If latency becomes a non-issue (ever tried using remote desktop or even SSH over a high-latency connection?), I think this stands a very good chance of succeeding and making IT's job much easier.
Latency would be my biggest concern with the service, sometimes even an X11-over-ssh session on a local network can be incredibly slow to use, putting it across the internet doesn't do much to help.
X11 over ssh is really slow. Windows RDP, VNC or Teamviewer are generally pretty fast to the point where it makes almost no difference to the normal Desktop user.
In my experience on a Gbit LAN, RDP is really fast, VNC and TeamViewer, not so much. I'm connected to a Windows 7 machine via RDP and to a Mac via VNC (even though I used to use TeamViewer) with Remmina on Ubuntu.
This solution is utilizing PCoIP[1] which is a very mature protocol that can support things like video streaming, adaptive compression, and remote USB device passthrough. It's nothing like VNC or X11, and I have a number of customers running thousands of users with it. VMware also licensed this protocol for their View product and it's been very successful in that space. While I generally prefer the ICA/HDX stack for VDI use, PCoIP is pretty damn nice and it's a great choice for this kind of offering.
I second this. The protocol is incredibly fast, even over a cellular connection when zipping down the rail line on Amtrak. On a LAN I can use VMware PCoIP on an Apple Cinema Display and there is zero lag (hard to test the Cinema Display on Amtrak!). I don't know what black magic they use under the hood, but it's the only remote protocol I've ever used that didn't make me want to throw my computer out the window.
Sounds interesting, i wonder if something like this will replace home computing in the future. How is the performance when watching videos or playing some casual game, does that still work ?
I haven't done any gaming with it, but web video played in the browser works the same as locally. I haven't tried any full screen stuff like movies though. For regular application usage there is no perceptible lag for things like scrolling, editing, highlighting, etc...
Completely off topic, but regarding SSH over a high latency connection - it's actually remarkably good as long you don't have loss on your link.
I'm currently working with a client in Singapore that requires that I connect to their data center through a B2B L2L IPSec tunnel that is sourced in California. So, From Singapore, I connect to the VPN concentrator in California, and then from there, connect to the clients site in Singapore.
So, every keystroke that goes to a server approximately 100 meters from me, Starts off in Singapore, crosses the ocean to California, comes back to Singapore, returns back to California, Comes back to Singapore again.
I do this for about 8-10 hours a day - completely workable.
Oh, and the Connection to the internet that my VPN connection rides on is a 3G modem, no less.
I've done this before too (even down to it being a SG -> CA link!).
I think the best practise is to automate. Waiting on individual key presses to be echoed back when there is latency is incredibly frustrating, a slight delay while a shell script runs is completely unnoticeable.
I think a lot depends on how good of a typist you are. If you can confidently type fast, it's no problem. If you're prone to typos, latency can be unbelievably aggravating.
Actually, it's the opposite - users can buy cheap chromebooks and access virtual desktops running in AWS from them instead of buying more expensive Windows laptops.
"As an extension of its ongoing collaboration with Amazon, Citrix is now delivering its innovative networking and desktop virtualization solutions from AWS."
I agree they aren't productive. However, the fact that we keep hearing about it, especially from those not from the US, is informative. There is a German IT manager posting about how he's like to use this but can't due to the NSA spying. The NSA is taking money and markets out of our hands and may cause products like this to fail.
No, there is a German IT manager posting about how he can't use it due to EU data protection laws. Nothing to do with NSA spying.
Intelligent discussion about the issues of cloud computing, including data protection laws and spying, is useful and welcome. But posts that basically boil down to "LOL NSA" are not intelligent.
It may be unproductive but it highlights a paradigm change.
If you host your Desktop in the cloud at Amazon your data is completely at the mercy of Amazon. This can be an issue for health-related data or customer data.
It is a fact now that there are secret courts in the US that disallow Amazon from telling you that someone else accessed your data. I'm not sure about law enforcement but they can probably gain access to that data you stored there too.
As a business from a foreign country you lost control over your data. Some businesses can afford that - a lot can't.
I own my own business and jokes aside (which it was) I won't be putting anything I don't have to into the cloud and in the mid/long term I'll be moving stuff back in house (Google apps for email was convenient but not essential etc).
As I'm in the UK pulling stuff out the US seems vaguely ridiculous if I move to another cloud provider anywhere as GCHQ has shown to be remarkably (frighteningly in fact) efficient (there has to be some humour in their about the government been more efficient at monitoring people than at just about anything else...) so back in house is pretty much the way to go.
I don't have anything that would interest anyone I don't think (We are a small company developing software for the renewables industry) but its not really about the nothing to hide mantra so much as restoring some of the balance and if that costs me a bit extra so be it.
There have always been worries about hosting your data with a 3rd party NSA hyperbole or not. This is why you follow HIPPA standards if they are applicable, or ensure AWS is compliant with a standard you need to adhere to: http://aws.amazon.com/compliance/
Your company will always have to value the risk/reward tradeoff of hosting with a 3rd party and it has nothing to do with secret courts or any other silly end of the world predictions, and has to do with the fact that your data is outside of your direct control.
You may have no problems with these things. I'm not a US citizen and these things do matter in my decision to host my data in the US. These problems are not new. The US never had a strong privacy law.
Taken all this into account it's hard sell for any business outside of the US to use US based cloud services. That's all I wanted to illustrate.
Yes there are FISA warrants. If you are this paranoid that your data is this sensitive you shouldn't even be thinking about keeping your data anywhere else besides your locked down datacenter that you alone have access to.
What I am stating above is, NSA revelations or not hosting your data with a 3rd party is an obviously inherent risk.
I've been managing full 2,000 virtual desktops and about 100 servers... I've been looking for a way out! (out of licen$ing/$oul agreement with MS and VMWare).
Of course latency would be an issue, I wonder what solutions they have for low/limited-capacity clients.
It says it's powered by PCoIP. I've tested one of the PCoIP hardware thin clients before, and it works really well across a WAN. An employee ran from his home a graphically intensive 3D render application at 1920x1080 on one of the EVGA thin clients. We didn't test it across a 3G connection or anything like that.
Talk about high TCO! (yes, you still need the hardware to run this service). With office going online now, I'm wondering what their strategy is. This is really not what I was expecting.
Excluding your endpoints, do you have a current cost accounting of the entire infrastructure capex, opex, software licensing, and any professional services behind your existing 2000 seats? I work extensively in this field and the numbers they are throwing out are extremely competitive with existing on-premises View or XenDesktop implementations I've been involved with.
We're running on 4-5yr old hardware... and our maintenance contracts, even though high wouldn't amount the yearly costs to use this service. This is at least a decent option if you're planning on new infrastructure.
