 |
It's all about shortcuts on desktops
Introduction
The current economic climate continues to force CIOs to find ways to do more with less. Cutting costs while improving the quality of service is the "Holy Grail" for today's CIO1.
Yet in many companies, this "low TCO and agile" platform remains elusive. In particular, Windows desktop management costs remain high2. Why have infrastructure architects failed to deliver on the promise of a low TCO desktop platform3? Several factors can be highlighted. Configuration management and, more specifically, application management is a key one4.
Infrastructure architects use different paradigms to manage the relation between the desktop and applications. In my experience, this is limited to distributing applications to users. This is not enough. As we will see, application management must also include application provisioning.
This article describes three practical solutions to help establish a clear and simple application provisioning strategy. The main rationale for this is the direct relation between a "well-designed" (i.e. clear and simple) application provisioning strategy and a "well-managed" desktop platform5.
Distributing versus Provisioning
The year is 1998. For the first time in my life, I am talking to a CIO. 1998 is the year of his desktop transformation project. I can still hear his metallic voice concluding the meeting with a Spanish accent: "I don't care of how you deliver applications. All I want is the right shortcut on the desktop of the users that need the application. And when a user double-clicks on it, the application starts. How? That, the mechanism behind that, I really don't care. Ah, oh, yes, one last thing: don't even ask for extra budget. Comprendes?" And he turned his back on me.
Back in 1998, infrastructure architects did not have many technical solutions to distribute applications to users. It was a simple choice: you could either include the application "in the build" (within the Ghost image) or you could create a package and send it to the target platform. (Any Systems Management Server 1.2 fans out there?)
As there was no way to virtualize anything, regression testing was hell. But in the end, it all worked. No problems. De acuerdo? Not exactly. It does not work. Not a chance. And believe me, I found out the hard way. My Spanish vocabulary increased significantly that year.
And things did not improve with the passing of time. Even with application virtualization and the consequent end of the dreaded "latest Windows image 2.7 built with many applications burned in", application distribution services still didn't deliver at the expected level.
Over the past few years, new application distribution models have emerged and new systems management products and technologies have emerged. Today, architects can indeed choose and combine various strategies for distributing applications. They have centralized (Terminal Server? Citrix? Web?), virtualized, streamed, recentralized (Internet? Web 2.0?), decentralized, and re-recentralized (Saas? Cloud?) the same applications over and over. Yet results are disappointing, both in terms of costs and in terms of quality of service. Users remain dissatisfied and costs stay high. I have seen large companies where it takes weeks to get that simple shortcut on the user's desktop. And architects have much better technical means and methodologies than in 19986. So, why do we keep failing?
Many desktop transformation projects fail (at least partly) because infrastructure architects tend to focus on application distribution channels, while neglecting application provisioning7. This can be compared to the way a restaurant works. Before getting your meal (distribution), you must select a menu (provisioning). And, granted, when customers go to a restaurant, they don't care of how the ordered food lands in their plates, as long as there is a process resulting in the right food appearing on their plate... In the same way, an application distribution framework without a clear provisioning process is just as awkward as a restaurant without a clear menu. Users care about being able to provision applications in a fast and easy way. They don't care about the underlying distribution mechanism.
Moving provisioning away from complexity…
Let's take a look at application provisioning from a user's perspective.
I am currently typing this article behind my good old trusty Wintel laptop. In 5 minutes, I will need Microsoft's Visio to draw a little graphical representation. Believe it or not, Visio is not installed on my laptop. (OK, that's actually a lie, but it is for the sake of this example).
So, how do I get that Visio shortcut on my desktop? There must be a software catalog somewhere, right? I mean, just a web page with a list of all the software that I can install on this company-owned laptop? No? All right then, let's call the Service Desk. (Since we're ITIL compliant, every request must go through the Service Desk.) After a few minutes of suboptimal music, I understand that, for licensing reasons, the Service Desk doesn't distribute Visio directly to Joe Average users like me unless there's a business need. And only my manager can confirm that I need Visio. Unfortunately, he is on vacation. (If my manager is reading this article, this is just an example - pure fiction). When he comes back, I need to ask him to send a mail to the Service Desk, with the appropriate form. The Service Desk will then call the systems administrators. Next, when our administrators have time, they will put my user account in the right Active Directory group. Finally, after a few reboots, I should receive a package that installs a Visio shortcut on my desktop. When I double-click on it, Visio installation/streaming/remote execution "in the Private Cloud" should start.
Clearly, this is suboptimal. And it's not just the Service Desk's "please hold the line" music. The whole process is long and complex - thus costly (a bit like a Pink Floyd album recording process). Actually, it's so complex that I gave up on creating a Visio drawing.
Moreover, the core question behind application provisioning is not a technical one but a business one: do I really need Visio? Obviously, this is not a question the IT staff can (or should) answer.
…towards clarity and simplicity
Clarity8 and simplicity9 are two key factors to the success of any project, and these principles can indeed also be applied to software provisioning. Can you imagine yourself going to a restaurant, raise your eyes and find a menu that's unclear? Or complex? Of course not. Well, try now to analyze the process used to provision software to your users: is there one? Is it clear? Is it simple? The previous "Visio" example is a fictitious one; but, in my experience, it's still an all too common pattern.
Now, how can we streamline the application provisioning process? I suggest three simple solutions. These three solutions are designed to work together in order to drive the application provisioning process towards clarity and simplicity.
Solution 1: all applications are provisioned via a self-service portal
Ladies and gentlemen, let's face the truth: today, with the exception of "single-task workers", there are no two users who need exactly the same set of applications. For years, I have witnessed the desperate efforts of IT departments trying to re-group users in categories to which systems administrators would associate "sets" of well-tested applications. The rationale behind this "grouping" concept is that it would be easier to distribute applications to "groups" rather than to "users".
