Technical white paper
Melting the wall between mobile devices and PCsMobility and the workplace
Table of contents
1 Disruption of mobility1 A potential solution2 HPE+Microsofta case history2 Enterprise Mobility Suite3 Windows 104 Office 3654 Your journey5 HPE management services for the Microsoft ecosystem6 A new world6 About the author
Technical white paper
Disruption of mobility
Smartphones and tablets, while major innovations, have proven to cause huge disruptions to the IT world. The value and difficulties presented by these mobile devices somewhat parallel the situation that surrounded the introduction of PCs decades before. At that time, mainframe computing was the safe, secure, and compliant domain of what would become IT departments. PCs introduced the potential of sharing data on floppy or portable drives, posing risks to control and secure data.
Mobility, too, is a double-edged sword, having the potential of unprecedented accessibility and risk of hyper vulnerability to intended and unintended data breaches. Such risks are significantly aggravated by the bring your own device (BYOD) trend. Now, its not just the PC in the office that is disrupting ITs legitimate concerns for security and compliance. It is the convenience and seamless accessibility of the mobile device that goes everywhere the user goes, such as parks and airportswhere it is vulnerable to being lost or stolen. It is also sometimes used as a babysitterplayed with by children who may inadvertently compromise data.
Despite these risks, the value of mobility is widely acknowledged for benefits that start with the flexibility and productivity gains available to anytime and anywhere users. It goes much beyond this, however, to context-based computing that can help your employees do their jobs, support new business models, and radically transform and deepen relationships with your customers.
Even many highly risk-adverse companies and governmental organizations have realized they cannot stop mobility and BYOD. There are those users who, while not supported by their organizations with BYOD and a consumer-type user experience, will frequently find ways to get around IT controls, exposing their organizations to dire risks. Organizations that do not engage their employees with a friendly, flexible IT experiencethat users have come to expect from their personal smartphones and tabletswill find themselves unable to hire or retain millennials. More than 36 percent of the U.S. workforce comprises millennials, and by 2020, this will be closer to half.1 Most companies recognize that they must transform themselves to provide a digital employee experience. If not, their company will be surpassed by competitors transforming themselves into digital enterprises.
While institutional acceptance of mobility is high, the ability to do so is often problematic. Many IT departments are under resource and budget constraints while demands continue to grow. One simple example is that the workplace resources of a typical IT department were once a matter of managing a number of desktop and laptop PC units equaling, or less than, the number of their employees. By contrast, they must now accommodate the same employee base using multiple devices per user. By the end of 2014, it was estimated that 12 billion Internet-connected devices were used worldwidethats an average of 1.7 devices for every person on the planet. Strategy Analytics forecasts that number hitting 33 billion devices by 2020, when the number of connections per person will more than double to 4.3 devices.2
Adding to the complexity: Devices consist of multiple operating systemsWindows, Android, and iOSand many differing device types.
The good news is that a new ecosystem model is emerging that can satisfy the productivity and flexibility requirements of users, streamline IT requirements, simplify CISO security requirements, and potentially do it all within the cost constraints of the business.
A potential solution
Today, a wall exists between the desktop/laptop PC world and the mobility world. Each device is managed separately by ITand, of course, BYOD requires some level of IT management.
Learn how an ecosystem approach can help you realize the vision of seamless connectivity of mobility and the workplace.
Technical white paper Page 1
Wouldnt it be nice to melt the wall between your PC and your mobile devices? Users could easily switch between devices with seamless access to context, information, and applications. IT could manage at the user level versus each device separately. Security leads could secure information based on user permissionswhether on a PC, tablet, smartphone, the cloud, a USB drive, or in-transit between them.
2 MobileWorldLive, http://www.mobileworldlive.com/featured-content/home-banner/connected-devices-to-hit-4-3-per-person-by-2020-report/
Security is similarly handled separately for each device. Users have a certain level of sharing between the devices for email and calendar, but applications are different and the experience is hardly seamless. Melting the wall between a PC and mobile devices would enable users to switch between devices with seamless access to context, information, and applications. IT could manage at the user level rather than separately manage each device at the platform level. Security leads could secure information based on user permissions regardless of whether it was on a PC, tablet, smartphone, the cloud, or USB drive, or in-transit between them.
