Brian & Gabe LIVE #27: Guest Jeff Fisher talks about RES HyperDrive, Gabe & Brian argue about VPNs

Listen to this podcast

This week we were joined by RES Software's Jeff Fisher, who will address the accusations that RES mislead people by saying they developed their Hyperdrive on-premise cloud-like storage product.

This week we were joined by RES Software's Jeff Fisher, who will address the accusations that RES mislead people by saying they developed their Hyperdrive on-premise cloud-like storage product. (Last week AppSense accused them of white labeling it without telling anyone.) On today's show:


Brian: Good morning on Tuesday, May 1st, 2012, this is Brian Madden, and you’re listening to Brian and Gabe live.

Gabe: Do we not have music today?

Brian: We turned down the music on Skype so that you don’t have music blasting in your ears.  We’re trying to plan our show.

Gabe: I got you.  It’s so complex over there now.  Our little studio’s all grown up.

Brian: Although actually I do still hear the music in my ear.  Yeah, I was just gonna comment on that what you’re saying – just gonna comment on that.  That is Jack Madden here in San Francisco.  Thanks for joining today Jack.

Jack: Good morning, Brian, good morning Gabe.

Brian: Other guy, Gabe Kanuth from Omaha, Nebraska.  Thank you Gabe for joining.  

Gabe: Hey, as always.

Brian: And joining us via Skype, I don’t know East Coast somewhere is Jeff Fisher.  How are you today Jeff?

Jeff: Doing great Brian, thanks so much for having me.

Brian: And where – are you in Boston right now.

Jeff: I am in Manhattan.

Brian: Oh cool.  Do you live there or?

Jeff: I do.

Brian: Fun.  And so Jeff Fisher, you are with is it Res Software or RES Software.  I always ask that.

Jeff: We prefer RES.

Brian: Okay, so you are with RES.  You were formally – I think I met you first possibly at Bri Forum in 2005, the very first Bri Forum where you were with Softricity, right?

Jeff: Correct, but we had actually met before that.  I was on the Citrix SEC team back in ’02 and ’03, and you came down for a Citrix quarterly in Fort Lauderdale as HP with your book so that’s all actually – 

Brian: Oh yeah, yeah.  So Citrix, Softricity to Microsoft you were with Desk Tone for a good while, and your now with RES Software.

Jeff: Correct.

Brian: And so welcome, and let’s just jump into why you are on the phone with us today.  Okay, I wrote an article for consumerized IT I guess how long ago was this.  Let’s pull this up.  Hyper Drive.  RES software is now the product called Hyper Drive, and I think the idea with Hyper Drive – maybe if you talk a little bit about what Hyper Drive is, I’m gonna post a link to the chat.  I want the record to show that I’m a big fan of Hyper Drive, but just kind of explain what this Hyper Drive thing is.

Jeff: Absolutely.  So Hyper Drive is RES’s sort of play on following the data, and really sort of the world post-drop box where everyone’s thinking about how to create and enable ubiquitous access for end users to their unstructured data in our case.  So what would be considered sort of work product that you create with Office applications or other applications that you’d want to have accessibility from across multiple clients.

What we knew from the start was that in order for enterprises to adopt us, they would need to have more control over the backend or the storage over security provisioning etcetera, and that really just didn’t exist in most of the more well-known solutions.  So that sort of lead to the beginning of the Hyper Drive product development exercise which actually started probably over a year ago.

Brian: And so you talk about follow-me data, and this is a term that Citrix and VMWare and some of these other companies are using, but sort of the tweak version of this is this make the wrong, but I mean Hyper Drive, it’s like Drop Box, but it’s an on premise Drop Box.  So if companies who want IOS client, Android client, Web, Mac, just file synchronization for folders, but don’t trust having that data sort of out in the public cloud and with questionable security.

It’s like if a company wants to roll their own Drop Box, this is what Hyper Drive does.

Jeff: Exactly.

Brian: Okay, cool.  And is Hyper Drive, this is available now.  This is beta?  What’s the situation?

Jeff: It’s still pretty early and it’s going to be available this coming month actually, in the month of May we’re going to go GA with it.

Brian: Okay, and then so I’m gonna now post a link to the chat which is a blog post written by one of your competitors at Absence who accused RES Software of – it’s like a white – saying that Hyper Drive was not a product that was developed by RES.  Rather it’s a white label of another product.  And we were talking back and forth, and there’s a lot of conversation on Twitter because I think a lot of people were sort of, of the same opinion that you know if it’s a white label product, okay that’s fine, this happens all the time.  Who cares if it’s OEM or white label or something like that.

But then some people say no, that should of been disclosed because like I know when I was talking to I think it was Bob about Hyper Drive a month or two ago when I wrote the article no one ever mentioned that this was a OEM product.  It sounded like it was a product that was developed by RES, and then on Twitter, Jeff you and I went back and forth a few times when you were saying no, we added value, here’s what we do, here is the difference, and really that’s a conversation not for Twitter.  So that’s why you’re here now, so talk about Hyper Drive versus I think it’s called Nomadesk.

Jeff: Yeah.

Brian: Which is sort of a maker of this product that they sell direct, and they also sell as white label options.  So maybe you can talk about those two right now.

Jeff: Yeah, no, absolutely I mean it’s absolutely not a white labeled product.  We decided we made a strategic decision back last year.  Bob and Teen when they looked at the space.  They looked at sort of the time to market the complexity of building our own solution from scratch, and it became clear that we really wanted to align with someone who had deep expertise in this space, and that lead us to short list, and we decided to work with the Nomadesk guys.

And so specifically what we did was we took a solution that was really designed for sort of a public cloud environment, and spent most of our time working on the back end, right.  So you’re not gonna see a lot of differentiation other than the RES brand when you look at the clients.  They’re gonna look pretty much the same as the Nomadesk clients.

But on the back end you will see a virtual appliance first of all that was created to allow enterprises to deploy the backend of the system very, very robustly, and quickly without having to – and in typical public cloud scenario.  You’re dealing with someone’s often homegrown solution that was never packaged to design to replicate a deployment.

So the virtual clients – it’s a key piece that we co-developed. SEQL server support for the data store was something that Nomadesk did not support before we worked with them.  Weeding to active directory integration which is obviously key because you don’t want to have a separate set of credentials, and then all of the extension that we’ve been doing to other products within the RES portfolio starting with automation manager to really manage the provisioning of Hyper Drive’s, and also the baseline desktop analyzer which is now been updated.

