I wanted to write this blog post as a follow-up to the EUC conference in Norway last week. This was the first EUC conference ever held in Norway, where I delivered the keynote on the future of the workplace and client environments. I’d like to share my thoughts on what the future might look like.
and sorry some of the pictures from the presentation are in Norwegian….
A couple of weeks ago, my son asked me about the first version of Windows I worked with. This question took me back to when I started in IT about 18 years ago, working with Windows XP. Back then, working at the front desk or service desk, I dealt with a range of questions about drivers, Wi-Fi, printers, user profiles, and passwords. Fast forward to today, in 2024, we still face many of the same issues, though things are generally more stable. We now have cloud print services, more complex user profiles with Entra ID, and a myriad of new features and functionalities from cloud providers. For instance, Microsoft releases at least 1,000 updates annually. This constant influx of updates adds to the complexity and technical debt in IT departments.
On top of this, we now have AI and generative AI being integrated into the end-user workspace by major cloud providers like Google (Duet AI), Microsoft (Copilot), and Amazon (Q). Many organizations fear missing out (FOMO) and see these tools as essential for their employees. However, few have thoroughly assessed the actual benefits or return on investment of these tools.
In summary, we are continually dealing with a mix of legacy issues, status quo challenges, and new initiatives such as AI, all contributing to the growing technical debt in organizations.
So, what does the end state look like?
1: Many organizations aim to replace their existing VPN servers. Over the past few years, there have been numerous high-severity vulnerabilities with VPN providers, as these are Internet-exposed services. Additionally, VPNs have their own issues, such as providing too much access to internal resources. Consequently, many are exploring zero-trust-based services like ZScaler, Cloudflare Zero Trust, or Microsoft Global Secure Access as replacements. This of course needs to be adjusted and working for any type of operating system and device.
2: Another focus is on enhancing the digital user experience. Organizations want to proactively monitor the performance of the application services that users rely on, whether these are VDI, internal applications, or cloud services like Microsoft 365. Vendors such as VMware, Amnesia, Citrix, and Microsoft are now integrating more technology into their stacks to enable more proactive monitoring of these applications.
3: Many organizations also aim to create a unified workspace, making it easy for users to access applications, whether they are web-based, Windows applications, or network-based services. For instance, Microsoft alone offers numerous portals that users need to access to work efficiently, making it a bit cumbersome.
4: Self-service and automation are crucial. Users want the ability to order applications, request new equipment, and manage user access, possibly even provision full environments in the public cloud, all through self-service options. This capability is increasing in demand among users.
5: Many organizations are also reevaluating their current VDI vendor. This reassessment may be due to a decline in the need for VDI services, the emergence of other use cases, or significant increases in licensing costs. As a result, they are exploring other options. With numerous alternatives available, organizations often face the challenge of selecting solutions that align with their specific requirements and needs, rather than focusing solely on specific vendors.
6: Many organizations also want a virtual assistant with AI as part of their ecosystem. I firmly believe that virtual assistants will significantly impact the way we work. We are now at a stage where virtual assistants are truly feasible, allowing us to easily build integrations and enable these assistants to interact with third-party systems. This advancement will allow us to communicate with our applications directly, rather than switching between different applications and user interfaces. I feel like this is what Citrix Microapps wanted to deliver once but I didn’t deliver on its promise.
Can we get there?
So can we actually get there can we get to the end state of course if we start by looking at generative AI Microsoft alone has mentioned that they have close to 70 different copilots now a lot of them are available and some of them are in development we even have now Microsoft Copilot plus which is running generative AI locally on the end users device because we have these smaller language models now that can run locally and any type of embedded device making also genitive AI available offline as well ChatGPT is also released their own desktop service which also allows you to interact with both video uh pictures and audio essentially enabling it to be a virtual assistant that can also be used for it personnel troubleshooting let’s say that we have an event log that we can ask ChatGPT to take a look at and trying to help us figure out what’s actually wrong
There have been significant changes among EUC vendors in the market. Specifically, VMware is now part of Broadcom, and its end-user computing division has become a separate company named Omissa. Additionally, Citrix has been divided into different business units under the Cloud Software Group. Both vendors have been working to simplify their product lines by consolidating various features into single licenses, moving away from complex, menu-like options to simpler SKUs.
For some companies, this consolidation has led to a substantial increase in licensing costs, as they now pay for a broad range of features despite only using a fraction of them.
