Yesterday I’ve posted "Will Windows 8 require UEM?". At this time I’ve received a lot of feedback from both folks that agree with my opinion… but also from people that do not.
I would like to thank Gareth Kitson (AppSense), Ruben Spruijt (PQR) and Patrick Zander (RES Software) in particular for their feedback since they’ve provided some valid arguments with their feedback… where all three do not agree with my post.
I’ve also received some feedback with extensive arguments from a former colleague about the fact I don’t to RES Software or AppSense justice in my article. Since he has send me this feedback privately, I don’t know if I may call him by name and therefor I’ve decided to, for the sake of this post, call him "Anonymous1".
First I would like to clarify what I consider to be "required" and what I consider to be "Profile Virtualization".
There won’t be a smooth migration without it.
Detaching personalized settings from the profile and applying them to the user then required, for example by logon or starting an application.
By doing this, the same settings can be applied on a variety of operating systems and the problem of a multiple platform environment where personalized settings cannot be exchanged between desktops and terminal servers will be solved.
Now let’s take the feedback I’ve received and handle them one at a time.
01 – Patrick Zander – A workspace management solution is required for any smooth migration because of the simple fact that it is about more than the profile.
I think this will come down to a discussion what one thinks to be required for a smooth migration. I think it’s clear that our opinions differ on this subject.
02 – Patrick Zander – How about login scripts, group policy and security configuration?
Read on and you’ll get the answer to this question.
03 – Patrick Zander – You need that as well to minimize the amount of work that is put into such a project.
Why? If I do a little bit more work, and save at least 30 Euro’s per user…?
Let’s take a company with 1000 users and a saving of 30 euro’s per user by not buying the most basic version of RES Workspace Manager… this would allow a company to hire a consultant for the amount of 30.000 Euro’s to do the same.
Now let’s say that this consultant would ask for 100 Euro’s an hour, so the company can hire him for 300 hours and that equals to 37 days. That’s not a bit more than a month since there are weekends in a month where the consultant will probably would not like to work.
This would be a about 7 weeks and 2 days. Seriously? In that amount of time I could implement a UEM solution three times over, and not having to rush!
So, for the sake of argument, let’s take half the time to implement GPP and AppLocker and for what is impossible with GPP login scripts can be used.
That would mean that I would have somewhere between 3.5 and 4 weeks to do that in… not even considering that the company probably already has login scripts and that all I have to do is implement AppLocker and replace the login scripts as much as possible by GPP.
So first it will come down to what functionality the customer desires.
Secondly, it all comes down to costs and manageability of the solution that is being implemented, whether it is a built-in solution or an UEM.
04 – Patrick Zander – With RES Workspace Manager 2011 Express you get a free solution for this except securing the user workspace.
Yeah… free with no support. Not forgetting the fact that every few weeks some hotfix pack comes out and in sometimes include fixes for key functionality that’s not working properly. In some cases I’ve even experienced when implementing a hotfix for problem 1, it was the cause for problem 2.
But I have to take some of my words back… there is support. First you have to pay around 299 euro’s to create a ticket (since you’re using the Express version you’ve got no software assurance) and only when a bug in the code is detected because you’ve reported the problem, your money will be given back.
When a customer would get full access to the knowledgebase of the product, for example like Microsoft and Citrix do, I would ever start thinking about recommending a "free" solution.
Although some of the articles in the online knowledge base of RES Software are open for the public, all “the good stuff” is only available for customers.
05 – Patrick Zander – Built-in tools are comprehensive but also inflexible and requires deep technical knowledge. This will result in highly skilled people doing mundane work.
They require deep technical knowledge? When working with a Microsoft operating system, I think it is required to do the proper training/certification (the same goes when you’re working with Linux operating systems or others).
But let’s take a Microsoft operating system just now… In my opinion every system administrator has got to achieve the MCITP Systems Administrator certification.
When you do that the proper way (so without getting the questions and answers from the internet and learn those instead of the actual content) you will have all the required knowledge to operate the built-in tools of both the Windows Client and Server operating systems.