That’s our free cloud-hosted address service that does desktop assessment.  That’s been updated now to detect Drop Box usage within an organization.  So lots to talk about.  Really depends on which direction you guys want to take it.

Brian: Okay, well I’ll tell you I want to take it on the controversy direction because I’m curious about some of the things that you said so, and so okay, and so you talked about that Nomadesk had – Nomadesk had their offering, and then you mentioned the word that you could develop stuff with them, so for example creating virtual clients, you have SEQL server for the data store, AD integration.  So you say that’s stuff that you co-developed with them which means so that stuff is available from Nomadesk like those changes put back in the Nomadesk offerings, so now the Nomadesk offering and the RES offering are the same, but some of the most recent features they got were sort of developed by you guys?

Jeff: No, those capabilities and features are only available to the RES offering.

Brian: Okay, and that’s also – Nomadesk and RES what was it the same board members or the same investors or it’s the same company?  There’s some kind of relationship there, right?

Jeff: Yeah, we share an investor in a company called Gympth, it’s a European venture capital firm.

Brian: Okay, cool, so from my standpoint, it goes back to everything.  Like a lot of people really talked about how the absence post was childish and an attack on RES.  I have to in this case – I think like I feel like the blog post was a fair blog post because I don’t think the absence went after the technology necessarily, but I definitely – you can understand from the client’s standpoint, then the internet went wild and people posting screenshots of DLLs and versions and all that kind of stuff, but we were saying Jeff that this integration sent it back and so the Nomadesk client and the RES Hyper Drive clients are gonna have the same DLLs and same versions and time stamps because the clients are the same.  All the integration that’s different is back and stuff.

Jeff: Yeah, so that I mean in terms of the way the information sort of came out, we had made a ton of progress, and by the beginning of this year 2012, the offering was in good shape.  We started to preview it to people, and then you know what happens, everything sort of goes viral on Twitter, and then we sort of felt compelled to respond with some detail.  But unfortunately at the time had not finished and finalized the agreements with Nomadesk so we couldn’t talk about that piece.

So it’s life, it’s a balance.  It’s interesting RES, the advice we’ve been giving in the past is we haven’t been aggressive enough.  Now we’re really sort of making an attempt to being more aggressive and of course you know what happens.

Brian: Well, I mean to be fair, I felt like I looked like an idiot because I wrote this whole thing about RES, Hyper Drive and Awesome and like all the conversations I had with RES, like little heads up would of been kind of nice like hey, by the way, you know your readers are gonna find this other product, and they’re gonna do side-by-side screenshots, and see this identical and see that it has like, I mean nobody has white label options listed on their web site.  So don’t take this as you guys got burned by being more aggressive.  I feel like you could of just mentioned we – because you could have the same conversation now today, that we’re having today if you would of had that conversation six months ago, none of this would of happened, but if you went out like hey, we took those products.  

It’s a pretty good product, but not 100 percent enterprise focused like with AD Integration SQL.  If you would of done that immediately, and that was like a little byline in my article as I was writing about RES Hyper Drive, then none of this controversy would of existed.

Jeff: Yeah, no, I hear you.  No, hindsight is 20/20, and we might have done things differently had we known how it was gonna turn it, so it’s certainly not our intention to mislead you or anybody else.

Brian: So in terms of support and everything, like if I'm buying this product,  I don’t mean me, Brian, but because I use Drop Box so far.  Maybe our IT guys buy this I don’t know, but we you know RES, like RES stands behind it right, so if Nomadesk – whether Nomadesk is successful or not, like is that something I need to sort of do my due diligence on Nomadesk or do you guys have relationships with them or you have access to code and that kind of stuff.

Jeff: Yeah, no, we are fully supporting our solution, and will stand by it with the incredible support that we’ve always delivered for all our products so.

_______: So is the agreement with Nomadesk then is that – so if Nomadesk were to go away, Hyper Drive would still exist and can still be maintained.

Jeff: Yes, absolutely.

_____: That’s something I think is coming up.  And then the other question from the chat room right now was what’s to stop someone else from also doing a Nomadesk-based solution.  Does RES have an exclusive agreement or is there other companies that could also do the Nomadesk thing?  I guess is the Nomadesk solution still available.

Jeff: No, Nomadesk is gonna continue to ship their solution.  I mean there is exclusivity as far as the agreement.  I can’t really go into the details of exactly what that covers for other people sort of wanting to repackage their stuff.

Brian: But to be clear the active, so the active directors support the SQL server supports and the virtual clients.  That’s something you only get with RES Hyper Drive, not through Nomadesk.

Jeff: Correct. 

Brian: And as to whether those features make it to Nomadesk I guess I’m sure you don’t comment on that.

Jeff: Yeah, can’t comment, sorry.

Brian: Okay, well there we go.  So look, lesson learned I guess. Yeah, man but don't give me the 20/20 crap.  How many times for 20 years that all this happen where people don’t disclose everything, and then they’re like later on they’re like “Oh, well, who could know.  I’m like the internet could know.  This controversy happens like 1,000 times a year.  So next time you could not have it happen to you.

Jeff: Yeah.

Brian: So what I want to do and Jeff, the specific stuff that we wanted to talk to you about kind of was this, but what we do on the show kind of every week is as we discuss topics in general, we sort of discuss the week’s news and that sort of thing, and we try to have someone else on the phone just to give it more color than just the three of us so, you’re welcome to hang out with us for the next 45 minutes as we just chat about kind of random industry stuff, and feel free to interject as someone who’s been in this space for 15 plus years, and jump in whenever you want.

Jeff: Fantastic, would love to do it.

Brian: And don’t be afraid to speak out because we can get going so jump in whenever you want.

Jeff: You I know.  The New Yorker in me will come out don’t worry.

Brian: So here’s what I want to talk about next.  Gabe, you wrote an article called un-managing your end points.

Gabe: Okay.

Brian: And I think that there’s a link there to it, and we kind of touched on this in our book.  So to sort of give some back story, I was speaking yesterday at a conference called Tech, experts conference I think to EC in San Diego, and I kind of gave my thoughts about management, active directory and all this kind of stuff.  And I was talking about, you know I wrote an article based on the conversation we had last week on the show.  I wrote an article saying hey, the fact that Windows RT, that's the arm-based version of Windows 8.

