Edited transcript of BriefingsDirect Analyst Insights Edition podcast, Vol. 52 on client-side architectures and the prospect of heightened disruption in the PC and device software arenas.

1. Analysts Probe Future of Client Architectures as HTML 5 and
Client Virtualization Loom
Edited transcript of BriefingsDirect Analyst Insights Edition podcast, Vol. 52 on client-side
architectures and the prospect of heightened disruption in the PC and device software arenas.
Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Download the transcript. Charter
Sponsor: Active Endpoints.
Special offer: Download a free, supported 30-day trial of Active Endpoint's ActiveVOS at
www.activevos.com/insight.
Dana Gardner: Hello, and welcome to the latest BriefingsDirect Analyst Insights Edition,
Volume 52. I'm your host and moderator Dana Gardner, principal analyst at
Interarbor Solutions.
This periodic discussion and dissection of IT infrastructure related news and
events, with a panel of industry analysts and guests, comes to you with the help of
our charter sponsor, Active Endpoints, maker of the ActiveVOS Business Process
Management System.
Our topic this week on BriefingsDirect Analyst Insights Edition, and it is the week of April 26,
2010, focuses on client-side architectures and the prospect of heightened disruption in the PC
and device software arenas.
Such trends as cloud computing, service oriented architecture (SOA), social media, software as a
service (SaaS), and virtualization are combining and overlapping to upset the client landscape. If
more of what more users are doing with their clients involves services, then shouldn't the client
be more services ready? Should we expect one client to do it all very well, or do we need to think
more about specialized clients that might be configured on the fly?
Today's clients are more tied to the past than the future, where one size fits all. Most clients
consist of a handful of entrenched PC platforms, a handful of established web browsers, and a
handful of PC-like smartphones. But, what has become popular on the server, virtualization, is
taken to its full potential on these edge devices. New types of dynamic and task specific client
types might emerge. We'll take a look at what they might look like.
Also, just as Windows 7 for Microsoft is quickly entering the global PC market, cloud providers
are in an increasingly strong position to potentially favor certain client types or data and
configuration synchronization approaches. Will the client lead the cloud or vice versa? We'll talk
about that too.

2. Either way, the new emphasis seems to be on full media web eActivities, where standards and
technologies are vying anew for some sort of a de-facto dominance across both rich applications
as well as media presentation capabilities.
We're going to look at the future of the client with a panel of analysts and guests. Let me
introduce them. I am going to welcome Chad Jones. He is the Vice President for Product
Management at Neocleus. Welcome, Chad.
Chad Jones: Thank you, Dana. I'm glad to be here.
Gardner: We're also here with Michael Rowley, CTO of Active Endpoints. Welcome, Michael.
Michael Rowley: Thank you.
Gardner: We're also here again with Jim Kobielus, Senior Analyst at Forrester Research. Hi,
Jim.
Jim Kobielus: Hi, Dana. Hi, everybody.
Gardner: And Michael Dortch, Director of Research at Focus. Hello, Michael.
Michael Dortch: Greetings, everyone. Thanks, Dana.
Gardner: JP Morgenthal, Chief Architect, Merlin International. Hi, JP.
JP Morgenthal: Hi, Dana. Hi, everyone.
Gardner: And Dave Linthicum, CTO, Bick Group. Welcome back, Dave.
Dave Linthicum: Hey guys.
Gardner: Let me go first to Chad Jones. Tell us where you see virtualization impacting the edge
device, the client. Are we to expect something similar in terms of disruption there than the same
as what we have seen on servers?
Time for disruption
Jones: Dana, in the client market, it's time for disruption. Looking at the general PC
architectures, we have seen that since pretty much the inception of the computer,
you really still have one operating system (OS) that's bound to one machine, and
that machine, according to a number of analysts, is less than 10 percent utilized.
Normally, that's because you can't share that resource and really take advantage of
everything that modern hardware can offer you. Dual cores and all the gigabytes of

