There has been lot of chatter lately about Unified Endpoint Management. The explosion of iOS and Android devices in the enterprise & the subsequent emergence of Enterprise Mobility Management (EMM) vendors, is a catalyst for this discussion. But, what exactly is Unified Endpoint Management? Can enterprises use “one solution” - “one console” to rule them all? Well, as always, it depends. There are several pieces to this. Let’s break this down.
Currently, there is no clear industry consensus on the definition of Unified Endpoint Management. In general, the objective is full lifecycle management of ALL types of enterprise devices as listed below. However, the breadth and depth of coverage largely depends on the vendor’s heritage & core competencies. Depending on the enterprise (and the industry vertical), managing all or most of these device types is absolutely mission-critical. To make it more complex, the capabilities & processes needed for full life-cycle management for each of these device types is very different. In addition, if the trifecta of enterprise requirements - security, scalability and reliability are not met for any of the device types, then a single solution is a “no go”.
Endpoint Device Types
1. Desktops and Laptops - Windows, Macs
These are mainly Windows based desktops and laptops running Win 7 (and in many cases still Win XP). The management paradigm has matured over the years. However, due to legacy OS architecture, the management is very complex, error-prone and “high-touch”.
A typical Systems Management solution includes the following capabilities:
* OS Provisioning and Migration
* Patch Management
* Inventory & Asset Management
* Power Management
* Alerting and Monitoring
* Software Distribution
* Remote Control
* License Management
* Reporting and Analytics
In addition leading vendors also provide,
* Multi-OS – Mac, Linux Management
* Application Virtualization/Streaming
* Virtual Machine Management & Virtual Desktops
* Workflows and Automation
* Self-Service Portal
* Endpoint Protection Integration
The solutions tend to have a monolithic architecture, are highly complex to deploy/manage and are commonly installed On-Premises. The release cycles are longer as well - typically 18 -24 months.
2. Smartphones/Tablets/Chromebooks – iOS, Android, Windows
This category is comprised of smartphones, tablets & convertibles running modern Operating Systems such as iOS, Android and Windows 8 ( Phone/RT). These modern OSes, unlike older Windows versions, have adopted a containerized, locked down architecture. Google Chromebooks also follow a similar locked down model.
Management of these devices is via a set of APIs, provided by OS vendors. Pioneered by Apple, this modern management model, is completely different from the old PC style management. For example, there are no filter drivers, kernel mode access, registry, patch management or traditional anti-malware - Hurray!
This new architecture, along with a “store based” model for OS and application deployment/updates, has greatly improved security and simplified management. (Note: This does introduce other types of threat vectors. Also, Android is bit more open - not as locked down as iOS and Android. Perhaps a topic for another blog post? )
In a span of 4 years, this has evolved from basic Mobile Device Management (MDM), with a handful of APIs, to a comprehensive Enterprise Mobility Management (EMM) solution suite that encompasses security and management of devices, apps, data and identity.
Today’s leading EMM vendors typically support the following capabilities:
* Latest iOS, Android, Win 8 (Phone/RT) management APIs covering comprehensive device and app management
* App Wrapping/SDK, 3rd party app ecosystem
* Mobile Productivity Suite (E-Mail, Browser, Viewer/Editor etc.)
* Certificate Management
* Mix of both BYOD and Corp-owned usage devices
* Support for industry specific scenarios such as kiosk modes etc.
* Content Management, file sync/share, Collaboration
* Mobile Security, DLP
* Chromebook Management
* Identity and Single Sign-On Integration
Cloud is the preferred deployment mechanism, although most vendors offer an on-prem option as well. Keeping up with the pace of change across all platforms is not to be underestimated! On average, across all the major OS platforms, there are 3 major revisions to APIs and feature sets every year. This requires massive ongoing R&D investments for development and testing.
3. Handheld/Ruggedized devices - Win Mobile/CE based devices
This category of devices, though not sexy and cool, are the workhorses for numerous industries. These devices have been around for over a decade. Watch carefully, and you may find one of these
being used at your neighborhood 7-eleven stores. The devices are generally based on Win Mobile/Embedded/CE operating systems.
Note that Win Mobile/CE is completely different from Win Phone 8 devices, including the OS and the management stack! These devices also have their own unique management characteristics.