The fact that you cannot add Windows RT to a domain is fine because like using domain for system management seems kind of antiquated and the Windows RT, it’s all – you can’t install software on it anyway except from an app store, but I was kind of thinking like the whole idea of time management to domain membership is kind of going away because we can manage.

Then we can manage ISO devices and Androids and all these with MDM and MAM solutions, and then it got me thinking like hey, well we can manage home computers.  Like users are able to connect from home, and we can deal with that, and they’re not domain joined.  We’re using different combinations of SSOVPM with scans and delivering applications remotely and streaming apps and Windows and web apps and that kind of stuff.

And then it just kind of lead of sort of into your article which is why like even if a Windows endpoint it’s like why do I want to have these in a domain?  It’s not just making or why do I want to manage these endpoints at all anyway I guess.

Gabe: Well right, we had the domain conversation last week, and we settled on – it was typical – the conversation we had last week was using AD is dead, and I'm saying whoa, whoa, whoa, let’s hold off on the language man, but managing stuff with AD let’s call that, you know that’s not as important anymore.  So as usually, we’re speaking the same language, and we’re just having an argument for the hell of it.  So well we’re saying the same thing, we’re speaking different languages.  But then yes, and we talked about this other concept here before as well about un-managing the devices.  You and I have talked about uh, just make everybody do the VPN, and I don’t know on the radio show or if that was during the calls that we had about the book while we were writing that or – 

Brian: Oh yeah.

Gabe: We had a fair amount of arguments about that too saying and I’m like no, that’s bullshit, nobody wants to use the VPN all the time to connect in especially if they’re at the office, and so that's sort of where this whole thing started from, and I actually had conversations in Charlotte two weeks ago whenever it was that I was there.  There were some people that were saying the same thing and I thought all right, so if other people are talking about this too, let’s get all out there.

Brian: Were they saying the same thing as you or the same thing as me?

Gabe: The same thing as me.  Well – no, no the same thing as you in that I mentioned that one of the options that you can have because I think we were talking about the cost models, and about how a lot of cost models assume that you’re going to repurpose your PCs as thing clients, but that’s a hidden cost that people aren’t aware of because you still have to find a way to manage those devices then, and so one of the alternatives – the presentation in Charlotte was awesome because people kept bringing stuff up, and so we went a bunch of different directions.  It wasn’t just stick to the deck, and so one of the things that branched out from there was how do we manage those devices then.

And I said there’s some arguments to be made that you don’t have to manage them, and some people started nodding, and so we have a five, ten minute conversation about that just kind of in the middle of the presentation which I love that when that happens.

And so that’s where I started putting more and more thoughts together in the article, and so it does in a way, it agrees with what you are saying except I don’t like the VPN centric approach just because I hate RVPN, like I literally just cannot stand the thing.  I hate that I have to use it for everything because I hate that I have to use it to make a helpdesk ticket.  I hate that I have to use it to check email with Outlook.

Brian: But that can – 

Gabe: In 13 months I’m tainted

Brian: Number 1, we use the Citrix access gateway before Tech Targets, and that was there, like that was so seamless, and I don’t – like probably lots of SSOV are actually like legitimate good.  The piece of shit that we have I think is from the ‘90s, so it’s not quite the – 

Gabe: I think ours is good too.  I think it’s one of the policies that don’t expose things that would be secure outside of the organization.  They’re like we have to make this available to people outside, and they’re like put it behind the VPN.

Brian: I love that the fire – well yeah, and I love the access gateway, and again, I’m sure lots of them do this, but I love that it was just system trade thing, and I didn’t have to like run it or load it.  It was just sort of like always there, and I had good confidence that it was doing proper split DNS, and taking away this stuff it needed to take in a direction, and versus ours.  You know you got to go to the thing, and on the Safari for Mac users, and then you have to push this other button, and log in, and then it just, I don’t know, it’s plug-ins and all that kind of crap so.

Gabe: Well, so the idea here, and with that back in those days, when we had the CAG, the fact that none of us were together, right, we were all separate all over the place so everything we did, none of it was centralized, and so if you look at that article and you see these drawings, and where you can place the firewall, and where you can place the data and everybody else, we had the one that we labeled refreshingly simple, but just had the data center with the big, thick player all around it, but there’s a few holes for what we need and that’s it.

But a lot of organizations, especially smaller ones have no delineations between one or the other, and the data center sits in the same network as the PCs, as the cubicles, and so and even if there’s no firewalls in between, I call that in the article I call that alarmingly simple.

Brian: I like that though. 

Gabe: You like that the PC instead of on the same network as the data?

Brian: So in that middle drawing you have where it says data center – 

Gabe: Oh, the middle drawing – yeah.

Brian: Oh, alarmingly simple, oh, I got you yeah.

Gabe: Alarmingly, yeah, alarmingly simple, and then refreshingly simple.

Brian: Yeah.

Gabe: Right.

Brian: Well, I chose refreshingly simple, yes.

Gabe: There’s not enough colors, yeah.  To be marketing guys no colors.  But so having everything deciding on one network does make that a management nightmare because you can’t just repurpose those PCs, you still have to manage them.  Otherwise, you got a free for all happening on the same network as the same relative network, I guess, as – 

Brian: It could be two different subnets and networks and same wires.

Gabe: Yeah, I guess that’s true.  Exactly, and so that’s why I say that’s alarmingly simple.  Like yes, it’s simple, but Jesus, so and then the other one was, the other option there was just well, wall up the data center and just make everything treated like it was the internet.  Right, and I know you love that.  I think that there’s a place for that, but I still think that there’s the – 

Brian: Advanced.

Gabe: Yeah, yeah, I know you think that.  So I still think that the proper solution is probably segmented out so that there’s an IT specific network, or a user specific network that’s still treated as insecure, but then there’s still like guess network that isn’t the same as the user network, and most organizations go that route.  They still classify things in different ways, but it treats everything outside the data center with various levels of insecurity, right?  So everything outside the data center’s insecure.  You would treat the IT guy as more secure than a regular user or the guest wireless network or the internet.

Brian: Okay, so by the way those tweeting on [inaudible], we’ll get to that next.  Isn’t that more complex though because if you put the security around, I’m gonna call it your resource that you want to protect, so in the drawing that you have, it’s called the data center, but you put the security around your resource, and everyone trying to get to that resource has to go through whatever security hoops you want them to whether it’s encryption or scanning or VPN or what have you.

