Mainframe2 offers your own Windows apps delivered from the cloud in ten minutes! (With live demo you can try here!)
Last Thursday I had coffee with Nikola Bozinovic, founder of Mainframe2 . His company just came out of stealth in October, and it's one of the most impressive things I've seen in awhile. The best way I can explain it is Mainframe2 provides your Windows apps to you from the cloud. It's kind of like DaaS, except users just connect to single applications. It's kind of like VDI, except you don't have to run build or run anything yourself. It's kind of like XenApp, except you can get be up and running...(read more)
AirWatch just announced its own app reputation scanning service, but it still leaves ample room for partners Appthority and Veracode.
This week AirWatch announced that they have developed their own app reputation scanning service. They already have partnerships with Appthority and Veracode, two companies that provide similar services, so yesterday I caught up with AirWatch senior product engineer Blake Brannon to see what the difference is.
What is app reputation?
App reputation is based on the idea that even if mobile apps aren’t actually outright malware, their ability to easily access and share data can be still be dangerous, and that poorly-designed apps can put data at risk, too. Mobile device management technology doesn’t usually doesn’t give much visibility into these risks; mobile app management technology can keep corporate data separated from risky apps, but this isn’t always an option.
The end result is that often corporate data ends up being exposed to all sorts of user-installed apps, no matter what. App reputation services can be used to see which apps might put that data at risk.
AirWatch’s take on app reputation
AirWatch’s solution is starting out pretty basic. Essentially, it just does static analysis of iOS and Android apps to see what permissions they ask for and what shared resources and APIs they call on (think of things along the lines of contacts, calendars, location data, and other frameworks that mobile OSes use to pass data back and forth). The result is that you can see what types of personal and corporate data they can access, and check on other behaviors, like whether or not they utilize encryption. The service has a separate licensing cost, and is $10 per device, perpetual, or 50 cents per device per month.
The AirWatch management engine can keep tabs on all the apps users install in your environment, (with MDM, you can see an aggregate list of all the different mobile apps on the devices you manage) and you can use the results to build policies around individual apps. AirWatch is also building up a central database of the reputations of apps scanned by their customers.
This is pretty much all it does for right now. On the other hand, Appthority and Veracode have a lot more options for different types of analysis and building policies, and they can both be integrated into the AirWatch management platform, too.
For example, Appthority can do dynamic code analysis and collect all sorts of information about apps (demo video here), and they give apps a reputation score. Their policy engine, released this summer, can be used to build general MDM policies around different types of behavior or reputation score.
It’s pretty clear that for right now if you want anything beyond the basics you’ll have to go with a partner. But naturally, AirWatch has plans to expand their offering to include more dynamic scanning and more platforms, so we’ll keep an eye on this.
What happened to Apple’s iOS 7 Enterprise Deployment Guide and streamlined MDM enrollment process?
It’s been five and half months since iOS 7 was announced, and two and a half since it was released, but we’re still missing a few things from Apple: the iOS 7 Enterprise Deployment Guide and the streamlined MDM enrollment process.
For a long time, Apple has published official white papers and guides covering the enterprise workings of iOS, including background on iOS security, MDM, and other areas like the Volume Purchase Program, Apple Configurator, and so on.
There was a wide range of documentation available for iOS 6, and most of it came out pretty soon after the release back in 2012. But now almost all of it has disappeared from the Apple website, and even though it’s been over two months since iOS 7 was released, nothing new has taken its place.
For now all I can find is updated information on the Volume Purchase Program (pdf here) and last year’s iOS Security Guide (pdf here). There are a few more pieces of miscellaneous information on the business support page, and some general MDM information, but nothing that comes close to the past documentation.
We do have the Configuration Profile reference, though, which can tell us most of what we need to know about the new MDM features, and of course 3rd-party MDM vendors have their own guides, too. But overall, this is nothing like TechNet!
This isn’t the end of the world, but still, it would be nice to have the official documentation, and I’m wondering what the hold up is.
What about Streamlined MDM Enrollment?
You might recall that one of the iOS 7 MDM features that I was excited about was the Streamlined Enrollment process. Basically, it lets companies that purchase Apple devices in bulk add MDM enrollment into the setup process, so devices can always be managed no matter what. This would speed up the mass MDM enrollment process, and it make it impossible to remove a device from management. (Remember that LA school district iPad “hacking” story where students removed the MDM from their devices? This probably would have prevented that.)
Streamlined MDM enrollment was first mentioned on the iOS 7 and business page in late June, and we got more details in September when the developer NDA was lifted and sessions from WWDC became available.
However, now it looks like this feature isn’t coming out anytime soon—references to it have been removed from Apple.com, and we haven’t heard anything else about it. This feature for sure would have been useful for companies that do mass deployments of corporate-owned devices, so it’s a shame that it disappeared.
Comparing Google and HP Chromebooks: I get why people like them, but these things aren't ready for enterprise adoption...yet.
When I last wrote about Chromebooks, I criticized the entire concept, asking why they even existed when there was such a gap between price and performance. Commenters (well, I think it was one snarky guy with multiple names, actually) laid into me about how it’s an appropriate device for their mom or sister, but nobody weighed in on the valid enterprise use cases. A few people cited school systems and how they love the fact that they are secure devices with just a browser and nothing to manage, which I can understand.