3. RAM that are available on the client are all are great things, but if you can't have an architecture
that can take advantage of that in a big way, then you get more of the same.
On the client side, virtualization is moving into all forms of computing. We've seen that with
applications, storage, networks, and certainly the revolution that happened with VMware and the
hypervisors on the server side. But, the benefits from the server virtualization side were not only
the ability to run multiple OSs side-by-side and consolidate servers, which is great, but definitely
not as relevant to the client side. It’s really the ability to manage the machine at the machine
level and be able to take OSs and move them as individual blocks of functionality in those
workloads.
The same thing for the client can become possible when you start virtualizing that endpoint and
stop doing management of the OS as management of the PC, and be able to manage that PC at
the root level.
Virtualization is a key enabler into that, and is going to open up PC architectures to a whole
brave new world of management and security. And, at a platform level, there will be things that
we're not even seeing yet, things that developers can think of, because they have options to now
run applications and agents and not be bound to just Windows itself. I think it’s going to be very
interesting.
Gardner: Chad, we're also seeing, of course, this welling of interest in cloud and SaaS, where
services are coming off the Internet for applications and increasingly for entertainment, and to
consumers as movies and video clips and full media. Is there something going on here between
the two trends, where virtualization has some potential, but cloud computing is also ramping up?
Is there some way that the cloud will be delivering virtualized instances of runtimes for client? Is
that in the offing?
Jones: Well, number one, anything is possible out there. But, I definitely see that there's a huge
trend out there in hosted desktops through virtual desktop infrastructure (VDI), not only from a
private cloud standpoint with an internal set of hosted desktops. Some companies are creating
and working with some of the largest telcos to provide hosted VDI externally, so that all that
infrastructure doesn’t have to be managed by the enterprise itself. It can actually be as a hosted
service.
That would be an external semi-public, private cloud, and all the way down to full public clouds,
where desktops would be hosted in that cloud.
Now, if you look at the trending information, it seems that VDI, in general, will niche out at
about 15 percent of overall desktops, especially in the enterprise space, leaving still 85-90
percent of desktops still requiring that rich client experience.
But, with virtualization, you have a whole new area where cloud providers can tie in at the PC
level. They'll be able to bundle desktop services and deliver them in a number of unique ways --
streaming or synchronization of VHD and things like that -- but still have them be
compartmentalized into their own runtime environments.

4. Personal OS
Imagine that you have your own personal Windows OS, that maybe you have signed up for
Microsoft’s new Intune service to manage that from the cloud standpoint. Then, you have
another Google OS that comes down with applications that are specific from that Google service,
and that desktop is running in parallel with Windows, because it’s fully controlled from a cloud
provider like Google. Something like Chrome OS is truly a cloud-based OS, where everything is
supposed to be stored up in the cloud.
Those kinds of services, in turn, can converge into the PC, and virtualization can take that to the
next level on the endpoint, so that those two things don’t overlap with each other, and a level of
service, which is important for the cloud, certainly for service level agreements (SLAs), can truly
be attained. There will be a lot of flexibility there.
Gardner: Dave Linthicum, we're thinking now about cloud providers, not just delivering data
services and applications, but perhaps delivering their own version of the runtime environment
on the client. Is that in the purview of cloud providers or are we talking about something that’s
perhaps dangerous?
Linthicum: I don’t think it’s dangerous. Cloud providers will eventually get into desktop
virtualization. It just seems to be the logical conclusion of where we're heading
right now.
In other words, we're providing all these very heavy-duty IT services, such as
database, OSs, and application servers on demand. It just makes sense that
eventually we're going to provide complete desktop virtualization offerings that
pop out of the cloud.
The beauty of that is that a small business, instead of having to maintain an IT staff, will just
have to maintain a few clients. They log into a cloud account and the virtualized desktops come
down.
It provides disaster recovery based on the architecture. It provides great scalability, because
basically you're paying for each desktop instance and you're not paying for more or less than you
need. So, you're not buying a data center or an inventory of computers and having to administer
the users.
That said, it has a lot more cooking to occur, before we actually get the public clouds on that
bandwagon. Over the next few years, it's primarily going to be an enterprise concept and it's
going to be growing, but eventually it's going to reach the cloud.
Gardner: This is something that might emerge in a private cloud environment first and then
perhaps migrate out towards more consumer or public-cloud environments.

