Chris Wolf

A member of the Gartner Blog Network

Chris Wolf
Research VP
6 years at Gartner
19 years IT industry

Chris Wolf is a Research Vice President for the Gartner for Technical Professionals research team. He covers server and client virtualization and private cloud computing. Read Full Bio

Coverage Areas:

Windows 7 Update Breaks VMware View Client: An Important Lesson In BYOD

by Chris Wolf  |  February 10, 2011  |  12 Comments

Many customers I talk to are interested in supporting a bring-your-own-device (BYOD) delivery model. A thought frequently echoed by customers is that allowing users to access their applications on their terms improves mobility and leads to greater productivity. In addition, when personal devices become little more than a tool to access IT applications centrally stored in the data center or in the cloud (e.g., SaaS), we also realize the following benefits:

  • Security: Data is physically secured within the data center instead of locally stored on a client endpoint device
  • Business continuity: Users are no longer tethered to a single device to access their apps. If a user’s primary device fails, he or she can access apps by running a client (e.g., Citrix Receiver, Wyse PocketCloud, or VMware View Client) on another device (e.g., zero client, PC, or tablet).
  • Operational efficiency: New desktops and applications can be deployed in seconds, instead of over a period of weeks. Diagnosing and remediating problems can often be accomplished without an administrator having to “touch” a physical endpoint device.

With tangible benefits, it’s hard to argue against hosted virtual desktop (HVD) technology, as well as other complementary application delivery technologies such as server-based computing (SBC) (e.g., XenApp and Terminal Services), application virtualization, and SaaS. Many of our clients are placing strategic investments in these technologies today, with large scale rollouts planned for the coming years.

I have talked to several clients that want to move forward with BYOD initiatives, but are predictably cautious. Several have initiated small pilots with the goal of supporting a specific use case (e.g., iPads for c-level executives). Others are more cautious with planning and architecture and have yet to support any BYOD implementation. However, some clients are already using server-hosted virtual desktops (SHVD) to support call center employees that work from home. In some instances, those workers access their virtual desktops from personal PCs.

That leads us to a significant problem that occurred this week. A Windows 7 update broke the VMware View client. You can read about the problem in the VMware KB here. The problem can be resolved by upgrading the View client or by uninstalling the Windows 7 patches noted in the workaround here

For user-owned Windows desktops or laptops, having Windows Update automatically apply new patches is considered a best practice. As a result, IT cannot apply traditional change management practices (e.g., patch testing and QA) to user-owned endpoints.

For organizations planning BYOD scenarios, this week’s Windows 7 patch issue should make you consider the potential for a large-scale break created on Patch Tuesday. If we fast forward a couple of years, it’s possible for an IT organization to have to deal with remediating this type of problem for thousands of users.

Since we’re giving up some aspects of change management with BYOD, these types of problems are inevitable. Having policies and processes for quickly remediating client failures on user-owned devices will be essential. For users that aren’t tech savvy, the IT organization will need to make it as easy as possible for them to receive and deploy a patch. That can also be tricky if a remote client app broken by a device update is needed for the user to access company email or another app in order to get a link to download a patch.

Contingency planning, remediation testing, and training that may also include patch distribution through personal email is an essential, but sometimes overlooked aspect of deploying BYOD solutions. Organizations that are fixing broken VMware View connectivity on user-owned Windows 7 devices are learning that lesson the hard way. Hopefully this event will serve as a reminder for BYOD planning to include a contingency plan and remediation methodology for dealing with large-scale BYOD client failures.

Sure, with BYOD, the user is supposed to “support” their own device in theory. However,if hundreds or thousands of users can’t connect to their apps, it becomes IT’s support problem, like it or not.

Am I overreacting? What do you think?

12 Comments »

Category: Client Virtualization     Tags:

12 responses so far ↓

  • 1 Steve Greenberg   February 10, 2011 at 3:42 pm

    Chris,

    I think this is a valid concern but a bit of an over reaction. Mainly because these types of issues are not unique to BYOD. Also, our customers who use BYOD are obliged to provide some level of tech support for the users device. This type of issue is exactly a case where the company would much more likely now about and understand the issue (since they own the View implementation in the first place) and ought to be supporting that scneario

    short answer – this the a cost of doing business this way! BYOD does not mean ZERO support

  • 2 Chris Wolf   February 10, 2011 at 3:49 pm

    Well said, Steve. I like the line “BYOD does not mean ZERO support.” My concern is that in some cases an organization can get caught up in the kumbaya harmony and hype around BYOD. The result could be that they have no processes to deal with a major support incident. Not every organization works with a skilled consultant such as yourself :), and I know of several that are working on defining processes to deal with these types of support issues. If nothing else, this week’s events provide justification as to why you still need good support practices for personal devices, even if they are not “owned” by the IT organization. Again, great point. Your short answer nailed it.

  • 3 Daniel Feller   February 10, 2011 at 3:52 pm

    As Steve said, BYOD still must have a minimal level of support, but there needs to be a contingency plan. Contingency plans are necessary. So if a patch broke the client, then we need an alternative way in. Does that mean a Java client? A web client? Something else that might not be impacted by an update. Sure it might not give you full functionality, but it will at least keep you productive.

