Moving to modern device and application management. White Paper

Transcription

1 Moving to modern device and application White Paper

2 The proliferation of mobile devices and the migration of applications to the cloud are driving enterprises toward a new, modern approach to device and application. Enterprises planning to move from a traditional to a modern style have several factors to consider, decisions to make and roadblocks to overcome. This paper will help you determine which approach to take, what tools to use and how to deal with legacy applications. The ultimate goal is managing, securing and delivering modern applications to employees while providing a rich user experience across multiple devices and platforms. The modern enterprise Today s modern enterprise is mobile first from a device and user perspective, with a heavy emphasis on user self-service. The majority of applications and services reside in the cloud, with minimum on-premises infrastructure or reliance on traditional domain authentication. In this environment, modern workplace also known as modern, a term coined by Microsoft that is being accepted in the market is about simplifying device. Cloud-based mobile device (MDM) tools can now manage both mobile and desktop devices, broadening the reach. When modern is implemented, user identities reside in the cloud so devices can be quickly enrolled from the internet with security policies and applications, providing users with secure and productive devices while also meeting business needs. Enterprises planning a migration to Windows 10 should review their strategies and decide whether now is the time to take a new approach. Enterprises already using cloud services, such as Microsoft Office 365, will see the most benefits. We believe that most enterprise clients will initially use a blend of traditional and cloud-based workplace, with the latter becoming the dominant solution over time. Enterprises should be taking steps now to embrace this shift. They should start looking for ways to move their workloads to new cloud-based using analytics tools such as Microsoft Operation Management Suite (OMS). This will provide valuable insight into the current environment and will help determine the best path to a new environment. 2

3 Paths to modern Microsoft has outlined four paths to modern (see Figure 1): Cloud first. New organizations or spinoffs can go straight to modern because they can create a cloud-first approach for all workloads. Big switch transition. Enterprises with legacy components in their IT infrastructure may consider a big switch approach. This means transforming to a modern style all at once. This approach may suit smaller enterprises but prove too complex for larger enterprises. Group-by-group transition. A group-by-group transition profiles users and determines the order in which each group will transition. Analytics tools, such as Microsoft Operations Manager (MOM), can help with profiling users for each group. Co-. In this approach, devices are managed with traditional (System Center Configuration Manager) and modern (Intune) tools. This means organizations can take an iterative approach. Workloads are modernized over time, providing a bridge to full modern. Many enterprises take this approach, as it delivers the best of both worlds until a full transition is completed. Traditional Figure 1. Paths to modern Cloud first Start with modern workloads Big switch transition ize all workloads at once Traditional workloads Applications Security polices Servicing Software distribution Group-by-group transition Transition groups with modern workloads Co- ize workloads over time workloads Applications Security polices Servicing Software distribution Regardless of the path chosen, traditional workloads need to be evaluated and moved to modern. In this paper, the main workload we focus on is applications. At a basic level, we need to identify the modern applications that can go straight to modern and find the best approach for managing legacy applications. 3

4 What are modern applications? In the context of Windows 10, we define a modern application as one that is cloud managed from an administration and distribution perspective. The application is typically consumed by users through self-service. applications are also easy to update and maintain, which simplifies application delivery. applications are designed to adapt dynamically to different device form factors. These applications are typically integrated with public or private cloud back-end services and designed to provide a powerful and rich user experience. Figure 2 shows different types of modern applications consumed by a modern managed device, including the cloud services these applications depend on. Cloud services applications managed devices Figure 2. Types of modern applications, including cloud services, consumed by a modern managed device Mobile device Azure AD Microsoft Store Microsoft Store for Business Office 365 SaaS providers Universal Windows platform Cloud, Web & SaaS PC/tablet/phones There are two main categories of Windows 10 modern applications: Universal Windows Platform. Microsoft introduced the Universal Windows Platform (UWP) in Windows 8. With Windows 10, UWP enables a mobile app experience that is consistent across all form factors. UWP (uses.appx format) makes it easier for developers to design apps to reach all Windows 10 devices via the Microsoft Store. Legacy applications (Win32 are typically.msi/.exe formats) are slowly moving to this format; however, some lack full functionality. Cloud, web and SaaS applications. These applications are normally hosted on cloud infrastructure and accessed over the internet. They are typically webbased apps that run in a browser, but they can sometimes be UWP applications. Microsoft has announced that Progressive Web Apps (PWA) will soon be supported on Windows 10; PWA is gaining momentum across platforms, providing the best aspects of web and native mobile applications. 4