5. Linthicum: Absolutely. Public cloud is going to be the destination for this. There are going to be
larger companies. Google and Microsoft are going to jump on this. Microsoft is a prime
candidate for making this thing work, as long as they can provide something as a service, which
is going to have the price point that the small-to-medium-sized businesses (SMBs) are going to
accept, because they are the early adopters.
Gardner: Michael Rowley at Active Endpoints, you're in the business of providing enterprise
applications, business management, process management, and you have decided a certain
approach to this on your client that isn’t necessarily a cloud or SaaS delivery model but
nonetheless takes advantage of some of these technologies. Tell us what Active Endpoints did to
solve its client issues with its business process management (BPM)?
Browser-based client
Rowley: When we talk about the client, we're mostly thinking about the web-browser based
client as opposed to the client as an entire virtualized OS. When you're using a
business process management system (BPMS) and you involve people, at some
point somebody is going to need to pull work off of a work list and work on it
and then eventually complete it and go and get the next piece of work.
That’s done in a web-based environment, which isn’t particularly unusual. It's a
fairly rich environment, which is something that a lot of applications are going
to. Web-based applications are going to a rich Internet application (RIA) style.
We have tried to take it even a step further and have taken advantage of the fact that by moving
to some of these real infrastructures, you can do not just some of the presentation tier of an
application on the client. You can do the entire presentation tier on the web browser client and
have its communication to the server, instead of being traditional HTML, have the entire
presentation on the browser. Its communication uses more of a web-service approach and going
directly into the services tier on the server. That server can be in a private cloud or, potentially, a
public cloud.
What's interesting is that by not having to install anything on the client, as with any of these
discussions we are talking about, that's an advantage, but also on the server, not having to have a
different presentation tier that's separate from your services tier.
You go directly from your browser client into the services tier on the server, and it just decreases
the overall complexity of the entire system. That's possible, because we base it on Ajax, with
JavaScript that uses a library that's becoming a de-facto standard called jQuery. jQuery has the
power to communicate with the server and then do all of the presentation logic locally.
Gardner: One of the things that's interesting to me about that, Michael, is that because we're
talking about HTML5 and some new standards, one possible route to the future would be this
almost exclusive browser based approach. We've seen a lot of that over the past decade or more,
enough so that it even threatened Microsoft and its very identity as a client OS company.

6. But, we've run into some friction and some fragmentation around standards, things like Adobe
versus Apple versus Silverlight, and the varying RIA approaches. Do you think that HTML5 has
the potential to solidify and standardize the market, so that the browser approach that you have
been describing could become more dominant than it is even now?
Push toward standards
Rowley: I think it will. I really do. Everybody probably has an opinion on this. I believe that
Apple, growing dominant in the client space with both the iPhone and now the iPad, and its lack
of support for either Silverlight or Flash, will be a push toward the standard space, the HTML5
using JavaScript, as the way of doing client-based rich Internet apps. There will be more of a
coalescing around these technologies, so that potentially all of your apps can come through the
one browser-based client.
Gardner: Of course, Google seems to be behind that model as well.
Rowley: Absolutely.
Gardner: So, here we have potentially two different approaches -- an HTML5 oriented world,
more web-based, more services-based -- but also we have a virtualization capability, where we
could bring down specialized runtime environments to support any number of different legacy or
specialized applications.
Let's go to our panel. Michael Dortch, isn't this the best of both worlds, if we could have
standardization and comprehensive browser capabilities and, at the same time, a virtualized
environment, where we could support just about anything we needed to, but on the fly?
Dortch: Dana, my sainted, and very wise, mother used to say, where you stand depends on
where you sit. So, whether or not this is a good thing depends entirely on where you sit, whether
or not this is the best of both worlds or the best of all possible worlds. From a developer
standpoint, I want one set of tools, right?
Gardner: Well, that's unlikely.
Dortch: Right, it's highly unlikely, but my mom also used to say, I was naively optimistic, so I
am just going to plow forward here. Let me be more realistic. I want as few tools
to manage and to learn as possible to reach the largest number of paying
customers for this software that I'm trying to create. "Write once -- sell many
times" is the mantra.
To get there, we're going to need a set of open standards, a set of really
compelling services, and a set of really easy-to-use tools. If the model of the cloud
has taught us anything yet, it's that, at the end of the day, I shouldn't have to care what those