What about the costs of running the hardware - power, cooling, network switches, storage arrays, datacentre rental (or opportunity costs of using a server room versus more desk space for example)?
Not saying it still wouldn't work out cheaper for you, but worth bearing in mind.
If you could spin up an instance for an hour, this would be useful to those who want to buy from US stores that block by IP (cough Nexus 5 cough), but don't want to go the VPN route.
I can think of a bunch of other use cases. E.g. Student spinning up an instance to work on an essay or powerpoint presentation. But yes, it looks like the pricing is not by the hour :(
Sorry to be the jerk. Small error in an opening paragraph (probably from a last-minute edit):
> Your users can access the applications, documents, and intranet resources that they need to __get their done__, all from the comfort of their desktop computer, laptop, iPad, or Android tablet.
Otherwise, thank you for the detailed write up... I almost never watch launch/demo videos
My first question was "can I add my own items to the bundle" (and the answer is yes although that info should be more prominent.)
My second thought is the price point is to high but obviously that will come down (However by having a high price point you will invite competition.)
I'd like to use this just to be able to use the vsphere
app which runs only under windows. So from a mac I have to connect to a windows box by screen sharing. I could use this. But the $35 price point is way to high for doing that.
The $35/mo is a very aggressive price for VDI in general. Their TCO calculations for on-premises VDI[1] isn't too far off the mark. Microsoft still needs to be paid and SPLA licenses presumably account for a good share of what you're seeing here.
Amazon doesn't have a history of entering the market at a high price point. It might be high for your use case, but your use case isn't what they're after. VDI is a desktop replacement where you run all your applications, not just one or two on an as-needed basis.
Jeff,
Are there any plans to offer something like ubuntu images in the future for VDI? Many developers really don't use windows much anymore, and you could probably offer a more competitive price point when there is no need for licensed software. Obviously we can set up our own stuff using raw EC2 instances, but having a simple solution like this is definitely appealing.
We'll certainly keep an open mind and think about offering other OS's in the future. Like every AWS offering, we launch an MVP and then iterate rapidly.
I'm guessing the HN crowd isn't really the target for this offering, though its clients may be. Having the full MS suite is a big deal, especially where there's ancillary storage right on board (and similarly firewalled).
A very interesting move by Amazon. Wish it was available by the hour, though.
Jeff, thanks for the write up.
You mentioned 'Windows 7 desktop experience'. Is this Windows Server 2008 themed to look like Windows 7? AFAIK, Microsoft has restrictions on putting Windows 7 on cloud instances.
This matters due to font-rendering differences between desktop and server editions, and my use-case is around web design.
It might be referring to the "Desktop Experience" feature of Server 2008R2, which applies the Win7 basic UI and allows theming, but not necessarily Aero or any of the graphics intensive pieces. It also installs the "desktop" apps.
> This matters due to font-rendering differences between desktop and server editions, and my use-case is around web design.
I'm curious. What are the font-rendering differences? Are you sure it isn't caused by Remote Desktop or by the difference between software and hardware rendering?
> Amazon WorkSpaces clients are available for both Windows and Mac computers as well as for the iPad, Kindle Fire, and Android tablets.
How am I saving on licensing cost then? If I can install the client on a Linux machine, it makes sense. If I need an Apple or a Windows machine I'm ... double licensing?
I don't think the objective is to save on licensing costs. I think it's to save on hardware and possibly deployment costs. Also, the primary use case seems to be using a thin client.
The double licensing is problem, but this would work nicely with a BYOD policy. You could use your own computer anywhere, but corporate data is still stored in a secure location.
Because you are probably buying hardware from HP, Dell, or Lenovo with mandatory OEM licensing. (Unless there's actually a cost-efficient option from a major manufacturer to purchase a large number of machines without Windows?)
look at the TCO page for the announcement [1]. The biggest cost savings Amazon is touting lies in reduced IT staff and total elimination of hardware costs. By their calculations, the licensing is only 3% or $3 per seat for a 1,000 person business unit.
That's the elimination of server hardware costs, though I can't imagine just chucking stuff in the cloud with no local backup. (Amazon has lost data before.)
There's still a client PC cost...
There are also the times when either Amazon (or Google Apps & Docs) or the network goes down and you have the odd thousand people sitting around wondering what to do. That's always lots of fun.
i've been looking for something like this for a while. Have you tried it? Octane renderer can produce some great results but wondering about the cloud GPU rendering cost
Legally or due to your privacy concerns? Just looking for clarification on your statement of "Can't" if that is a personal preference or legal obligation for government/corporations doing business locally.
There is a general, Europe-wide restriction on exporting personal data outside of the EEA to somewhere that doesn't provide an acceptable level of protection (which by default the United States does not).
There is also a Safe Harbor scheme that is intended to overcome this problem so working with US businesses is still possible if they provide additional safeguards. However, it's now clear that no business operating in the United States can actually offer the required guarantees, no matter how sincerely they might wish to. It is therefore unclear whether a European business relying on Safe Harbor to cover its rear would actually have much of a case in court if one of its customers were actually damaged as a result.
I've seen a lot of businesses at least considering pulling out of US services, cloud or otherwise, for this reason in recent months. Some are sticking with it, on the grounds that there is safety in numbers: no government regulator really wants to damage global trade by making examples of businesses who are just trying to do their work and acting in good faith, and if you're dealing with a similarly honest business from the US then the odds of an actual customer complaint are probably low enough that it might be considered an acceptable business risk. Others seem to have lawyers who are more wary and fear the penalties of something like a mass leak across the pond that would come back to bite their clients back home.
In addition, some nations in Europe are a lot more concerned about privacy both legally and culturally than the US, for obvious historical reasons if nothing else, and they may have stronger laws still.
My understand is that since Amazon is a US-based company, they could be forced, by the US government, to turn over data that is hosted in other countries. So using an Amazon cloud, even if its based in the EU, is still not possible.
EDIT: well, I guess I'm sorta wrong. The whole thing looks complicated. Making sure you don't violate German data protection laws is confusing [0][1].
You are not wrong: Amazon now agrees not to move data from EU servers... unless compelled by authorities. US authorities can force Amazon to open their data centres wide open, regardless of location, at any time under Patriot Act provisions. Before Snowden, this was considered a far-fetched scenario, unlikely to ever pan out in practice. We now know that it happens pretty much every day.
The Safe Harbour program is a weak attempt at saving face: as long as the Patriot Act exists, no US-based company will ever be able to comply with EU privacy laws as they stand. Being "compliant with Safe Harbour provisions" only means that they're making promises they won't be able to keep.
> There is also a Safe Harbor scheme that is intended to overcome this problem so working with US businesses is still possible if they provide additional safeguards. However, it's now clear that no business operating in the United States can actually offer the required guarantees, no matter how sincerely they might wish to.
