If you find Windows 7 deployment options to be confusing you might find this handy new – stick it to your wall and refer to it daily – tech sheet to be rather helpful. The Windows 7 Deployment Options for Small and Midsized Businesses printable overview is one of those things you can print and stick to your desk to make your colleagues think you know what you’re doing…of course you could also try the deployment learning portal for a similar effect .
System Center Configuration Manager 2012 SP1 can be connected to Windows Intune to enable mobile device management of Windows RT, Windows Phone, iOS and Android devices. This is a great solution because these types of devices expect an “always on” connection to the Internet and Windows Intune provides that “always on” management layer since it’s a public cloud service. In this video I connect Windows Intune to Configuration Manager and enrol a Windows RT device with our Windows Intune account. Doing so provides a company portal enabling our users to connect their own devices and download software prescribed by the IT department. Skip to 12 minutes if you just want to see the Windows RT experience.
This is a tricky area, so here’s some instructions to help you along
I can’t stress enough how important it is to do things in this order, if you don’t you’ll end up having to wait up to 72 hours for things to work through the various components to undo changes (which I did although only 25 minutes but it depends on the size of your directory).
First thing’s first you will need to download System Center Configuration Manager 2012 SP1 and have Windows Server 2012 to run it on, then setup your lab, once you have you can follow this video and these instructions…
In my last two posts I talked about People + Devices and Data + Apps – essentially 4 of the things you need to manage and probably already are in your environment. A fourth element is the network but I won’t be going into that in particular because it’s purely a means to an end, a way for People to connect the apps on their devices to the data that they need to be productive. What “client infrastructure managers” now need to do though is to combine those essential elements into the users journey and how to manage that journey not just the individual items.
Consider the scenario (one you’ll see at IT Camps): Ben is working on a document on his laptop, he needs to share it with Alice who needs to approve the content. Ben then has to go to the coffee shop but he doesn’t want to carry the weight of his laptop for a quick coffee so he just takes his slate. Whilst he’s out he realises he needs to amend the document, so he connects back to the place he shared it with Alice and makes the changes – whilst she’s actually reviewing it. Then he starts a new document, but he has to run so he just powers off. When he gets back to his laptop in the office the document is “magically” there. When he’s done for the day he packs away his laptop and locks it in his desk drawer but just before he gets out the door Don asks him to share the new document with him, so he jumps onto Don’s PC and does just that – even though he only saved the document on his desktop over on his laptop, which is locked in his desk drawer.
Some of what just happened might sound like magic. It’s not, it’s all possible with existing tools and the right deployments of User State Virtualisation, SharePoint, DirectAccess and some other established tech. All IT did was provide the means to make it happen – put some glue in place that allowed for a mixed device style.
Really it’s always been the job of IT to make technology work in the most approachable, appropriate way.
The next paragraph is the same as the story above but with the bit’s of tech marked out so you can see where we used them.
Ben is working on a document [Word 2010] on his laptop, he needs to share it [SharePoint 2010]with Alice who needs to approve the content. Ben then has to go to the coffee shop but he doesn’t want to carry the weight of his laptop for a quick coffee so he just takes his slate [Windows 7]. Whilst he’s out he realises he needs to amend the document [Word 2010], so he opens the place he shared it [DirectAccess + SharePoint 2010]with Alice and makes the changes – whilst she’s actually reviewing it from the browser [Office Web Apps]. Then he starts a new document, but he has to run so he just powers off. When he gets back to his laptop in the office the document is “magically” there [User State Virtualization]. When he’s done for the day he packs away his laptop and locks it in his desk drawer but just before he gets out the door Don asks him to share the new document with him[User State Virtualization], so he jumps onto Don’s PC [Remote Desktop Services] and does just that – even though he only saved the document on his desktop back his laptop[and on the server], which is locked in his desk drawer.
So it’s all about the journey or rather planning for the journeys that your users might make and whilst you can’t plan them all, you’ll find plenty of commonality.
My last post was about how, in order to embrace consumerisation, you need to start thinking in terms of managing the access that people and devices have, or more accurately the access that People on Devices have. This post is an extension of that previous post in that we’re going to start thinking about the two other of the four ingredients in our consumerisation cocktail that represent the things that people want to access.
Other than admins no person should ever have to think about accessing a server, they shouldn’t need to be thinking – “golly gosh I need to access the latest sales data so I need to go to \\sales\2012\march\week3\some-random-share\sales.xls”. In fact no person ever really wants to have to remember that, they just want to access the sales information. More over they really don’t need to be thinking, “what credentials were they, umm, lets try this, no, how about this, no err, how about…”. People just want access to information.
