1. I MPACT VAN BYOD EN M OBIELE DEVICES OP UW HUIDIGE DESKTOP EN CLIENT ARCHITECTUUR

2. #Name: Filip Roelandt #Function: Technology Expert #Email: filip.roelandt@realdolmen.com #Twitter: filip_roelandt #Mobile: +32 477 28 84 65 Company: www.realdolmen.com

3. PEOPLE & PROCESSES TRACK

4. A device that moves between Different geographical locations Between different networks A person who moves between Different geographical locations Different networks Different communication devices Different applications

5. PEOPLE & PROCESSES TRACK But even within your company walls A user moving to a meetingroom A doctor visits his patients in a hospital

6. LOOK FROM U SER VIEW I own a device Just want my application Device Connection Application … S IMPLE

7. Does not stop with one user Not always plug and play Management / hosting Security Backend Infrastructure LOOK FROM A DMINISTRATION VIEW Device Connection Application - H OW TO TACKLE

8. Device D EVICE - C HALLENGES

9. Today smartphoneTomorrow computer D EVICE - C HALLENGES

10. show me empower me alert me snackdinecreate

11. diskless PCs smartphones home & office PCs netbooks thin clients laptops …on any device tablets iPhone iPhone Android Android Blackberry Blackberry iPad iPad Windows Embedded Windows Embedded Linux Linux Windows Windows Mac OS X Mac OS X Linux Linux

12. Multiple platforms no standard available High mobile support costs Data transfer Unsecured employee-owned phones and tablets Encryption / lockdown Application management Application delivery Reporting usage D EVICE - M ANAGEMENT

13. Laptops - Workstations Management softwares Microsoft SCCM – SCOM Symantec Endpoint protection … Smartphones – Tablets Require New management types Mobile device management D EVICE - M ANAGEMENT

14. W HAT IS M OBILE DEVICE M ANAGEMENT ? Windows Mobile Database Files Directory Applications Certificate Services Messaging Enterprise Environment Symbian Android webOS BlackBerry iPhone iPad MdM VPN Secure email, calendar and contacts Push VPN and WiFi Settings and Certificates Device restrictions and policies Remote full and selective wipe Self provisioning

15. Device Determine the varying levels of service and support options for the segmented workforce Reserve the right to manage all mobile devices with access to corporate resources like PCs. Require users to back up their own personal data D EVICE - A DVICE

16. Connection C ONNECTION

17. Device moves between Ethernet, Wifi, 3G Wired and wireless network access Potentially continuous connectivity, but may be breaks in service Network address changes Radically different network performance on different networks Network interface changes Can we achieve best of both worlds? Continuous connectivity of wireless access Performance of better networks when available C ONNECTION

18. Mobility starts within your company walls By default Everybody on guest network Allow access to internet (limited) Allow access to all external company services (webmail – citrix) Proactively monitor ongoing voice data usage Expenses – international Roaming bills Determine a tiered reimbursement policy for voice and data services costs C ONNECTION - A DVICE

19. Application A PPLICATION

20. A PPLICATION - DEVELOPMENT Smart Client Utilize Local and Remote Resources Offline Capable Centrally, Intelligently Install and Update Flexible and Adaptable to Device Composite Applications Design for Operations

21. How to bring your application to your mobile device ? Client Different apps on different environments Custom development Processing on the client Central Terminal server Virtual desktops Processing on backend Application types can determine device A PPLICATION - L OCATION

22. Not always possible Custom development can be required Heterogeneous environments Licensing model User interface is different on Android, IOS, Windows Available bandwidth Authentication requirements A PPLICATION – C LIENT S ERVER Execute Application on your mobile device Connect Access Data on central infrastructure

23. Published applications / shared desktops is an architecture where the application executes 100% on the server, and the applications user interface is accessed via a mobile device. A PPLICATION – C ENTRAL Connect Execute application on central infrastructure Access data View Application on your mobile device Keyboard / mouse video

25. Another way… VDI – Virtual Desktop Infrastructure A PPLICATION – C ENTRAL Hardware Win 7 Hypervisor Windows Server CPS/TS Apps Hardware user Dedicated Virtual Desktop user Apps Win 7 Apps user Apps user Total Isolation Session isolated at application level (shared OS) Server OS desktop (e.g. Win2k8) Dedicated OS to user User, OS and application are isolated Client OS desktop (e.g. Windows 7) Shared Desktop

26. Published applications / shared desktops A PPLICATION – C ENTRAL Strong on security Wide device support (printer, PDA, …) Very good TCO Global accessibility. Real Desktop Operating System Better application compatibility (no modifications necessary) No registry or DLL restrictions Existing desktops can be imported Full Isolation: each Virtual Desktop runs separately Virtual Desktop Infrastructure

27. Published applications / shared desktops / VDI A PPLICATION – C ENTRAL Limit user control or personalization Locked down - one user impacts hundreds No linux support Challenges Check application compatibility – shared / VDI Some apps might have problems (i.e. multimedia, web apps) Printing and printer driver management client device connectivity (i.e. USB, COM ports) User overhead like IE, AntiVirus, Windows User Profiles, …

28. Determine how users will be provisioned with enterprise-class applications Custom development or Standard applications Centralize applications and data Choose shared desktops first For Users that dont fit this environment Choose virtualized desktops (VDI) A PPLICATIONS - A DVICE

29. Backend Infrastructure B ACKEND

30. Private cloud Public cloud Bpos Office 365 … Considerations : data location Bridges between clouds Vmware Vcloud Citrix bridge software … B ACKEND

31. Hybrid Cloud Public Cloud On premise High fixed cost Full control Known security On/off premise Low utility cost Self-service Fully elastic Trusted security Corporate control Off premise Low utility cost Self-service Fully elastic Traditional Datacenter Hybrid Cloud Traditional Datacenter Public Cloud

32. Determine Cloud main Entry point and backup entry Check your Data location Authentication between datacenters Know what your SLAs are covering B ACKEND - A DVICE

33. Security S ECURITY

34. Endpoint device detection Data / application availability depends on device and connection Protect Corporate data Maximize encryption on end device Prevent data from leaving the perimeter Dataloss Remote wipe Encryption Printing allowed ? Only corporate data is protected S ECURITY

35. S ECURITY – REVIEW CURRENT STATUS Compare a managed device to an unmanaged one Identify whats in your corporate image that provides security Connecting remotelySSL VPN solution Is there any difference in a managed vs. unmanaged device connecting remotely AntivirusOffers BYOD participants your corporate standard Provide for Self-Service install of your Antivirus Can corporate data be downloaded to a laptop Managed by policies or technical solutions Encrypted data plug-in

36. Consider disabling features and user activities in heavily regulated environments Extend acceptable use policies to all current and future mobile devices. Protect the integrity and privacy of corporate data by isolating it from personal data. Enforce strong security policies that prevent data security breaches S ECURITY - A DVICE

37. The illiterate of the 21st century will not be those who cannot read and write, but those who cannot learn, unlearn, and relearn. (Alvin Toffler) P REPARE YOUR ENVIRONMENT FOR THE FUTURE

38. For more information: visit our website WWW.REALDOLMEN.COM Follow us on: