SOE VMs in BYOD Environments

One of the big challenges of BYOD is balancing the rights of the owner of the device with the security and policy needs of the organization. Traditionally this is done by giving IT complete control of the device, something that isn't going to fly when the device belongs to the employee.

Charles Stross recent Science Fiction novel "Rule 34"  describes a world where people run multiple virtual machines on their personal devices, each VM for a different task: A VM for work, a VM for games, a VM for social and so on. Each VM is sandboxed from the other - multiple operating systems running concurrently on one device.

Most organizations don't have BYOD policies. So far there is no "one true way" to deal with BYOD and most organizations deal with it on a case by case basis.

One possible future might be similar to the one that Stross describes - people run VMs on their own hardware for specific tasks. Rather than using VDI where the virtual machines run on organizational servers, perhaps some form of local VM deployment, where the only organizational software that is installed on a BYOD laptop is the VM client.

This can work in practice. A couple of years ago I spent some time as a trainer for an Australian CPLS. They provided me with a laptop, but it was woefully underpowered for what I needed to do with it (Even back in 2009, you could only run so many virtual machines in 4 GB of RAM). The laptop had the company's SOE (Standard Operating Environment) installed which had a few custom applications that were necessary to perform backend administrivia. Those apps required that you be joined to the domain to use. Rather than install the SOE on my own much better specced laptop, I did a P2V migration of the SOE and would run the VM of the SOE when I needed to perform any specific administrivia tasks. The only drawback was that I was using Windows Server 2008 as a host OS, something you generally wouldn't want to give to ordinary users.

Looking at the inclusion of client Hyper-V in Windows 8, one cannot but think that providing users with a local "standard virtualized operating environment" that they can run on their BYOD machines might provide a better solution than plain old VDI. That way IT can retain complete control over the machine running as a VM without interfering with the rights of the person that actually owns the BYOD laptop. Of course to get it to work in most BYOD environments, there would need to be some sort of Hyper-V compatible client for Mac OSX (as Macs drive BYOD more than anything else). Although it's unlikely given all the low level stuff that goes on in Hyper-V that a direct port is possible, given the Connectix history of Microsoft's virtualization programs, it's not completely improbable that some sort of virtualization application for OSX from Microsoft might one day appear.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.