2013-10-08

My writing hand has been largely inactive for the past few weeks, but for very good reason. I've been using the time to wrap up a massive infrastructure overhaul for one of my larger commercial customers, including the rollout of Surface RT tablets to replace a fleet of aging netbooks for a mobile workforce. Tablets used to be relegated to the "PC-plus" category of companion gadgets (I'm looking at you, iPad), but my latest client project proves that with the right hardware, a mobile business team can truly ditch legacy computers in favor of a single, compact endpoint device.

While I'm not going to to get into the nuts and bolts of how we did it -- I'm saving that discussion for a second follow-up piece -- I do want to cover some of the reasons that my customer and I decided that Surface RT was the perfect platform for a mobile work team. Too much of the technology press is busy glossing over tech specs and fashion design scores for the latest tablets on the market, and not enough emphasis is being placed on the capabilities of one device over another.

Don't get me wrong; Microsoft won't win a 1 on 1 fashion war against Apple any day of the week. The fruit company's coolness is a tough match no matter how sleek the Surface or Xbox One or any other MS-branded gadget may be. Microsoft's competitive focus should be on functionality, and Robert Johnson covered a recent Surface commercial that hit Apple where it truly hurts.

Tactile input; USB ports; touchpads; and port options. If the next generation of tablet buyers, especially in the commercial space, is yearning for anything, it's all of the above that has been neglected by Apple rather snobbishly.



Above is just a sampling of the Surface RT tablets my company was busy preparing for deployment recently. Each unit took us about 45 minutes to get up and running. Most of the time was spent performing initial Windows Updates, and the rest was configuring and testing each person's remote desktop connection to a Windows 2012 virtual server running Microsoft RDS. All in all, we didn't sacrifice any capabilities that the business wanted in the end. A tablet rollout done right.

Mind you, on this Surface RT rollout we completed, not an ounce of business needs were sacrificed -- as is conversely the case with most iPad deployments I hear about. We're maintaining the highest levels of company file security. We eliminated the need for any costly, slow VPN reliance. We're giving mobile workers full Microsoft Office access, including Word, Excel, Outlook and the rest of the apps that aren't natively on the Surface RT by default. The system is so streamlined that a worker can lose a fully encrypted Surface RT tablet, with no worry about company data leaking -- and I can have them back up and working exactly where they left off in a few mere hours.

The cool tech handling a lot of the behind-the-scenes lifting is Windows Server 2012 with Remote Desktop Services, but I'll discuss those intricacies in another piece on BetaNews.

Why The iPad and Android Tablets Just Don't Cut it for Business

I've already railed against how K-12 education in the USA is ramming iPads down the throats of students and teachers alike -- even if it doesn't make financial or functional sense to do so. But another sector that is seemingly making the same mistake of fitting the big peg (iPads) into square holes (business computing) is the enterprise and commercial market.

In my planning research for this recently completed Surface RT rollout, I scoured dozens and dozens of forums with IT professionals talking about the pains they were going through not only to meet a portion of their business needs, but the hurdles they were leaping through in order to maintain security and management of their chosen platforms. What a nightmare I didn't want any part of.

For my own customer, we had a few big requirements that had to be addressed:

Microsoft Office: Users needed access to the full blown Microsoft Office suite; not just half baked app store conversions. Intricate document creation on the go without the limits of traditional tablet apps was a big necessity.

Wifi all the way: The primary mode of internet access for the devices had to be cheap, easily accessible wifi wherever staff may be. Ongoing 4G data charges were something this company wanted to dearly get away from.

Confidentiality: Data security was paramount, and the ideal end goal was to never even let company data leave the silo that is the in-house server.

VPN-less mobile access: VPNs for mobile workers are so 2000; we wanted something faster and more reliable no matter how cruddy the internet connection on location may be.

Downtime due to loss: The ideal device we chose should have the ability to be lost without any worry about data leaking out, with the affected worker being able to get geared up with a replacement in a short time span.

Hybrid input options: The tablet we chose needed to offer touch-based input, along with no-restrictions-attached tactile input with a keyboard and mouse/touchpad.

Port-ability: Expandability and accessibility for external devices like wireless mice and USB flash drives was a big requirement.

Our hunt started off by looking at traditional laptops. They were ruled out as being too expensive to maintain, and too heavy to lug around. Then we switched gears to the iconic iPad, and also dabbled in Android tablets, but they all suffered from the same innate issues. They had no unified solution for tactile input that was standardized, and especially in the iPad's case, we were limited to a single proprietary docking port that is bound by expensive dongles that cannot be used in quantities of more than one at a time.

