Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
Offline Working in the Mobile Cloud Era
Barry Coombs
Barry Coombs
• Support and Engineering Background• VMware vExpert (6 consecutive years)• VMware EUC Champion 2016• Public Speaker• Blogger• Author
ComputerWorld
Helping Businesses Define Tomorrow™
ComputerWorld - Helping Businesses Define Tomorrow™
• Passionate, Knowledgeable and Personal Service
Trust ComputerWorld
5
Mobile-Cloud Era
Client-Server Era
Bridging Two Worlds
The modern day desktop
The Legacy Desktop
What IT Wants: Security, and Management
The Modern DesktopUsers want any app on any device
In Any Location at Any Time
What is offline working?
• Numerous connectivity options today– Wi-Fi dongles– 3G/4G tethering– Cloud hotspots
• But what do you do when you really can’t get online!
Poor connectivity – all about the app
• Traditional applications are designed for a LAN-connected world.
• In many cases, newer applications can be architected for intermittent connectivity.
• Synchronising data to mobile devices – but make sure the data is encrypted!
VDI and Session Based Computing
The answer to legacy app mobility?
• Centralised data and single instance management– Increased security and improved maintenance
• Great for a wide range of use cases– Admin– Power Users– CAD and more
• Portability of applications: any device, any location, any time– Except when offline!
Image Management
Centralised Device Management and Deployment
• Automate deployments to minimise human error and standardise deployments– VMware Mirage
• Image deployment, patching, application layering and backup
– Microsoft SCCM– Microsoft MDT
• Education of the helpdesk staff is key to success
Why automate your desktop deployments?
• Achieve more uniformity – better experience for users and for IT– Ease of support– Simplified break fix– Remove the human factor
• Let your IT staff do more business-focussed tasks instead of babysitting PC builds.
• The goal is one automated OS image
VMware Mirage: Dynamic Layering
Driver Library
( pp )Base Layer
(OS, infra software, core apps)
VMware Mirage Application Layers
User Personalisation Layer(user data, installed apps & profile)
Managed by IT
Continuously backed up and unique to end‐user
• Contractors
• Offline Users
• Seasonal Workers
BYO
Horizon FLEX Containerized Desktop ManagementSimplify Management, Drive Down Cost and Ensure Better Compliance
Persona
Apps 2
OS
Apps 1
Persona
Apps 2
OS
Apps 1
Application Catalog Web Service Point
Application Catalog
Website Point
Asset Intelligence
Synchronization Point
Software Update Point
Out of Band Management
Point
Remote Control
InventoryState Migration
Point
PXE Boot
Endpoint Protection
Point
Software Update Point
System Health Validation
Point
Internet-Based Client
Management
Microsoft Intune
Connector
Certificate Registration
Point
EnrollmentPoint
ManagementPoint
DistributionPoint
Fallback StatusPointRole Based
Administration
Reporting Services
Database
One consistent set
of MDM capabilities
across Mobile, Desktop, and Embedded products
Provisioning Bulk enrollment Simple bootstrap Converged protocol Azure AD Integration
Greatly extended set of policies(Parity with Windows Phone 8.1)
Context based policies Client certificates – Direct install (PFX) Enterprise Wi-Fi VPN management Email provisioning MDM Push when user not logged in Device Update control Kiosk Mode, Start screen / Start menu
configuration and control
Curated Windows Store Business Store Portal app
deployment; License reclaim/re-use
Enterprise App management Simplified LOB app management Win32 app management App inventory (MDM/store apps) App allow/deny lists through
Applocker Enterprise data protection
Full device wipe Remote Lock, PIN reset, Ring, Find Enhanced inventory for compliance
decisions
Un-enrollment in two phases & alerts Removal of Enterprise configuration
(apps, certs, profiles, policies) and Enterprise encrypted data (with EDP)
Additional device inventory
Mobile application management
PC managementMobile device management
Intune helps organizations provide their employees with access to corporate applications, data, and resources from virtually anywhere on almost any device, while helping to keep corporate information secure.
User IT
Single adminconsole
Intune
Security
Encrypt your disks with BitLocker
• If you have Windows laptops and you’re not encrypting the disk then you are taking a big risk!
• BitLocker will encrypt the disks of your Windows 7 to Windows 10 machines, but check which versions!– Win 7 Ent, Win 8/8.1 Pro or Ent, Win 10 Pro or Ent
• Enable BitLocker as part of your automated build process.– Record the serial number, date of build and the encryption status so
that when a laptop is lost you have a record of the fact it was encrypted. You can automate this record-keeping too!
– GPO, InTune, SCCM or MDT Task Sequence, Script
Azure Rights Management
• Secure documents at the root• Protect against documents getting into the wrong hands• Securely share documents on any platform• Built in application integration• With or without Office 365 or the Cloud
87% of senior managers admit to regularly uploading work files to a personal email or cloud account.*
87%
58% have accidentally sent sensitive information to the wrong person.*
58%
Focus on data leak prevention for personal devices, but ignore the issue on corporate owned devices where the risks are the same
? %
Enabling data to flow from one organization to another
Sharing dataSecurely share any file type, from within common user experiences
Maintain controlEnlightened applications such as Office and PDF readers offer the ability to enforce rights.
Between organizationsAuthenticate users from other organizations (without having to implement point to point federation)
Cloud Ready
Integration
BYO Key
Sync
Cloud Accepting
Integration
BYO Key
Sync
Azure RMS Connector
Cloud Reluctant
Integration
BYO Key
Sync
Azure RMS Hub
DEMO: RMS ApplicationsNative Applications and Generic protection using Protected File (PFILE)
Custom administrator defined policies
I can protect and share information securely across device types
Sharing documents securely
Use Microsoft Azure RMS to securely share documents with colleagues and business partners
Anti-Virus and Threat Protection
• Ensure updates are available via the internet and not just within the corporate network
• Virus signatures are no longer sufficient on their own; advanced analytics and trending analysis is required
• Ensure that firewalls are enabled on end point device
Application Deployment
Consider methods for application deployment
• Corporate Application Store• InTune• SCCM• Mirage Application Layers• Identity Management solutions by VMware and Microsoft
Cloud Applications
Begin your journey to the cloud
Data Synchronisation and Device Backup
OneDrive
• Great resource for home drive replacement• Educate users to ensure non-trusted third party
applications aren’t used• Consider Cloud App Discovery (EMS Suite) to monitor usage
of non-trusted cloud apps• Collaboration options are limited at present
AppSense DataNow
• Native user experience • Works with CIFS and SMB shares as well as SharePoint for
file storage• OneDrive integration coming later• Support for team drives and network redirection
– Ghost files allow online working with selective file sync
• Mobile device clients for IOS, Android and More
® Consolidation & Migration
• Centralize user data and keep it synced
• Policies to control what gets synced/migrated
• Preserve user’s native workflows & behaviors• All file access and sync activity centrally reported• Upgrade/Migrate devices without worries
Users Home (SMB)
Win 7/8
All sync activityreporting
Unknown volume of data
Backup tools or scripts(LAN/WAN or VPN)
VolumeManagement
VolumeManagement
Win 10
Sync control, Policy & Auditing
• Data resides locally on endpoints, which is outside of business control
• Visibility around how much data? What kind?• User data availability/frustrations (Physical &
Virtual)• Remote access to on-prem shares requires
VPN• Headaches for break/fix, migrations & upgrades
(Device/OS)
® DataNow at a glance
The desktop is changing forever; no longer can we treat the desktop as an install and forget item
Offer the users flexibility whilst maintaining security
Offline working is no longer an excuse for no activity
What is your desktop management plan?