As a result, many organizations are considering alternative options for VDI (Virtual Desktop Infrastructure). However, transitioning from one vendor to another is complex and challenging. It requires technical expertise and competence with the new product, as well as an evaluation of the necessary functionality. Additionally, it may necessitate switching to a different virtualization or hypervisor platform, as compatibility across various platforms can be limited.
As an example, seen below when it comes to Citrix / Microsoft and VMware with hypervisor support. I had one customer even ask me in regard to support for Proxmox.
We also need to examine some of the latest news and updates from different vendors. For instance, Citrix has been refocusing on on-premises deployments. This includes new versions of Citrix Studio with Web Studio, a new on-premises StoreFront which hasn’t seen updates in recent years, and the release of auto scale for on-premises. Additionally, Citrix has acquired UberAgent, enhancing digital user experience monitoring for Citrix but also moving more back to the old days with EdgeSight. This feature will hopefully be integrated into the VDA and Citrix Director.
A few weeks ago, Citrix announced a closer partnership with Nutanix. Nutanix has sold its EUC offering called Frame, now acquired by Dizzion. This new partnership will lead to new integrations from Citrix into Nutanix’s own hypervisor AHV, as well as NetScaler support on AHV. Moreover, Citrix also recently released VDA for Mac, enabling remote access to Mac machines. Citrix is also heavily investing in their remoting protocol, introducing new AV1 Codec support, FIDO 2 redirection in session, HDX optimization, and new compression algorithms. They also now support Intel GPUs, providing an alternative to Nvidia-based graphics and their CUDA framework.
If we look at Horizon, there have been many updates to the Blast protocol, including URL redirection within sessions to local clients and added digital employee experience monitoring. This feature allows monitoring of login experiences, hardware latency, packet loss, and application usage, signaling Omnissa’s move towards providing comprehensive digital end-user experience monitoring.
On the Azure Virtual Desktop front, a significant announcement is the support for Azure Stack HCI. This means you can now run your VDIs on-premises within your own data center as long as you are using Azure Stack HCI. However, despite this on-premises capability, many central components still run in Azure, making your VDIs dependent on Azure’s functionality. Additionally, it’s worth noting that there haven’t been major enhancements to the RDP protocol in the last three years, except for the added support for Entra ID, meaning that for high-end use cases Omnissa or Citrix is still the right option.
Microsoft has recognized the importance of Mac users and has now introduced platform single sign-on for Mac, allowing you to use Entry ID logins on Mac devices. Additionally, they have added support for Mac to the Universal Print offering. Further extending the useability and management of Mac OSX in the enterprise.
They also introduced device-bound passkeys for Microsoft Authenticator. This eliminates the need for physical YubiKeys, offering a phishing-resistant option using the Authenticator app.
Furthermore, Microsoft has launched Dev Box and Deployment Environments. Dev Box provides a self-service, cloud-based PC experience similar to Windows 365. Deployment Environments allow for the reuse of existing infrastructure-as-code modules and templates, packaging them for self-service access through the Dev Portal from Microsoft.
Microsoft has also introduced a new service called Global Secure Access, which includes two main components: Private Access and Public Access. Private Access is an enhanced version of the Entry ID Application Proxy, providing access to any TCP-based service. Public Access ensures that all traffic to any SaaS-based application goes through Microsoft’s Secure Web Gateway.
A significant advantage of this service is the ability to apply conditional access policies to any network-based application, reducing the vulnerability of publicly available VPN services by routing traffic through Microsoft’s core network. However, as this service is still in preview, it has limitations regarding data center availability and protocol support.
In summary, these developments from Microsoft and other vendors are moving us closer to achieving our goals of providing secure, self-service capabilities, digital end-user experience monitoring, and virtual assistants. While the ecosystem (especially around Generative AI) is still fairly young and many components are in development, I believe that within the next year or so, many of these features will be fully functional. Also I think that many will start of use the services from Microsoft in regards to get Zero-Trust based access to internal services, since it is managed entirely from Entra ID and also heavily integrated into Conditional Access, making it “easy” to manage. However Microsoft needs to invest more into the transport layer, seeing that relying on RCP over TCP is not how traffic should be handled in 2024.
I also believe that many organizations will transition from existing VDI services to Azure Virtual Desktop, whether on-premises or within the public cloud. This shift necessitates the use of modern technologies to manage and build this infrastructure, leveraging infrastructure as code and DevOps principles.