* Devices have long life cycles ( 8-10 + years)
* Mainly used in mission-critical processes, with custom apps and backend solutions
* Tight integration & certifications with partners ( typically several dozen)
* Features such as OS patching and remote support are very critical
Recently, in addition to Windows embedded, Android based devices are also being introduced. Few organizations are also experimenting with iOS devices. There are specialist vendors who have addressed this market segment for over a decade.
4. Emerging/IOT - Apple TVs, wearables, printers, other “connected” devices etc.
This is an area that is highly fragmented and evolving very rapidly. There are no clear standards or winners yet. There are several emerging IOT players, and the current strategy by established EMM vendors is – partnerships and acquisitions. (Examples - QNX by Blackberry, Jasper, Octoblu).
It is imperative for unified endpoint management vendors to address these emerging endpoints.
Today, vendors attempting to address all four device types (listed above) are in largely two camps:
1. EMM Vendors
These vendors have attempted to expand their reach beyond mobile devices to include traditional PCs and desktops. Obviously, the EMM functionality is market leading, but the PC management capabilities are very minimal. Most of the vendors support less than 50% of the key PC management capabilities listed above. There are also gaps in platform support. At this time, it would not meet the needs of large enterprise customers.
2. Systems Management Vendors
As you might expect, these vendors have attempted to add mobile management capabilities (through acquisition, OEM or organically developed). However, keeping up with the pace of change in the mobile market is extremely difficult. In addition, merging On-Prem deployments & 2 year release cadence (for PC management) with Cloud based and quarterly releases (for mobile) is a bridge too far, for many vendors. So, typically, they are behind the curve on mobility technologies. For example, the recent launch of “Android for Work” did not include a single Systems Management Vendor.
Based on my research, ruggedized devices make up ~30% of all corporate owned devices in several key verticals, such as Retail, Logistics, Manufacturing, Transportation, Oil & Gas. While some of these
devices will be replaced by iOS & Android, vast majority of devices will continue to be used in business critical functions. Also, some of these devices include their own management system, provided (typically OEM) by the device manufacturer. In addition, several companies outsource management of these devices to outside “managed service providers”.
Even as smartphones and tablets are invading the enterprise, traditional devices ( PCs, ruggedized devices etc. ) are not being thrown away. There will be some cannibalization, but a vast majority will continue to be used. The new “container” based OS models of iOS/Windows 8 are not being retrofitted to older OSes. So, until every device in your company is moved to a modern operating system, your desktops, laptops & rugged devices still need to be managed, the same way as before. Sorry guys, the end of “Patch Tuesday” is not here yet J. In addition to desktop/laptop management, Systems Management solutions are also commonly used for server management. Today, none of the EMM based vendors address those usage scenarios.
Until now, enterprises have mostly deployed separate systems to manage these three device types - PCs, Mobile and Ruggedized devices. I expect vendors from both camps to continue advancing their solutions towards convergence. Don’t hold your breath! This will be a long, multi-year journey. But, who will get there first? EMM vendors or Systems Management vendors? There are two key market variables that will determine this -
a. Migration of all devices to modern Oses ( iOS/Android/Windows 8) and
b. Maturation of Mobility market
Smaller organizations tend to be more nimble. They will be able to adopt EMM-based unified solutions, as soon as most devices are migrated to modern operating systems. However, for larger enterprises, with thousands of PCs and ruggedized devices, PC Systems Management solutions will still need to be deployed for a long time. As the Mobility market matures (well, at least, when the pace of change slows down), Systems Management vendors will be able to provide “good enough” EMM functionality. It is lot easier (and justifiable from a business perspective) for Systems Management vendors to invest in EMM & IOT capabilities. They will be able to catch-up eventually. However, the equation for EMM vendors for investing in advanced PC management, is that of diminishing returns. So, I expect most EMM vendors to only provide cursory PC management capabilities, which will not address most enterprise needs.
The vision of unified endpoint management is aspirational & quite logical. However, it is not ready for prime time yet. The reality for IT, of running a business, makes it inappropriate for large enterprises today. However, with such rapid change, IT should continuously monitor vendor capabilities as they evolve. And, always start off with a pilot & evaluate thoroughly, before committing to any “Unified Solution”.