  • 4 Michael Cooper   February 10, 2011 at 6:03 pm

    This is not an ‘over reaction.’ In fact not enough is being said. BYOD has both support and control issues associated with it. Look to the Slammer Worm attack. Entire organizations were brought down, because SQL code was running on hundreds of PCs and no one noticed. Also, no anti-virus software could stop the reinfection, as it was exploiting an already running services and not actually writing itself to disk.
    What if the next ‘Slammer’ attacks Apples ITunes and their Bonjour network service? Even if IT is evaluating all of the patches, on all of the software they know about. What about the software they don’t? You can’t support it if you don’t know it’s there. BYOD allows massive numbers of applications into the organization, while also dramatically limiting the technology and solutions that organizations can use to protect themselves. (NAP, NAC, 802.11x, IPSEC, etc.)
    Want further proof? Look to how much money and time Boeing failed to savedby outsourcing the Dreamliner. And realize that BYOD is the same concept, its just outsourcing support of the desktop to your employees, who are not qualified to do the work. What happens when it fails? Boeing can tell you, you have to buy them out of their contract, and then do the work yourself… Anyway.

  • 5 Harry Labana   February 10, 2011 at 6:50 pm

    Perhaps one should consider diversity of client operating systems as part of a BYOD strategy to help mitigate against risks such as patch impact or zero day exploits.

  • 6 Joel   February 11, 2011 at 1:22 am

    You’re definitely not overreacting, Chris. Sure, employees are more savvy than ever, and companies could take advantage of that to reduce costs. But the employee owned and supported device must also have some sort of ‘tether’ that provides life support in the event of a problem like this.

    I almost said ‘umbilical cord’ there, but the vision of that was just…too…much.

  • 7 Thomas Berger   February 11, 2011 at 4:37 am

    I agree with the other commentators, that you´re not overreacting and that contingency plans are necessary, but I think even in BYOD scenarios the IT should actively take care of the vital components required to connect to the central infrastructures. This is similar to network carriers actively managing the edge routers of a company network. This does not prevent outages completely, but it should greatly enhance reliability. As we cannot use standard software distribution mechanisms to take care of the edge components (i.e. ICA Client) for obvious reasons, we are in a unfortunate situation not having an appropriate ready-made software yet (at least there is nothing that I´m aware of). Citrix Merchandising Server went in the right direction, but it does not work in all scenarios.

  • 8 David Angwin   February 11, 2011 at 7:44 am

    Chris, important discussion, thanks. BYOD is a good complement to other client choices but it does assume savvy users. And with a savvy user a well prepared technical support response will work fine.

    The danger, as with other aspects of VDI, is when not enough thought goes into the client decision. One of our customers at Wyse is a global hotel chain that runs virtual call centres with agents working from home. But the very demographic that delivers great customer service, is the one that knows least about fixing a client. They don’t use BYOD!

    BYOD is great in the right place.

  • 9 Steve Greenberg   February 12, 2011 at 11:33 pm

    Good feedback everyone. What about some kind of very minimal virtual machine that only runs remote display clients? or, a sandbox technology that can isolate remote display clients in a runtime area that is cutoff from the host OS except for basic network connectivity??

  • 10 Purnima Padmanabhan   February 14, 2011 at 4:07 pm

    Chris, good points here but let’s not throw the baby with the bath water here.

    The key is that when a client component (like a viewer or even a VM ) is put on a BYOD machine, it is important that it is still centrally managed and managed out of band. Any management system that is enterprise class must provide this kind of centralized update capability. Chris, to your point, it should not require you to fire up the virtual machine or the remote viewer to get the update.

    So maybe the conclusion needs to be different. If the client components break due to a patch to the host BYOD system, leaving you with no automated way to remediate, then blame lies with the poorly designed management system, and not with the BYOD business model. Basically patches are inevitable and will cause breakages regardless of whether it is a BYOD or corporate system (it is just a question of percentage). So what you need is a way to update and rollback the client components centrally.

    That is what we do at MokaFive. While the Win 7 patch did not impact MokaFive Player this time, a future one might. In that situation, IT can push an update to MokaFive Player with a few clicks. The best part is that the update is done out of band, so our client does not even have to be running for it to get the update.

  • 11 Chris Wolf   February 16, 2011 at 10:07 pm

    @Steve – I have talked to a few clients taking the VM sandbox approach you mention. Of course, if a host system update breaks the hypervisor, you’re in the same boat. :) However, you do have a higher degree of isolation, but may lose some host system compatibility or user experience (e.g., sound and video performance) when you run the remote display client in a VM. As opposed to the VM, how about running the remote display client as a virtual application? You could arrive at the same sandbox effect without the added hypervisor overhead. What do you think?

    @Purnima – I don’t think I’m throwing the baby out with the bath water. That’s why I started the post with a list of reasons why folks should embrace virtual desktops and BYOD. My point is about preparedness for problems that may arise, especially at a large scale. I think Steve put it best when he said “BYOD does not mean zero support.” Support policies and processes have to be addressed as part of any large scale adoption, and it’s an area I have seen overlooked by some clients. That’s why I wanted to draw attention to the issue. I completely agree with your point on automated remediation needing to be part of the client software that runs on the user endpoint. Your patching architecture for unmanaged devices is exactly how it should be in my opinion.

  • 12 Steve Greenberg   February 17, 2011 at 10:39 am

    @cswolf We have seen this type of solution before, i.e. Citrix ICA client packaged in ThinAPP executable was one example.

    I think it bears merit to consider that there are ways to deliver the remote client in some type of isolated environment. Of course the more you centralize and manage it, the less it is true BYOD

    I will stand by my original statement that BYOD does NOT mean “no support” and that companies need to plan to provide some level of support, perhaps 10% of a company owned asset. This support likely includes setup and maintenance of the remote display client, often anti-virus support and basic network connectivity at a minumum, and, remediation for KNOWN issues like a patch tuesday problem or client incompatibility