The one below where you got user network, guest network, internet, isn’t that more complex because now you’re supporting what different levels of security for different populations is more complex.

Gabe: So the way that I think of this is that the IT network can have more or less whatever access it needs right?  Keep security in mind, but they get the access that they need to do their job.

Brian: But isn’t user network policy – 

Gabe: I would say that there’s not much of a VPN if at all between the IT network and the data center.

Brian: Why?

Gabe: I mean there’s gonna be some security there, but – 

Brian: It’s their own wireless network?  It’s their – 

Gabe: It’s just the network that the IT has to be on. – but just hang on.  So the user network and all the other ones really is just – the user network could say these guys are local, they don’t need to go through the VPN to get here, but we’re only gonna open up whatever tiny few ports they need or if they do need to get securely to something, they can.  We can do that with the VPN as well whereas the guest network is completely walled off.  There’s no ports open, there’s no nothing.  You have to go through the VPN, you have to get through all the checks, you have to go through everything ,and the internet of course is everything all at once.

Brian: – we have – 

Gabe: You can still treat those – those user networks, you can still treat – those user networks, you can still treat them as unmanaged devices then by just allowing certain ports through there.  Certain services through there I guess I should say, but you can still treat those devices unmanaged.  The idea though is just keep them as separate as possible from the data center.

Brian: But we have an entire series of articles on consumerized IT which talks about like running shit through other ports, and just bringing in your own dealing router from Best Buy and all these different – 

Gabe: I don’t care if you do that.  You’re not doing something in the data center and running it from another port.  I don’t give a shit what you do to get to the internet, it’s an unmanaged device.  You can do whatever you want.  I’m talking about the wall to data center.

Brian: So you’re still fire-walling your data center?

Gabe: Oh, yeah.

Brian: Okay, so that’s a good start I guess.  But now isn’t it different?  Like now that means as a user, if I’m gonna access a resource with my laptop, I do it in a different way when I’m in the office versus when I’m out of the office?

Gabe: It could.

Brian: Isn’t that more complex?  Like my point is – 

Gabe: I suppose, but look, I’d rather have a less shitty experience when I’m at the office then I would when I’m not at the office.

Brian: How is that an experience if – 

Gabe: Mind you, these things are still unsecured, they’re unmanaged the whole way round.

Brian: Agreed.

Gabe: They could still be treated, and I’m not suggesting that we treat them as their managed devices or any less secure, I’m just saying that if you’re sitting out at an airport, there’s more surface area to compromise than there is if you’re sitting on a network wholly contained within the building.

Brian: But if you have a good VPN, go back to like their saying, you’re using direct access for Win 7 if it’s a Windows device, you’ve got like an access gateway or something like that.  If you have a good VPN, from the user’s standpoint, it is not a worse experience if you’re connecting to a resource through the VPN versus connecting not through the VPN.

Gabe: Oh, if that Nervana exists, than that’s fine.

Brian: We had that with our Citrix Access Gateway.  God, I sound like a show for them, and there’s probably millions more.  Please tell me more, others besides so I can stop saying Citrix, but – 

Gabe: It’s okay, but I think your point is that should be at least, you’re saying, come on, there’s got to be some sort of benefit in there somewhere for being in the office.  I mean, if anything, like hey, you got to be on a LAN.

Gabe: Yeah, that’s basically it.

Brian: So what on LAN, it’s fast?  I’m faster at home than on the LAN here.

Gabe: Well, now we’re talking about Tech Target, and you haven’t said Citrix Access Gateway in ten seconds.  Look, this whole situation assumes, like your situation assumes that there’s some screwed up perfect Nervana solution out there, and if that things existing, yeah, what the hell, why not treat it like that.

Brian: Perfect, done, next conversation.

Jack: I like the idea that hey, how somewhere there’s some additional benefits that you get in the office, like that be great, but on the other hand, like even why bother having that slight difference in benefits because it’ll only confuse things and make things more complicated.  I agree with both of you.

Brian: Well, this idea of having different class of servers for in the office, and out of office, yeah Microsoft has that too.  It’s called SA and ERR and CDL and all that kind of crap.

Gabe: Oh, give me a rest.  It reminds me of that line from the office or from Office Space.

Brian: Which is what?

Gabe: The pieces of flare line.  Anyway, never mind.

Brian: So, but the thing is.

Gabe: It has nothing to do with Microsoft, you can’t compare it to that.

Brian: I’m just saying Microsoft makes a differentiation.

Gabe: All I’m doing is taking a more realistic approach at what organizations do today, and these places already have this division in networks and services and offerings that they have for these people.  And the fact of the matter is, is that, that user network typically still exists somewhere adjacent without some sort of major block to the data center.  And I’m saying that you need to separate those, and you can keep things this way, but you still have to separate them.

And so organizations just aren’t going to go, oh yeah, you know what, that Brian’s right, I’m just gonna wall everything off, and treat everything like it’s the internet.  That doesn’t happen.

Brian: It could though.  By the way, Justin, we’re getting bad quality from Gabe, you want to kill his video stream just to give us more balance?  Right, so I would say the approach I’m advocating is a forward moving approach.  I recognize it today no one has put the wall just around the resources they want to protect, but one of the benefits of putting the wall around just the resources you want to protect is that now your resources don’t have to live in your data center.  So now you can have resources in your primary data center, in secondary data centers, in co-locations, in cloud-based resources, and now users.

Gabe: But that’s – but do you understand the scope of that because the scope of that means that there’s no more data on the endpoints right?  That means that everything has to live in the data center.

Brian: No, it just means that the device, so the data – just like with Drop Box and Mail Cashing and that kind of stuff, that doesn’t change.  I’m just saying that rather than having a network because to me when you have different sort of VPN or firewall rules based on physical networks, you’re making what are dangerous assumptions that I assume that I can treat these users differently because I trust who they are based on their location.  And we’ve proven time and time again that – 

Gabe: I’m not saying that you treat them any differently.  I still say that you treat them as unmanaged devices.  I’m not saying anything like that.