If you would say that UEM solutions provide a solution with more capabilities and are easier to implement and use, I would totally agree with you.
06 – Anonymous1 – Both RES Software and Immidio don’t do anything like profile virtualization, only AppSense does.
Depends on what you consider to be profile virtualization. If you read what I consider it to involve, I think you would agree with me that RES Software, AppSense and Immidio do it.
07 – Anonymous1 – Workspace Management is about getting the right content to the user in the correct context so no only based on device and identity.
Agreed, but when you deploy applications based on OS (for example through SCCM) and when you set sequences/applications to run only on specific operating systems I don’t see a direct reason to require a workspace management (or UEM) solution for a smooth migration to Windows 8.
A profile virtualization solution works just fine, but a UEM solution will offer more than just that. So the point I’m trying to make is that even the "starter" version of the UEM solutions of RES Software and AppSense have a list-price around 30 Euro’s where Immidio has a list-price somewhere around 11 to 15 euro’s I believe.
If a company is satisfied with the level of manageability they currently have, I think a solution that offers profile virtualization is just fine for their case.
Explaining to a customer that they have a pain/problem before they experience it and explain to them that you’ve got the cure/solution, is why I think IT departments have gotten such a bad name the last decennia. Or at least, it’s a part of a larger cause.
But that is another discussion all together, which I would love to be a part of in real life…
08 – Gareth Kitson – You mention Profile Virtualization and Workspace Management; It is hard for me to comment on this as I do not know what you know or consider to be Profile Virtualization and Workspace Management to be.
What I consider to be "profile management" I’ve explained earlier in this post. But for "workspace management" here is what I think it is:
Manage the entire user environment, from the desktop to the start menu and all settings/applications that come with it.
09 – Gareth Kitson – UEM, from a personalization point of view, is much more than Profile Virtualization.
Agreed, and that’s also what I posted… UEM consists out of both Workspace Management and Profile Virtualization. However, I think both concepts need to be taken further than version 1.0… let me explain what I mean with that.
As I stated earlier, in the part where I explain what I consider to be "profile virtualization", version 1.0 was about making user settings in depended of the profile, so for example one could have a single "universal" mandatory profile on the network and the personalized user settings would be applied to the user when they logon. Therefore, less network storage for profiles and less chance of corrupt profile.
Next came version 2.0 where it was possible to get the personalized settings to users only when they asked for it (for example by starting an application) and not all at logon, which greatly decreased logon times compared to version 1.0
Of course some nice extensions to the "versions" came into existence… applying the user settings to virtualized applications to take one example.
I’m still wondering what version 3.0 will bring us, very excited about the whole concept since version 1.0 and it’s only getting better.
So we get back to my conclusion in my post, that UEM is not required but profile virtualization is… and yes, both RES and AppSense offer profile virtualization (and much more since they are an UEM solution).
But me, as I only want profile virtualization, wouldn’t want to pay about 30 Euro’s when I could pay less for the same result.
10 – Gareth Kitson – And you compare Workspace Management to Group Policy Preferences.
When I read my post again I see that I could have used some more words to clarify this. I see GPP as a small brother a workspace management solution which allows you to replace most of your logon scripts.
Hey, wasn’t that something like the marketing campaign from both AppSense and RES Software? 😉 http://appsense.wordpress.com/2009/07/02/replacing-complex-logon-scripts-for-faster-logon-times-simplified-management/
Of course RES/AppSense go way further with this compared to GPP… but I do not think this is required for a smooth migration to Windows 8.
11 – Gareth Kitson – Managing the user environment or workspace in an enterprise environment requires a lot more than GPP.
I think this ends up in a discussion what level of management you desire. I know for a fact that Immidio is implemented in a Quote500 company in Europe and that they do not use an UEM or Workspace Management solution.
Since I don’t think you’re implying that they don’t have managed desktops, I’m guessing that they are satisfied with their level of a managed desktop…?
