop" (where we basically talked about how the Desktop was evolving into the desktop), and I gave a session about the consumerization of IT (where I argued that it was not about BYOC/BYOD but instead about the reality that users can do whatever they want, whether we like it or not). In those conversations it was suggested that in a world where an end user can just go out and buy his or her own Dropbox, Gmail, Salesforce, or 3G card, perhaps the "identity" is something valuable that the corporation can own and provide to the user when the user is operating in a work context? So this leads to a need for users to manage multiple identities. (Which is something we already do now.)

Or does it mean that if we do identity right, users will just be able to use their own identity (Facebook/Google/LinkedIn/Whatever) for access to corporate resources that have been granted to it. If this happens, have we solved the problem (one identity) or made it worse (since there's even less I need the corporation for)?

At this point I'm in the very early stages of figuring out just what exactly identity is and how it relates to desktop & application delivery, but I know it will be important. How do you think we as desktop folks should approach this?

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

identity / personalization / personality / profile / customization / data... All this words should refer to the last layer regarding user...

One more piece of wording complexity in the virtualization world...


I like the idea of the blending of social tooling and corporate tooling into one environment. But will it ever blend? Maybe. Windows is at least taking some serious steps by linking roaming profiles to live accounts.

Your first suggestion seams doable. Every single sign-on vendor will second me on that.

Your second suggestion for doing it right results in some serious challenges:

First of all: Every company selling services in the 'cloud' wants to 'own' the identity of the user, resulting in a enormous numbers of additional identities to add\map\match\link\integrate with your main corporate user identity management system.

Second: will you be able to trust the third party credentials to give access to your corporate applications and data (equals intellectual property). People hacking into a backend to steal identities is a real problem today.


I think that ultimately, a single federated ID system would be the most USABLE solution.  

Without it, when I work in the future with two different/untrusted ID systems and I want them to work together, my Desktop (Capital D) that I am working on must become the connecting hub for the transfer of any data.  So un a cloudy world, this would mean each one of us becomes the central spoke between each of our cloud solutions, which would [replace s-word to avoid spam blocking with: not be nice].

It has been 10 years since Microsoft first announced Passport (now called Live-Id).  At first everyone was concerned about putting that info into Microsoft's hands.  I don't hear as much vocal concern over it these days, but I know that it is in the back of some peoples minds, and if a serious push was made to just build everything around that those concerns would be voiced more.  But if not Microsoft, then who?  Microsoft's federation model is MS stores the data and federation is about who can use what data.

The system we seem to be heading towards is multiple seperate identities kept completely separate, simply because we stupidly can't stand the idea of one company controlling our identity.  Instead, we will have many companies with copies of the most critical information, which quite frankly will be less secure.  I'm not sure I want to say "just let Microsoft handle it" either, but if not them -- who?


Don't technologies like "Novell Identity Manager" do all of this today including user provisioning and multiple systems identity integration.

Unless I am missing something this is no big deal.


@Jacob Marurer

Thats exactly what I was thinking..

We use IDM and Access Manager (Novell) to do this today. Education has been doing federated access for years it would seem that the private sector is catching up.

But there is a cost associated with IDM - the drivers to do user provisioning are not cheap. Access Manager on the other hand is amazing at dealing with federated access and SSO, etc etc.


I think the big challenge is getting 3rd parties to accept a life of federated access... This has been our largest challenge - the actual access element is straight forward (phrase used loosely).

There is a lot of services out there that couldn't give a flying s**t about SSO and federation! But this will change.

Still glad to see VMware and Citrix playing catchup! :)

Tim Mangan is ultimately correct though... A federated access approach is the best way.


Interesting work by VMware in exactly this area with their Horizon project:



Just noticed that Horizon is already referenced in the article..


I know it's been a couple of weeks since this was discussed but during a conversation regarding identity I shared your blog with a colleague and he shared this link http://tinyurl.com/223clx

A little dated but concepts are worth exploring and discussing into today's climate