Wednesday, May 7, 2008

Control vs management dilemma

Most organizations struggle with on how much management should be applied to IT in particular when it comes to supporting the end user in their daily needs. Back in the old days when all IT was central (mainframe or mini computer) and users had only terminals, IT organizations were in full control and needed little management attention. Shops who still have mainframe(s) are still operating this way. But when control is relinquished to end users, more management attention is needed. In those cases annual TCO per end-user device runs easily into multiple of thousand dollar/euro.

The dilemma is that it seems you have to choose between users having control and thus high costs for system management or unhappy users as they have no control. Is there a best of both worlds? Users still in control as much as desired without the added management costs? I believe that striving for solutions which support this is the way to go. But why is this so hard?

We probably should redefine the way we all deal with IT components. Take for example the software stack that is ultimately presented to the user as the desktop. It includes the operating system, the GUI and some tools to configure it. Why should IT have control over this? No one in their right mind thinks of telling employees to put their phone in the upper right corner of their desk or to demand the order in which the pens should be arranged. Maybe we should stop doing this when it comes to the virtual desk on the user's PC (keep in mind were the P stands for!).

Now we all know about the implications of leaving it up to end user. Security risks, undesired help desk calls to name a few. How about educating the user on how to maintain his own PC? We are able to do that when it comes to houses, cars, etc., so why not personal computers? The only thing organizations have to worry about is how to provision safe access to the organization's applications and data.

Isolation is the key word. This comes always up when people talk about application virtualization. Now applications are not virtualized, as they can't appear to be there but aren't there. But they can be isolated in restricted operating environment. The big question out there still is: what is the isolated operating environment and how can it still interact with others. Because many see that several applications on end user devices interact with each other in what I believe are undesirable methods: direct using each other's API. Because when applications are isolated these API's won't be usable. For example a corporate bookkeeping software won't be able to export directly into Excel if the bookkeeping software is isolated from Excel, which by the way is something you don't want to do if you care about (referential) integrity of your data.

Data exchange between applications should ideally be done through shared databases or through messaging interfaces (a.k.a. middleware). Those are guaranteed to work when applications are isolated in a restricted operating environment. When the application infrastructure is set up like that, we can then easily classify all applications in terms of level of control for the user and the required management. And thus create a "best of both world".

© Peter Bodifée 2008. All rights reserved