5 application distribution applications are managed through cloud-based MDM solutions; corporate line-of-business and public applications are distributed through a corporate application store. Application policies are used to secure the application and data while also providing access controls to corporate resources. There are two options for a corporate application store across Windows 10 form factors: Native MDM store. This store provides an application delivery platform that allows users to browse and download approved applications, as well as provide feedback to IT. The store also helps consolidate different application types that originate from different sources. In addition to legacy, cloud, web and SaaS applications natively supported by the MDM store, enterprises must consider integration with Microsoft Store for Business and virtual applications. Microsoft Store for Business. This is a private Windows store available only to enterprise employees. An administrator can find, acquire, manage and distribute Microsoft Store and line-of-business applications to Windows 10 devices. Business users can access their assigned applications through a private store or web-based portal, which lends itself nicely to modern. application provides the best available unified application store experience. Microsoft Store for Business has public APIs that allow integration with enterprise mobility (EMM) solutions. This means that Windows store applications can now be deployed using the native MDM stores alongside MDM-supported applications. Are legacy applications supported in modern? application distribution methods have limited out-of-the-box support for legacy (Win32) applications; noncompliant legacy applications can be enabled for modern distribution through techniques such as repackaging, virtualization and conversion. However, they are not considered truly modern, because they were designed for the Windows desktop and may have usability and compatibility issues on some form factors. If you choose to deploy legacy applications in this way, you must carefully consider how the application is consumed. Major roadblocks for legacy applications The application distribution mechanisms for modern are among the major roadblocks for legacy applications today. For example, Microsoft Store for Business has no support for legacy Win32 applications, and MDM providers have limited support. Microsoft is trying to address this with additional tools and capabilities. Some of the main challenges are legacy applications hosted on-premises that use traditional authentication mechanisms such as NT LAN Manager (NTLM) and Kerberos. Dependency on older operating systems also poses a real threat when moving applications to modern. 5

6 Paths to a modern application portfolio izing the application portfolio is key to having a fully modern enterprise, since employees can t be productive without having the applications they need when they need them. A detailed assessment will help you discover whether your organization already has applications that fit the modern style of. Those that don t can be reviewed, and a path to modernization can be determined (see Figure 3). Old portfolio Rationalize New portfolio Figure 3. izing the application portfolio Portfolio assessment Standardize ize Consolidate Main focus on modern apps Below are some of the typical decisions required and the paths to take to identify legacy applications: Decide What applications can be retired or replaced? How critical is the application to the business? Is it worth investing to update the application? Is the application still secure? Is there a budget to modernize the application? Is the application dependent on traditional authentication mechanisms? Path to modernization Is there an existing SaaS alternative? Is there a UWP version and does it provide the functionality needed? Can the application be redeveloped as a UWP-type application? Can conversion tools be used to convert applications to a UWP-type application? Can the application be migrated to the cloud and accessed accordingly? Are there services that will make the application available externally, such as Azure Active Directory or Capriza? Can a virtualization application delivery platform be used to virtualize the application? 6