Can you provide more data on that?
I'm 'only' a system administrator, but I'm working for a company that is doing business in the both US and UK.
Real Soon now we're going to be standing up a stack in the UK .. but I'd like to know what safeguards I can't guarantee so when I'm dealing with _two_ data sets and _two_ code bases and squared complexity I know _why_.
Presumably because of FISA orders. Other countries have their equivalents of the NSA, but as far as I know none of them have a law preventing companies from announcing that their respective agency has grabbed a user's data.
> Other countries have their equivalents of the NSA, but as far as I know none of them have a law preventing companies from announcing that their respective agency has grabbed a user's data.
It's hard to know exactly what the US law is too because it's classified. I would not trust that any country is safe from snooping--always assume it will happen.
US law is not classified. The exact ways that the executive enforces and upholds the law sometimes is, but the law itself is not.
That was what led the initial opposition to the Patriot Act, FISA Amendments, etc. was that they would make NSA programs like the ones that have hit the news substantially (if not completely) legal. That's apparently not what Sensenbrenner had intended when he drafted Patriot Act, but it was exactly this kind of issue that was raised at the time by privacy groups and promptly ignored by policymakers.
> In more than a dozen classified rulings, the nation’s surveillance court has created a secret body of law giving the National Security Agency the power to amass vast collections of data on Americans while pursuing not only terrorism suspects, but also people possibly involved in nuclear proliferation, espionage and cyberattacks, officials say.
> But since major changes in legislation and greater judicial oversight of intelligence operations were instituted six years ago, it has quietly become almost a parallel Supreme Court
> “We’ve seen a growing body of law from the court,” a former intelligence official said. “What you have is a common law that develops where the court is issuing orders involving particular types of surveillance, particular types of targets.”
Again, what the executive does is sometimes classified. This includes foreign surveillance by the very definition of national security. The U.S. having a FISC at all is unusual compared to the standards of other nations, where foreign surveillance may very well be done completely at the whim of the executive. We should push for improvements to the oversight process, but I can envision no such feasible improvement that would allow the public to see exactly what the government is doing (since then Russia, AQ, etc. would also know by definition) so at some point you're going to have a trust a third-party.
The safe and conservative option is to assume that the executive is doing literally anything permitted by the public law without the aid of 'activist judges' (as the GOP would say) on your side of the argument. This is exactly why it is so important to be judicious in crafting legislation, as the judges will operate by what's in the written law not contrary to the Constitution when the law is clear. They only start worrying about "what the legislators meant" when the law is fuzzy.
That's also why it is important to quickly get a legal framework around foreign surveillance that includes recognition of the fact that the Internet is global while the Fourth Amendment is domestic. MUSCULAR is a pretty shocking breach of what we all understand the Fourth Amendment to mean, but I guarantee that it's technically legal. It shouldn't be, but the Fourth Amendment has long been known to effectively not apply at all outside of CONUS.
I don't know anything special that hasn't been all over the news anyway.
Basically, the US government seems to be actively trying to compromise data held by US businesses on non-US citizens. That same US government has made it clear in public statements from the highest levels that they don't consider foreigners to have any privacy rights at all that should prevent this.
Given that this all happens in secret, any promise made by any business operating in the US that they will safeguard personal data of non-US citizens to the standards required by European law is now known to be worthless, even if it was made with complete sincerity.
This is now common knowledge, and anyone controlling personal data in Europe would have to take it into consideration when applying the general data protection principles. In other words, any legal cover afforded by the Safe Harbor scheme may not be worth anything any more. (In case your question was intended to be about the Safe Harbor programme itself: This was created so that US businesses can be used to process personal data from Europe, as long as the US business promises to uphold similar data protection standards to those required by law of European businesses.)
So the bottom line is that as a European business, if you don't have adequate disclosure when you collect any personal information that basically says it might be exported to somewhere without any safeguards on how it's used, and you don't get prior informed consent from everyone whose personal data you are dealing with, you might be on the hook legally for regulatory non-compliance as well as for any actual damages that result from any breach. Whether it's possible to give prior informed consent to a carte blanche handling of the data is itself debatable.
(Just to be clear, my comments in this thread are based on the perception of the current situation as I have encountered it anecdotally in a few cases. Some of the people I've spoken with may have taken legal advice, but what I've described here is not based on formal legal advice I or any of my own companies have received. Please consider these notes as food for thought only and for goodness' sake don't rely on them instead of taking proper advice if these kinds of issues might actually affect you.)
how comes that governments are allowed to destroy international relations, just to keep "control of everything"? I can't find any reason that would give the government an advantage for doing so. Ok, one maybe, selling insider data to traders, companies and enemies. But we have no proof for that.
exactly. see national securities letters. It will spur european services though and self hosted cloud solutions: own cloud and the like.
I am looking forward to see more of those initiatives. This growing distance between one and ones data is a dangerous path anyways, see also the rise of appliances and the decline of full access pc. it takes responsibilty away and media competence.
Don't place your precious information in the cloud. NSA or no NSA, was it ever a good idea to store your deepest secrets inside of a nebulous black box that you don't control? What sane person would do this in real life?
The price differential between buying the hw/sw & staffing a professional (or team of professionals) to curate and maintain it 24/7/365, or simply off-loading it all to an outside party, could be huge -- I'd dare say huge enough to make or break a company. From an executive POV, why care about data safety, when hosting it yourself makes your business model non-viable?
I realize there are lots of problems with this line of thinking, and I'm not advocating it at all, but I'm willing to bet this has been the case for some.
Building a government you can trust will take several generations, with each generation providing hundreds of thousands ENTIRE LIVES to the cause. It might be efficient in the grand scheme of things, but from an individual or even corporative point of view, it's terribly inefficient in any timeframe you might consider.
The vast majority of data, business as well as personal, does not require this level of security. For the remaining 1%, these sorts of measures are worth it.t
One of the local bike shop owners has 18 shops in two states and does well over $3 million dollars in revenue every year.
They use custom Apple/Mac software for all their POS equipment. You know how many people run an IT department that is charge of that much equipment, people, inventory and software?
Just because two can, doesn't mean two can do it well. It takes just one curious or nefarious person to crack the veil. Bike shops just aren't highly visible or obvious targets when weighed against other potential marks.
It's also another example of economies of scale working even if only on a smaller scale than a cloud. The guy has 18 bike shops. That's quite a few. If you have 18 bike shops I really would hope that you'd have somebody running IT for you. Still, it takes 18 bike stores and revenue north of 3 million dollars to power two IT guys. The cloud makes sense for folks that operate on a smaller scale than that, or just don't have access to those resources wherever they're doing their jobs.
