Virtual Desktop Management Blog

The Unidesk Virtual Desktop Management blog covers all topics related to PC Life Cycle Management, Virtual Desktop Infrastructure (VDI), Application Virtualization, Hosted Virtual Desktops, PC Virtualization, Laptop and Thick Desktop Virtualization, and Portable Personality Software.

Subscribe by Email

Your email:

Browse By Date

Browse by Tag

Unidesk's Virtual Desktop Management Blog

Current Articles | RSS Feed RSS Feed

User installed applications and desktop layering - they are linked, and they are the future

Posted by Ron Oglesby on Fri, Dec 11, 2009 @ 09:00 AM
Submit to Digg digg it | Submit to Reddit reddit | Add to delicious delicious | Submit to StumbleUpon StumbleUpon | Share on Facebook Facebook | Share on Twitter Twitter | Share on LinkedIn LinkedIn 

Lately I have been reading a lot about user installed applications and layering in desktop environments. Great articles on these topics include Brian Madden’s A technical explanation of why the whole “layering” / shared image thing is so difficult, Gabe Knuth’s What is layering and why does it matter? and Andrew Wood's User Installed Applications – Dream or Nightmare?

Some separate layering and user installed applications into different categories. The first is a solution for many existing issues, and the other is simply a request from the user that causes more problems for IT. I personally think these two concepts are married at the hip and that one is a requirement and the other a potential solution to that requirement.

Part of the problem (as I see it) is that corporate desktop management teams are ignoring one (user installed apps), while starting to think about the other’s benefits (layering). They're focusing on layering concepts as a way to ’manage’ the desktop while allowing some personalization/unique configurations, a problem that has plagued IT since the early days of server-based computing.

But you can't maintain control of the desktops as if it's still 2000, when the idea of mobile users and laptops in every cube was a pipe dream. As I see it, layering is an opportunity to give mobile and in-office users more control of their environment, while still enabling IT to effectively support them, and at the same time solve the profile and patch problems.

Giving the end user “real” control means allowing them to install the dreaded “user installed applications”… but we need to get over it. The idea of installing an application ourselves is normal. We (IT people) do it all the time and think nothing of it. But we still hold users in contempt when they ask that they be granted this godlike ability. Why?

In corporate IT the world over, the ‘why’ is simple: users can break their desktops if they install something. It used to be that users weren’t savvy enough to install apps and often made inadvertent changes to their systems when they did. But users are savvy, often way savvier than we give them credit for. Try to find someone under 35 (a large part of our workforce) who hasn’t used a computer for almost a decade - they probably own at least 1 or 2 at home.

Are these people as good at remediating install problems as IT? No, of course not. But they are constantly running into times when they need to install items to get actual work done (think Webex, gotomeeting.com, ActiveX controls, a file reader for a specific file type, etc).

With the advent of the corporate laptop, they are now encouraged to carry their PCs to every meeting, on the train, to their homes, on airplanes, and even on vacation! And we would expect them to do this without installing iTunes?

So, are user installed applications important in the corporate desktop world? Yes. And not just for recreational purposes.

While this thought is enough to make desktop managers and helpdesk staff wake up screaming in the middle of the night, it’s time to look for the solution and stop ignoring the demands of today’s users. That was the whole starting argument for a lot of VDI admins saying “I need to give users administrator level privileges.” Yet you still see locked down desktops, profile tools, folder redirection… starting to look like early Terminal Server solutions huh?

The idea of user installed applications is not new. But the idea of embracing them in a corporate environment is. Layering the user’s desktop environment into distinct components allows for unique configurations, application deployment, patching and even user installed applications. This is the future. How this layering is done in the end is still up for debate, but it will be accomplished.

So the question is do you want to continue chasing the policies and systems of 2000? Or will you move into 2010 looking for greater user satisfaction, better productivity, more flexibility and, yes, user installed applications.

