How will the proliferation of wireless devices impact enterprise network infrastructures?
With the large number of mobile devices, including smart phones and wireless tablet computers, about to hit the market this spring and the move toward accessing enterprise applications from mobile devices accelerating, we wondered how IT departments were planning to handle the inevitable requests from users to access the corporate network. Many of the companies we contacted were not prepared to answer the questions below. However, we found two IBM Business Partners, Key Information Systems of Woodland Hills, California, and East Coast Computer, of Pompano Beach, Florida, that knew exactly what we were talking about and were willing to go on the record with their opinions. Their comments are printed below. We would like to thank Will Rodgers, Network Practice Manager, Key Information Systems, and Zane Gramenidis, President, East Coast Computer, Inc. for the time they took responding to our questions. Also, be sure to read the article "Bitzer Mobile Breaks New Ground Providing Mobile Device Access to Enterprise Applications" in last Friday's MC TNT Tips 'n Techniques.
How do you think the proliferation of wireless devices will impact enterprise networks, both wired and wireless?
Rodgers: IT organizations have always found it difficult to quickly adopt new technologies and gadgets—such as the newest generation of wireless clients, ranging from smart phones to wireless tablet devices. It can be very difficult for a company to balance the needs of the IT organization to provide secure access, management, and user access control against the ever-growing demands of the end-user community to provide mobile access to corporate systems and applications. End-users have always pushed to use the latest and greatest gadgets before IT has properly certified them as being ready for corporate use. IT organizations continue to struggle to meet the needs of the end-user community they serve oftentimes because their budgets have been so hacked and slashed over the last few years that they lack the resources and expertise to provide innovative solutions and support for new technologies. Getting these new devices certified to run in many IT environments is seen as a drain on existing resources and budgets. While end-user groups will insist the devices are "required to stay competitive" and "will increase employee productivity," many IT organizations have heard it all before and will be reviewing most of these claims with some skepticism. Long term, most IT organizations have bought into the fact that they need to provide better wireless and mobile access, but in the short term, IT organizations must prioritize projects based on the limited resources they have available. As with any new technology, IT needs money to test, certify, and manage the devices.
Gramenidis: By implementing solutions from companies like Citrix, Microsoft, VMWare, and Cisco (or a combination thereof), our customers encourage their users to use the wireless device of their choice. This is because they have the ability to connect securely to the corporate network. It used to be known as "bring your own computer." Now it is bring your own device. Motorola has just released the Atrix, which can actually access the corporate network to deliver Windows 7 or other operating systems to the device while the user can still use the device as a phone. You can attach a keyboard, mouse, and monitor to get the full user experience. MicroVision, Inc. is in pursuit to put a projector into the phone. By doing this, the user will no longer be confined to the small screen size of the mobile device. Interaction with the projected image will also eliminate the need for the keyboard and mouse.
Smart phones will also impact the enterprise network, especially for firms with IP phone systems. Users will be able to take the smartphone on the road and have the ability to connect to the corporate phone system to utilize all features as if they were locally connected. This would save cell phone minutes as well. It would also eliminate the desk phone in the office.
When combining the smart phone and the ability to run applications through XenDesktop, you are basically taking the user out of the office while giving the user the same user experience as if still in the office. All interaction between applications and the phone, i.e., CRM screen pops, will remain intact as if in the office. Management will also be able to centrally control the user phone and the user desktop.
For users (both local and remote) that don't need an actual physical phone, a soft phone can be used instead.
What technical impediments do you foresee impeding connectivity of the iPhone, iPad, and Android devices to the corporate network?
Rodgers: Some smaller organization may be more agile and find it easier to adopt these new technologies. Larger organizations that have more regulatory and compliance issues to deal with—like SOX, PCI, and HIPAA—will find the process more difficult. As long as everything is connected to your own "wired" network, IT organizations have a general sense of control. Once you introduce wireless access into your network environment, you introduce a lot of unknowns, so secure access, device management, and user access control become a big issue. Right now, IT organizations want to manually provision all of these devices, so it takes a lot of effort to get these things ready for the end-user. In addition, some corporate applications may need to be re-coded or re-formatted to fit the screen size of each of the various devices. Testing, provisioning, security, encryption, and device management can all be another drain on IT, which can make IT more reluctant to prioritize the project. Most of these new mobility devices are introduced with the general consumer market in mind, not enterprise business customers. As such, they initially lack a lot of the tools and support functions required by IT organizations. For example, even network printing was a problem when the iPad first came out. Given sufficient time, these tools and features can be added with the cooperation and support of the vendors. Even then, security and remote management are probably the biggest concerns for enterprise customers and may require support from the product vendor and a number of third-party vendors.
Gramenidis: Citrix gives our users the ability to use all of these devices to connect to the corporate network to access applications or operating systems and to utilize peripherals that are connected to the device. All of these devices can run Windows 7 through the Citrix Desktop Receiver.
How do you plan to handle the security challenges that may result from expanded use of wireless devices?