Quite right, people do the best they can with what they have available. The promise of the cloud raising the bar on what smaller operations can deploy both in terms of sophistication and scalability vs price to play is certainly a strong factor in it's appeal.
Scale that up to five thousand seats. Five thousand seats is big? Not really.
Every day a piece of hardware dies. Every month someone rolls out a new software package. There are many different user profiles, accounting, sales, warehouse, IT, marketing, executive. Then there's that one guy that needs that program that only runs on XP SP1....
Every IT department has to justify its cost per user. Once you get above 1K seats, a lot of things that seem like overkill start to make sense really quickly.
All Amazon is offering is a managed version of what larger companies have been doing internally for years. Just like their server business, it seems expensive until you actually work out how much it would cost to do it yourself.
> your deepest secrets inside of a nebulous black box that you don't control
If you have a secret, why would you even store on the Internet? If you are worrying about conversations with your friends, that kind of privacy, don't log it. If you can't trust Google/Skype, you have to find your own solution.
For me, I got a lot of cat photos and I don't know what NSA could do with my cat photos.
Why do you store your money with an external organisation that you don't control?
Because they offer better security than I can build in to my own home (at least not without significant effort) and they offer guarantees should my money go missing under many (but not all) circumstances (for example, the savings guarantee if a UK bank goes bust).
Do cloud providers offer the same? The guarantees may vary dependent upon service contracts (uptime, backups etc), but the idea that their data-centre was better secured than my company server-room was supposedly a given (at least for most small to medium organisations).
It's the same trade-off though - how much security can I provide versus how much security can they provide?
The insurance is just an incentive to keep my stuff safe (and in the case of savings guarantees, an incentive to keep consumer-facing banks from going bust).
Those guys pitched at the Pioneers Festival in Vienna two weeks ago, and there's really something to the idea of a private, plug- and play box in your office which hosts something like a cloud. They are from Germany, too. It's too expensive for our uses, though.
I can feel your pain. It's a very weird situation in Germany for people like us.
Legally it's not allowed, but you have to have ten lawyers backing you to make people in your company believe you that Office 365 and other SAAS Software isn't legally usable... Google Apps for Business, ZenDesk... We've just faced this situation with a customer who we've shown several lawyer inquiries we've sent about this topic and he flatout replied: "Well i guess your lawyers aren't very good then."
It can be legal – with information and consent. And it's done all the time. Of course, customers don't pay for using crappy and expensive European IT solutions. Dreaming of a European cloud is great but the leading providers are American.
German companies can and do use services like Office 365, AWS, and others. Obviously some choose not to due to concerns about who might access their data, but there are no legal issues preventing them from doing so.
You'll be surprised, but most of enterprises use XP and Windows 7. They don't use Windows 8.x for variety of reasons: cost of education, existing OS is good enough, their intranet web sites designed against IE8/9.
Come on, you know better than this. Microsoft has given everyone good reason to be skeptical of every other Windows version. XP? Solid. Vista? Nope. 7? Solid. 8? Off to a rocky start...
He's referring to the out-of-date and inferior version of Internet Explorer (hence his use of caps).
They could have installed IE10 or IE11 -- which are good. I can't think of a good reason for installing IE9, though maybe someone will come up with one...
I'm genuinely curious how this app that works with IE9 can't work in IE10. From my experience, Microsoft has put a lot of effort into making IE backwards compatible. You might have to force IE into a specific mode, but I can't imagine an app for IE9 not working at all in IE10.
We've been in the tough situation where some business/banking websites only worked in IE9 while others that we were having trouble with only started working properly in IE10. Ultimately we rolled back to IE9 because the former out numbered the latter and because IE9 is still the standard version of our corporate image.
IE10 snuck onto a few servers and unrestricted desktops because it was installed silently through Windows Update along with the normal patches. That did give us the unexpected opportunity to test it out with real users.
I think their timing is quite bad. I doubt many non-us companies will start to move a big part of their infrastructure to the cloud of a US company right now.
On the other hand for smaller businesses that don't have to fear espionage this could be a really cheap way to lower costs.
This looks awesome. I don't think latency will be much of an issue either. Years ago I worked on a training system that allowed users to launch the NXClient directly from a training website and run labs on EC2 instances and even from the west coast I could write code on a US East instance very comfortably, without any noticeable lag.
"In July 2013, reports circulated that Oracle was ending the development of Sun Ray, and related products.[4] Scott McNealy (long-time CEO of Sun) tweeted about this.[5] An official announcement was made August 1, 2013, with a last order in February 2014.[2]"
If these can be rented by the hour, it could be a good way to get Windows machines for testing websites with various versions of Internet Explorer and testing emails with various versions of Outlook.
I know that EC2 and Rackspace has Windows machines, but only with Windows Server. When I have tried that, there is always something funny, such as IE security settings that are different from those of desktop Windows installs.
For now, I have settled on having local Windows installs (free licenses through BizSpark) in VirtualBox.
I can see this really helping with the BYOD revolution that's happening in enterprise. There's been an increasingly awkward mix of personal use and data with computers meant for corporate work. Virtual Desktops done well can really help here.
I can see more companies providing funds to employees to buy the device they prefer instead of provisioning a machine for each employee (ours does that already). Then the computer can be used locally for personal needs and through the virtual desktop for work.
Though as I've been traveling more lately, I can see how the need for a persistent, high-quality internet connection can be an issue in the field.
I know that some of you guys have some issues with hosting data in US datacenters...but I have to tell you...I'm so fed up with IT. I'm actually sitting on hold with a major "all hands" issue with our IT department...
I've done this for years...maybe 20 years at this point. I can tell you this..."We" (meaning everyone in IT) don't do desktop management well AT ALL. I can't remember the last time I used a corporate baseline. They take 10 minutes to SHUTDOWN. (That's private industry...government is worse.) I don't know why users put up with it and it makes me realize why everyone hates Windows. (The average baseline literally forces it to stink like a rotting fish.) Couple that with networking guys that are useless at telling you anything other than "its up"...ITS ALWAYS THE FIREWALL.
Almost everyone that I work with just doesn't get how precarious their position actually is...if people don't want to use the sh!t that you work on you just might find yourself screwed at some point.
I work in IT and I would use something like this in a HEARTBEAT if it meant getting better boot times and less "what port is open" bs.
It seems to me that most people in IT actually think that the servers are more important than the people using them.
But it will. The "cloud" will eventually replace corporate IT departments. Most companies don't want an IT department, it's a necessary headache and cost center that they only deal with when it gets in the way.
Moving where the problems occur to a single "cloud" company that develops the expertise to solve these problems once for each of their corporate clients is a large improvement.
