Should you call on comms suppliers when you go for a BYOD setup?
Help is at hand
BYOD (bring your own device) has its ups and its downs but it is becoming more and more popular and those of us in IT management need to learn to live with it.
So assuming we have bitten the bullet and decided to go with BYOD, is it something we can do all on our own or should we be getting third parties involved? Are we compelled to involve them for some technological reason?
Users in the office with their own devices are the entry level for technology requirements in this field. You have a fundamental requirement to give them a way of connecting securely and reasonably conveniently to the corporate network and to make applications available to them in a form that supports as many endpoint devices as possible.
Third-party operators don't really fit in here, then. Or do they?
To connect devices into the network you will want to provide at least a two-factor authentication mechanism. Who says this has to be hosted on your internal systems?
There is no reason at all why you can't sign up for a cloud-based 2FA service and hook it securely into your internal Active Directory. It is a whole lot simpler than mucking about installing your own resilient server setup.
You will also have some kind of Wi-Fi connectivity for users with tablets. In fact, many companies default to wireless connectivity for all BYOD systems, but that's just dumb (more about that shortly).
I have run pretty basic two-armed wireless setups. Company-owned systems with corporate SSL certificates issued by the Active Directory domain could connect seamlessly to the business network via WPA-Enterprise, Radius and Microsoft's Certificate Services.
You have to change the key frequently to prevent the world and his dog connecting from the car park over the road
Others could connect to the guest network via a WPA2 shared key. That is a pain in the backside, though: you have to change the key frequently to prevent the world and his dog connecting from the car park over the road months after they left the company, and it is inconvenient for users.
The current trend therefore is for companies to start running their outside-the-firewall wireless networks (which is where your BYOD devices sit) like hotels run theirs – with hotspots where guests sign up for time-limited access.
Users are issued access codes that are valid for a day or two for visitors, a week or two for short-term contractors or a month or two for employees and long-term contractors. Issuing codes is easy – a receptionist or admin person can do it simply and quickly – and users don't find them overly inconvenient.
And, of course, while you could choose to have the kit on-site you could equally hook into a cloud service for token issue and entry control.
Oh, and if you were wondering why I am so anti-wireless: it is a shared medium and performance falls of a cliff once you have more than a few devices connected (or when you put your pasty in the microwave, which runs in the same frequency band).
If you have people in the office with Ethernet ports on their BYOD devices, provide them with Ethernet cables that either sit in an outside-the-firewall VLAN or use funky on-switch logic to distinguish between corporate and non-corporate devices and dynamically assign a VLAN. Let's give those poor sods who are stuck with wireless a chance of some bandwidth.
We have talked about getting people connected when they are on your premises, but what about giving them access to applications?
Assuming you are hosting apps that require a desktop of some sort using a terminal server or similar, this is the easy part.
My various employers and clients over the years have all tended towards Citrix (its Receiver app runs on pretty much anything from an abacus upwards) but of course it is far from unique in the market.
Hosting apps means two things. First you need to host and manage the servers – again we can look to the cloud or even a traditional managed service. This is not simple, whether you are using Terminal Services/Citrix or something like a virtual desktop setup.
Second, you need to package the applications so that they run in an environment of that type, and although uncomplicated it is a tedious job. Another one for the suppliers, then.
But which suppliers exactly? Simple: the telcos. Find me a telecoms company that doesn't have either a cloud offering or a concrete plan for a cloud offering and I will bet you a fiver that it is not long for this world.
Telecoms in the traditional sense is all but dead.To make a phone call you are actually running an application that throws packets over an IP network, just like copying a file or sending an email.
This means the telcos are reinventing themselves as application service providers, and very successfully so. They already have vast amounts of connectivity and hence can provide applications with high-speed connectivity faster than anyone else.
Some apps don't lend themselves to desktop-like presentation where you have to muck about with two-factor authentication: you need them always on and quick to access. Email and calendar services are the two popular ones.
This is where mobile phone providers have had their first useful upsell for your mobile device agreements. Not so long ago the only way to do proper, secure enterprise email was to use BlackBerry devices with a BlackBerry Enterprise Server (BES).
Certainly my local providers would happily provide the BES services for a few quid per device per month, which saved me the trouble.
With the advent of mobile device management (MDM) platforms the BlackBerry approach is no longer unique in this respect. Of course the telcos have caught on to this and are happy to provide add-on services for the devices and connections we rent from them.
It is just a variation on the BlackBerry theme: the only real difference between providers is which product they happen to have chosen for their particular implementation.