Brian: But I’m inherently trusting them.  I recognize we’re not talking about management, but I’m inherently trusting them more.  If I’m not making them go through the VPN when they’re in the office versus making them go through the VPN when they’re outside the office, that means your physical – you’re connecting to this network says I trust you more, and my argument is that you cannot assume trust based on what network the user’s coming from.

Gabe: No, but I’m talking about the surface area that they have to be compromised right?  Like if you’re sitting at the airport, your ability to get compromised is significantly higher if you’re out there on the public web than you are if you’re sitting in the organization.

Brian: Right.

Gabe: So again, this is treating all of these things as unmanaged, all of these things are unsecured, but there are still different levels, different attack surfaces out there.

Brian: I don’t get how that’s – how is that really relevant because you can – if a machine has been owned by some zombie or remote access to whatever – 

Gabe: If you can find the perfect solution that allows me to behave just like I am on the internet, or over the raw internet as well as I can if I’m sitting somewhere local, that’s fine.

Brian: Didn’t we have that with Access Gateway?

Gabe: No, it doesn’t exist.

Brian: What didn’t you like about the Access Gateway?

Gabe: That you had to use it, you still knew it was there.

Brian: How?  That little thing was in my system tray, you never clicked the button, like it just lives in the system tray, but you can set policies to re-authenticate every software whatever but when we opened and closed laptops, rebooted, had connections coming and going, we never had to jump through any hoops to connect to VPN, it just hooked us right through automatically.

Gabe: No, you still knew it was there.

Brian: Why?

Gabe: You do because you knew that every single VPN connection is there.  To say that you don’t is unrealistic because every single person that connects to the VPN knows that they do it, and hates that they do it.

Brian: But tell me exactly what you hated about the Access Gateway.

Gabe: That I had to connect through it, and that I knew that it was there because it didn’t always work.  It always had little issues.  You never used it either, so I don’t want to hear that because you’re going off of the six times you ever used it to connect to something, and you never use it for that kind of stuff because all your email was punched through.  You never used the VPN for that.

Brian: Well, so – 

Gabe: If anything, I used it more than you did because I was actually in there doing the management stuff, and I hated the thing, and you never used the – 

Brian: So what you’re saying is that if there was a VPN client that was the experience that you liked, then you’re fine with doing that as a concept?

Gabe: Yes.

Brian: And so what is it about – 

Gabe: I’m saying that, that is not very realistic right now given what’s already going on in organizations, and there’s no way a company right now is just going to rip out everything they got in favor of something else.  It’s probably going to deliver our worst experience.

Brian: So I spoke on Thursday night to a room full of CIOs for some super huge companies, and advocated this exact thing.

Gabe: That’s fine, but that doesn’t mean you’re gonna run out and do it.

Brian: Well, we were talking, I mean as this was one of the interesting conversation points, and granted I know there’s sort of executive leadership, and not the doers.

Gabe: But who’s ripped out everything they have, replaced it with a thing climber, replaced it with PC repurposes, and doesn’t have anything to worry about?

Brian: I’m not suggesting that.  I’m suggesting that you – I’m suggesting that companies make the shift to treat the workers in the office the same way they treat the workers out of the office, so if you have to access a data center-based resource, you jump through the same hoops regardless of whether you’re on premises or off premises which A) protects the office network because now you don’t have to worry about you don’t assign trust just based on users being on the network, and B) it makes a more consistent user experience because now the user doesn’t have to go through different things whether they’re in the office or out of the office.  It’s the same way that users connect regardless of where they are.

Gabe: And that’s fine.  I’m not saying that that’s a bad thing.  I’m just saying that that’s kind of unrealistic to expect companies to just do that right now especially given the fact that, that solution, that perfect Nervana solution, I’ve never seen it.

Brian: So that’s my challenge.  I have to talk to VPN.  I haven’t heard from you what specifically about VPN clients you don’t like.

Gabe: I hate that I have to use them.  I hate that I know that they’re there.

Brian: Well, that’s irrational.

Gabe: How is that irrational?

Brian: You hate – the only thing you hate is the fact that you know that it’s there?

Gabe: I hate that I know that it’s there, I hate that I have to use it to connect to anything.

Brian: But if it’s just there in the background, like you hate Wi-Fi, you know Wi-Fi is there.

Gabe: No, Wi-Fi just works.

Brian: Okay, fine.

Brian: Okay, so what you’re saying if there’s a VPN, it just works.

Gabe: It’s slower for me.

Brian: If it’s a split DNS, so it’s always – 

Gabe: But it doesn’t matter if it’s split, it provides a less than optimal user experience.  Everyone that I’ve ever used has always been less than optimal.

Brian: It seems like – really?

Gabe: Yeah.

Brian: If it’s in the system tray, it’s in the background, it’s split DNS, you know that it’s there just because you saw the splash screen when your computer was booting up, but other than that – 

Gabe: That’s fine, but the experience is still less than optimal.

Brian: Okay, we’ve got to put this to bed.  Are you still on the line Jeff Fisher?

Jeff: I’m here, I’m just taking it all in.  This is a fascinating conversation.

Brian: So what is your thought on this?

Jeff: I think you know sort of from my perspective I think it’s sort of a level up, and this notion of a user being constantly mobile as opposed to ever being considered in a fixed location is something that we think about a lot.  I just think that with sort of my RES hat on we think about it more from what resources, application, data, printing mapping, stride mapping, etcetera are exposed to them, and which ones are not.

And sort of the importance of the fact that you’ve got to be able to understand the context of the user, and to your point Brian, the notion of a fixed location in an official corporate headquarters is rapidly going away.  For one that maybe has a “direct pipe” to the data center.  I think that really is rapidly changing.

Gabe: And I’m not disagreeing with that by the way.  I mean this whole thing is that it starts with repurposing PCs as thing clients, and wondering how you’re gonna mange them, and I said that you shouldn’t.

Brian: Right, and we agree on that.  My argument has nothing to do – 

Gabe: That doesn’t change, but that’s Phase 1, okay?  But you still have all these other PCs out there that you are still delivering the same old way, and you’re managing the same way, and I’m saying that these things, you’re not just gonna cut and run, and ditch those things.  So what you’re saying is future vision is fine, but right now that’s probably not realistic.  It’s probably not going to happen.

Nobody’s going to decide today to make that happen tomorrow.  So in phase is sure, but they’re not just gonna blow up their entire infrastructure and do that, so this is the same stuff.  This is Brian getting up on a soapbox and saying something, but then there’s also the realistic view that all these companies out there still have all these other things to worry about.