Nothing could be more wrong. This is indeed how you end up with a complex and unmanageable solution. I have witnessed directory services featuring more groups than users; users being members of countless groups (the infamous Kerberos token bloat.) Not to mention the added burden of managing all these groups. (nesting, anyone?)
Besides, if one links groups to sets of well-tested applications, licensing costs will almost certainly rise beyond the company's actual needs. Moreover, de-provisioning becomes an impossible task: if you remove the user from his/her "application group", he/she will lose access to all the applications assigned to that group. How do you de-provision a single application when a single user does not need it anymore?
So, why? Why would one want to provision applications to groups? The only case where this could make sense would be a group of users using exactly the same set of applications - a rare occurrence indeed.
Clearly, the simplest way to provision and de-provision an application is to implement a self-service portal where users can request all applications that are available in the service catalog. Gone are the days of phone calls to the Service Desk and group proliferation. This is not to say that any user can install any application at any time. A request/approval process is indeed needed.
Solution 2: any application request/approval is an automated process driven by a simple workflow. IT staff intervention is kept to a minimum.
At its core, a typical application provisioning process is a simple workflow. This workflow is essentially a three-steps procedure:
- User connects to the self-service portal and requests an application. These are standard requests; in no circumstance can these requests trigger a change.
- Manager approves the request. A request is automatically sent to the application manager who simply approves/rejects the demand. User is informed.
- Software distribution is triggered. This process interacts with the software distribution mechanism(s) that is (are) used. It could trigger the installation of a local .msi package; or the appearance of a shortcut in the user's start menu.
All these steps can be implemented via existing tools and technologies10. No IT staff is taking an active part in this process.
Now, what about licensing costs and de-provisioning?
Solution 3: Application usage is reported. This allows license metering. Applications that are not needed anymore are de-provisioned.
How many applications are deployed, used a couple of times, only to fall into disuse after a few weeks? Well, if CIOs want to save money, they'd better find out. One of our customers reduced his licensing cost by 20% only by running a proper application usage assessment. The assessment was based on the collected license metering data. Several systems management products produce detailed licensing usage reports; these can be easily leveraged. Microsoft's System Center Configuration Manager even includes a wealth of pre-made license usage reports11.
I always write the words "quick win"12 very carefully, but it seems appropriate to use them here.
Conclusion
These last years, many CIOs have been blind. Blind to the needed simplification of their software provisioning process. Consequently, many did not start the necessary diet, and their provisioning processes kept getting fatter for no reason. Most enterprises are discovering today that their existing application provisioning procedures, requiring intensive manual involvement from IT staff, are road-blocks.
The three proposed solutions greatly simplify the application provisioning process. The results are lower management costs and improved application's time-to-market. Support/release managers should assess all existing applications and allow them to go live only if their provisioning mechanism is compliant with these three solutions.
Sadly, things haven't really changed since 1998 and my first project: while it is true that infrastructure architects can now use improved application delivery technologies - clearly a crucial piece of the management puzzle - this alone is not sufficient for happy users and happy releases. CIOs need to realize that a clear and simple application provisioning process is needed.
The year is 2009. And I am still talking to CIOs. My last meeting ended like this: "In the end, all my users want is a shortcut that launches the desired service. It's all about shortcuts on the desktop". It's a clear and simple message, and I couldn't agree more.
1 In http://www.cioinsight.com/c/a/IT-Management/Top-CIO-Priorities-for-2009/
2 In Optimizing Infrastructure: the Relationship Between IT Labor Costs and Best Practices for Managing Windows Desktops (IDC White Paper, 2006)
3 In Enterprise Architecture as a Strategy (Harvard Business School, 2006), it is estimated that less than 5% of all companies use architecture effectively to reach a low TCO.
4 In Conquering Complexity with Configuration Management, (Gartner Webinar, 2006)
5 As detailed in Microsoft's Core Infrastructure Optimization model. http://www.microsoft.com/optimization/model/coreio.mspx
6 The Microsoft Deployment Toolkit details the available technologies and best practices to conduct a successful desktop migration project http://technet.microsoft.com/en-us/solutionaccelerators/dd407791.aspx
7 The term provisioning is used here from a management perspective: give users access to data repositories or grant authorization to systems, networks applications and databases (.) In http://en.wikipedia.org/wiki/Provisioning
8 According to What stops strategic change programs delivering (Darragh and Campbell, 2001), projects fail to deliver over 50% of the time because there's a lack of clarity on what has to be achieved.
9 In Simple Architecture for Complex Enterprises (Sessions, 2008)
10 In a Microsoft-centric world, these are Identity and Lifecycle Management v.2 and, in the near future, System Center Service Manager.
11 http://www.microsoft.com/systemcenter/configurationmanager/en/us/
asset-intelligence.aspx
12 I have seen many " quick wins " turning out to be non-integrated " install and run " solutions, resulting in yet another silo to manage.
|
|
 |
Event driven architecture onto the Azure Services Platform
“The Azure Services platform constitutes a new architectural paradigm shift and Capgemini explains why EDA is a good architectural style for the Cloud and how to implement it using the Azure platform.”
How do you fit document management in your process-based architecture?
“Many organizations have implemented a Document Management Systems but fail to integrate document flows in the rest of the ICT Architecture in particular LOB-apps. Spikes provides a strategy to achieve just that!”
Get rich and famous thanks to the Azure Services Platform
"New CloudApp()" is a Microsoft developer challenge (Contest Site) that promotes the new opportunities and innovative ideas developers (.NET & PHP ) are creating with cloud computing on the Azure Services Platform.
|
|
