Multi-tenancy is Everything…
But not quite what you think…
No self-respecting aficionado of cloud (private or public) would dream of adopting a solution that did not ensure the privacy and security of their data and applications. Vendors go to great lengths to convince customers that their services or software offer superior isolation, and therefore, greater security. In terms of cloud, at least, we appear to get it.
Now, answer two simple questions:
- How many tenants share your laptop (or your iPad)? Some of us, after a bit of thought, might answer “two: me and my employer”. But the real answer is rather scarier, since every website you ever visited (including the one I linked to in line 1) sent some code to your PC to be executed locally. So the right answer is “every website, plus my private stuff, plus work”. Now,
- How good do you think your PC is at secure multi-tenancy? That’s right, it’s appalling. And yet the enterprise appears to be happy to permit precious data to reside on it. If any tenant manages to escalate their privileges, it’s game over.
Once again we have a double standard – paranoia about back-end applications that run in the data center, and a solution vacuum on the client that vendors are only too happy to fill with expensive but useless technology. VMware touts VDI because it is the leading vendor in server virt, not because VDI solves the problem. It’s just another stop-gap – and almost as daft as the idea that my mobile device should host work and personal VMs. (If you only have a hypervisor hammer, everything looks like a VM nail.) The same is true for the incumbents in end point security, data loss prevention, and config and patch management: none of them can help to fix a flawed system architecture.
The client problem is “all about me”, because it’s about a mismatch between our humanity and our technology: the combination of users, their assumptions and foibles, with vulnerable (human created) software that fails to meet obvious requirements for separation of domains of trust – multi-tenancy. But we cannot expect to change human nature in an attempt to provide band-aids for weak technology – if we can’t meet users’ needs (including “delight”) then “consumerization of IT” will continue to mean “crafty users outmaneuvering IT, just to stay productive”.
So let’s focus on a few user-centric goals, and not on technology.
- Users want to use their devices where and when they need to, for personal and work activities
- Mobility is fundamental to our modern work- and life-styles
- We want an immersive, local, graphically rich, seamless, native app UX that works on or off-line
- Where that isn’t possible we need a modern, HTML5-based local UX for new, remotely delivered apps, and something like RDS for legacy apps that have to be delivered as pixels and browsing for the rest
- No new, confusing, “virtual” desktop metaphors. The iPad is testimony to the fact that we all prefer local execution, an intuitive UX, great performance
- We all deserve security. The insecurity of my PC affects my personal identity too – from banking to buying to facebooking.
- Our devices must embrace our digital lifestyles – the way that we as humans interact with others via applications and content, using work and other identities, “cloud” and native apps, and personal and work data.
- We need to be able to safely and seamlessly context-switch between personal/work tasks, identities and their associated identities, state and trust boundaries as needed without forcing an interrupt into the user experience.
- Our devices must respect and defend these boundaries: User privacy for personal tasks, enterprise confidentiality for work – at the very least. But we all have many identities, each of which has a domain of relevance and its own state.
- Our systems must permit us to consciously cross trust and identity (tenancy) boundaries when we need to, while remaining secure and ensuring compliance.
- So multi-tenancy on the client is a sine-qua-non.
- Our systems must be resilient in the face of two glaring (and un-fixable) human failings
- Like you, I will click on the plausible but poisoned URL or attachment,
- Like yours, my code is imperfect, leaving my app vulnerable to attack.
Our OSes and apps are, and always will be, vulnerable, leaky, and unreliable. Users are and always will be fickle, easily fooled and untrustworthy. These are invariants. My devices must first and foremost protect me, my colleagues and friends, my employer and my customers from my gullibility and the developer’s fallibility.
These must be enshrined as core requirements as we proceed on our quest for the “desktop Holy Grail”. Any system that fails to embrace them will also fail to meet the fundamental need for multi-tenancy.