Brian: But you have to be able to articulate to me what you don’t like about a VPN.  You can’t just say you don’t like it because you know that it’s there.

Gabe: Yeah, I went beyond that like five minutes ago man, and I said that it’s not an optimal experience.

Brian: What is not optimal about it?

Gabe: The actual network performance of it.

Brian: While you’re on the VPN side?

Gabe: Yes.

Brian: So your argument that VPNs are too slow, but if you have direct access to a port than it’s fine.

Gabe: I’m saying that if I’m on that network, the more optimal experience is to connect to the thing instead of going to the VPN.  That’s what I’m saying, and I don’t know how you can argue against that.

Brian: But your argument is that like when you’re sitting with your laptop in the office, if it’s wrapping the SSL layer through your protocols.  Instead of you connecting to whatever resource directly in the back, and the fact that you’ve got a client agent on your machine that needs to wrap in SSL, and there’s a piece of hardware that’s adding a second hop in there that needs to unwrap that, you’re telling me that extra overhead, the three mil seconds and latency it adds, and the extra 4 percent overhead – 

Gabe: No, what I’m saying is that every single VPN experience that I’ve ever had has been a remote experience because that’s what it’s for, and it’s less than optimal.

Brian: Right, so but I’m arguing that you should use – 

Gabe: Open networks and go through hoops, that’s fine to.

Brian: Right, which is what I’m arguing you should do.

Gabe: That’s fine, but it’s got to work, and it’s got to work very well.

Brian: All right, we’re 25 minutes into this.  Let’s end this conversation because we’re clearly not gonna resolve this anytime soon, but we’ll just pause this here, and this is one thing that Gabe and I will I’m sure have future words about.  At 40 minutes past the hour, you’re listening to Brian and Gabe live.  I’m Brian Madden from San Francisco arguing with Gabe Kanuth from Omaha.  Jack Madden is here in San Francisco with me, and Jeff Fisher from RES Software is joining us from New York City.

Gabe: I like how different anonymous people are logging in saying Gabe is 100 percent correct, and Brian is 100 percent correct.

Brian: It’s all anonymous.  It’s – 


Gabe: So many different anonymous users.  I wonder how that guy logged in two times on the same computer.  It gets really confusing all these anonymous numbers.

Brian: Well you know, now that Chrome Tab is processes, you can have – open 100 tabs at once.

Gabe: Can you guys hit the set name the next time please?  You don’t have to tell us who you are, just set it something different so it’s easy to tell you apart.

Brian: Or else you set your red versus blue or something like that.  I guess we can’t do red and blue.  We have to do like green and yellow.  How about MokaFive’s IOS, and I’m gonna just post a link to the MokaFive IOS.  There’s some IOs announcements, and actually I think Jack was it on someone’s IT you showing a video about MokaFive?

Jack: Yeah, I put out a little bit further up in the chat room.

Brian: It popped up right here.  Because MokaFive, they have – it’s management, it’s virtual desktops, but virtual desktops that run on your endpoint so they can manage these virtual desktops either in a Type 2 or like sort of bare metal Hypervisor, but MokaFive for IOS, I mean you can’t run a VM on IOS, so what is MokeFive for IOS.

Jack: Right, so MokaFive for IOS, it’s another remote type desktop application.  It’s a file port hole application that plugs directly into your MokaFive VM, and the idea behind their application is that it sort of keeps everything as a closed loop because the IOS app is plugged into the same resources that are managing your MokaFive client-based VM, and with the IOS app you can turn off the opening capabilities so that if the user is outside of that managed VM instance, all they get is view-only capabilities from the IOS app.

So basically it takes keeping a closed loop sort of approach to keeping everything in that managed VM.

Brian: Wait, okay, so it’s an app for IOS, and I use that app and from that app it’s like reaching back into my VM, and then what, giving me files and – 

Jack: Yeah.

Brian: Is it remote Windows to me or just – 

Jack: No, so no remoting Windows, just you see like the iPad made of file interface with all the nice touch friendly menus, and everything, and you can open and view your files.

Brian: So why, but my MokaFive VM has to be running, which means I got to leave my laptop – so the idea is I got my laptop at home, and I leave my laptop on, and connect it and never goes to sleep, so that when I’m running it with my iPad, I can connect back to my home to get my files?

Jack: So the MokaFive VM is synched back to the data center.

Brian: Okay.

Jack: So you have that data center copy of your VM that’s keeping it in synch that you can get access to.

Brian: So why don’t I just use Drop Box?

Jack: Well, you could certainly use Drop Box, and I guess the idea is – 

Brian: More Hyper Drive for that matter right?

Jack: Yeah.

Jeff: Exactly.

Jack: You know, that’s a good question, and this is assuming that you’re taking the approach that you want – when the user is on their Macbook air that they’re only using the Windows VM that you provide to them, and it does keep things in a much more closed loop, but this means when you’re on your Macbook or whatever, you’re using a Windows VM.

Brian: And doesn’t this just mean – this goes back to the same problem of where if you over secure your environment, you sort of force users out to the underworld.  So companies are saying like we keep all of our data here in the VM, and it’s all corporate and secure.  And then users are gonna be like maybe just – 

Jeff: And what is it they give you access – so are they giving access – I know that they have some sort of layering approach, sort of layering technology.  Is it synching the user layer back to the data center, and somehow synching the files within that user layer to the ISO device.  Is that what’s being synchronized?

Brian: It’s no synchronizing, and by the way, anonymous user curious says first VPN is not good enough in terms of performance.  Now we’re suggesting we check out VM’s out of and back into the data center.  So two things, A) we’re not suggesting this, we’re just talking about this product, trying to wrap our heads around it, so don’t put that on me, nor Jack I would think.

And secondly, this isn’t about checking out VM, this is kind of like what we were talking about with Jeff, what Jeff was saying that it’s – so you have your client device with VMs, and it I guess sort of continuously sinking data, and I think you would be correct Jeff that it does, it’s sort of synching like user-layer data, so it’s not doing like a block level VM de-casing, but rather as they’re changing files, it’s synching those into the data center, and then from there it’s extending out from an iPad.  So I guess it’s sort of, kind of like adding almost sort of Hyper Drive, Google Drive, Sky Drive, Drop Box type functionality.  