OK, it’s not that simple, they do need a way to access that information but we can see a marked shift here too in resent times. Today people think in terms of Apps, services have become apps – just pick up the mobile device nearest you and the proof is instantly visible. There are also really only two types of Apps too: Viewing and Doing. The former category, Viewing, are in fact ways to consume information and the latter so they fall into our information category, Doing, are generally ways to create information. It’s hard to cite a single example of anything other than these two.(You could argue that there’s a 3rd type, Games, but that’s about it).
What we need to do when we consider how to allow a more consumerised environment - whilst also protecting our corporate assets - to control who has access to Do what with Information. Nothing new, it’s a problem we’ve had for many years and we have a wealth of well known solutions, but do they stack up in this brave new world?
Today what many organisations are doing is using the same old solutions, that were perfectly good in the past, applied to todays problems and they’re being effective some of the time – but not all. The old way to manage information was to manage who had access to it where it rested, on the server, but the trouble with that approach is that the information is no longer at rest, it’s constantly moving and through many applications, devices and people. How do we cope?
To give you an example, what happens when your CFO emails the financial accounts to his home PC because it’s more convenient. The chances are that the information is only protected at rest, so when it’s attached to an email that protection (the file system ACL) is removed, it then goes over a HTTPS (good) connection to the email provider (who could then read it at will) then it lands on his mobile device…or rather it wood if he’d sent it to the correct email address, instead it lands on JoeBloggs@contoso.com ‘s device not Joe.Bloggs@contos.com ‘s email inbox.
The best idea is to manage the information assuming it’s mobile, assuming that it will leave the confides of the firewall, essentially assuming the worst case will happen.
In a modern environment where employees can use their own devices and you might not have access to control those devices your best approach is to manage the information in a way that never leaves the information. To embed security into the information.
We’ve had a technology built into Microsoft Office documents, built into Microsoft Exchange and built into Windows for quite some time to manage this issue but now is the time to turn it on. Rights Management is built on the requirement that the App that is opening the information (the document, the email) will check to see what the person opening the document can do. The App does this by requesting that information from Active Directory Directory Services, normally this only happens if the device is allowed to request that information. As such you have a mechanism to ensure that the right person can access the information from a device or App that’s secure enough to store the information.
You might well notice that again, the two variables of management you have remain People and Devices.
A second thought might well be that you need some kind of rich client software (Microsoft Outlook 2010, Microsoft Word 2010) in order to ascertain the rights that the user has over the information. Apps of course don’t have to be delivered on a device, they can be delivered as a Web App and AD-RMS works with Office Web Apps. Web Apps of course play an important part in the mix. With Web Apps you have a way to reduce the potential for data walkabouts because with a web app your data doesn’t need to leave your firewall – even though it’s displayed through a web portal outside your firewall.
Apps probably cost money and as such you will probably want to protect access to apps not primarily to prevent access to information but to prevent you from overspending. Controlling access to apps is a fairly simple process but it’s something we’ve done a great job of automating in System Center Config Manager 2012 – which is a future post all of it’s own. The key thing to remember though is that SCCM 2012 implements and user self service request mechanism and administrator approval mechanism for application installs, in addition to admin driven installations. Essentially you get a corporate Store for Apps – and people are comfortable with that these days, just look at your mobile device.
Control access to information at rest and in motion based on People and Devices and try to control access to apps to manage cost not information – after all what would you do if the user brought their own app?
One of our UK TechNet readers, Christopher Latham, wrote to me a couple of weeks ago looking for help with some research he’s undertaking for his MSc Dissertation and the subject “Cloud Computing adoption in SMEs” is something that I’m really interested in so I thought it’d be great if we all gave him hand. Christopher’s survey on Cloud Computing Adoption in SMEs will only take about 5 minutes to complete but it’ll help him out a lot and provide us with some interesting thoughts.
I wanted to understand a little more about Chris so I wrote back to him to find out why he’s doing what he’s doing….
“I have worked in SMEs throughout my career in IT and there is a common conception amongst academics that they are best placed to exploit the benefits of the cloud through the “big little” effect, which allows them to enjoy the benefits of enterprise IT without the capital investment. I really wanted to see whether this is true, what the concerns of SMEs are in relation to the cloud, and what the level of knowledge is in the SME community regarding its benefits and risks. Moreover, I want to determine whether size really does matter when considering whether to move towards a cloud model – or whether SMEs have business concerns that are as relevant, if not more so to whether they adopt or not. Ultimately, I want to produce a framework which provides an amount of IT governance to SMEs around the cloud that fits in with the way they formulate business strategy, without it becoming particularly onerous or time consuming. ”
Chris is doing his MSc with the Open University and he’s going to release the results on his blog so we’ll be sure to make sure we let you know to.