by Noah Wasmer (August 24, 2014)
Early VMware: Enter the OS Container
When I joined VMware back in 2007, virtualization was exploding in the datacenter. It was clear that compared to bare metal install, virtual machines could provide better manageability, consolidation and isolation for server workloads. This “containerization” concept held potential for the desktop with early proof points – VMware Workstation radically changed a developer’s experience – giving them one machine to code and test, and Fusion was embraced to give users an easy way to run their last Windows apps on a Mac.
Arguably, the interest in virtualized desktop containers exploded with the birth of Virtual Desktop Infrastructure. As the last 5 years of debate will demonstrate, both local VMs and VDI have great value when applied to solving a clear business need. Like all tools, they don’t solve every problem. Will app and data containers be any different?
Beyond OS Containers – Apps and Data Containers?
Today’s notion of containers is getting more and more attention in the datacenter from Docker and others. What’s great about this is ability for developers to have access to a “packaged app” that is consistent, and easily extended with new packages. (VMware’s Kit Colbert has a great blog regarding VMware + Containers).
But what about for End User computing? Are there ways to have the benefits of linux containers for enterprise desktops?
In many ways, we live the value of app and data containers on our mobile devices. iOS and Android apps “mostly” run in isolation, giving them great portability, consistency and manageability (ie, anyone want to debate the ease of installing an iOS app with MDM vs. using a scripted MSI on a Windows desktop?).
To take it a step further, the container can be extended. As an example, a managed iOS device can have many “managed apps” – which extends the notion of a “container” to be a set of apps and content. This is a huge win because users can now have all the business apps and content they need talking only to each other – but yet, seamlessly appearing on the device next to personal apps. This is great for the user (privacy and seamlessness) and equally great for the admin (protecting corporate data and installing provisioning the users with the apps and content they need).
This model extends nicely on Android with container approaches such as Samsung Knox and Google’s acquisition of Enterproid.
So – app and data containers seem to be possible with next generation mobile devices – but what about Windows?
Windows App and Data Containers
Over the long term, it appears that Microsoft’s answer to app and data containers may have potential Modern apps (that are more sandboxed than traditional win32 executables) and their own secure file storage, namely OneDrive. But what about the apps that are here today (and likely for the next decade)?
VMware has made investments in app containers with ThinApp and now, most recently CloudVolumes. There is a great blog talking about how quickly and simply new Windows apps can be added to a VM, which seems to start to transform traditional Windows maangement to more closely resemble the mobile OS paradigm above. I am certain there will be more on this topic during VMworld 2014.
The Unified SaaS Container?
My final thought on this topic has been around the ever increasing adoption of SaaS for enterprise desktops. While there is clear management and cost value for SaaS, I am curious to how enterprises are protecting the data in real world implementations. While there are ample products and ways to lock down SaaS to a specific devices – I wonder how often this is employed? Can most business users get to their Salesforce.com account on any computer? If so, how is the data protected from accidentally being exported to a non-ideal device?
While not a new thought – clearly there seems to be a browser container method by using VDI or RDS to publish a browser with all of the corporate SaaS apps. As virtual desktops and remote desktop services (RDS) continue to become lower cost – will customers increasingly find it interesting to publish the browser to secure SaaS?
I welcome feedback and comments, thanks for reading!