Rodgers: Security is one of the biggest concerns of most IT organizations when it comes to wireless devices and mobility. Device encryption and secure remote access methods such as IPSec and SSL are basic security features required for any device to be seriously considered today. While some vendors provide these features built into the OS, they lack other security features that IT organizations are used to seeing, like firewalls, anti-X control, IDS/IPS, and centralized management. Just like the IT desktop environment, the wireless device vendors are relying on third-party developers to provide these solutions. While the industry is working to develop the next generation of managed mobile security systems, even with the best security systems in place, we still have problems with the end-users who fail to follow basic corporate security guidelines. So most IT organizations have to ask, "Is it worth opening up our networks to this attack vector when we don't even trust our own end-users?" and "Can we really protect the end-users against themselves?" IT organizations will need to continue to monitor, update, and innovate their security systems and, at the same time, develop policies, procedures, and training programs for the end-user community to help ensure compliance with corporate security initiatives.
Gramenidis: We are not concerned about an infected wireless device connecting to the corporate network since Citrix runs in a protected area on the wireless device. Infection of the wireless device can't enter the corporate network since the device is not actually connected to the network or it is blocked. These devices are given access to run applications or operating systems from servers on the network. Security is actually increased through virtualization. Programs are running on servers in a protected data center and not from the actual device. If programs need to run from the actual device because an Internet connection or network connection is not available, they will run in a protected area that is immune from infected programs on the device. More importantly, data will never leave the data center; only encrypted keystrokes, mouse-clicks, and screenshots are sent. This way, this data doesn't end up on the wireless device that may be lost or stolen. Users and devices can be set up to receive encrypted files to store on the device or on memory sticks or other peripherals if the need arises. Users can also be set up to receive encrypted print streams so they can print to local printers.
How do you plan to handle the capacity provisioning issues that may result from expanded use of wireless devices?
Rodgers: Most of these products lack enterprise-class provisioning and management tools at launch time, but the vendors continue to update and improve the capabilities with enterprise business customers in mind. Right now, most of these devices still require some manual provisioning, which is a drain on IT resources and does not scale well.
Gramenidis: Scalability is not a problem with bandwidth since Citrix utilizes bandwidth very efficiently by only sending mouse-clicks and keystrokes one way and changes to the screen the other way. Of course, we would have to add additional capacity for servers on the back end to serve the user's applications and/or operating systems.
Do you plan to restrict access to the corporate network to just one or two brands or types of wireless devices?
Rodgers: Due to the limited resources within most IT organizations, it is most likely that some prioritization and standardization will be required. Most IT organizations don't have the resources to test, provision, secure, encrypt, and manage every device that end-users drag in and beg to use on the network. IT organizations will probably want to choose one path to follow. IT organizations must have standards.
Gramenidis: No, since most wireless devices have the ability to run the Citrix Desktop Receiver that will allow operating systems like Windows 7 to actually be used from the wireless device.
Are the challenges to providing network access to many different devices—including those from Apple, BlackBerry, Nokia, and Microsoft—formidable?
Rodgers: Due to the limited resources within most IT organizations, it is most likely that some prioritization and standardization will be required. Most IT organizations don't have unlimited resources.
Gramenidis: No, again because we don't have to actually run the applications from the device. We just have the device connect to our network and applications can then be run from the network.
What is your overall strategy to deal with the proliferation of wireless devices?
- Provide connectivity to all
- Provide connectivity to some
- Provide connectivity to none
- Wait until the economy improves or my boss makes me do something
Rodgers: With limited resources, most companies will need to prioritize the proliferation of wireless devices. As the cost for these devices drops with mass adoption and enterprise-class security and management tools become available, the barriers to entry will drop, at which point everyone will get one. For now, as usual, the people at the top will get them first, then the people that really "need" them, and eventually the people that really "want" them.
Gramenidis: We plan to provide connectivity to everyone.
What role do other vendors such as Cisco play in allowing access to the enterprise network by wireless devices such as the iPad?
Rodgers: Cisco and other network vendors continue to improve wireless access services to make wireless access a viable option for enterprise-class business customers. For example, wireless LAN controllers (WLC) simplify access point (AP) management and provisioning. New security features continue to be added, so, for example, you can now get IDS/IPS in a WLC. Cisco also has some new technology that helps to look for interference in the radio bands and will allow a client to automatically reconnect to an AP on a different channel to avoid interference and maximize performance. These are great solutions for larger enterprise-class customers but typically out of reach for smaller companies, even though they share some of the same performance, management, and security concerns.
Gramenidis: Citrix, VMWare, and Microsoft solutions work well in conjunction with solutions from Cisco. Cisco partners with Citrix and supports Citrix XenDesktop on their Data Center Servers so that users can run Windows 7 from their corporate network on an Apple iPad. XenDesktop is supported on Citrix XenServer, Microsoft Hyper-V, and VMWare. Citrix XenServer, Microsoft Hyper-V, and VMWare are all supported on Cisco's UCS servers for the data center.