7 A survey from CCS Insight shows that the top trend in mobility and workplace is the increase in cloud productivity and collaboration applications, mainly fueled by the rapid growth of cloud-based mobile applications (see Figure 4). Figure 4. Most-used mobile apps at work Source: CCS Insight Enterprises with reservations about using cloud-based applications or storing their sensitive data outside the corporate environment should consider solutions such as Azure AD and Capriza, which provide different options to publish internal web applications externally. Application virtualization is also an option for apps that handle sensitive data, as the data remains within the secure corporate environment. But apps delivered virtually don t always translate well to small screens. Ultimately, there is no one solution that fits all; you must weigh the options on an application-byapplication basis. Another option for legacy applications is to enable them for distribution through modern but without any modernization; however, this approach will not change the legacy look and feel, and the application will not be truly modern. This option can be used as an interim solution until a full modernization approach for the application is determined. 7

8 Tools and approaches for legacy applications Here are some of the approaches and tools used to enable legacy applications for modern distribution (see Figure 5). Straight to modern Figure 5. Application paths to modern Traditional Enable for modern Focus is on traditional with some modern apps Focus is on modern apps Co- Straight to modern. applications can be consumed without any modification. If you are considering a group-by-group transition, you can profile the users that consume only modern applications and move those first. Other groups can transition as more and more applications are enabled. Enable for modern. Legacy applications that are not compatible with modern deployment or consumption will need to go through some form of remediation. Management extensions. Intune has a new set of capabilities to make deploying existing Win32 and.exe applications easier. The source for the legacy application is delivered to the device by Intune; a PowerShell script can now be used to execute the installation upon delivery. Other MDM vendors such as AirWatch have similar solutions. Repackaging. If suitable, the application can be repackaged using a tool such as AdminStudio to comply with modern distribution rules. Virtual applications. Virtual application delivery solutions such as Citrix XenApp or VMware Horizon can be used. Applications are delivered on demand to users in a secure and optimized manner. The app and data are typically hosted on a back-end virtual infrastructure, and users interact with the application via the virtual client. Desktop Bridge. This tool automatically converts legacy applications (Win32 MSI/ EXE) to use the Universal Windows Platform (.appx format) to enable distribution through modern deployment methods. In addition to conversion with Desktop Bridge, you can continue the migration by enhancing the converted application with UWP APIs to add features such as live tiles and push notifications. Co-. According to Microsoft, it will soon be possible to have a Windows 10 device managed by both ConfigMgr and Intune simultaneously, effectively providing a bridge for enterprises to migrate from traditional to modern by transitioning workloads over time. Applications that are already modernized can be deployed in a modern fashion; legacy applications still can be delivered in the traditional way until they are enabled. This helps enterprises move to modern in a controlled fashion over time, minimizing risk while still meeting business needs. 8

9 Move to modern and have the applications you need There are many paths to modern, whether you are planning cloud-first, transitioning or using an iterative approach. DXC Technology can help clients on their modern journey. Our Workplace and Mobility offerings include solutions that will help you reach your goals while ensuring that your users have the applications they need when you get there. DXC can help you rationalize and modernize your application portfolio so that your applications can be managed and secured via modern. Visit DXC Workplace and Mobility for more information on our offerings, or let DXC Advisory Services help determine the best solution to fit your requirements. About the author Colm Connolly is a Workplace and Mobility offering architect at DXC Technology. He is responsible for the development of standard offerings for both traditional and modern workplaces. Colm has deep technical and architectural knowledge of enterprise mobility and security. c.connolly@dxc.com Learn more at workplace_and_mobility About DXC Technology DXC Technology (DXC: NYSE) is the world s leading independent, end-to-end IT services company, helping clients harness the power of innovation to thrive on change. Created by the merger of CSC and the Enterprise Services business of Hewlett Packard Enterprise, DXC Technology serves nearly 6,000 private and public sector clients across 70 countries. The company s technology independence, global talent and extensive partner network combine to deliver powerful next-generation IT services and solutions. DXC Technology is recognized among the best corporate citizens globally. For more information, visit DXC Technology Company. All rights reserved. MD_7772a-18. February 2018