Companies will simply pay for cloud IT services that manage desktops, provide servers, and most importantly take care of maintenance and updates at a much cheaper total cost.
The thing is - How do you develop a standardized toolchain for work? Who decides what the tradeoffs of a particular ERP stack are, how do you integrate it with your accounting system, who controls data flow in your company? You still need people to make those decisions, and that is what corporate IT is about - it's about designing, implementing and refining processes, not really technology. The tech is a tool, not the be all end all.
I think that "cloud" will be a definite bonus to the SMB shop, and provide a wonderful amount of spare capacity to enterprise shops, but I can't foresee "the cloud" replacing in-house IT completely.
You can't. Every business over a certain size will still need in house people that understand their problems. All Amazon, or any cloud providers for that matter, are doing is abstracting away IT services from the bottom up.
Need a server? click a button
Message queue? click.
Database? click.
Virtualised Desktops? clicky-clicky.
Virtual Tape Drive? (I'm as surprised as you are).
You're still going to need people who need to know what each one of those things means to your business. But in-house enterprise IT today still consists of lots of people (and payroll) who put things in racks, re-image desktops, restore SQL Backups, install custom software and give the tapes to the dude in the motorcycle helmet...
In the medium term the cloud won't replace IT. It will however redefine it to the point that the 'spare capacity' that you mentioned will be seen like an amusing anachronism.
> You still need people to make those decisions, and that is what corporate IT is about - it's about designing, implementing and refining processes, not really technology. The tech is a tool, not the be all end all.
I think that "cloud" will be a definite bonus to the SMB shop, and provide a wonderful amount of spare capacity to enterprise shops, but I can't foresee "the cloud" replacing in-house IT completely.
But it will replace the major costs of corporate IT - technical resources services. For example, today a large corp (let's use Gazprom as an example) will contract a big IT services company (let's use Wipro for example) to manage their servers. This specific AWS service can in theory replace a large Citrix farm. When I was internal at SAP for example, every employee had access to their very own remote windows desktop, which had the basic office software on it required to do anything they could do on their laptop. The overall idea of cloud isn't the technology, it's that it's shared services.
> Your IT department isn't everyone's IT department.
Quite true but having interacted with a number of IT shops from startups to Fortune 100 / .gov scale it's quite disturbing to think about the percentage which could accurately be described as impediments and how few even realize this.
I imagine this is similar to what it felt like to work at a US auto maker shortly before the Japanese manufacturers started rolling.
This is the big reason many of the people where I work have simply opted out of the enterprise IT offerings. They use gmail and google apps, policies be damned.
I'm looking forward to the first really big instance of ass-biteage from that. Where ubiquitous "national security" surveillance gets undeniably linked to a spectacular display of for-profit business interest or insider trading.
If I were a corporate IT/Security type, I'd have a firewall config ready and waiting for the day it becomes clear that corporate secrets (hopefully somebody else's first) are finding their way from employees GoogleDocs into competitor's hands. I'd quite likely consider the collateral damage of blackholing every Google IP address, including search (and advertising), to be easily justifiable in the campaign to keep corporate data out of gmail/googledocs/gdrive et al.
(I wonder if that's an opening for someone like DuckDuckGo or Blekko? Become "the search engine that's still allowed from behind corporate firewalls", because you're not offering the sort of end-run-around-IT-policies email/apps/storage that Google/Yahoo/Bing all have available?)
That is on my list of things blekko should do eventually, for example we could set things up for big company networks to run all their queries through an anonymizing proxy that they control. The problem today is that Google's results (for technical queries) and search brand (for all queries) are so strong that a majority of the hypothetical big company users would revolt.
(As an aside, the possibilities for industrial espionage in your typical not-privacy-respecting search engine are staggering. Google knows what the R&D departments of every Fortune 500 company have cooking. Just look at the queries and clicks from their IP addrs. Yow.)
People decide to do something they shouldn't do, talk about it on GMail, and some "unfortunate accident" results in the deletion of said data when litigation time comes around and it's time to preserve stuff.
> They use gmail and google apps, policies be damned
I wonder how their company's lawyer will react when presented in a courtroom with claim that they did not hand over all of the relevant employee e-mail in discovery. Further, perhaps they would like to read some of the correspondence for the first time as presented by the other sides law team.
I get the feeling the person not using the company approved services will also suffer in a lawsuit. The company is going to take a hit, but I bet the person screwing around will have some personal liability.
I'm a sysadmin and I write some simple database driven tools for internal use. I wish I could make the owners of the company realize this simple truth.
Just because I can make the program, doesn't mean your shitty neighbor's son will care more about his job.
What the f--k is a "corporate baseline"? If it's some sort of pre-done corporatized software stack using some nonsense like IBM Tivoli ("provides Integrated Service Management software to help manage business value of your IT infrastructure" -- sounds like something generated by http://cbsg.sourceforge.net/cgi-bin/live), that's where most of your problems lie. These are a pain in the ass for everyone -- people who have to use them and people who have to support them.
Trust your users. If you can't, educate them. If you still can't, get rid of them and hire smart people you can trust. Now you don't need fancy "desktop management".
I work with smart people...Lots of smart people who make critical components for computers. Trust me, you still need desktop management, with corporate standard images.
By corporate baseline, I imagine it's corporate standard image with the standard loadout of software (encryption, antivirus, office, etc)
Ha! If you have a userbase of thousands of PCs, or PCs & Macs, or PCs, Macs & mobile devices, you absolutely have to have a standard operating environment, for many reasons, and if you believe otherwise you have no business commenting in this thread. You don't need to use something like Tivoli, but you do need a standard desktop image, standardized software packages and a method to provision/deprovision machines, management/reporting software, some kind of license management scheme (to prevent over-installation of commercial software, especially stuff that uses a corporate license key rather than individual keys), anti-virus and security systems, a way to force full disk encryption, a method of dealing with Patch Tuesdays, a way to push standard browser configurations or proxy .pac files, and innumerable other things.
Believe it or not, most employees' job at most companies has nothing to do with computing. They use computers to execute some other responsibilities, but the computer is a tool and all they want is for it to be as easy as possible to use, and for it to "just work".
Even if you have a BYOD policy, you still need management around it for a lot of the reasons I listed.
If they had a version of this where I could rent photoshop by the hour I'd be elated. (I know these are billed monthly, I saw that, I'm wishing for two changes simultaneously)
275 comments
[ 1.5 ms ] story [ 219 ms ] thread"How come these virtual desktops are about as common as bacon in a vegan sunday brunch"
ha ha!
[1]http://en.wikipedia.org/wiki/Teradici#PCoIP_Protocol
I'm currently working with a client in Singapore that requires that I connect to their data center through a B2B L2L IPSec tunnel that is sourced in California. So, From Singapore, I connect to the VPN concentrator in California, and then from there, connect to the clients site in Singapore.