I recently focused my opinion on that gap in an article for SearchVirtualDesktop, and today I want to relate my experience with both the HP Chromebook 11 and the Google Chromebook Pixel devices that I’ve got on my desk at the moment. I’ve used them both extensively over the last few weeks, and here are my thoughts.
HP Chromebook 11 - $279
I chose the HP Chromebook 11 since that’s the device that got me thinking about Chromebooks again. All the reviews for it said something like “not bad for a Chromebook,” which I took as a sort of hidden slap to the platform. Still, when I asked Twitter for advice on which one to get, the only response I got was “Why would you pay $350 for a browser?,” so I went with it. I would have posted a link to the Amazon product page, but it’s been pulled due to a recall for an overheating power supply. Still, it works for me, so on with the review!
First, I want to say that my wife uses this thing every single day. The 2008-era MacBook Pro that she used to use is now collecting dust. As a portable device for web surfing, I choose it over my iPad more often than not simply because it has a keyboard. The problem is that this $279 device is woefully underpowered for all but the smallest amount of web browsing. YouTube videos play ok when in their small window, but at full screen become choppy, even at standard definition. HD videos aren’t watchable, especially when you have other devices that play them well. Websites also render slower, which is tolerable to a certain extent, until I want to work.
When trying to work on the device, I find myself constantly waiting longer for things. It might be an extra fraction of a second here and there, trying to pull up our extensive list of files in Google Drive is much slower than on my laptop. Even scrolling the files (or any other website) is glitchy. Sure, I paid five times as much for my laptop, but if a company were to take my high-performing desktop or laptop away and replace it with this experience, I’d go nuts. And, if my web apps that relied on client side resources were slower, I’d be outright mad.
Windows desktops delivered via HTML5 work all right, but no matter what the resolution of this device is so low that running a desktop or application in a browser window is less than pleasurable. Plus, if given the choice between HTML5 client and traditional client software package for remote desktops, which would you choose?
I’ve come up with a handful of use cases in and around my own life for cheap devices running ChromeOS, but all of them are for consumer use cases. One, for my 82 year old grandfather, can’t be done unless Chromeboxes become widely available, since he could never use such a small device with a small screen. I know there are 14 inch units available, but his use case is more conducive to a desktop form factor. All of use cases are centered on people that just browse the web and check email, and while that applies to many of us, only a small number are willing to put up with poor performance when there are other options that work better just one pricing tier above this.
Chromebook Pixel - $1,299
Since there are no Chromebooks in the tier above the HP device, I had to jump up a few levels and take a stab at the Chromebook Pixel. This is the top of the line Chromebook, running a Core i5 processor, 32GB SSD, and 4GB RAM in an aluminum case with a 13 inch 2,560 x 1,700 pixel touchscreen. While a bit on the heavy side, the device feels and works great, as it should for a device that costs as much as a MacBook Air. Admittedly, this is a relatively small run device that Google created to show vendors that they didn’t have to build sub-par devices, and that Chromebooks could be made to do more than bare necessities.
Google succeeded in one respect, since web site and apps load brilliantly fast. The screen is amazingly crisp, although it’s a bit unwieldy since it’s a 4:3 display. The touchscreen has proven useful, although it took a few sessions before I started using it on a regular basis. Now it feels so natural I was I had one on my daily driver MacBook Air. All that horsepower adds up to a drastically better experience across the board, and I can begin to see how a stripped down OS that only does what you need without all the other BS can be useful. Yes, you need a web service to do everything you previously needed an application for, but if you can find a replacement, you would have no problem using this device.
The biggest problem, and my biggest point from the first article, is that the price for good performance is way, way too high. The Chromebook Pixel doesn’t do anything fundamentally different that the HP Chromebook 11, yet it is a full $1000 more ($1200 more if you want the device with a 64GB SSD and LTE connectivity). If someone asked me today if they should get a Chromebook, I’d still have to say no. Perhaps if you only have $300 and a consumer-oriented use case it’s worthwhile, but for enterprises it just doesn’t make sense. If you’re spending more than $300, on up to $1300, you have better options. Even if you’re planning on using them as thin clients, which is possible, you have better options.
This has been a bit of a learning experience for me. I no longer hate the devices, and I find myself using them occasionally, but in no way are they replacing anything I already have. If I did aim to replace laptops with Chromebooks, it surely wouldn’t be with the low-end device, and I’d challenge any company to come up with a cost-benefit analysis that says a $1300 Pixel is the better solution compared to whatever they’re currently doing today.
As I wrote for SearchVirtualDesktop, what we really need is time. We need time for the cost of the hardware to come down. We need time for companies to continue to move away from Windows applications. And, we need time for companies to embrace unmanaged endpoints (or for Google to add management capabilities to ChromeOS). Perhaps in the next few years more pieces will come together to make it a more broadly viable solution. That doesn't mean there aren't use cases for them today, but it does mean that we're not currently dealing with a disruptive technology.
As more apps move off Windows, a "well managed" desktop is worth less and less.
One of the sad ironies of our lives as desktop support folks is that now that we're finally getting really good at managing Windows, being good at it matters less and less with each passing year. As an industry, we've been managing Microsoft Windows desktops for going on 20 years, and if you really look at it, we're pretty much doing it the same today as we have been all along. (Image a machine, push out software, patches, and updates. Install applications as needed. Configure profiles and policies...(read more)