You know that a trend has peaked when the establishment jumps on board. That's happening in the world of mobile management, pioneered years ago by niche companies such as Good Technology and Zenprise and startups like MobileIron and AirWatch. Now, establishment companies such as CA Technologies, Citrix Systems (which bought Zenprise), Dell, EMC VMware (which bought AirWatch), IBM, and Microsoft are aggressively pushing their mobile management tools.
Just as the establishment is getting into mobile management (aka MDM), the field itself is poised for a shift away from mobile only. Tablets, both the category-defining iPad and the "deconstructed laptops" promoted by Microsoft and other Windows device makers, are both like smartphones and like laptops. For some people, they replace laptops; for others, they supplement them. In any event, the lines between computers and mobile devices are blurring.
Even where there are clear divisions, users are working with multiple devices. Suddenly, any separation on the management side gets hard to keep separate in reality -- password, access, and other policies overlap hugely, no matter if the tools don't.
That's why MDM is shifting away from mobile to encompass anything and everything a user might access: smartphones, tablets, computers, computers, even cloud desktop services. Some are personally owned, some are work-owned, most are mixed-use in practice. They cover a range of operating systems: multiple versions of Windows, OS X, iOS, and Android for sure, perhaps Linux, Windows Phone, Chrome OS, and BlackBerry OS as well.
It's telling that Microsoft doesn't use domain joining in its mobile-oriented mobile management tool, Intune. Instead, it uses a client app on the PC that basically consumes the payloads, then configures Windows accordingly and acts as a safe space, similar to the sandboxes used natively in iOS and OS X and via third-party software in Android.
Over time, the payload approach may become the standard approach, even in Windows. Microsoft's Windows OS team declined to speak to InfoWorld about its views on management, and the server group didn't want to speak for the OS group. But "with Windows 8.1, it's possible to manage a PC like a mobile device, such as by laying down an agent to do System Center stuff or use a management API. Windows RT does that, too," says Andrew Conway, director of product marketing at Microsoft for Windows Server and System Center. Yet the forthcoming Windows Phone 8.1 will support domain joins, so Microsoft may also be trying to keep both approaches available as the market continues to experiment.
The path to unified management
Certainly, the MDM pioneers see the shift to unified management coming, and several have expanded their mobile offerings to include Macs, since Apple has unified many of the APIs across iOS and OS X to simplify the process. Many partner with other providers to offer not a truly integrated suite to cover PCs and mobile, but a twinned product set that allows some sharing or coordination of policies.
But it's the establishment providers who are most active in trying to reconcile the desktop and mobile worlds into a common management environment, covering everything from asset tracking to security policy enforcement, for a simple reason. These establishment providers typically have Windows-oriented tools, covering the vast majority of client devices in the workplace and providing a starting point most familiar to IT: Windows PCs. (Microsoft says that 70 percent of enterprises today use its System Center for that purpose.)
Their offerings run the gamut from pairing two separate tools with some commonalities, such as policy sharing or common admin console, to a single tool that handles client differences behind the scenes. Most organizations still have separate teams managing PCs and mobile devices, and the single-tool approach works only when an enterprise ends that separation.
In other words, providers will need to fork their tools internally. "Forking is a skill that is underrated, but it has to be embraced for higher goal of uniformity," Varadarajan says. As an example, "OS X and iOS use many of same APIs but different semantics. I expect the same thing in Android PCs over time, and I can see the possibility in Windows given Windows Phone's big differences with PC Windows."
Of course, some policies simply don't apply to some devices, but a unified tool would know that and would ignore irrelevant policies while flagging policies that are relevant but can't be deployed to a specific device. A crude example of that is Apple's OS X Server, whose management console arranges its policies in three groups: iOS, OS X, and iOS and OS X. Enterprise-class tools will treat these differences more elegantly, but they will exist.
Varadarajan also notes that the client isn't the only part of the equation. You have servers and network appliances, and they can do a lot of the work when devices connect, such as monitoring traffic, validating access, and enforcing policies on the server side directly. Back-end management is key to unified device management, because all the devices work through that back end, which is the gateway to the company information and services.
Microsoft is taking two paths: extending its traditional System Center to the new, more intermittent world and delivering a payload-oriented tool via Intune. But it's not an either/or proposition. Intune can be used to manage PCs, not just mobile devices, via a client app, though its primary use case is for mobile devices, notes Microsoft's Conway. The PC-focused System Center can be used in concert with Intune on mobile devices, so System Center handles the asset management and configuration and Intune handles the deployment of security and device policies.
Windows 8.1 starts Microsoft's PC OS down the path that Apple began with OS X Lion: using APIs for mobile-style payload-based management.