So, every keystroke that goes to a server approximately 100 meters from me, Starts off in Singapore, crosses the ocean to California, comes back to Singapore, returns back to California, Comes back to Singapore again.
I do this for about 8-10 hours a day - completely workable.
Oh, and the Connection to the internet that my VPN connection rides on is a 3G modem, no less.
I think the best practise is to automate. Waiting on individual key presses to be echoed back when there is latency is incredibly frustrating, a slight delay while a shell script runs is completely unnoticeable.
"As an extension of its ongoing collaboration with Amazon, Citrix is now delivering its innovative networking and desktop virtualization solutions from AWS."
Introducing Amazon WorkSpaces.
Every single damn submission on the front page has some meaningless hand wringing over the exact same issue and it is 100% unproductive.
Intelligent discussion about the issues of cloud computing, including data protection laws and spying, is useful and welcome. But posts that basically boil down to "LOL NSA" are not intelligent.
see here - https://news.ycombinator.com/item?id=6727500
My overall point remains: intelligent discussion like that is great, "LOL NSA" is not.
If you host your Desktop in the cloud at Amazon your data is completely at the mercy of Amazon. This can be an issue for health-related data or customer data.
It is a fact now that there are secret courts in the US that disallow Amazon from telling you that someone else accessed your data. I'm not sure about law enforcement but they can probably gain access to that data you stored there too.
As a business from a foreign country you lost control over your data. Some businesses can afford that - a lot can't.
As I'm in the UK pulling stuff out the US seems vaguely ridiculous if I move to another cloud provider anywhere as GCHQ has shown to be remarkably (frighteningly in fact) efficient (there has to be some humour in their about the government been more efficient at monitoring people than at just about anything else...) so back in house is pretty much the way to go.
I don't have anything that would interest anyone I don't think (We are a small company developing software for the renewables industry) but its not really about the nothing to hide mantra so much as restoring some of the balance and if that costs me a bit extra so be it.
Your company will always have to value the risk/reward tradeoff of hosting with a 3rd party and it has nothing to do with secret courts or any other silly end of the world predictions, and has to do with the fact that your data is outside of your direct control.
Where is the hyperbole? http://www.theguardian.com/world/the-nsa-files
> secret courts or any other silly end of the world predictions
As far as I know this is unfortunately not a prediction: http://en.wikipedia.org/wiki/United_States_Foreign_Intellige...
You may have no problems with these things. I'm not a US citizen and these things do matter in my decision to host my data in the US. These problems are not new. The US never had a strong privacy law.
Taken all this into account it's hard sell for any business outside of the US to use US based cloud services. That's all I wanted to illustrate.
What I am stating above is, NSA revelations or not hosting your data with a 3rd party is an obviously inherent risk.
I've been managing full 2,000 virtual desktops and about 100 servers... I've been looking for a way out! (out of licen$ing/$oul agreement with MS and VMWare).
Of course latency would be an issue, I wonder what solutions they have for low/limited-capacity clients.
http://aws.amazon.com/workspaces/pricing/
Talk about high TCO! (yes, you still need the hardware to run this service). With office going online now, I'm wondering what their strategy is. This is really not what I was expecting.
Not saying it still wouldn't work out cheaper for you, but worth bearing in mind.
http://aws.amazon.com/directconnect/
I would imagine it's at least in the ball park if you have 100 servers..
I once used it to download a Steam game and tunnel it through a non-quota-counting path back to my computer.
The one you linked is about AppStream
It currently says:
Performance - 1 vCPU, 3.75 GiB of memory, and 100 GB of persistent user storage.
I believe it should be:
Performance - 2 vCPU, 7.5 GiB of memory, and 100 GB of persistent user storage.
> Your users can access the applications, documents, and intranet resources that they need to __get their done__, all from the comfort of their desktop computer, laptop, iPad, or Android tablet.
Otherwise, thank you for the detailed write up... I almost never watch launch/demo videos
My second thought is the price point is to high but obviously that will come down (However by having a high price point you will invite competition.)
I'd like to use this just to be able to use the vsphere app which runs only under windows. So from a mac I have to connect to a windows box by screen sharing. I could use this. But the $35 price point is way to high for doing that.
Amazon doesn't have a history of entering the market at a high price point. It might be high for your use case, but your use case isn't what they're after. VDI is a desktop replacement where you run all your applications, not just one or two on an as-needed basis.
[1] http://i.imgur.com/njlJklF.png
A very interesting move by Amazon. Wish it was available by the hour, though.
"All WorkSpaces Bundles provide the Windows 7 Experience to users (provided by Windows Server 2008 R2) ..."
I'm curious. What are the font-rendering differences? Are you sure it isn't caused by Remote Desktop or by the difference between software and hardware rendering?
How am I saving on licensing cost then? If I can install the client on a Linux machine, it makes sense. If I need an Apple or a Windows machine I'm ... double licensing?
Kindle XL HD Flamethrower Lappytop.
If you have 1000 workers using software locally, you need 1000 licenses.
If you have 1000 workers using software in the cloud, but only 100 at any time, you only need 100 licenses.
[1] http://aws.typepad.com/aws/2013/11/tco-comparison-amazon-wor...
There's still a client PC cost...
There are also the times when either Amazon (or Google Apps & Docs) or the network goes down and you have the odd thousand people sitting around wondering what to do. That's always lots of fun.
Can't be used in G. for the same reasons MS Office 365 is off limits, sensitive personal and business data don't belong in non german-hosted clouds.
One part of me wants that easy carefree cloud life, the other part doesn't want to feed the US-overlord anymore with our precious informations.
There is also a Safe Harbor scheme that is intended to overcome this problem so working with US businesses is still possible if they provide additional safeguards. However, it's now clear that no business operating in the United States can actually offer the required guarantees, no matter how sincerely they might wish to. It is therefore unclear whether a European business relying on Safe Harbor to cover its rear would actually have much of a case in court if one of its customers were actually damaged as a result.
I've seen a lot of businesses at least considering pulling out of US services, cloud or otherwise, for this reason in recent months. Some are sticking with it, on the grounds that there is safety in numbers: no government regulator really wants to damage global trade by making examples of businesses who are just trying to do their work and acting in good faith, and if you're dealing with a similarly honest business from the US then the odds of an actual customer complaint are probably low enough that it might be considered an acceptable business risk. Others seem to have lawyers who are more wary and fear the penalties of something like a mass leak across the pond that would come back to bite their clients back home.
In addition, some nations in Europe are a lot more concerned about privacy both legally and culturally than the US, for obvious historical reasons if nothing else, and they may have stronger laws still.
