Page 2 of 2
Mistake 3: Thinking that desktop virtualization only works for online users
I’ve already made the case that desktop virtualization is an excellent solution for BYO laptop users. However, in its traditional and best-known form, it requires users to be always online. An alternative approach is called client-hosted desktop virtualization, where the virtual Windows desktop actually lives in a secured sandbox on the endpoint. The best solutions support both PC and Mac laptops, and offer a choice of hypervisors – type 1 (directly onto the bare metal hardware) or type 2 (running inside an existing Windows or Mac operating system). They require more hardware resources – typically at least 2GB of RAM for type 1 and 4GB for type 2 hypervisors – but can be completely secured and protected from a hosted administration point, to protect their contents in the event of theft or loss of the device. They also can be remotely destroyed or wiped, and encrypted to ensure the VM cannot just be copied elsewhere.
The beauty of this approach is that users can work online and offline, and, if they go the type 2 route, they do not have to surrender their laptop to IT. The virtual machine can just be dropped onto their existing environment. It also offers better graphics performance than datacenter-hosted solutions, since the graphics activity is not sent over a long network connection.
Mistake 4: Not considering data sovereignty
One topic that has had a lot of focus in cloud circles is data sovereignty – the geographical location of data, and policies and regulations that restrict where and when it can be stored. With uncontrolled BYOD and data stored on endpoint computers, there is a real risk of breaching these policies, leading to legal and contractual problems. There are at least two approaches that can mitigate this:
1. Policy-based access using user location. This covers multiple solutions, including Identity and Access Management, User Environment Management inside a Windows desktop, and connection brokering in desktop virtualization; but, good solutions exist that enforce access policies based on the originating IP address of the user.
2. Datacenter-hosted desktop virtualization. Yes, that’s my recommended approach from 2a again, but it really does address this problem because the data stays in one known place, and is only viewed and manipulated remotely.
Mistake 5: Requiring use of a VPN to get to the network
In these days of cloud-hosted services, users could be forgiven for even asking what a VPN is, as well as why they should have to set one up and use it. The challenge is that some services, especially client-server apps, still require one. Fortunately, times have moved on and there are firewalls with LAN extenders that automatically set up a tunnel into the network when a user hits your corporate website, and there also are solutions that use a reverse proxy in the corporate firewall to provide secured access to hosted systems not directly accessible from the Internet. My point is that in order to ease the adoption and acceptance of BYOD, removing a barrier like setting up a VPN is a good step.
So, those are five of the top considerations in implementing a BYOD policy, especially for laptops, and, to a lesser extent, tablets. Solutions are available for all of them, although I recommend solution providers try to minimize the number of vendors used. Few organizations can solve all of the issues under one roof; but, with the right partner, you can embrace BYOD and increase user satisfaction and productivity.