{"id":11182,"date":"2011-04-18T17:17:00","date_gmt":"2011-04-18T17:17:00","guid":{"rendered":"https:\/\/aidanfinn.com\/?p=11182"},"modified":"2011-04-18T17:17:00","modified_gmt":"2011-04-18T17:17:00","slug":"more-ramblings-user-virtualisation","status":"publish","type":"post","link":"https:\/\/aidanfinn.com\/?p=11182","title":{"rendered":"More Ramblings: User Virtualisation"},"content":{"rendered":"

This topic will be something familiar to those who\u2019ve worked in server based computing (AKA terminal services\/remote desktop services and VDI) as well as those who have made it a mission to turn their PCs into stateless appliances.  The idea is that we try to decouple the user (identity and profile made up of settings and personal data) from the machine.  This can be for many reasons.  Say a person works on 2 or three machines, be they a laptop & desktop or a virtual desktop & remote desktop servers, then you want to make sure that when they hit their browser favourites, all the short cuts are there.  Or if they fire up Outlook, it connects to their mailbox.  Or maybe if they travel from office A to office B, their My Documents follows them.<\/p>\n

You can do an awful lot of this for quite a while.  Roaming profiles have been with us since before I started working in IT in 1996.  But let\u2019s face it; roaming profiles suck.  They can drag around things that are machine specific, and they are OS version specific (XP has V1 profiles and Vista has V2 profiles).  How many times have you had to set up roaming profiles for a single user in different branch offices, or recreate a corrupted roaming profile?  I had to do it quite a bit when I last managed desktops.  An alternative is to combine local profiles with folder redirection.  That means that folders like My Documents are stored on a file server, and the local \u201cfolders\u201d are actually links that redirect applications like Windows Explorer to that location on the file server.  The user thinks they have a normal, local, My Documents \u2026 until they take their laptop and try to open a Word document in the airport, at home, or in a hotel.  Then you have issues.  No worries; you probably learned about Offline Files in your XP or 2003 MCP exam.  Turn that on and then My Documents will be replicated from the file server to the laptop.  In theory; yes.  In practice, I banned Offline Files on XP using GPO because it caused so many helpdesk calls.  It was a nice idea, but it just didn\u2019t work very well.  Vista fixed that.  I hammered Offline Files on Vista and Windows 7 while writing the user\/group chapters of Mastering Windows Server 2008 R2.  It held up; now I\u2019d allow it \u2026 no; I\u2019d demand it \u2026 for those operating systems.  So Redirected Folders with Offline Files works great on those OSs \u2013 I even did step-by-steps on setting that combination up in that book.<\/p>\n

But hard core remote desktop services guys will tell you that those techs are just a starting point.  They know more about the innards of profiles and user virtualisation than anyone.  They drive demand for specialist solutions, like those from AppSense (a long-time contributor to PubForum).<\/p>\n

Personally, I think this is just a start.  I think we need to think BIGGER.  We\u2019re only thinking in 1 dimension \u2013 how to get people\u2019s data abstracted to move across machines in the business.  We need to go 3D.  Wait!  Don\u2019t run away \u2013 this isn\u2019t a Hollywood movie that sucks and tags on 3D to get a few extra ticket sales.  I see two additional dimensions that user virtualisation needs to expand into.<\/p>\n

1: Cross Platform<\/p>\n

Recent surveys find that more and more non-Windows machines are making their way into the business, not just the home.  I don\u2019t mean the small business either; I am talking about the multi-national corporation.  Whether it\u2019s the CEO who wants the latest trendy device from the electronics store in the airport, or some device that solves a unique need, we now are facing the need to get personal data available on different platforms.  Should My Documents be on that iPad?  Let\u2019s put security aside for a moment.  Well, if I\u2019m a sales person that travels about, I want something light with good battery life.  If the iPad does the job and nothing else does, then I\u2019m going to demand an iPad.  And you\u2019re damned skippy that I want My Documents on there.  How do we do that now?  DropBox.  Yick! There\u2019s no corporate control.<\/p>\n

But that\u2019s a starting point.  I can envision a day when the profile is simply just an instantiation of something that is stored in a central database.  An agent on the machine downloads appropriate data from that database and creates a My Documents folder.  In the case of a Windows PC, it downloads details of the mail server and mailbox and configures the Outlook profile.  In the case of an iPad it might configure the Apple mail client.  In the case of the PC, there might be some Adobe Photoshop settings to dowload.  th iPad doesn\u2019t have an install of PhotoShop so that data is not downloaded.  Maybe the agent is really clever and syncs back up the block level changes to any files contained within the profile.  <\/p>\n

This would be a huge departure if Microsoft did this.  There are some cool possibilities if they did.<\/p>\n

2: Federation<\/p>\n

This one splits in two.  Many organisations have partnerships.  A person can work in company A but spend a lot of time logged into the network of company B.  They probably have 2 identities; one for each network.  And that means they have 2 insulated profiles.  That\u2019s a right PITA.  If they\u2019re lucky to have admin rights they might use something like Live Mesh, DropBox, or SugarSync to replicate key folders between the two networks.  There\u2019s probably various security and compliance issues with that.  And it doesn\u2019t give the best solution for the user.<\/p>\n

What if we took the solution that I brainwaved above and extended it, so that the two companies could be federated.  It could be something like ADFS, creating a trust between the profile store in company A and the network of company B.  Selected users could be authorised in both sites (for security reasons) and then user Bob could travel from his regular office in A and log into the network in B when he has to work closely with them.<\/p>\n

The second branch breaks out into the home.  Given the bandwidth, I think a reinvention of the profile, taking advantage of how modern cloud apps work, would turn the virtualised user profile into a SaaS application.  Maybe this federation approach could also extend to the likes of Microsoft Live.  If Microsoft allowed a person to log into a PC with a Live ID then they could download their profile from work while sitting at their home office computer.  Or maybe it could be a Mac?  Remember, we\u2019ve decoupled the user data from the OS so it\u2019s no longer dependent on the OS \u2013 it\u2019s just a bunch of files and or settings in a database that can be \u201ctranslated\u201d for any OS in theory.<\/p>\n

Maybe Microsoft does this, and maybe not.  I don\u2019t see it happening soon, but it would be a really cool way to extend something like Live Mesh, essentially turning it into a Windows Domain in the cloud.  I really don\u2019t see them going cross platform with it; Marketing would see to that.  And they\u2019d also see it as a way to drive sales of the latest OS, forever putting pressure on the user to upgrade for support.  I hope I\u2019m wrong.<\/p>\n

Now think B-I-G-G-E-R!  With something like this \u2026<\/p>\n