We have all become accustomed to carrying miniature computers in our pockets that just happen to be able to make phone calls. We merrily add applications and upgrade its operating systems. Yet navigating the PC on our desk remains a logistics nightmare.
Why can’t our new computer be as logistically simple as getting a new phone?
Because consumerisation of IT and the expectations of a more tech-savvy workforce is at play.
My colleagues ask me to help them understand this trend and how it’s changing the way we assist our customers. If a user can acquire a new smartphone, sign into a cloud authentication service and download applications, why is it so difficult to deploy PCs?
To understand this, we must first address the history and market forces in the PC industry.
Let’s first establish shorthand terms:
PC means any device running the desktop version of Windows 10 irrespective of form factor (laptop, all-in-one, desktop or tablet). Devices running Windows Phone, Android or iOS will be referred to as smartphones.
It’s long been the practice of original equipment manufacturer (OEM) vendors to bundle Windows with every PC sold. This is a practice Microsoft has encouraged, ostensibly to save the purchaser from installing the operating system (OS), which has proven very helpful in establishing Microsoft as the dominant OS provider. Over time the practice of pre-installing software has been extended to include vendor tools and trial versions of software from third parties.
Whilst this is tolerable for the consumer market, the variability of the third-party software installed is intolerable to the enterprise market. To counter and reduce the total cost of ownership (TCO) of supporting their devices, IT departments have typically wiped devices clean and built them up from the bare metal in a process referred to as imaging.This process often takes 4-5 hours per device, adding cost and delaying the point at which the user takes control of the device.
Vendors, resellers and distributors, Dell among them, endeavored to make the PC provisioning and deployment process more efficient with centralised systems and developed a variety of capabilities, spawning a whole new market segment.
Traditional Imaging Options
Dell leads the market in providing imaging and configuration services for our customers who hold Microsoft Volume Licenses. These services are:
- Static – simple imaging using technologies such as Ghost, usually for a single device type based on the driver library included within the image.
- Dynamic – a development on the static imaging which enables device flexibility by dynamically including the driver library for different Dell hardware families.
- Connected Configuration – the modern imaging solution which works by extending the customer’s System Center Configuration Manager (SCCM) environment into a Dell build facility so devices are imaged in the same way as they would be at a customer site. This method provides significant customer benefit.
Once imaged, the users are typically managed via Active Directory authentication and the devices by SCCM or similar tooling.
With Windows 10, Microsoft has enabled an entirely different approach to the problem. In building Windows 10 with a common code set shared across the PC and smartphone versions, the OMA-DM (Open Mobile Alliance-Device Management) specification is built into the base OS. For the first time, a Windows PC can be managed using tooling that was originally designed for smartphone management. This integration of mobile and Windows 10 PC management is referred to as unified endpoint management (UEM).
It should be noted that the OMA-DM specification is for the management and configuration or provisioning of the device, not imaging, and there are key differences between the approaches. Imaging allows deployment of the base OS, whereas provisioning assumes the base OS is already on the device and seeks to control it.
To encourage customers to take up Windows 10 more quickly, Microsoft strongly advocates the use of provisioning, as it is a lighter touch and provides a lower barrier to entry for the organisation. Equally, mobile device management (MDM) toolset vendors have aligned themselves with this narrative as it increases their addressable market. The key thrust of the approach is any Windows 10 device can be provisioned and managed, irrespective of vendor or acquisition route, including bring your own device (BYOD).
At the beginning of July, Microsoft launched Windows Autopilot which enables an end user to follow a simplified process to join a Windows 10 (1703) PC to Azure AD (Premium) and enroll it with the organisation’s chosen MDM tool. The Fall Creators Update for Windows 10 is expected to enable the same tool to allow end user to join their Windows 10 PC to an on-premises AD. In both cases, OEM pre-registration of the devices with Microsoft and Azure AD Premium licensing is required.
Enterprises are keen to consider options that reduce their TCO and makes it easier to roll out the new OS. As a result, they are looking to leverage the MDM tooling acquired to manage their smartphones to manage these devices.
However, there are key differences between managing devices via the traditional route and those provisioned in this way.
- Workforce is largely office or with a fixed base of operations using a mix of PC form factors, typically connecting directly to a corporate network or via a VPN solution.
- Applications tend to be more complex, drawing on local system resources or client-server with limited usage of external web or Software as a Service applications.