EDIT: well, I guess I'm sorta wrong. The whole thing looks complicated. Making sure you don't violate German data protection laws is confusing [0][1].
[0] http://www.thomashelbing.com/en/analysis-data-protection-aut...
[1] http://blogs.computerworlduk.com/cloud-vision/2012/04/cloud-...
The Safe Harbour program is a weak attempt at saving face: as long as the Patriot Act exists, no US-based company will ever be able to comply with EU privacy laws as they stand. Being "compliant with Safe Harbour provisions" only means that they're making promises they won't be able to keep.
Can you provide more data on that?
I'm 'only' a system administrator, but I'm working for a company that is doing business in the both US and UK.
Real Soon now we're going to be standing up a stack in the UK .. but I'd like to know what safeguards I can't guarantee so when I'm dealing with _two_ data sets and _two_ code bases and squared complexity I know _why_.
It will help at 3 a.m.
It's hard to know exactly what the US law is too because it's classified. I would not trust that any country is safe from snooping--always assume it will happen.
That was what led the initial opposition to the Patriot Act, FISA Amendments, etc. was that they would make NSA programs like the ones that have hit the news substantially (if not completely) legal. That's apparently not what Sensenbrenner had intended when he drafted Patriot Act, but it was exactly this kind of issue that was raised at the time by privacy groups and promptly ignored by policymakers.
US law is very tied to court precedents, so a secret court with secret precedents is "secret law".
http://www.nytimes.com/2013/07/07/us/in-secret-court-vastly-...
> In more than a dozen classified rulings, the nation’s surveillance court has created a secret body of law giving the National Security Agency the power to amass vast collections of data on Americans while pursuing not only terrorism suspects, but also people possibly involved in nuclear proliferation, espionage and cyberattacks, officials say.
> But since major changes in legislation and greater judicial oversight of intelligence operations were instituted six years ago, it has quietly become almost a parallel Supreme Court
> “We’ve seen a growing body of law from the court,” a former intelligence official said. “What you have is a common law that develops where the court is issuing orders involving particular types of surveillance, particular types of targets.”
Etc etc.
The safe and conservative option is to assume that the executive is doing literally anything permitted by the public law without the aid of 'activist judges' (as the GOP would say) on your side of the argument. This is exactly why it is so important to be judicious in crafting legislation, as the judges will operate by what's in the written law not contrary to the Constitution when the law is clear. They only start worrying about "what the legislators meant" when the law is fuzzy.
That's also why it is important to quickly get a legal framework around foreign surveillance that includes recognition of the fact that the Internet is global while the Fourth Amendment is domestic. MUSCULAR is a pretty shocking breach of what we all understand the Fourth Amendment to mean, but I guarantee that it's technically legal. It shouldn't be, but the Fourth Amendment has long been known to effectively not apply at all outside of CONUS.
I don't know anything special that hasn't been all over the news anyway.
Basically, the US government seems to be actively trying to compromise data held by US businesses on non-US citizens. That same US government has made it clear in public statements from the highest levels that they don't consider foreigners to have any privacy rights at all that should prevent this.
Given that this all happens in secret, any promise made by any business operating in the US that they will safeguard personal data of non-US citizens to the standards required by European law is now known to be worthless, even if it was made with complete sincerity.
This is now common knowledge, and anyone controlling personal data in Europe would have to take it into consideration when applying the general data protection principles. In other words, any legal cover afforded by the Safe Harbor scheme may not be worth anything any more. (In case your question was intended to be about the Safe Harbor programme itself: This was created so that US businesses can be used to process personal data from Europe, as long as the US business promises to uphold similar data protection standards to those required by law of European businesses.)
So the bottom line is that as a European business, if you don't have adequate disclosure when you collect any personal information that basically says it might be exported to somewhere without any safeguards on how it's used, and you don't get prior informed consent from everyone whose personal data you are dealing with, you might be on the hook legally for regulatory non-compliance as well as for any actual damages that result from any breach. Whether it's possible to give prior informed consent to a carte blanche handling of the data is itself debatable.
(Just to be clear, my comments in this thread are based on the perception of the current situation as I have encountered it anecdotally in a few cases. Some of the people I've spoken with may have taken legal advice, but what I've described here is not based on formal legal advice I or any of my own companies have received. Please consider these notes as food for thought only and for goodness' sake don't rely on them instead of taking proper advice if these kinds of issues might actually affect you.)
Understood.
Also, thank you very much.
I am looking forward to see more of those initiatives. This growing distance between one and ones data is a dangerous path anyways, see also the rise of appliances and the decline of full access pc. it takes responsibilty away and media competence.
The price differential between buying the hw/sw & staffing a professional (or team of professionals) to curate and maintain it 24/7/365, or simply off-loading it all to an outside party, could be huge -- I'd dare say huge enough to make or break a company. From an executive POV, why care about data safety, when hosting it yourself makes your business model non-viable?
I realize there are lots of problems with this line of thinking, and I'm not advocating it at all, but I'm willing to bet this has been the case for some.
Building a government you can trust will take several generations, with each generation providing hundreds of thousands ENTIRE LIVES to the cause. It might be efficient in the grand scheme of things, but from an individual or even corporative point of view, it's terribly inefficient in any timeframe you might consider.
They use custom Apple/Mac software for all their POS equipment. You know how many people run an IT department that is charge of that much equipment, people, inventory and software?
TWO.
Scale that up to five thousand seats. Five thousand seats is big? Not really.
Every day a piece of hardware dies. Every month someone rolls out a new software package. There are many different user profiles, accounting, sales, warehouse, IT, marketing, executive. Then there's that one guy that needs that program that only runs on XP SP1....
Every IT department has to justify its cost per user. Once you get above 1K seats, a lot of things that seem like overkill start to make sense really quickly.
All Amazon is offering is a managed version of what larger companies have been doing internally for years. Just like their server business, it seems expensive until you actually work out how much it would cost to do it yourself.
If you have a secret, why would you even store on the Internet? If you are worrying about conversations with your friends, that kind of privacy, don't log it. If you can't trust Google/Skype, you have to find your own solution.
For me, I got a lot of cat photos and I don't know what NSA could do with my cat photos.
Because they offer better security than I can build in to my own home (at least not without significant effort) and they offer guarantees should my money go missing under many (but not all) circumstances (for example, the savings guarantee if a UK bank goes bust).
Do cloud providers offer the same? The guarantees may vary dependent upon service contracts (uptime, backups etc), but the idea that their data-centre was better secured than my company server-room was supposedly a given (at least for most small to medium organisations).
EDIT: added qualification to last sentence
The insurance is just an incentive to keep my stuff safe (and in the case of savings guarantees, an incentive to keep consumer-facing banks from going bust).
