iOS and Android in the workplace (aka Replacing your computer with an iPad/Android Tablet?)

With iOS and Android becoming more popular in the home environment, I am often asked how these devices can be used as the endpoint to connect to a work network.  I would like to separate the use of these devices as a work device, rather using them as an access point for the occasional remote access session.

Irrespective of whether the tablet or mobile is a company or personal device, the issue with connecting it to your network is software support, so we have to look at what applications are required in the workplace.  With email, most mobile and tablet devices will support Exchange, and most of these devices will have the ability to create, read and edit Microsoft Office documents.  There may be some issues with legacy applications, or Windows only applications, which would render the device useless for those applications.

I’ve read in some places, where the solution is the replace the applications with something that will work on these mobile devices, or on other computer operating systems.   This seems a little bit extreme, especially in the current economic climate, where IT budgets are being cut and hardware refresh rates being increased from three years to up to five years.  Embracing BYOD (Bring Your Own Device) will also bring the same challenges, as the organisation may save hardware costs in not having to purchase and maintain devices, but will have to alter the backend infrastructure to support these new devices.

I’ve always liked the concept of VDI (Virtual Desktop Infrastructure) but in the past, it has been both complicated and expensive.  There are now solutions which can give you a virtual desktop for less than the cost of a new PC.  By manipulating budgets, it would be possible to deploy a VDI solution, instead of carrying out a hardware refresh of the desktop/laptop infrastructure.  The VDI solution would be able to create a Windows desktop environment that can run on any endpoint that supports RDP (Remote Desktop Protocol).  This would enable the old hardware, the mobile devices, the tablets, the BYOD equipment and home devices to connect to the VDI solution using RDP.  This solution can run on the network, and allow these devices to connect assuming they are on the network. 

The next challenge would be allowing these devices to connect to the VDI solution when they are away from the office.  If there is an SSL-VPN solution in place, you may be out of luck!  Most SSL-VPN solutions allow you to connect to your office, via an internet browser.  By installing some software components, via ActiveX or Java, it will give your Windows and Apple (and sometimes Linux) computers the ability to connect to the network and allow your applications to run remotely.  The issue comes as most of these solution providers have not written software components for the mobile and tablet devices to connect natively to the network.  Although web applications will work on these devices, any application requiring more than a web browser will not run.

The way to allow these devices onto the network will be to use a “traditional” VPN, utilising PPTP, L2TP or IPSEC.  This type of connectivity is normally configured on a firewall or VPN concentrator and once configured with the appropriated settings and authentication (we will have to think about security); these devices will connect and can interact with your network as if they were a computer on the network.

Once connected, the VDI solution will be available to the device, and then allow your Windows desktop to run, even though the device is not in the office and may not be running a traditional operating system!