Jack: It means that if the user does want to be using an iPad, that at least they don’t have to completely go 100 percent rogue, and install Drop Box.  They at least have the option of being able to use the iPad, and use a native interface without 100 percent guaranteed having to use Drop Box.

Brian: That’s a fair answer.

Jack: And so that way if the IOS app didn’t exist, and everything was locked into your VM, then the user could say, what gives, I’m gonna look at my files from a mobile device, and at least now there’s an answer to it even if it’s not the answer that people would want or ultimately would want to have, there’s an answer.  So I asked them if there would be also a web interface or like a client so I can also synch those files.  Like they relate to my Macbook or to another Windows desktop to like the way that Drop Box synchs files, they’re kind of like, well that’s not exactly the point.  But at least there’s an option, and that’s a big first step.

Brian: Man I don’t know.

Jeff: This gets to the whole sort of heart of what we think about or what I’ve personally have been thinking about, you know, this whole notion of a Hyper desktop which is something that Brian that I don’t think that you, me and Gabe have sort of ever gotten to sit down, and talk about, but it’s this whole being able to – I think you guys did a post once about an Uber profile, something that would sort of roam across any device.

Clearly on the Window’s side of things, I think we’re closer to an optimal state, but now that all these mobile devices and mobile operating systems are in the mix, and there’s limited access in terms of what you can develop for those solutions, it’s a challenge.  But it’s something that we think about all the time at RES about how to really – what should roam, what can roam, what’s feasible.  And obviously data is something that we think is universal, so that's sort of where we started.

Brian: And Jack wrote about that before because to me definitely the user workspace or the user environment or whatever word you want to use, I think most of us sort of agree that you’ve got what makes up – for a user to say this is my workspace, it’s their data, and then it’s their settings, it’s their configurations.  By using different, especially with Window’s apps and web apps we can sort of deliver the apps to whatever device they have, and then the data is easy enough to do because there’s Hyper Drive and Drop Box, and Sky Drive and a billion of other solutions that basically mean that your files are wherever you need them.

Now whether you can actually manipulate that file with a device native application or if you need a remote Windows app, that’s a different conversation.  But then as far as the actual configurations, that’s what I was talking about with the Uber profile, looking for something that allows your configuration across platforms, and that sort of made it the last mile right now, so we don’t have that now, but I agree that data’s part of the whole workspace.

Jack: Yeah, so that my – all of my endpoints, my endpoint on my Mac native endpoint, and my IOS endpoint so that I don’t have to – if we can add the word virtualization, and consumerization to 75 custom dictionaries.  But what is the – so can some day when RES can – when you can add desktop virtualization to like all 75 of like my endpoint application custom dictionaries at once.  Like that’ll be exciting.

Brian: Yeah, including your Google.

Jeff: Yeah, what’s so interesting too, I just thought another quick point.  I know we’re running up on the hour, but I think there has been such a focus on roaming personalization, ubiquitous roaming of personalization whether it’s data or apps or app settings, I think the one thing that’s gotten lost in this, and we talk about this, and I’ve been trying to preach this for some time now is there’s actually things that you don’t want to roam, right?

Brian: Did we just lose him?

Jack: I still have you.

Jeff: Terms of what is it that I don’t want this user to be able to roam to a particular device, and a particular scenario based on a particular context.  Even though maybe the user would want to do that, and maybe we talked about obviously applications with patient data and hospitals.  And we talk about our treating floor applications.  I think we’ve entered the era where ubiquitous application access, ubiquitous data access is upon us, and I think we need to spend more time as an industry thinking about how to make sure people don’t get in trouble with those capabilities.

Brian: So it’s interesting too because – and some of the IT organizations going to want to control, something that the users are going to want to control because right now as a Drop Box user, I share certain folders with my colleagues, and I’ve got certain folders that I use that are not shared.  And I guess you could say that all of personality aspects of that.  Like I don’t want my browsing history to be synchronized with all my devices so when I’m on stage and I type in the letter “P” to go to a “P” desk site, it goes to like pornography or whatever.

But there’s – so thinking of that, I guess it’s almost like with people noticing the same thing with location history, and these kinds of things where apps attract what they do, it’s sort of like there are some things I don’t want tracked.

Jack: Yeah, like with my Chrome on both of my computers.  The bookmarks are tracked, but not the browsing history.

Brian: Right.

Jack: So what I do at home on my laptop doesn’t show up in my browsing history on the desktop.

Brian: I use a different browser for that.


Brian: Three different browsers.  I use Safari to log into our Google analytic’s account on my desktop so that I don’t have – 

Jack: Oh, and I use Safari – Safari’s the only thing that I can use to log into VPN, so that’s why I use Safari.

Brian: So all Safari does for me, it’s my Google account for analytics, it’s my VPN account, and it’s all the porn, and so Google looks at this Tech Target user as like oh man.

Jack: So bringing this around, so the question is going back to the client based VM, and the mere fact that the IOS application exists, and there are ways of pulling the data out and bringing it onto mobile devices in sanctions ways, and that’s RES, Hyper Drive, no matter its province.  The way – just that all of these corporate mobile file synching applications exist, I don’t know if it’s because I’m young and naïve, but it just excites me so much, and because that way we can be like this future that we talk about, about all your data on all your devices.  This is now, and I know that sounds clichéd and stupid and naïve or whatever, but it makes me excited.

Brian: Well, it’s nice, that I mean it’s a Drop Box concept.  Before we were bought by Tech Target we used Groove which became – Microsoft bought them in – remember that?

Jack: Did we actually use that?  I thought we tried like hell, and just never got around to it?

Brian: No, we did because the same share.  Groove used all the time.  We never used the actual workspace for collaboration, but we used the Groove files synching.  And that may have been – was that before you?

Gabe: I think it might of been before me.

Jack: I had trouble find a Mac, a solution that would work with your Mac.

Brian: That was the – 

Jack: Because for the longest time you were the only Mac, and that kind of threw a monkey wrench in it.

Brian: What did we use?  I don’t even know, but it was – 

Jack: We used nothing.  Remember, Emily was all mad because we couldn’t share files outside of email until Drop Box came along.

Brian: Did we use Drop Box before Tech Target?

Jack: Yes.

Gabe: No, no we didn’t.

Jack: Because I emailed Emily after the fact and said hey we got this awesome solution.