7. individual components are or even where they come from, but we know it's going to be a long,
convoluted journey to get to that ideal space.
So the question becomes, if I am a developer with limited resources, what path do I go down
now? I really don't think we know enough to answer that question. The Flash debate about Apple
and its iPhone and its iPad hasn't seemed to shut down the Apple iTunes App Store yet, and I
don't see that happening anytime soon.
Gardner: Adobe isn't going out of business either, nor is Microsoft.
Dortch: Exactly, exactly. Every time a Starbucks opens near me, none of the local coffee shops
close. I don't get it, but it's the truth. So, at the end of the day, all that really matters in all of this
discussion is a very short list of criteria -- what works, what's commercially feasible, and what's
not going to require a rip and replace either by users or by developers. There's too much money
on the table for any of the major players to make any of these things onerous to any of those
communities.
Proprietary approaches
So, yes, there are going to continue to be proprietary approaches to solving these problems. As
the Buddhists like to say, many paths, one mountain. That's always going to be true. But, we've
got to keep our eyes on the ultimate goal here, and that is, how do you deliver the most
compelling services to the largest number of users with the most efficient use of your
development resources?
Until the debate shifts more in that direction and stops being so, I want to call it, religious about
bits and bytes and speeds and feeds, progress is going to be hampered. But, there's good news in
HTML5, Android, Chrome, and those things. At the end of the day, there's going to be a lot of
choices to be made.
The real choices to be made right now are centered on what path developers should take, so that,
as the technologies evolve, they have to do as little ripping and replacing as possible. This is
especially a challenge for larger companies running critical proprietary applications.
Gardner: So, we've taken the developer into consideration. JP Morgenthal is a chief architect for
a systems integrator (SI). What do you like in terms of a view of the future? Do you like the
notion of a web-based primary vehicle for the new apps, and perhaps a way of supporting the
older apps via virtualization services? What's your take architecturally?
Morgenthal: I like to watch patterns. That's what I do. Look at where more applications have
been created in the past three years, on what platform, and in what delivery mechanism than in
any other way. Have they been web apps or have they been iPhone/Android apps?
You've got to admit that the web is a great vehicle for pure dynamic content. But, at the end of
the day, when there is a static portion of at least the framework and the way that the information

8. is presented, nothing beats that client that’s already there going out and getting a small subset of
information, bringing it back, and displaying it.
I see us moving back to that model. The web is great for a fully connected high-
bandwidth environment.
I've been following a lot about economics, especially U.S. economics, how the
economy is going, and how it impacts everything. I had a great conversation with
somebody who is in finance and investing, and we joked about how people are
claiming they are getting evicted out of their homes. Their houses and homes are being
foreclosed on. They can barely afford to eat. But, everybody in the family has an iPhone with a
data plan.
Look what necessity has become, at least in the U.S., and I know it's probably similar in Korea,
Japan, and parts of Europe. Your medium for delivery of content and information is that device
in the palm that's got about a 300x200 display.
The status thing
Kobielus: That was very funny. When people lose their fortunes, the last thing that the wives
pawn is their jewelry. It’s the status items they stick with. So, the notion that the poor, broke
family all have iPhones and everything is consistent with that status thing.
Morgenthal: Somebody sent me a joke the other day talking about how 53 percent of women
find men with iPhones more attractive than those with Palm Pres and BlackBerry.
Gardner: So, JP, if I understand you, what you're saying is that the iPhone model, where you
have got a client-server approach, but that client can come down freely and be updated as a cloud
service to you, is the future.
Morgenthal: Yeah. And, on the desktop, you have Adobe doing the same thing with AIR and its
cross-platform, and it's a lot more interactive than some of the web stuff. JavaScript is great, but
at some point, you do get degradation in functionality. At some point, you have to deliver too
much data to make that really effective. That all goes away, when you have a consistent user
interface (UI) that is downloadable and updatable automatically.
I have got a Droid now. Everyday I see that little icon in the corner; I have got updates for you. I
have updated my Seismic three times, and my USA Today. It tells me when to update. It
automatically updates my client. It's a very neutral type of platform, and it works very, very well
as the main source for me to deliver content.
Now, sometimes, is that medium too small to get something more? Yeah. So where do I go? I go
to my secondary source, which is my laptop. I use my phone as my usual connectivity medium to
get my Internet.