The question becomes: How do you make it all work given the increasingly complex user environment in enterprises? The upfront and ongoing integration necessary to support this with a best-of-class, multivendor environment is daunting. The task grows significantly easier and less costly by adopting one user ecosystem model to meet user, IT, and security requirements in an integrated fashion.
HPE+Microsofta case history
Probably the most complete user computing ecosystem in existence is offered jointly by Hewlett Packard Enterprise (HPE) and Microsoft. From an enterprise perspective, Microsoft is ideally suited to leverage its strong position in enterprise desktop/laptop computing to also encompass enterprise mobility requirements. Complementing their strengths, HPE has deep experience and expertise in transforming complex, enterprise user computing environments. Figure 1 shows key products and services that make up HPE Services for the Microsoft Ecosystem. The following sections show how these highly interrelated technologies and services help melt the wall between mobile devices and PCs.
Technical white paper Page 2
HPE Services for the Microsoft Ecosystem
HPE Software Licensing and Management Solutions
HPE Services forOice 365
HPE MobilityServices forMicrosoft
HPE Servicesfor Skype for
HPE Servicesfor Dynamics
HPE Services forWindows 10
Microsoft cloud oerings
Enterprise Mobility Suite
Skype for Business
Figure 1. HPE and the Microsoft ecosystem
Enterprise Mobility Suite
Microsoft Enterprise Mobility (EMS) Suite is a bundle of three components: Intune, Azure Active Directory Premium, and Azure Rights Management. Each is cloud-based, provides management and security across all device types, and has a strong integration with Office 365 and Windows 10.
IntuneMicrosoft Intune provides mobile and PC device management together with mobile application management from the cloud. Most importantly, integration with the Microsoft System Center lets an administratorfrom a single consolemanage mobile devices including iOS, Android, and Windows tablets and smartphones; Windows PCs; and Macs. This lowers the wall for IT administrators between mobile devices and PCs, using tools that are an evolution from the system center that is well known to IT managers.
Intune provides standard mobile device management (MDM) functions like passcode reset, device lock, and corporate data wipes or full wipes for lost or stolen devices. Intune also enables self-registration and enrollment of mobile devices, minimizing ITs workload.
From an enterprise standpoint, it provides a corporate application (app) store that lets users install corporate apps. Perhaps most importantly, it is the only mobile application manager that can manage and secure Microsoft Office for iOS and Android devices. This is critical for the security it provides, and also because it gives users consistent cloud-based office productivity software across PCs and mobile devices.
For companies that have an MDM that provides some of these functions, Intune can be used side-by-side with these existing technologies during a transition period to supplement them with its more holistic user-device focus.
Azure Active Directory PremiumMicrosoft Azure Active Directory (AD) Premium provides robust cloud-based identity and access management in-sync with your existing on-premises Active Directories. User information, such as name, organization, and privileges, is stored as directory objects and associated attributes. Based on this information, Azure AD Premium issues security tokens on behalf of each authenticated user. Your identity and privileges reside in the Azure cloud, but are managed on premise. This is crucial because your workforce, whether on premise or mobile, will always use one set of business credentials to determine what business systems, data, tools, SaaS applications, and enterprise on premise applications they can access and update. This is foundational for the strategic objective of providing seamless access to the same data and applications regardless of where you are or what device you are using.
Another key aspect of Azure AD Premium is its ability to support single sign-on for Office 365, and thousands of popular SaaS applications like salesforce.com, Workday, SAP, Concur, DocuSign, Google Apps, Box, ServiceNow, Dropbox, and more. Single sign-on is a huge element of the consumer-type experience that users crave. Through Azure AD Premium, single sign-on can be made available across all mobile devices and PCs.
Azure Rights ManagementMicrosoft Azure Rights Management is another foundation piece to mobility and the workplace. Fundamentally, it enforces the user-based security privileges contained in Azure AD Premium. It lets data move freely among mobile devices, PCs, the cloud, and even USB drives with no security concerns. The reason: The document is securednot the location where it resides. Wherever the data moves, only users with the appropriate privileges will be permitted to access or change it. This is a fundamental underpinning to a connected mobile and PC world. For database information, Hewlett Packard Enterprise can extend this model even further with HPE Attalla and HPE Voltage, for example, encrypting and securing individual fields, like Social Security numbers or personal healthcare information, without modifying applications that access the fields.