Furthermore, early on we made a decision that the mobile staff would be using Remote Desktop Services, through the use of standard RDP sessions, to access their "work desktops" on the go. Apple's ecosystem has an RDP alternative called iTap which is not bad, but not great either. You can scour its reviews to see the myriad of limitations and bugs it presents users with, not to mention a $25 price tag per device (RDP on any Windows-based device is at the nice price of free, including all Surface tablets).



The Surface RT is one of the best values around in the tablet market. For $400, a company can give each worker a proper laptop replacement with excellent battery life, iPad-like size, numerous port options, and a carefully crafted keyboard/touchpad combo. Coupled with Windows Server RDS, these workers can also have full internal file share access, printing, and the ability to use nearly any app from the Windows ecosystem. That's a tough sell on an iPad or Android tablet without reinventing the wheel. (Image Source: Neowin)

The RDP situation on the Android side is even worse in most regards. iTap was brought over for the platform but it has similar bugs to the Apple iteration. PocketCloud tries its hand at the same task, but I was just as disappointed in the lack of feature parity to the official RDP client built into Windows and the Surface RT. Most of all, a smooth experience is paramount for an RDP session, as we were asking staff to ditch traditional machines in favor of a remote, session-based solution. Graphical glitches, issues with cross-platform input negotiation, etc were just not things that we were willing to deal with.

For those that think Surface tablets, and to a larger degree, Windows 8, are not ready for purpose-driven business and educational usage aren't looking in the right places. Organizations are adopting the next generation of Windows in many forms. Fox News is going all out in its own studios by deploying large Windows 8 touchscreen TVs for production and live casting purposes. Southern Illinois University, a large school down south from my backyard, is getting Dell Latitude 10 tablets running Windows 8 into the hands of every incoming freshman this year. And Surface 2 is getting some hot attention after Delta announced that it's putting 11,000 of the devices into the hands of its full line of pilots.

Here are my 5 top reasons that organizations should put the pause button on any planned iPad rollouts and take a serious look at the Surface tablet line for their needs. They may be surprised at how business friendly these devices actually are, and the low barriers to entry in giving mobile staff all of the tools they need.

5) Remote Access Without the Costs of GoToMyPC, LogMeIn

If a business is rolling out tablets with the notion that they are going to provide an easy to manage experience built around getting all their staff onto GoToMyPC or LogMeIn, they clearly haven't researched their approach very well. First off, both platforms do not have any easy centralized management option without hefty recurring costs attached. For example, LogMeIn Free is great - until you need to access more than 10 systems over your tablets. Then you have to get LogMeIn Central which runs a nice $300/yr for up to 100 computers. Starting at 101 machines, you're looking at no less than $500/yr for the service. Ouch.

GoToMyPC isn't much better on the recurring cost front. In order to properly administer the service for a set of machines, you need to start off with the Pro edition which sets pricing at $10/month per PC used. So a workforce of even just ten workers accessing their office computers is $100/month or $1000/yr without even taking into account the licensing, maintenance, and hardware costs of the computers running back at the office. In the end, both LogMeIn and GoToMyPC are half-baked solutions to a bigger problem. The "square peg in the round hole" dilemma pokes it head once again.

The benefit of leveraging the Surface RT not only allowed us to get tablets for $400 USD per device (w/ touch cover included) but the recurring costs for this company were even nicer: $0 for remote access. Part of the mobile overhaul plan included repurposing an existing Dell Poweredge server with Windows Server 2012, which happens to run a fantastic technology out of the box called Remote Desktop Services. We spun up a production RDS virtual host box built on the included Hyper-V 2012 technology (a free alternative to going with VMWare) which was the sandbox for hosting everyone's remote virtual desktop sessions from Surface tablets.

Sure, the Remote Desktop Services route doesn't come without its own licensing nags. You do have to purchase the proper RDS User Cals for remote access, as well as procure Office 2013 Standard volume licenses, but these costs tend to pay for themselves in under two years compared to paying for GoToMyPC or LogMeIn indefinitely. And another big aspect is the fact that we don't have to maintain two devices per user: their office workstation and their tablet device. In our scenario, we roll out a Surace RT per worker without any workstation behind the scenes. The Windows 2012 server needs to be maintained, but this is far easier and cost effective than doing the "office PC patching shuffle" on a monthly basis across dozens of workstations.

When it comes to keeping long term costs down, Remote Desktop Services and Surface tablets for mobile access cannot be beat.

4) Expansion Options for Any Situation

If you haven't watched my favorite Surface commercial yet, please do so. Microsoft sort-of got the point across on the Surface value proposition back when it launched last year (dancing flocks of Surface users, anyone?) but the real solidification of why someone would choose a Surface over an iPad sits in the expandability of the device.