9. So, while we have tremendous broadband capability growing around the world, we're living in a
wireless world and wireless is becoming the common denominator for a delivery vehicle. It's
limiting and controlling what we can get down to the end user in the client format.
Gardner: Let’s go back to Chad Jones at Neocleus. Tell us how the smartphone impact here
plays out. It almost seems as if the smartphone is locking us down in the same way the PC was
15 or 20 years ago, with some caveats about these downloadable and updatable apps or data.
How does that fit into virtualization? Is it possible to virtualize the smartphone as well and get
the best of something there?
Jones: First of all, I'm very happy to hear that women find guys with the iPhone more attractive,
because I am talking on my iPhone with you guys right now. So, this is a good thing. I feel like I
need to walk outside.
Virtualization is on many fronts, but I think what we are seeing on the phone explosion, is a very
good point. I get most of my information through my phone. Through the course of my day,
when I'm not sitting in front of my PC, it almost becomes my first source of a notification of
information. I get to get into my information. I get to see what the basics of whatever that piece
of information is.
Normally, if I want to go start researching deeper into it or read more into it, then the limiting
factor of that screen and those types of things that we were talking about drives me to my PC.
More coming through
I think that you're definitely going to see more and more apps and those types of things coming
through to the phones, but just by the sheer form factor of the phone, it's going to limit you from
what you're able to do.
Now, what is that going to end up being? Is it going to be, yes, I am going to continue to have
my laptop in my bag? I think that's going to be true for quite a while now. But, I certainly can see
that, in the future, there could be just a sleeve that you throw your phone in and it just jacks up
the screen resolution. Now, you have a form factor that you can work through.
But, to take it back to your whole question of virtualization on a phone, we haven’t seen the
same type of platform-related issues in applications to a great extent yet, where it comes to
conflicts and require a different phone, an OS version.
Is it readily working from app version to app version that you see on the PC. From an app
virtualization standpoint, I don’t think that there is a big need there yet, until the continuation of
those apps gets more complex. Then, maybe it will run into those issues. I just don’t see that
that's necessarily going to happen.

10. From a multi-OS standpoint that virtualization would pull in, even from a management
standpoint, I don’t think the platforms have the same issues that you're going to see inside of the
PC platform. For me, the jury is still out on where virtualization and if virtualization would truly
play on the phone model.
Gardner: Let me flip it around then Chad. If more people like JP are getting more information
and relying more on their phone, but they need that form factor and they need to support those
legacy apps inside of an enterprise environment, why not virtualize the smartphone on the PC?
Jones: That would be interesting. Something from a reverse standpoint, absolutely. If it comes to
a point where applications are primarily built for, let's say, the iPhone, you want to be able to
have that emulator or something like that. That could definitely be a wave of the future. That
way, you are crossing the bridges between both platforms. That could be an interesting approach
at virtualization, but it's going to be on the PC side.
Dortch: I can't let this part of the conversation go by without raising a few user-centric concerns.
Anyone who has done a webinar has clicked the button that says "Next Slide," and then died
quietly inside waiting for the slide to load, because there has been latency on the net, some
technological problem, or something like that -- whether you're an attendee or a presenter at one
of these webinar conferences.
So, I'm thinking, if I am trying to do business-critical work under deadline, if it's the end of the
quarter and I am trying to close a deal or something like that, and I click the button that's
supposed to download the next virtualized client service that I am supposed to be using and it
doesn’t load, I am going to start putting together a list of hostages I plan to take in the next few
minutes.
Gardner: That's a point that's always there Michael. We all need ubiquitous broadband. There is
no question about it.
Moving complexity
Dortch: Yeah, but I worry about what I've seen. When you talk about watching patterns, over
the past 30, 35 years, one of the things I've seen is that complexity rarely goes away but it moves
around a lot.
Is one of the thing that may be holding back client virtualization the simple fact that, when you
look at the limitations of most client devices, especially hand-held client devices, even
smartphones, and you look at the limitations, not only of the networks of the service providers
but of their abilities to even monitor and bill accurately for such granular services, aren’t these
things sort of like also slowing down the growth of these technologies that offer a lot of really
great promise, but just don't seem to have taken off just yet?
Gardner: Sure there are going to be limiting factors, but we're trying to look at this also through
an enterprise lens. We're thinking about how to support the old and the new, but do it in such a