That last couple of paragraphs headed off at a bit of a tangent, having hopped from devices on the corporate network to devices talking over the cellular network, but actually the concepts are the same.
Although the telcos introduced their services primarily for their mobile customers, providing them on a corporate, non-cellular network is really just one more instance of the concept. So let's follow that apparent tangent, as we have said pretty much all we need to about kit that is sitting in your offices.
Since vast swathes of our BYOD equipment is in tablet or smartphone form, let's look at system access for users who are working in arbitrary places and using your apps over the internet (wired or otherwise).
Let data roam
Users with smartphones and 3G/4G-capable tablets have the dubious pleasure of being able to run up vast data bills faster than ever before.
When I visit the UK I bring my pay-as-you-go EE (formerly Orange) phone with me, nicely topped up; by the time the Gatwick Express is halfway to Victoria it is pleading “you have no credit, please top up”. Try that with roaming data and you will be running up big bills very quickly.
When it was introduced, the BlackBerry offer was a fascinating and hugely attractive one: flat-fee connectivity for particular types of data, with most UK providers offering tiered products for UK-only, Europe-wide and worldwide access.
When I looked after global telecoms for an organisation with about 450 BlackBerry devices one of my colleagues spent significant chunks of her week swapping people in and out of different plans, but it was worth the effort.
With the increasing desire to roam the world with non-BlackBerry handsets and tablets, telcos have become more constructive in their roaming agreements and the add-ons they offer to their users.
Many providers can provide attractive data roaming options that make the per-megabyte cost plummet, often to surprisingly bearable levels. So when you choose (or replace) your telco, make sure this option is open to you.
Anyone hear of iPass? It was the first global wireless subscription service I came across, and I used in a variety of countries over the space of three or four years when I travelled a lot.
The idea is simple: the provider has thousands of access points across the world, you pay a subscription and you can log in whenever you are within range of the service. There are bazillions services these days (it seems I can't go anywhere without seeing a Boingo hotspot on my Wi-Fi network list, for instance) and they are a great idea.
Depending on your usage patterns they can save you a lot of money: unlike roaming data agreements they tend to be based on time, not data volumes transferred.
Most of us have ducked into a Starbucks (other coffee shops are available, though not necessarily with decent Wi-Fi) to send a quick email or transfer the contract we need for the customer we are on the way to see.
There is an interesting variation on the wireless theme, though: shared mesh networks. This wasn't something I had come across until the telco I work for in the Channel Islands announced that it was about to integrate with one of these networks.
The idea is simple but cunning. If you have broadband and Wi-Fi in your premises and your telco is part of a mesh agreement you allow part of your link to be made available to mesh customers who are within Wi-Fi range (securely, of course, over a separate virtual path on your broadband connection).
In return you are permitted to connect to the network via any other Wi-Fi access point on that mesh network, anywhere in the world. Funky, convenient and much cheaper than 3G roaming, though to be fair you are dependent on the reach of your provider's choice of mesh network.
So where do your operators and comms suppliers fit in?
If you find yourself thinking “I thought this article was about BYOD but we have actually got into mobile apps and data” you are right – that's where I was hoping your thoughts would head.
What's in a name?
The point is this: BYOD is a crap name because it implies the concept of bringing your own computing device into the office to work on. It should be called something like UYOD: use your own device.
BYOD done properly is all about allowing your users to do their jobs seamlessly – without having to swap between devices when walking in and out of the office – from wherever they happen to be (within reason).
If we can get them to do it with their own device, by definition it is the one they like most and are most able to use (at least you would hope, as they chose it).
And remember, your office is not necessarily where the core systems are anyway. Host your applications or your email, or both, in the cloud and the office simply becomes just another place from which you access your applications, albeit with bigger printers and without half the bandwidth being eaten by your teenager’s PS4.
Your operators and comms suppliers are relevant in every scenario, then. If your provider handles connectivity for user devices both inside and outside the office, then the users will have an identical experience regardless of where they are.
Your mobile provider is key to how you deal with users roaming the planet and wanting to use your applications. The chances are that at least one of your telcos has a relationship with an iPass or Boingo-style global Wi-Fi service, so you can exploit that as an add-on.
If your fixed-line internet provider has a mesh agreement, that's another path to global Wi-Fi connectivity for no extra cost.
And finally: in many cases there is no such thing as connecting to the corporate systems. Cloud-based services are growing in popularity and the telcos are growing quickly in the cloud service market.
So make the most of it. If they want you to use their hosted systems and apps, they will do their damndest to make the enabling connectivity suitably affordable. ®