Even though we made a conscious decision to go with a tablet-first device like the Surface RT for this project, users have already been plugging in external mice, flash drives, and even external monitors for ease of use. Mobility for on the go; comfort for working in the office. That's exactly where the Surface outshines the iPad as a full laptop replacement.

To be fair, of course you can purchase dock X and dongle Y to get a majority of the same things done on an iPad. But the key is: you can't use most of them at the same time. Apple's "one port to rule them all" approach inherently means your end users have to make concessions. External monitor or external keyboard -- but not both at once.

The Surface comes much closer to a reality of replacing a work laptop then an iPad or Android tablet do, for the time being of course. Whether this changes is something to be seen. But for the here and now, Surface is the king of expansion options in my eyes.

3) Mobile Computing Security That Beats Any VPN

Before rolling out a fleet of Surface RT tablets, mobile access to the main office for an on-the-go workforce looked eerily similar to what most enterprises consider the gold standard:

Users would connect over 4G or public Wifi over VPN to the main office, which had no less than a T1 connection as its backbone. Waiting and patience was a prerequisite of this scenario.

Netbooks running Windows XP and 1GB of RAM would slowly send/receive work files to and from the server.

Frustrated users would of course download company data to the netbooks locally, which had no form of encryption on their disk drives.

Most users so hated the VPN (of those that it still worked for) that they would maintain a dual set of files: those kept on their netbooks and those kept on their proper server shares. If a netbook was lost/stolen, you'd better hope that you moved what you needed to a flash drive or the file server in time.

Mobile computing was a nightmare and a half, to say the least. Data security was non-existent. A VPN connection over a T1 line bottlenecked everyone's speed. And lost netbooks were a constant threat to company confidentiality. There had to be a better way.

Server 2012, specifically Remote Desktop Services, allowed for simplification of mobile access without creating the headaches that VPNs are known for. Session security and baseline connection requirements can be established server-side and easily maintained. For example, we setup this deployment to allow for no less than RDP v8 sessions to be run, and enforce the highest encryption levels that RDS supports currently. Only a specified subset of Active Directory users were given privileges to connect over RDS, and of those users, if any of the security requirements are not met, they are not allowed onto their virtual desktops. Simple as that.

Most mobile computing strategies that small businesses employ are bolted together with little forethought into long term maintenance, security, and access. Remote Desktop Services in Windows Server 2012, formerly known as Terminal Services, provides an easy backbone for achieving all of the necessary goals for an effective and secure mobile workforce. We got it done on Surface RT tablets using RDP sessions on the cheap. Microsoft may not be winning the image war against Apple, but they have a huge advantage when it comes to well built real-world mobile computing for the modern business. (Image Source: Microsoft)

Data leaks are no longer a threat to company security either, in the form of lost files on scattered mobile devices. Since RDS forces every user to work on Office documents within the sandbox of the HyperV server, the only way information is getting out is through willful negligence -- emailing files, etc. Accidental file misplacement, at its worst, involves users leaving files on their RDS virtual desktops, which poses zero threat to the organization. It's a housekeeping issue at that point.

And on the topic of speed, Remote Desktop Services 2012 has stellar facets for keeping a consistent, seamless experience for remote workers. Things like Adaptive Network Auto Detect ratchet up or down eye candy to play nicely with bandwidth limitations incurred, and other improvements in Microsoft's RemoteFX allow for the previously unthinkable -- such as streaming video and audio over an RDP connection. It works well; users at this organization were already watching stored videos and YouTube over WAN links, to my surprise, with little hiccup in server utilization or bandwidth consumption.

If you have a bad taste in your mouth from previous experiences with RDS (pre-Server 2008) then you will be pleasantly surprised at how far Microsoft has brought this technology in a decade.

2) A Happy Medium: Touch + Traditional Input As You Wish

Apple learned from the Henry Ford playbook quite well. Users can have any kind of input option on an iPad they wish, as long as it comes in touch. I don't believe this is the answer the modern business is looking for. Not from a culture that has been ingrained in a keyboard, mouse, and for the laptop -- touchpad -- mentality for the past decade or more.

It has been interesting watching this customer's mobile workforce and the usage patterns of when someone will use their Touch or Type cover; when they will plug in an external mouse; or when they will just go plain commando and use touch only. And herein lies a big selling point: why should we (read: management or IT) be the ones to force everyone into using their tablet the same way? What if some users are more comfortable with touch over others? What if use cases call for traditional input, like Office file creation and editing, over touch, which is better suited for Modern UI apps?