11. way that we're not tied to a client-side platform limitation, but we're really limited only by what
we tend to do in terms of business process and applications and data.
Dave Linthicum, let's go back to you. The discussion about whether it's a PC or a smartphone,
whether it's HTML5, web e-services, or a virtualized runtime environment, do these become
moved pretty quickly when you think about the course of the application logic and that it's
primarily becoming a business process across ecosystems of services and perhaps hybrids of
suppliers?
Linthicum: Yeah, it's going to completely move. There are some prototypes today, such as the
stuff Google provides, and they do it on mobile devices, as well as web, and they also provide
their own OS, which is web-based. That, in essence, is going to be kind of a virtualized client,
such as what we are talking about during this discussion. But, going forward, it's really not going
to make a difference.
If you think about it, we're going to have these virtualized desktops, which come out of the cloud
we talked about earlier, which communicate with our computers, but also communicate with
cellphones any way in which we want to externalize those applications to us to become part of
the process. That's where we are heading.
The power of the cloud, the power of cloud computing, the power of virtualized desktops such as
this have the ability to do that. It's the ability to put everything that I own and that I work with,
and all my files and all my information, up into a provider, a private cloud, and then have them
come down and use them on whatever desktop, whatever device, that I want to use, whether it's
pad computing, or whether it's on my TV at home at night. We're heading in that direction. We're
getting used to that now.
As JP pointed out, we use our cellphones more than our computers every day. I guarantee you,
half the guys on the call today have iPads. Admit it guys, you do. And, we're using those devices
as well. We're starting to carry these things around, and ultimately, we are learning how to
become virtualized onto itself.
I spent this weekend making sure I put up into Google everything that I have, so that I can get
them to the different devices out there. That's where things are going to head.
Gardner: So, the synchronization in the config files, in the data files in the sky, that's the real
lock in. That's where your relationship with the vendor counts, and increasingly, an abstraction
off of the client allows you to have less and less of a true tie-in there.
Let's go to Jim Kobielus. Do you like the idea of a cloud-based world where the process and data
in the sky is your primary relationship, and it's a secondary relationship, as JP said, towards
whatever the client is?

12. Getting deconstructed
Kobielus: Yeah. In fact, it's the whole notion of a PC being the paradigm here that's getting
deconstructed. It has been deconstructed up the yin yang. If you look at what a
PC is, and we often think about a desktop, it's actually simply a decomposition of
services, rendering services, interaction services, connection and access,
notifications, app execution, data processing, identity and authentication. These
are all services that can and should be virtualized and abstracted to the cloud,
private or public, because the clients themselves, the edges, are a losing battle,
guys.
Try to pick winners here. This year, iPads are hot. Next year, it's something else. The year
beyond, it's something else. What's going to happen is -- and we already know it's happening -- is
that everything is getting hybridized like crazy.
All these different client or edge approaches are just going to continue to blur into each other.
The important thing is that the PC becomes your personal cloud. It's all of these services that are
available to you. The common denominator here for you as a user is that somehow your identity
is abstracted across all the disparate services that you have access to.
All of these services are aware that you are Dave Linthicum, coming in through your iPad, or
you are Dave Linthicum, coming in through a standard laptop web browser, and so forth. Your
identity and your content is all there and is all secure, in a sense, bringing process into there.
You don't normally think of a process as being a service that's specific to a client, but your hook
into a process, any process, is your ability to log in. Then, have your credentials accepted and all
of your privileges, permissions, and entitlements automatically provisioned to you.
Identity, in many ways, is the hook into this vast, personal cloud PC. That’s what’s happening.
Gardner: So, if I understand this correctly, we're saying that the edge device isn’t that important.
And, as we have said in past shows, where the cloud exists it isn't that important: private, public,
an intranet, a grid utility.
What is important? Are we talking about capturing the right data and the right configuration and
metadata that creates the process? And if that's the case, Michael Rowley, that might be good
news for you guys, because you're in BPM. Can we deconstruct what's important on the server
and on the edge, and what's left?
Rowley: That's a great question, because a lot of applications will really mix up the presentation
of the work to be done by the people who are using the application, with the underlying business
process that they are enabling.
If you can somehow tease those apart and get it so that the business process itself is represented,
using something like a business process model, then have the work done by the person or people