12 – Gareth Kitson – What about; Machine set-up, desktop configuration, user rights management, application access control, network access control, feature lockdown, self-healing, resource entitlement, etc…
Again this will end up in the discussion of the level of manageability you desire. Most of the times UEM solutions go further with this compared to the tooling that Microsoft provides.
But just to make a little (nasty) list:
Machine set-up = Don’t know what you consider this to be…
Desktop Configuration = GPP, and you can expand this with: Redirection policies, System Center, App-V.
User Rights Management = Active Directory, and you can expand this with FIM.
Application Access Control = AppLocker, and you can expand this with group policies.
Network Access Control = NPS/NAP.
Feature Lockdown = Group Policies + GPP… when you’re a bit creative with the registry I think you can get very far.
Self-Healing = When used with NPS/NAP you can use HRA for this, but also Desired Configuration Management in SCCM can be used for this.
Resource entitlement = Active Directory/System Center.
13 – Gareth Kitson – There is a lot more involved in managing the user which is why AppSense and RES Software have been so successful.
I will never ever say that RES Software or AppSense aren’t successful, you are doing a great job! And for companies that desire the highest possible level of manageability over the user environment, I think your products are THE way to go.
That was also not what I was trying to say in my post… I was wrote that I think a UEM solution is not required for a smooth migration to Windows 8.
14 – Gareth Kitson – All configurations must be context aware; the Windows 8 user of tomorrow will be roaming about, between sites, offices, customers, partners, home etc. and they will not be on Windows 8 100% of the time.
Agreed, but depending on what you want I don’t see a direct reason to involve UEM in this. GPP will allow you to offer (some) content based on OS, IP-range, network connection, language, time range, etc.
I definitely see where a UEM solution will go beyond that and will offer a more complete solution, but again for me THAT was never in question.
15 – Gareth Kitson – They will also be on RDS, Virtual Win7 desktops, Mac’s, Tablets etc.. the ‘Workspace’ configurations must be dynamic and automatically configure the desktop based on the context of the user, the device, the location, the time & date etc.
If you want to offer content like shortcuts, registry settings, ini files, folders, files, environment variables, drive maps or applications than I think the default Microsoft functionality which is offered in GPP goes a long way.
When you want to go beyond that, a UEM solution will be a good choice.
16 – Gareth Kitson – I agree, Immidio provide some 1st step profile management, but that is typically only relevant if you have a profile issue; say bloat, corruption,- slow log on times.. it is not a Personalization solution.
Since you’re saying that they are not a personalization solution I’m wondering if we’re thinking about the same thing.
With Immidio (and also AppSense and RES) you can specify which profile settings (files or registry) need to be separated from the profile. These settings are saved on a user-unique location, for example the home directory.
When a user changes something, the settings will be saved on the home directory instead of the profile and also applied from that same home directory when they need them.
17 – Gareth Kitson – Personalization requires enterprise features such as synchronization, back up, cross platform, roll back etc..
Cross platform works perfectly with only profile virtualization… that is the whole point of that technology.
Synchronization can be interpreted as multiple ways. If you mean to sync personal settings, I believe that’s what profile virtualization does? If you mean to sync more than just personal settings, I agree… UEM is a great solution that can help with that.
Roll back, depends on what to want to roll back. I believe both RES Software, AppSense and Immidio offer this for personal settings.
So, I agree with your statement.
18 – Gareth Kitson – GPP and AppLocker are ok maybe for a simple environment, but where you require more control, over say – when can a user launch an app, what type of apps can you white list, can you allow user to run any app from a specified trusted vendor, what time of day can the user run the app, can the user run the app from anywhere or only on their corporate LAN and IP address, what Admin Rights can the user launch the app with etc… then you need the workspace management features of a specialist UEM solution.
Agreed. But again this is not the point I was trying to make. I’m saying UEM is not required for a smooth migration to Windows 8, but profile virtualization is. Since an UEM solution offer profile virtualization, this would also apply to that product.
All the extra features you get when you use an UEM solution instead of a solution that only provides user virtualization, I think are not required… which is the point I was trying to make in my post.