I'm not preaching anything crazy here. IDC reaffirmed my beliefs with a recent survey of individuals whether they would ditch their laptops for tablets solely. Only 8.7% of those who responded said they would ditch their laptops in favor of tablets. Close to 3/5, or 58.8%, claim that they bought a tablet specifically to use in addition to their existing laptops. With all the media hype drooling over tablets in the last two years, you'd think these numbers were lying. But they aren't.

Mainstream tablets, before the Surface, didn't provide any catapult for being able to replace your primary computing device. From not having the ability to leverage core work applications, to clumsy alternative input methods, tablets have been a nonstarter as anything more than a PC-plus compliment best suited for media consumption and perusing your email before heading to bed.

Hopefully the Surface can help change this perception. Seeing as the Surface 2 and Surface 2 Pro are continuing forward with the keyboard/touchpad/cover hybrid solution, I think the realization that people want to like tablets -- but not at the expense of functionality or accessibility -- is something that Apple and its Android cousins are going to have to realize sooner or later.

1) A Best-of-Breed 'Mobile Desktop' Experience -- On a Tablet

It's nice to see that Apple has finally released iWork for iOS. This finally gives iPad users a half decent option for getting work done in some manner on the iPad. But if you're going to compare the iWork app to full blown Microsoft Office that most corporate workers are used to, it's a laughable comparison at best. It's like claiming that a modded Honda Civic has a chance at competing in a NASCAR race. It showed up for the event -- and we will leave it at that.

One of the big reasons tablet buyers have no inclination in ditching their laptops yet is because they simply can't. Much of the can't crowd is likely referencing the lack of Microsoft Office in its full glory on any tablet aside from the Surface. Whether we like it or not, Office represents the way we work in the business world and it will likely be a good while before a compelling competitor can change that paradigm. Even the sizable community behind OpenOffice and LibreOffice is having a hard time convincing organizations that their approach to office file creation is better than Microsoft's, for better or worse.

Until that day comes, organizations need to formulate sound gameplans on how they can equip their mobile workers with the tools they need to work effectively in the present. Dumping an iPad in someone's lap and asking them to get by with iWork or any of the other dozens of me-too apps is on par with placing one technology -- the endpoint device -- on a pedestal over another which is much more important: the software necessary to get work done.

I see this mistake time and time again in the tablet deployments and 1:1 initiatives in K-12 education that are solving problems by following the crowd, and not asking the critical questions of what is needed and how will it better the end user. Cool technology like tablets are useless if they can't offer the value users are looking for.

Remote Desktop Protocol technology from Microsoft goes back to the Windows 2000 era. Yes, it's over a decade old at this point. But likewise, it's extremely mature and gives workers the power of traditional computing on non-traditional tablet devices. My company converted an entire mobile workforce from Windows netbooks over to Surface RT tablets -- all while increasing accessibility to traditional office applications on the go. How many iPad rollouts can lay claim to that kind of result?

Using RDP sessions, users on Surface tablets are afforded a simple gateway to all of the same programs they would normally use on an office computer without the vestiges of being tied to a desktop, or lugging around a hefty laptop. All of the computing power and processing is done on the central server, so mobile clients are merely relied upon to gain access to the RDS system and maintain a connection. Even if a worker has to abruptly leave the coffee shop or a customer location, they can close out of their session window -- and reconnect in a matter of seconds when they get to their next destination. No work is lost, and no security is sacrificed in the process. It just works.

Access to other legacy comforts, like printers and shared drives on internal servers, is also a breeze. If your company has an existing AD domain and shared printers, getting users onto remote desktops with access to all of these resources will be relatively painless after the initial hump of configuring the pre-reqs needed to use RDS. It's not without some respective elbow grease, but compared to putting together a Picaso of technologies on the iPad or Android ecosystems, the RDS approach should be familiar and extremely capable.

Is a Surface rollout piggybacking Remote Desktop Services right for every company? Of course not. There will be situations where going Android or iPad is sensible over Surface. But in the strict context of ridding workers from legacy laptops/desktops in favor of tablets for the workplace, my money is on the Surface.

After spending the last few months in the trenches preparing this very type of backbone for one of the leading flooring companies in the Chicago, IL (USA) area, I can comfortably say that this is an approach we are going to be recommending heavily going forward for mobile workforce deployments.

Derrick Wlodarz is an IT Specialist who owns Park Ridge, IL (USA) based technology consulting & service company FireLogic, with over eight+ years of IT experience in the private and public sectors. He holds numerous technical credentials from Microsoft, Google, and CompTIA and specializes in consulting customers on growing hot technologies such as Office 365, Google Apps, cloud-hosted VoIP, among others. Derrick is an active member of CompTIA's Subject Matter Expert Technical Advisory Council that shapes the future of CompTIA exams across the world. You can reach him at derrick at wlodarz dot net.

Show more