Together, the three components of the Enterprise Mobility SuiteIntune, Azure AD Premium, and Azure Rights Managementprovide much of the middleware and management capabilities to bring together the disparate worlds of mobile devices and PCs. Now lets take a look at two other key components of our ecosystem: Windows 10 and Office 365.
Microsoft Windows 10 offers a single environment for business-oriented mobile and desktop devices. The Windows 10 user interface is a major step forward from Windows 8, which had different user interfaces for the metro and standard modes. In contrast, Windows provides resizable windows and a start menu for old and new applications. Crucial to users and IT departments, Windows 10 will be familiar to users coming from Windows 7 and 8enabling a fast learning curve and simpler administration.
Technical white paper Page 3
Windows 10 complements and integrates the Enterprise Mobility Suite by building, directly into the operating system, digital rights management, and containerization for keeping business and personal data separate. Particularly, the digital rights management capabilities complete the vision of Azure AD Premium.
One of the more interesting ways in which Windows 10 melts the wall between PCs and mobile devices is a feature called Continuum. Continuum supports hybrid tablet/laptops that can swivel their keyboard to be behind their screen, or easily separate the screenat any timefrom the keyboard. These devices are expected to heavily replace business laptops over the next few years. Continuum enables automatic switching between touch and desktop-friendly modes, depending on whether the device is acting as a laptop or a tablet. For example, with the touch mode, menus and buttons will be spaced farther apart to better support finger-based selections.
For administrators, Windows 10 makes updates on the PC much more like mobile device updates. In particular, for most modern apps, Windows 10 eliminates wipe and reload and gold disks. This simplifies IT management in a major way, making it much easier for users to select devices of their own choosing, rather than being required to select one of several corporate-approved PC models.
For users, Windows 10 provides Cortana, a voice-activated personal assistant (similar in concept to iPhones Siri) as part of mobile and PC versions of Windows.
Overall, Windows 10 provides a substantial step forward for users and administrators in bringing together the desktop/laptop, and mobile worlds.
Microsoft Office 365 provides office and collaboration capabilities that users and IT are familiar with, doing so through the cloud. It includes Exchange Online, SharePoint Online, Skype for Business Online (formerly Lync), and OneDrive for Business. A key benefit for users is full compatibility between Microsoft Office for the desktop and Microsoft Office for mobile devicesincluding iOS and Android. This full compatibility for desktop and mobile versions of Office contrasts with the usually helpful, but occasionally troubling 97 percent or 98 percent compatibility provided through other email, calendaring, and collaboration client interfaces. OneDrive for Business also plays a key role in providing consistent access to files regardless of the user device. This in itself lowers the wall for users.
Use of a cloud-based model for Office provides IT with easier provisioning and greater agility. In particular, it helps administrators and users avoid disruptive migrations when moving to newer releases.
Gartner states the value of cloud-based office systems as follows:
Benefits include greater agility (via faster availability of new features); lower overheads (by replacing capital investment requirements with operating expenses, smoothing cash flow, and cutting dedicated IT resources); easier provisioning; improved user experience; and financial incentives from the service providers.3
Its great to talk about an integrated solution that provides improved productivity, simplified IT administration, tighter security, and cost containmentthe challenge is getting there. Transforming a complex, enterprise workplace IT environment is anything but simple.
The first step on your journey should typically be a strategy or transformation workshop, focused on the area that you determine to be of highest impact to your organization. This could begin with an assessment of your current desktop and/or mobility environment, including one or more of the following: mobile device use, BYOD, office productivity applications,
3 Hype Cycle for Cloud Computing, Gartner, July 24, 2014
Technical white paper Page 4
security, or wired/wireless network infrastructure. The focus can be on mobility and workplace infrastructure or may be at a higher levelhelping you determine business needs for enhanced customer/citizen experience and new business models.
If you dont already have consensus on the first key areas of focus, a transformation workshop with key stakeholders in your organization can help them collaboratively determine key business objectives, which can be turned into a transformation roadmap.
Following a strategy development workshop, deployment planning and migration services for individual technology components, such as Azure Active Directory, Intune, Digital Rights Management, Office 365, Windows 10, or Mobile Applications, are needed.
A small sampling of questions and issues these advisory and transformation services deal with includes the following:
How do you move to, synchronize, and manage hybrid Active Directory environments involving on premise and Azure cloud Active Directory?
