I can’t believe it’s been a year since I joined VMware! The first year of my job can be summarized like this: Fly around the world. Talk to current and prospective customers. Listen to their EUC plans and strategy, explain VMware’s plans and strategy, see how those two align, and share feedback with with our internal folks.
Even though I’ve been in the IT industry for 24 years, now that I work at VMware, I have a better understanding of what customers are doing in the real world than I ever have. At BrianMadden.com, I mostly talked to vendors, so I got a sense of customers and trends second-hand, and filtered through the lens of whatever that particular vendor was trying to sell. But at VMware, I’m talking to customers directly. 160 of them, to be exact, from 18 countries and 26 US states.
So in this post, I’m going to share my findings and observations on this. (By the way, this is the #1 question I get asked from other industry folks when I tell them how many customers I’m talking to: What are you seeing out there? What are customers doing?)
The state of Enterprise EUC in 2019
The most surprising thing to me after all these meetings is how similar most customers are. Seriously! Every larger company, say, more than 2,000 users, is basically the same. (In terms of IT.) I know this goes against everything we learn from Dale Carnegie or Sales Training 101. “Make every customer feel special!” “Each customer is a unique snowflake!” Good thing I’m not a sales rep, because from my perspective, all customers are pretty much identical. :)
For example, if your company has more than 2,000 users, allow me to make the following predictions about what’s happening in your EUC world, and how a meeting with me would go:
- You have an initiative that’s called something like, “Desktops 2.0”, “Desktop Transformation”, “Next-gen desktop”, “Workplace modernization”, or some similar form of that.
- Your Windows 7 to Windows 10 migration is not yet complete. (You’ve done the math to see if it’s worth paying the ransom.)
- You’re focused on getting Windows 10 rolled out the "old way," feeling the pressure of the January 14, 2020 expiration date of Windows 7. This means your Windows 10 project is done with traditional images, domain joins, traditional PC lifecycle management software, etc. (All that modern stuff like next-gen provisioning, no domain joins, cloud-based agents, etc. sounds awesome, but it’s something you’ll deal with on January 15th.) We spend ten minutes talking about Windows 10 modern management, and how it’s possible to fully manage and trust a machine that’s not in your domain and that you didn’t image.
- You’re using SCCM, AD, and GPOs for Windows device management. (>95% of you are doing this. The remaining 5% are using Altiris or some other PCLM tool which caused me to agreeably nod when you told me but that I was just writing down so I could google later.)
- You spend a lot of time on “image management” and “image creation” for your Windows devices. We talk about modern provisioning, the “AutoPilot” process (which you’ve heard of but thought was a Microsoft-only thing, and you’re interested to know how we integrate with that), along with OOBE (out of box experience) for BYO devices and Dell Factory provisioning where they come pre-joined to Workspace ONE directly from Dell.
- Your Macs are not managed, or they're managed with Jamf. (Or you said you don’t have any Macs, which caused me to say, “Really? Not even execs?” And then you and a colleague looked at each other and smiled, before finally admitting that yeah, there were some Macs.)
- Chrome OS and Chromebooks are not really on your radar. Then you listened to me talk for ten minutes about how they’re going to be huge in the enterprise, and you politely agreed, but didn’t take notes while I was talking.
- There are some remote Windows / remote apps / VDI / RDSH. A lot of this is Citrix XenDesktop / XenApp (which is fine with me!), though VMware is gaining ground. If you like Citrix, you really like Citrix, which is awesome. If you don’t like Citrix, you really don’t like Citrix.
- You’re trying to decide how the cloud fits into your desktop strategy. Is it just for DR? Is it just for seasonal bursts? Do you put “real” users in there? Do you extend your on-prem implementation, or is it separate? Do you run Horizon on AWS or Azure, or go for more dedicated hosting?
- You do manage mobile devices, most likely with VMware AirWatch (now part of Workspace ONE, but you probably don’t know that), or with Mobile Iron. You’re talking about how Intune is “free”, but we joke that’s “free like a puppy” and you can’t actually find any of your peer companies actually using it in a big way for EMM. Then you listen to me talk about how the model is similar to how RDSH + Citrix/VMware works, with Microsoft providing a baseline EMM/UEM offering with Intune but most enterprises using a third-party with enterprise focus instead, like VMware Workspace ONE.
- Web/SaaS/cloud apps: You have some kind of Ping, Okta, etc. for doing SAML, integration with ADFS, AD on prem, etc.
- You ask me if we support Linux devices. I tell you we do, but it’s very basic today but we’re working on it, and I ask you what your use case is, and you don’t really know, other than you “have some Linux."
- BYO is very limited. If you’re doing it, it’s with mobile devices (versus laptops). You’ll probably explain that you’d love to do more, but that you don’t know how to trust all device types, how to ensure consistent service delivery, or how to offer real support. Then we talk about drivers for awhile.
What’s this mean moving forward?
The biggest surprise for me, after talking to so many customers, is that the VAST MAJORITY talked about doing things like, "Desktop 2.0", "Workplace Transformation", "Digital Transformation", etc. It's surprising because those types of terms sound like vendor BS marketing terms. So it's interesting and cool to hear customers bringing that up on their own.
The challenge for most organizations is they don’t know where to start. The answer is like that old saying about, “How do you eat the elephant?”
One bite at a time.
