The User Managed Application is the IT manager’s redheaded stepchild. It may be unloved and unwanted, but it’s there and it’s not going away.The lack of enthusiasm for user managed applications is readily understandable. They are a liability, a licensing compliance headache, a drain of resources, and a security risk.
The easiest ways to deal with them is to ignore them, dismiss the requirement to support them as unnecessary, or make it somebody else’s problem by granting users administrative privileges and letting them manage their own applications. These approaches do disservice to both IT and the end-user. Forget about purely personal applications, access to which is frequently quoted as a benefit of BYOD programs, and think just about legitimate business applications. Almost every organization has a group of applications that fall outside the standard set that are administered and supported by IT, but are essential for a core business process. These applications may be needed by an entire department or by only one or two users. IT may be aware of them but, for some reason, has declined to support them, or they may have been sneaked in through the back door, and been presented as a fait accompli. Regardless of how these applications were sourced, denying business users the tools to do the job is one of the worst mistakes that an IT manager can make. At the same time, providing end-users with elevated privileges and letting them get on with running their own applications can be a recipe for disaster.
It is important not to underestimate the size of the User Managed Application problem. I have seen environments with as many as 2,000 (yes, two thousand) different user installed applications. On one unforgettable occasion, hard as it might be to believe, I even found an entire XenApp farm that had been installed by some enterprising individuals who found it easier to take that route than request that the applications it hosted be submitted for desktop deployment. Granted this last example maybe extreme, but it highlights the scale of the problem that some organizations face.
The advent of desktop virtualization, has introduced new ways to tackle user managed applications. The simplest approach is to just give each user their own personal virtual machine (either server hosted or client hosted) in which to deploy their applications. While this would certainly work, it is shortsighted, expensive, and makes no attempt to control the situation (in contrast to using desktop virtualization as part of a BYOPC strategy, placing a personal virtual machine that needs access to enterprise IT services on a managed desktop is inherently less secure than placing a managed virtual machine on an unmanaged desktop). A better path to take is to adopt one of the more structured approaches based on the lead desktop model that has been adopted by some of the desktop virtualization start-ups such as Moka Five, Unidesk, Virtual Computer, Wanova, RingCube (recently acquired by Citrix), and now AppSense.
Last week AppSense CTO Harry Labana introduced AppSense Strata a free utility to give users the freedom to install their own applications in a secure sandbox without requiring admin rights. When a user attempts to install an application, Strata can intercept the installation process capturing all changes performed during the application installation and writing them into a separate application configuration database. The application should appear to the user as if it has been installed natively, but in fact it is installed and running in an isolated virtualization layer in many respects analogous to that used by Microsoft App-V, VMware ThinApp, etc.
Technical detail aside, the key difference between AppSense’s Strata and the solutions provided by desktop virtualization vendors, is that Strata is a stand-alone self-service solution that only allow users to install their own applications. All the other solutions treat user installed applications as a single layer of a larger enterprise desktop management service. Strata is also to some degree an experiment for AppSense, the minimal viable feature sets needed to allow it to test the waters and and assess both the strength of the software and the size of a likely market, before making a decision to invest development efforts in taking it further.Strata does not compete with the other solutions available today, but should it find that its customers value Strata, I think we should expect AppSense to offer a more fully featured solution and a supporting management layer at some point in 2013.
Strata is currently in private Beta with a public Beta due in Q1 2012.