13. divided into a specific task that they are intended to do, you can have the task, at different times,
be hosted by different kinds of clients.
Different rendering
Or, depending on the person, whether they're using a smartphone or a full PC, they might get a
different rendering of the task, without changing the application from the perspective of the
business person who is trying to understand what's going on. Where are we in this process? What
has happened? What has to happen yet? Etc.
Then, for the rendering itself, it's really useful to have that be as dynamic as possible and not
have it be based on downloading an application, whether it's an iPhone app or a PC app that
needs to be updated, and you get a little sign that says you need to update this app or the other.
When you're using something like HTML5, you can get it so that you get a lot of the
functionality of some of these apps that currently you have to download, including things, as
somebody brought up before, the question of what happens when you aren't connected or are on
partially connected computing?
Up until now, web-based apps very much needed to be connected in order to do anything.
HTML5 is going to include some capabilities around much more functionality that's available,
even when you're disconnected. That will take the technology of a web-based client to even more
circumstances, where you would currently need to download one.
Gardner: We're already seeing that with some SaaS apps, including some of the Google stuff, so
that doesn't seem to be a big inhibitor. If what I hear you saying, Michael is that the process
information, the data, the configuration data is important and valuable.
If we can burst out more capacity on the server and burst down whatever operating environment
we need for the client, those things become less of a hurdle to the value, the value being getting
work done, getting that business process efficiency, getting the right data to the right people. Or
am I overstating it?
Rowley: No, that's exactly right. It's a little bit of a change in thinking for some people to
separate out those two concepts, the process from the UI for the individual task. But, once you
do, you get a lot of value for it.
Gardner: Chad Jones, do you also subscribe to this vision, where the data process configuration
information is paramount, but that bursting out capacity for more cycles on the servers is going
to become less of an issue, almost automatic? Then, the issuance of the right runtime
environment for whatever particular client is involved at any particular time is also automatic?
Do you think that’s where we are headed?

14. Jones: I can see that as part of it as well. When you'e able to start taking abstraction of
management and security from outside of those platforms and be able to treat that platform as a
service, those things become much greater possibilities.
Percolate and cook
I believe one of the gentlemen earlier commented that a lot of it needs some time to percolate
and cook, and that’s absolutely the case. But, I see that within the next 10 years, the platform
itself becomes a service, in which you can possibly choose which one you want. It’s delivered
down from the cloud to you at a basic level.
That’s what you operate on, and then all of those other services come layered in on top of that as
well, whether that’s partially through a concoction of virtualization and different OS platforms,
coupled with cloud-based profiles, data access, applications and those things. That’s really the
future that we're going to see here in the next 15 years or so.
Gardner: Dave Linthicum, what’s going to prevent us from reaching that sort of a vision?
What’s in the way?
Linthicum: I think security is in the way. Governance, security, the whole control issue, and
those sorts of things or fears that are an aid to the existing enterprises and the people who are
going to leverage this kind of technology.
The people who are doing computing right now in a non-virtualized world are going to push
back a bit on it, because it’s a loss of control. In other words, instead of just having something
completely on a system that I'm maintaining, it’s going to be in a virtualized environment, things
resourced to me, allocated to me through some kind of a centralized player. And, if they go
down, such as Google goes down today, if people are dependent on Google Docs or Gmail or
other sorts of things, I'm dead in the water. That’s really going to hinder adoption.
We're going to have to prove that we can do things in a secure, private way. We're going to have
to make sure we get systems that are going to comply with the laws that are out there and we
need to be very aware of those.
More often than not, we've got to trust some of these players that are going to drive this stuff.
This architecture itself is going to be viable, and the players themselves are going to provide a
service that’s going to be reliable.
Dortch: I agree with everything David said and, from an enterprise standpoint, I hasten to add,
there is the problem of the legacy systems. A lot of people are still running IE 6, and so HTML5
doesn’t really have much to offer them yet. From an IT management standpoint in the enterprise,
it’s going to require some pretty fancy dancing in concert with the vendors and the developers
who are pushing all this stuff forward to make sure that no critical user base is left behind, as
you're moving forward in this way.