If you look at everything that’s happening in EUC right now, there are a lot of moving pieces. I mean look at what the white board usually looks like when I walk out of a meeting:
(BTW, if you haven’t seen me actually walk through the creation of this white board while I explain VMware’s EUC vision and strategy, there’s a video of it here.)
When we get to the end of this, people often say, “That looks complex.” I tell them, “It looks complex, because it is complex!” This complexity is not because of Workspace ONE, rather, Workspace ONE exists to support this complexity!
Think about it: Twenty years ago, when Windows systems management and domains and GPOs were new, there were no mobile devices. (Blackberrys weren’t a thing yet, and when they were, they were handled by the phone department or Exchange admin.) 802.11b wasn’t a thing yet, and remote access involved modems and RRAS servers in your datacenter. Macs at work weren’t a thing. Teleworking wasn’t a thing. Web apps weren’t a thing.
Today we want to allow users (who may or may not be employees) to use whatever device they want (which we may or may not own) to connect from anywhere, at any time, and to use any app they want. And if something doesn’t work, it’s our fault. If there’s a security breach, it’s our fault. If it’s not as fast or easy as they’d like, it’s our fault.
In today’s world, a high profile user (doctor, lawyer, partner, etc.) can call you to his or her desk and hand you a device you have literally never heard of and say, “put my work on here” and walk out, expecting you to have it done (and secure, and compliant, and performant, and...) by the time they leave at 3pm.
So the challenge isn’t that everything is complex. The challenge is figuring out how to start eating this elephant.
Where do we start?
Even though my white boards look like a bowl of rainbow spaghetti, it’s possible to unwind and simplify things a bit. A full EUC / digital workspace transformation is probably ten (or more?) separate projects which could take years. The important thing is to focus on small steps that are quicker and easier to implement, but that also provide real value.
Some examples: (these can be done in any order, or even at the same time, as they’re unrelated to each other)
- Even though you’re still using SCCM today, install the VMware Workspace ONE agent on your Windows 10 machines. You don’t have to do anything with it yet. Just install it. (It will play nice with the SCCM agent.) This will let you start to get a handle on what’s out there and populating the intelligence platform. You can start to get alerts from the Common Vulnerabilities and Exploits (CVE) feed integration, get some inventory, scoring, etc. Eventually you can start to use Workspace ONE for some simple things like pushing out patches to devices in the field, etc.
- If you have a smaller population of devices that you’re not currently managing, like Macs, you can put the agent on them and start getting value immediately. (Again, just drop the agent on there, don’t touch it, and see what data starts showing up and what you can do with that.)
- If you don’t have SAML integration for third party web apps, that is a very easy win with the VMware Identity Manager component of Workspace ONE. (This will let your employees use their domain logins for third-party SaaS apps like Salesforce, Concur, Box, etc.) Huge win and pretty straightforward. Using Identity Manager here will also let you start collecting insights on your users and their behaviors which can be used in the future for security integrations, etc.
- If your users have several portals where they access and launch applications, you can start to consolidate into Workspace ONE Intelligent Hub (part of which is an app and content catalog), which has a web version as well as local platform versions. For example, if you have a mix of Citrix and VMware Horizon desktops and apps, you can consolidate the access of those via the Intelligent Hub. (Don’t worry, your Citrix connections will still use the Citrix client software and HDX protocols, so that won’t change, you can just consolidate the front ends of all your various systems.)
- If you have SCCM, you can install the VMware Workspace ONE “AirLift” component (which is basically a Windows server you run on a VM near your SCCM site server) which will sync many settings, groups, packages, collections, etc. between SCCM and Workspace ONE. (Some people think of this as a migration tool, which is something it can be used for, but it will happily run for years if needed, so no hurry.)
- If you’re doing Windows 10 laptop provisioning in the traditional way, where you have a gold image, you use sysprep, etc., you can start to play with the modern provisioning (AutoPilot, OOBE, etc.) that Workspace ONE supports. This can let you get out of the image management business. It can also let users buy whatever device they want from whatever store they want and when Windows boots up and asks for their email address, if they use their work email then their device can be completely enrolled and managed from day one without any manual involvement from IT. This is a huge win that’s really easy to get started with.
- If you’re thinking about cloud-based desktops or Windows apps, you can start small to get a taste. For example, VMware Horizon Cloud on Azure lets you put VDI or RDSH instances in Azure, starting really small, which you can manage with the same help desk tools as your on-prem Horizon. It plugs into the same intelligence platform, uses the same agents and clients, etc. You can experiment with a single department to get a feel for how it works without having to radically change everything that’s already in place.
The key, again, is to make sure that each piece you try provides real value. So you do these two, three, four steps, bit-by-bit, and pretty soon you have some real improvements with real value, and the rest just sort of falls into place.
The biggest barrier I’ve seen is that you need to get cross-functional cooperation and buy-in. In 2019, EUC is not just the “desktop” team but requires coordination from security, networking, etc. This isn’t really too different than what it took to get VDI built, it’s just more amplified since EUC now touches everything.
Overall I’m excited about what’s happening in EUC and what VMware is doing. (And, crazy to say it, I’m excited about my job at VMware!) My first year flew by—I feel like I just started yesterday! I’m really looking forward to my second year. I’ll continue to travel and to talk to customers, but I’m also shifting some things around a bit to allow for more time to write blogs, do podcasts, and record videos.
Good days at VMware EUC ahead!