Brian: So one of the comments – we’ve got a few minutes left, and I’ll just – incidentally one of the anonymous visitors is asking Jeff to explain why Hyper Drive is different from Absence Data now.  That’s kind of apples and oranges isn’t it?

Gabe: Yeah, I think they’re quite different.

Jeff: Yeah, I mean from again, the limited information we have about the Absence offering, from what we can tell it looks like it’s some sort of a proxy to a pre-existing home drive.  They also do talk about having policy capabilities over what it is that will be synch that you can sort of take off line versus what you can’t.  But yeah, that’s all what I really know about sort of distinction between the two.

Brian: Okay, so look, in just our few minutes left, I want to talk about next week.  So next week is Citrix Synergy.  It is here in San Francisco.  Gabe is coming to town, will be here all week, so Gabe will be at Synergy.  I will be there, Jack will be there, Justin, our producer and video guy will be there.  What’s our week for Synergy look like?

Jack: Busy.  So we’ve got meetings on Monday.  I think Tuesday, Tuesday’s almost nothing synergy-related for us, but then Wednesday, Thursday, the Wednesday, Thursday are the big synergy days.  So those are the days that we’ll be out there attending a few sessions.  I think you’re presenting at 1 or 2.  We’ve got all the expo floor time, and I’m sure we’re gonna do a radio show from Synergy.  We’re not gonna do it on Tuesday.

Brian: Tuesday’s kind of the day before, so.

Jack: There’s no sense in doing it then, and then waiting all week, so we might as well do it on say Thursday, I don’t know.  So really as far as like the actual schedule for the week, we’ve got some plans, that kind of a thing, but otherwise just crazy conference week, and we’ll be – the site goes into conference mode, and we just kind of post up as we get it, and we’ll have videos and keynote commentaries and all that stuff.

We’re actually working on a cover at live, keynote coverage solutions so that we don’t have a live blog, and live tweets at the same time.  We can kind of put it all together in one location on the site so we can – readers can follow it just from one location.

Brian: And Jack will be there looking at everything through the lens of consumerization right?

Jack: And we’ll look at the answer to the Citrix mobile application managing question.

Brian: Right because you wrote who does Citrix need to buy for mobile application management.  This is for doing sort of real mobile application management like with their cloud gateways so they can manage ISO apps and everything.  So we think that we’re gonna find that out.  Your article on that, I’ll post it.

Gabe: And so finally, I’ll just post for Consumerization Nation on Thursday.  It’ll be at 10:00 Pacific, 1:00 Eastern.  Collin Steele and I will be joined by fellow Tech Target writer Jim Firbish, who is right now at Blackberry World in Orlando or wherever it is.

Jack: I won’t be staying at any Disney hotel, and he said that it’s not that great of an experience because it’s just a bunch of kids running around.

Brian: Did he – what’s his sense of the show?  Is it like – is the show live?  Did you hear what he wrote about Blackberry World yet.  Is it like a lively show, is it kind of looking dead?

Jack: Lots of excitement about Blackberry 10 and their new touch screen device, and it looks cool, and so hopefully he’ll have gotten his hands on it by then.  We’re not really about the devices, but certainly the devices can generate a lot of buzz for them.  The other information around mobile fusion will be the interesting stuff for us.

Brian: Okay, so that’s us for the rest of this week.  We’ll look for Consumerization Nation on Thursday.  Next week we’re at Synergy all week.  The following week I’ve got an event in San Francisco.  If you go to, I’m giving my sort of state of the nation about the desktop virtualization industry.  That is on Thursday, May 17, and then the very next day I hop on an airplane along with Gabe, and Jack and Justin, and our whole crew and we fly over to London where Bri Forum is taking place on May 23, 24, so that’s our next few weeks whereas we enter busy conferences.

Gabe: Yeah, looks for plenty because May – I clocked out.  We’ve got May 1, and we’ve got May booked up.  One last thing, I see our show notes.  I see you’re wearing a suit.  I’ve never seen you in a suit, never.

Brian: We’ll post this, so we’re doing this fun campaign where we – it’s too hard to explain.  We’ll explain this campaign next week, but what I’ll say is there’s a video we need to shoot right now where I’m playing a business person, and I’m showing if you don’t have security on your mobile device, you might as well just broadcast everything to the world.  So I’m putting on a suit, well I’m wearing a suit now, going outside with a bullhorn to make a phone, and I’m walking around downtown San Francisco sort of broadcasting different business only things I’m doing on my Smart Phone.

So maybe yelling out like my pen is you know 1945, and I just text it – oh, look at tomorrows doc results.  Hey this is insider trading information, hey we just lost that client, and I’m going to be just walking down the street just, with the bullhorn, saying that to random people while it is video recorded.

Gabe: I think – so Justin will be videotaping you.  Can Jack be there with the video tape?

Brian: We’ve got two cameras.

Gabe: Can Jack be there getting like shots of people staring at you?

Brian: Well, here’s the thing that’s kind of crazy is that today is May Day, and there’s like a lot of protest sort of scheduled.  Like last night a whole lot of shops were vandalized from something like, I don’t call riots, but they’re like smashing cars, and it’s also Occupied Movement, but they say it’s not them.  It’s other anarchists that have like over taken them.  Regardless, there’s a lot of stuff kind of going down, and they – so here I’m am, the Occupied, they’re against the 1 percent and I’m wearing a suit with a mega phone in downtown San Francisco while people following me around with video cameras.

Gabe: They’ll think you’re just a protestor.

Brian: So it may end not well.

Gabe: It could be fun.  I spent $10,000.00 on a gallon of milk.  You don’t want to say that.

Brian: Yeah.  So we’ll see what happens, so hopefully I’ll be talking to you guys later today if I don’t get arrested or beat by a mob, but that’s – 

Gabe: It’s San Francisco, you’re not going to get arrested.

Brian: Okay, on that note, thank you all for joining us today and listening.  Jeff Fisher, RES Software, thank you for taking the time to call in.

Jeff: Thank you guys for having me, it was great.  Hope to do it again, and we’ll see you next week.

Brian: Yeah, all right.  Gabe, Jack, thank you all, we’ll see you at Synergy, everyone and from San Francisco on May 1st, 2012.  This is Brian Madden from Brian and Gabe live signing off.


Start the conversation

Send me notifications when other members comment.

Please create a username to comment.