Those guys pitched at the Pioneers Festival in Vienna two weeks ago, and there's really something to the idea of a private, plug- and play box in your office which hosts something like a cloud. They are from Germany, too. It's too expensive for our uses, though.
So actually just another us-too product from big corp. Next Google news in 3, 2, 1....
Legally it's not allowed, but you have to have ten lawyers backing you to make people in your company believe you that Office 365 and other SAAS Software isn't legally usable... Google Apps for Business, ZenDesk... We've just faced this situation with a customer who we've shown several lawyer inquiries we've sent about this topic and he flatout replied: "Well i guess your lawyers aren't very good then."
What is this? A virtual desktop service for time travellers?
Then, after that happens, they have to retrain everyone on the changes.
They could have installed IE10 or IE11 -- which are good. I can't think of a good reason for installing IE9, though maybe someone will come up with one...
Presumably it's upgradeable...
IE10 snuck onto a few servers and unrestricted desktops because it was installed silently through Windows Update along with the normal patches. That did give us the unexpected opportunity to test it out with real users.
I think their timing is quite bad. I doubt many non-us companies will start to move a big part of their infrastructure to the cloud of a US company right now.
On the other hand for smaller businesses that don't have to fear espionage this could be a really cheap way to lower costs.
"In July 2013, reports circulated that Oracle was ending the development of Sun Ray, and related products.[4] Scott McNealy (long-time CEO of Sun) tweeted about this.[5] An official announcement was made August 1, 2013, with a last order in February 2014.[2]"
https://en.wikipedia.org/wiki/Sun_Ray#cite_ref-eol_2-1
I know that EC2 and Rackspace has Windows machines, but only with Windows Server. When I have tried that, there is always something funny, such as IE security settings that are different from those of desktop Windows installs.
For now, I have settled on having local Windows installs (free licenses through BizSpark) in VirtualBox.
I can see more companies providing funds to employees to buy the device they prefer instead of provisioning a machine for each employee (ours does that already). Then the computer can be used locally for personal needs and through the virtual desktop for work.
Though as I've been traveling more lately, I can see how the need for a persistent, high-quality internet connection can be an issue in the field.
I've done this for years...maybe 20 years at this point. I can tell you this..."We" (meaning everyone in IT) don't do desktop management well AT ALL. I can't remember the last time I used a corporate baseline. They take 10 minutes to SHUTDOWN. (That's private industry...government is worse.) I don't know why users put up with it and it makes me realize why everyone hates Windows. (The average baseline literally forces it to stink like a rotting fish.) Couple that with networking guys that are useless at telling you anything other than "its up"...ITS ALWAYS THE FIREWALL.
Almost everyone that I work with just doesn't get how precarious their position actually is...if people don't want to use the sh!t that you work on you just might find yourself screwed at some point.
I work in IT and I would use something like this in a HEARTBEAT if it meant getting better boot times and less "what port is open" bs.
It seems to me that most people in IT actually think that the servers are more important than the people using them.
Thanks for putting up with this little rant...
Moving where the problems occur to a single "cloud" company that develops the expertise to solve these problems once for each of their corporate clients is a large improvement.
Companies will simply pay for cloud IT services that manage desktops, provide servers, and most importantly take care of maintenance and updates at a much cheaper total cost.
I think that "cloud" will be a definite bonus to the SMB shop, and provide a wonderful amount of spare capacity to enterprise shops, but I can't foresee "the cloud" replacing in-house IT completely.
Need a server? click a button Message queue? click. Database? click. Virtualised Desktops? clicky-clicky. Virtual Tape Drive? (I'm as surprised as you are).
You're still going to need people who need to know what each one of those things means to your business. But in-house enterprise IT today still consists of lots of people (and payroll) who put things in racks, re-image desktops, restore SQL Backups, install custom software and give the tapes to the dude in the motorcycle helmet...
In the medium term the cloud won't replace IT. It will however redefine it to the point that the 'spare capacity' that you mentioned will be seen like an amusing anachronism.
But it will replace the major costs of corporate IT - technical resources services. For example, today a large corp (let's use Gazprom as an example) will contract a big IT services company (let's use Wipro for example) to manage their servers. This specific AWS service can in theory replace a large Citrix farm. When I was internal at SAP for example, every employee had access to their very own remote windows desktop, which had the basic office software on it required to do anything they could do on their laptop. The overall idea of cloud isn't the technology, it's that it's shared services.
Besides my own, I interact with our client's IT departments as part of my role. They run the spectrum from dysfunctional to superior.
Quite true but having interacted with a number of IT shops from startups to Fortune 100 / .gov scale it's quite disturbing to think about the percentage which could accurately be described as impediments and how few even realize this.
I imagine this is similar to what it felt like to work at a US auto maker shortly before the Japanese manufacturers started rolling.
If I were a corporate IT/Security type, I'd have a firewall config ready and waiting for the day it becomes clear that corporate secrets (hopefully somebody else's first) are finding their way from employees GoogleDocs into competitor's hands. I'd quite likely consider the collateral damage of blackholing every Google IP address, including search (and advertising), to be easily justifiable in the campaign to keep corporate data out of gmail/googledocs/gdrive et al.
(I wonder if that's an opening for someone like DuckDuckGo or Blekko? Become "the search engine that's still allowed from behind corporate firewalls", because you're not offering the sort of end-run-around-IT-policies email/apps/storage that Google/Yahoo/Bing all have available?)
(As an aside, the possibilities for industrial espionage in your typical not-privacy-respecting search engine are staggering. Google knows what the R&D departments of every Fortune 500 company have cooking. Just look at the queries and clicks from their IP addrs. Yow.)
People decide to do something they shouldn't do, talk about it on GMail, and some "unfortunate accident" results in the deletion of said data when litigation time comes around and it's time to preserve stuff.
I wonder how their company's lawyer will react when presented in a courtroom with claim that they did not hand over all of the relevant employee e-mail in discovery. Further, perhaps they would like to read some of the correspondence for the first time as presented by the other sides law team.
Just because I can make the program, doesn't mean your shitty neighbor's son will care more about his job.
Trust your users. If you can't, educate them. If you still can't, get rid of them and hire smart people you can trust. Now you don't need fancy "desktop management".
By corporate baseline, I imagine it's corporate standard image with the standard loadout of software (encryption, antivirus, office, etc)
It's hard to believe, but IT is typically not in charge of hiring and firing the rest of the company.
Believe it or not, most employees' job at most companies has nothing to do with computing. They use computers to execute some other responsibilities, but the computer is a tool and all they want is for it to be as easy as possible to use, and for it to "just work".
Even if you have a BYOD policy, you still need management around it for a lot of the reasons I listed.
I don't see a developer finding this useful at all.