How quickly should you move to Windows 10, based on types of users, regulatory and compliance issues, and so forth?
Given Microsofts three update options for Windows 10, which one or ones should you adopt?
How do you migrate existing users and mailboxes from Exchange 2007+, Notes, or other messaging environments to Exchange Online?
How do you handle change management in moving to Enterprise Mobility Suite, Windows 10, and Office 365?
How should a messaging environment be structured to support cloud-based Exchange Online and on-premises Exchange?
Where should your data be located to support local security regulations and data residency requirements?
Transformation occurs over time, with a carefully managed set of sub-projects. The process is necessarily collaborative, and needs to ensure your IT environments keep operating even as they are being rebuilt. While this may seem a daunting taskand it isit is one HPE has successfully completed many times for large and small enterprises.
The objective of these services is to successfully transform your complex workplace environment into a much simpler, more productive New Style of Business.
HPE management services for the Microsoft ecosystem
Once your transformation is completewhether for a particular area or your full workplace, how will you administer and manage it? Enterprise Mobility Suite and Office 365 are both Software as a Service (SaaS). SaaS gives you software with a user-based procurement model delivered out of the cloud. It expects, however, that someone will actively manage that software. Administration and management is not part of the SaaS model.
Some of issues to be considered as part of this stage include:
End-to-end service accountability and incident resolution for the integrated solution
Operation synchronization maintained between cloud-based portions of the solution and on-premises portions (if any)
Active Directory management of groups and policies
Service auditing and other compliance functions including service/disaster recovery reviews
3 Hype Cycle for Cloud Computing, Gartner, July 24, 2014
Technical white paper Page 5
Rate this document
Sign up for updates
Hewlett Packard Enterprise is well situated to handle these administration and management tasks, and has the operational relationship with Microsoft to take end-to-end service accountability. As part of this, we can provide expedited incident handling and support enhanced service levels. HPE and Microsoft support teams are tightly integrated and co-located where required. These teams use specially developed support processes, including a ticket exchange system that enables rapid incident handling. HPE has deep visibility into the Enterprise Mobility Suite and Office 365 service operation and problem resolution. We also provide ongoing user support.
In some cases, HPE will actually host the solution or portions of it in HPE data centers. In other cases, we provide the administration even though the hosting may be done in Microsoft data centers. The exact solution will be worked out during the design process, and based on location of existing data centers, compliance requirements, and organizational objectives. In many cases, we may also manage hybrid infrastructure with portions in the cloud and your facilities. We have the flexibility, agility, and expertise to manage a wide variety of environments.
A new world
Forward-looking enterprises and governmental organizations now have the opportunity to melt the wall thats existed between mobility and PCs. Taking advantage of this transformational opportunity holds the potential to significantly increase user productivity through seamless access to information, context, and applicationsregardless of which device is being used. At the same time, it promises to better secure corporate information by securing data based on user permissions, no matter where that data moves in a mobile world. And it promises to simplify IT administration by enabling IT to manage at the user level, rather than managing each user device separately. Benefitting from this transformational opportunity, enterpriseslike yourscan gain competitive advantage and better achieve operational objectives.
Learn more at hp.com/go/hpes4msecosystem
About the author
George Ferguson leads Mobility and Workplace Solutions product marketing at Hewlett Packard Enterprise. This team helps organizations become digital enterprisestaking full advantage of the power of mobility for their employees and customers. Previously, Ferguson held various practice and marketing roles in the areas of security, compliance, and continuity services for more than 14 years. In these positions, he drove the adoption of cloud-based services in enterprises and was instrumental in integrating HPE cross-company hardware, software, and services offerings into integrated solutions to help manage the operational risk of enterprises IT-supported business processes. Ferguson has worked in the IT industry for 34 years, of which he has spent the last 25 years at HPE. He holds an M.B.A. from the Anderson Graduate School of Management at UCLA and a B.A. in computer science from Brigham Young University.
Copyright 2015 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.
Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. SAP the trademark or registered trademark of SAP SE in Germany and in several other countries. 2012 Google Inc. All rights reserved. Google is a registered trademarks of Google Inc. iPhone is a trademark of Apple Computer, Inc. All other third-party trademarks are the property of their respective owner.
4AA6-0984ENW, November 2015, Rev. 1
Technical white paper