19 – Gareth Kitson – For AppSense and RES Software coming in you say; “only when you want a single solution/console”. Please… really? Between AppSense and RES we have over $100m a year in revenue and probably 10million licensed users.. We didn’t get that big by just providing consoles … and will continue to grow as Windows 8 and other desktop OS, devices and delivery options continue to grow and add complexity.
Again, I’m not making the statement that RES Software or AppSense are not successful companies because you are!
And about my statement, I must say that I was wrong at that point… you offer more than simply a single console. I hope that this has been made clear by this entire post and I apologize for that statement.
20 – Ruben Spruijt – It’s all about the context.
UEM (or Workspace Management) is indeed all about the context in which you offer content to users, that was never in question. What I question is, if this is required for a smooth migration to Windows 8… where I think it is not.
The problem I was having is with the question if Windows 8 will required a UEM solution.
First, I don’t have a problem with UEM, I think it is a great solution for to manage the complete user environment. But to say that it is required for a smooth migration to Windows 8, I think not. I think it is overkill to implement an entire UEM solution for that.
Only when the customer wants to increase their level of a managed desktop, I think a UEM solution is a correct choice. So an increased level of a managed desktop will be an addition to the migration, where the migration itself will be smooth by using a profile virtualization technology.
Since UEM solutions provide such a feature, I’m not saying that one must not choose a UEM solution, I’m saying to choose the correct products with its features for the functionality you desire.
If you only want to migrate to Windows 8 and not to increase the level of you managed desktops, a solutions that only provides profile virtualization is the best choice (considering costs).
Now here comes good collaboration with the entire IT department comes into play. Only when you understand the demands and the future vision of both the company and the IT department itself, a proper choice can be made…
Simply because you wouldn’t want to implement a solution that only provides profile virtualization, and the next year replace it with a UEM solution.
And for the sale-pitch, I think that a UEM solution will not only help in the smooth migration to Windows 8, since it includes a profile virtualization technology, but allows you to manage your entire user environment and provide users the best possible experience through your entire environment whether it is a terminal server, desktop, tablet of desktop.
So in my opinion the sales pitch shouldn’t be that UEM provides a smooth migration to Windows 8, but that a key technology included in UEM provides that and that the additional features and technologies included in an UEM solution provides companies some great additional features to the entire environment and not only a migration to Windows 8.
In my opinion… THAT would be the sales-pitch for a UEM when it comes to migrations to Windows 8. Where for a solution that only provides profile virtualization, only the part about enabling a smooth migration to Windows 8 and providing the users with the best experience on that device will apply.
Hi Jeff and thanks for your feedback!
‘So in my opinion the sales pitch shouldn’t be that UEM provides a smooth migration to Windows 8, but that a key technology included in UEM provides that and that the additional features and technologies included in an UEM solution provides companies some great additional features to the entire environment and not only a migration to Windows 8. ‘This exactly is the pitch! You are absolutely right. It is not about migrations, it is about non-migrations. I still firmly believe that a UEM solution is the only way for IT to be able to quickly adapt new technologies and focus on what you deliver to your user’s instead of how. With a UEM solution in place there will be no more traditional OS migrations as such. But migrations is ‘only’ one of the pain points it addresses.This is the mind-shift we as vendors have to work on. Companies are starting to get it. The focus must shift from technology to what we offer to our user’s – the customer. We always have to provide a better service, and the first step is to implement an UEM solution as it helps achieve this with less effort.With context aware user workspace management, the technical changes implemented (be it Windows 8, VDI or application virtualization) are going to be adapted and exposed to the user’s based on their specific need.After you’ve create a component of the management layer, everything else is going to be much easier! Start here before you start with virtualization or migration.ThanksPatrik
Then, do you understand my original post that I have a problem with people implying that UEM is required for a smooth migration to Windows 8? My point was that I think only a key technology included in UEM is required and since the question is not about the additional value of an UEM solution, I think that the question should be that profile virtualization is requred.
My post wasn’t to bash UEM solutions, it was about choosing the right tool for the job (and according to the question the job was migrating, nothing more…).