This article is about managing the replacement for the traditional Windows XP desktop. It may sound like a straightforward upgrade of the desktop OS, or it may already seem like a complicated upgrade because of the business applications that don’t run on Windows 7. But in my view it is more than that. The old desktop paradigm that has been in place for more than twenty years is coming to an end. Without a paradigm we face a bundle of difficult choices.
A paradigm is a pattern or model; a world view underlying the theories and methodology of a particular subject. With a desktop paradigm we don’t have to give too much thought to individual components.
IT has never been too hot on empirical evidence. We tend to use words like "best practice" or "industry standard" or "most people" when in fact we have very little evidence to support our generalizations (like this one!). I have very rarely seen in IT anything you could call empirical evidence. However we do know what people buy (because companies release sales revenue) and we can assume that vendors try to sell what they think people buy. We can assume that the market leaders are selling more of what most people want to buy. This means that our understanding of "best practice" or "most people" is in fact an evolving view of the marketplace.
The Windows Desktop is a paradigm. There is a client OS that provides a blue space for applications to run in. It has a bundle of things running in the background. You can buy things from other vendors that run in the foreground. You can buy a block of hardware that has most things in it. You can buy things that you plug in to standard slots to extend it. Some of these, like the serial and VGA ports, keyboard and mouse, are decades old. You have to worry about how you get the Client OS onto the hardware, and how you get applications into the OS. You do things like "install" applications, and "patch" OS’s.
Much of how we manage the Windows desktop came in with IntelliMirror. IntelliMirror was a set of technologies introduced by Microsoft with Windows 2000, although the term itself soon disappeared. IntelliMirror included Active Directory, Group Policy, Roaming Profiles, Folder Redirection, Offline Files, Special Folders, Distributed File System, Windows Installer, Remote Installation, Sysprep. These represent a paradigm for managing the desktop.
Desktop security is a paradigm too. We use security software like anti-virus; a local firewall; a network firewall and proxy server to protect the perimeter of the local network; a DMZ for access in to web servers; a VPN for remote access. We might add Terminal Services (or Citrix) as a common variation on the standard desktop, using a thin client connecting to a session on a server.
We have had a few iterations since the desktop paradigm took shape. Windows hardware Quality Labs (WHQL) for drivers, UAC. But we have not had to build a business case for any of it. It is just the desktop. Everyone has it, just in different flavours.
The way we use a desktop, what we expect from it, and how we manage it, are just the way it is. The discussions we have about it are in the margins: do we need SCCM or not for software distribution; what product should we use for license management; which AV is best? We don’t discuss commissioning a private UEFI; or building a custom hardware device; although in a large organization we could do either.
But now, as Windows XP comes up to End of Life, things are not so clear. It is not just a question of migrating to Windows 8. The desktop paradigm has changed. What is different?
- It has become clear that a large number of people (most?) use only e-mail and browser a large part (most?) of the time. It turns out they barely need a desktop at all. A smart phone or tablet is sufficient, maybe even better, for this. This leads to a segmentation of the market. Instead of giving everyone a standard PC or laptop, maybe a lot of people don’t really need one.
- If I synchronize my e-mail, calendar, contacts and data on all my devices, and have access to them anywhere I go, then why provide them from a computer room in an office building? Why not provide them from a remote data centre? There is no DMZ. Everything I access is remote from me. I authenticate securely using a password and a PIN.
- If the data center is remote from my own offices, and has highly specialised power, air conditioning and security requirements, why run it myself?
- If I am using a smart phone or tablet for most of my communication and collaboration, and I can’t run Microsoft office on it, then do I really need it? Maybe I could make do with something simpler, like Google Docs.
- If a tablet is not joined to any "domain", and is not "managed" by anyone except me, why do I need Active Directory, Group Policy and all of the IntelliMirror technology? And if I don’t need it for the tablet, why do I need it for a laptop, just because it runs Windows? And if it runs Windows RT, why would it need to be "managed" when other tablets do not?
- If my tablet or smart phone connects to a guest wireless network, then why can’t I use my own personal laptop as well?
In some ways these have appeared, up to now, to be additive problems. Do we allow people to use a Mac at work? Do we let them use their iPhone for e-mail instead of a Blackberry? Can they connect their iPad to the company network? Can they add iTunes to their work laptop? But in a way they are subtractive problems. Once we do all this, what is left? We have a minority of people who need a "desktop" as the computing environment for specialist business applications that do not run any other way.
This means that we need to start evaluating things on their merits. What is the business case for Microsoft office vs. Google Docs? What is the business case for a (Windows) PC vs. a tablet? What is the business case for hosting (in a third party data centre) vs. running my own data centre? What is the business case for a virtual desktop over physical? This is complicated, because the questions are interdependent. If I use Microsoft Office at all, then I need a license for it. To use Office I need a Windows PC, virtual or physical, and I need a license for that. If I have a license for Office and for Windows, then I may as well use if for everything else. However if I don’t really need Office, then I don’t really need Windows, and I may as well use an Android or iOS tablet, or a Linux PC. If I need to use SAP I could do it with a browser application built with HTML5, on a Mac or anything else I like. If I don’t have a Windows PC, then any Windows applications I need can be published to me as a virtual application. But if the applications I need are incompatible (perhaps a specialised engineering application), leading me to a dedicated virtual desktop rather than shared, then I need a Microsoft VDA license and I may as well use a PC. At another level, it probably makes sense to run my remote services (like e-mail) from a third party data centre. But if I need a computer room on site for anything (like my data), and I already have the power and air conditioning for it, then I may as well use it.
When you have a multi-dimensional decision making process, you need one or two fixed points to build the decision around. Every business is different, but as we are moving from an established Desktop paradigm it makes sense to stick a toe in the water with regards to what the new paradigm is.
- Like it or not, people are spending more money on more devices, and finding ways they are useful. If you spread the costs over three or five years they are really not that expensive compared to, for example, office space or furniture. If it makes people productive I say give them a tablet AND a smart phone.
- People only need MS Office, with a conventional Windows PC, if they produce reports (financial reports, presentations, large documents). Other people don’t need it. They can use OpenOffice or Google Docs instead, and use an MS Office viewer or PDF to read reports produced with MS office. In a PDF you can add notes and comments to a report that was produced in MS Office, although of course you cannot edit it.
- In for a penny, in for a pound. Office workers used to need a desk when they worked with paper. Then they needed a desk to put a screen on. Now I think a lot of people no longer need a desk at all. The screen serves more to cut us off from other people than to enable us to communicate. Round tables, cafe style, pull up a chair, are more useful than desks. You might instead have quiet rooms, like a library, where people can go if they need to work on a report. Quiet room means no conversation, no phones, no audio. This also solves the problem of noise in open plan offices.
- For a long time my view has been that corporate assets (like data) belong behind their own perimeter firewall, and all end user devices should be authenticated and authorised in the same way, whether on LAN or WAN. This means that ALL devices accessing the assets, including corporate Windows PC’s, need to have strong authentication, and need to be able to protect confidential data.
Paradigms take years to develop, and evolve incrementally. Although IT love to play the game of thinking about what will be, in most cases it is perfectly fine to follow the trend. What makes now different is that Windows XP is going end of life. Large organisations need to replace XP desktops on a massive scale. They really do need to decide whether to replace XP desktops with Windows 8 desktops, or whether to strike out in a new direction.