-Ron Oglesby
Unidesk Chief Solution Architect

Tags: , , , , , , ,

Comments

Ron I can totally understand why everyone is all about 'user installed' apps. One thing you and everyone else seem to forget are the legal implications on all this. Even the BYOPC idea has legal implications that so far, every single person I talked to, did not know at all. Please read my latest post on my blog at http://www.wtslabs.com/blog. The idea with 'User Installed' apps seems great on paper and I am sure at one point, will be technically solved/feasible. But again, we live in a world where you now need a lawyer to make sure you can actually bring your daughter to the doctor to get a shot. Are you guys really thinking that this whole idea has no legal implications? If you are, sorry, but welcome to the real world. As soon as companies realize the big crap they may get themselves into for allowing this, this whole dream of user installed apps will crumble and crash hard. Even allowing a baremetal hypervisor on the user laptop, let's say owned by the company, running his 'home' OS may have legal implications. What if the user has kids porn on his 'Home' VM that runs on a company owned laptop and he brings that machine, again, owned by the company, to work? This is one example and I have a handful of these that would draw a VERY gray line between user and company liability. Same is valid for applications. What about EULAs stating an app is free for a home user but not for a corporate user and the user installs that on his PC because he 'needs' it? Do you think they will read the EULA? Sure they will. 
 
Again, read my post. I do love the idea but there are way, WAY more issues than you and most people can see at this stage. 
 
Cheers!
Posted @ Friday, December 11, 2009 9:33 AM by Cláudio Rodrigues
Hey Claudio, 
 
Nope, I am not ignoring the legal implications at all. But those that want to poo poo user installed applications latch on to the legal implications like the it is the holy grail.  
 
The reality is that there are PLENTY of "User installed apps" that have no impact. Some are mentioned, file readers, active X controls for viewing content on the web etc etc.  
 
Think about the whole virtual server thing and the push back about MS licensing for the first few years. Or if you think on the compliance side (god I just get a headache thinking about it) how compliance is talked about constantly and steps are taken to meet the arbitrary standards laid down, but non of that changes the world we live in. A world where self provisioning hardly work and users are locked out of making even some minor changes to their desktop.  
 
Will a large bank sweat compliance? yes. Even more than a small bank will. But in mid size companies with tiny IT staffs and requirements to compete with and be faster/more agile than their large competitors will start to ebrace user installed apps. 
 
Everyone also seems to forget that you can still ahve a policy of "not installing" non-licensed software. Then enforce it through sampling and audits. 
 
But in a world where we have commercials that say "There's an app for that" and users that are ever more computer savy and attached to a laptop 12-16 hours a day... ignoring potential solutions to the UIA requirement seems a bit.... well stuborn.  
 
I understand that headache it gives us. Us "old" Citrix guys tell the users what they get and that is how life is. But we need to look at the landscape/battlefield and start to think about our tools and tactics.
Posted @ Friday, December 11, 2009 9:51 AM by Ron Oglesby
I still haven't not seen a good article on why we "have" to have user installed applications. Installing Itunes or user application X doesn't not automatically make the user more productive or the business more money. Add VDI to the mess and unless you have unlimited storage in your data center your running persistent desktops for every vdi session just so the users can have their own apps. 
Posted @ Friday, December 11, 2009 10:13 AM by Jason Benway
Jason, 
 
I have a customer that I have dealt with for probably about 5 years now. They float right in that mid size org looking to compete with the bigger boys. And the question for them about 2 years ago(and other client just recently)was can we allow these users to install things but still have some control/beable to remove the stuff later on in a simple managable fashion.  
 
I love this customer because they have proven to be a good barometer for other customers needs in the future.  
 
Anyway, that is anecdotal. The reality is that YES you can do business without allowing the users to install anything. We do it now.  
 
But just because we do it now is that the "right" way or best way to do it. is there a competive advantage to installing apps at the user level but still being able to remove them easily or place some control around them... That should be the question. 
 
As to the storage issue, that can be solved a number of ways, and yes iTunes may be a horrible example for space reasons.  
 
I guess my thought process here goes well beyond VDI (and I should have called that out). I am thinking big picture here into laptops, desktops, etc. Where disk cost isnt really an issue.
Posted @ Friday, December 11, 2009 10:23 AM by Ron Oglesby
@Ron 
When you say used installed applications are you talking more about personal apps (itunes) or business value apps (webex,file viewer,etc) that letting the user install could just speed up the install process (as apposed to contacting IT and getting it approved)
Posted @ Friday, December 11, 2009 12:43 PM by Jason Benway
Hey Ron, 
 
 
 
I am not saying not to change the tactics/tools/procedures we have today and to scrape the whole 'user installed' apps off. What I am saying, and it is confirmed on your reply, is that you and several other people are simply ignoring the legal implications this will indeed bring to the table. How can you guarantee a certain ActiveX control will not put you in legal trouble? Many ISVs do have EULAs for anything they develop, these included and again, I am 100% sure you and pretty much everyone else never read these things. Myself included. 
 
I do think 'self provisioning' is the way to go but there is a huge difference between this and 'user installed'. One is more like a shopping mall where you have certain stores offering similar products. The other is like having a freaking internet catalogue to pick anything from anywhere in the world, without even knowing if there are any importing restrictions/embargos in place for the place you are ordering from. 
 
So resuming: you and everyone else should be more proactive explaining to the industry that with all the flexibility and productivity increase 'user installed apps' may bring to the table, there may be huge legal implications with such approach. It will then be up to the individual company/corporation to seat down with their lawyers and decide if this is too risky or not. 
 
 
 
CR
Posted @ Friday, December 11, 2009 12:47 PM by Cláudio Rodrigues
Posted on behalf of AppDetective: 
 
 
 
I left my comments onwww.wtslabs.com, but here's goes anyway to avoid you having to click away.  
 
 
 
I agree that UIA are generally a stupid idea for the reasons you mention above and for the fact that the users will still call me when their stuff breaks. I certainly see you and @harrylabana pushing back on the use case in the tweeter universe. Yes it's true I do sometimes try to follow along there but can't be bothered to actually use my @appdetective account yet.  
 
 
 
Anyway I do agree with the line of thinking that this is a just a TINNY use case for some. One reason is legal as you put really well above, and the other is service levels as per the tweets I saw earlier today. The two don't gel and will cause a conflict. The Unidesk blog  
 
 
 
http://blog.unidesk.com/virtual-desktop-management-blog/bid/11103/User-installed-applications-and-desktop-layering-they-are-linked-and-they-are-the-future  
 
 
 
is naive to ignore these issues simply dismissing them as barriers that will vanish thanks to an emerging trend. I also agree with the line of thinking that self-service of managed application is a good thing and not the same as user installed app which is a disaster waiting to happen unless you put a lot of process around it and set service level mgmt expectations.
Posted @ Friday, December 11, 2009 1:24 PM by Tom Rose
Skillful editing of my post to remove all the bad language but kept content. Nice :-)
Posted @ Friday, December 11, 2009 3:21 PM by appdective
Twitter: @djfeller 
 
Simply allowing users to install apps into a hosted virtual desktop is much different than a physical desktop, regardless if you are talking about a truly customized desktop or one that loses the changes after reboot (Citrix Provisioning services). The crux of the matter is that when you allow users to install applications on a hosted virtual desktop, you now opened the door into the data center for every piece of malware/spyware/virus known to exist. I’ve blogged about this in the past (http://community.citrix.com/display/ocb/2009/09/04/Do+Virtual+Desktops+Really+Need+to+Support+User-Installed+Applications) 
 
IT is supposed to run as a service. That means if there is a need, a user should be able to make a request to IT and IT should be able to deliver that service in a timely manner. Simply allowing users to install anything they want should be a cause for distress for everyone. If you are going to allow users to bring their own apps into the data center, you have to have a process in place that you can manage the applications and secure the data center from those applications. If you want to do desktop virtualization correctly, your IT must be capable of overcoming years of poor practices and start running as a service.  
 
Posted @ Friday, December 11, 2009 4:07 PM by Daniel Feller
Thanks for great post and discussion via comments..Its very helpful information to know more about virtual desktop. http://www.onthenetoffice.com
Posted @ Wednesday, December 16, 2009 12:35 AM by Alex
Post Comment
Name
 *
Email
 *
Website (optional)
Comment
 *

Allowed tags: <a> link, <b> bold, <i> italics

Receive email when someone replies.