- Organisational information assurance policies require systems are tightly managed to ensure compliance with patching and update policies.
- Web access is channeled via IT provided proxy solutions to manage bandwidth and police content.
- Data is stored on network files servers and email hosted internally.
This scenario is common within many organisations today and will be recognizable to most. It is typically based on Active Directory authentication and SCCM management. The devices are typically imaged.
- Highly mobile workforce, typically using newer form factors.
- Applications are either locally installed or accessed via a web browser (SaaS).
- Email and office automation software are delivered via Office 365, Google Apps or similar toolset.
- Data is stored in OneDrive for Business or Google Drive enterprise file sync and share solutions.
- Applications are acquired via Windows Store for Business or the Mobile Application Management (MAM) capability of the MDM tooling.
- There’s limited reliance on corporately provided applications. Identity management can require the user to manage numerous credential sets or require corporate investment in single sign on solutions (SSO).
This use case is becoming more common in sales environments and lends itself to the provisioning approach. It particularly appeals to customers who could go to any computer retailer and acquire a device that can then be provisioned, should their current device fail.
Equally, customers are looking at BYOD solutions to manage contingent labour. Here the customer feels that the contract day rate should include the contractor providing their own equipment which the corporate IT staff manage via the MDM toolset.
In reality, customers within their organizations do not split cleanly into Scenario 1 or 2 but a blend of the two.
What Does the Future Hold?
Most customers fall into predominantly Scenario 1 for historical reasons. As sales forces become more mobile and their applications shift from in-house-hosted to software-as-a-service, they will lean towards Scenario 2.
However, there will still be a proportion of the workforce that does not require or cannot work in this Mobile First, Cloud First way as they are tied to incompatible applications or the cost of transforming the applications is too high. However, over time the number of users in this group is expected to fall.
As organisations transform their business processes and IT support to a more mobile device friendly approach, the balance of power will shift from the traditionally imaged to the modern provisioned. The speed of this transition will be determined by the ability for organisations to invest in this transformation. This may be by shifting to SaaS versions of their current applications or adopting application publishing solutions to enable access to internal applications from devices that sit outside of the corporate firewall.
The balance is firmly weighted in favour of the traditional imaging approach, but based on the number of organisations actively investigating modern provisioning, this will not last for long.
How Dell Can Help Our Customers
Dell EMC is well placed to address both the current and future markets. We have a very strong presence in the device imaging (Scenario 1) business and are trusted by our customers to deliver this service through our ProDeploy for Client Suite. We are seeing strong interest in the ProDeploy Plus business as customers look to optimise the traditional element of their estate. There is a gradual shift of customers from static to dynamic to Connected Configuration.
To address Scenario 2, we can leverage our strong relationship with Microsoft and use our Services capability to deliver solutions based around both the SCCM and Enterprise Mobility + Security (EM+S) suite which addresses the modern provisioning approach. The integration between SCCM and Intune is improving with time but they are fundamentally different offers that work together.
As interest in the Windows AutoPilot tooling grows, we are seeing significant interest in our ability as an OEM to pre-register our devices with Microsoft to enable that approach for modern provisioning. With the release of Fall Creators Update there will be the opportunity to create a hybrid approach whereby the Windows 10 device is delivered to a user without being imaged and can be joined by the end user to the domain via AutoPilot.
When VMWare joined Dell Technologies, it brought the Workspace One Solution which includes tooling to address the modern provisioning (Scenario 2) approach. The AirWatch component is a strong brand in the MDM market and many customers investigating Microsoft’s EM+S evaluate both AirWatch and Intune. Equally, the application publishing capabilities, which rely on VMWare’s Horizon product, are an alternative to the Azure RemoteApp capability that Microsoft has already discontinued in favor of Citrix XenApp Essentials.
Microsoft’s Azure Active Directory Premium (AADP) builds upon the capabilities of the Azure AD license, which many customers will have as part of their Office 365 migration, enabling the AADP identity to be used to access many third-party SaaS apps without requiring the IT team to build and manage a web of bilateral authentication arrangements.
We can assist you to design, build and implement your Modern Management Capability to meet the evolving needs of your increasingly mobile user community. In doing so, we will address the security, functionality and affordability challenges specific to your business, enabling you to give users the flexibility they demand without relinquishing control of the environment.
Let me know in the comments below if you see this trend emerging in your industry and geography. I look forward to hearing you and the way your organisation is addressing the consumerisation of IT.