15. Gardner: Well, that’s why we are talking about this as a 15-20 year horizon. It’s not going to
happen overnight.
JP Morgenthal, the trust issue. It seems that we've seen vendors trying to capitalize on the client,
thinking that if you own the client, you can then control the process. We've seen other vendors
say, if we can control the cloud, we can control the process. But, if you can’t control the server
environment and you can’t control the client environment.
Why not just go after that all-important set of services. I'm thinking about an ecosystem or
marketplace of business processes, perhaps something like what Salesforce is carving out. Any
thoughts about who to trust and where the pincher points are in all this?
Interesting dilemma
Morgenthal: Trust is an interesting dilemma in a cyber environment. We're in an environment
where the ability to defend is constantly about 10 paces behind those that are attacking. It’s the
Wild West and the criminals outnumber the sheriffs 10:1. There is more money to be made
robbing the people than there is protecting them.
The other thing that we have to deal with, with regard to trust, is that constant factor of
anonymity. Anonymity is very problematic in this environment. Basically, it creates two classes
of users. It creates a trust environment user and it creates an anonymous, public Internet user.
In the public Internet, you have your services, and they're potentially advertising-based or driven
by some other revenue medium. But, you have to realize you are not going to know who your
user is. You're not going to be able to be intimate about your user. Trust is minimal there. You do
your best to minimize the potential for loss of data, for inappropriate use, for access to the
services. Services are no different than an application at the end of the day.
I had a great meeting with the CSO from the Department of Homeland Security (DHS) and he
said it best, "If I could do away with username and passwords, my life would be a billion times
easier." Unfortunately, that's the number one medium for identity and credentials in the
anonymous Internet. Until the day we have personal identity verification (PIV) cards, and they
plug into machines, and we have guaranteed identity authentication given a credible medium,
we're going to be dealing with that.
The alternative is that I'm going to create my secure net, my private net, where only I know the
people and the users that are on that medium. That provides me a lot more flexibility and a lot
more power. I can control what's happening on that, because I know who my users are.
So, we end up with these two class of users. I don’t see them going away anytime soon. Even in
the 20 year realm, the ability to outthink the smartest hacker is unlikely. I think we have to
assume that we now live in a world where we are going to be attacked. The question is how can

16. we identify that attack quickly? How can we minimize the potential downside from those
attacks? It's a lot like living in a world with terrorists.
Gardner: Jim Kobielus, JP had some interesting thoughts that you need to authenticate through
the client or you need to authenticate through the service provider or cloud in order to make this
work. But, is there a possibility that authentication could evolve to a cloud service? You
authenticate through a process of some kind.
I'm going out on a limb here, clearly, but you're the guy who tracks BPM and data. Where does
the enterprise environment fall in this? Is there a way to decompose the client and the server but
still have enterprise caliber computing going on?
Kobielus: Oh sure, there is. I've sketched out seven layers of client services that can be put into a
private cloud. Clearly, one of the critical pieces of infrastructure that the cloud needs to have, as I
said, is identity management. It's also very much public key infrastructure (PKI) to enable strong
authentication, multi-factor, webs of trust, and so forth.
You need to begin to think through the whole client computing equation, if you were an
enterprise, a better rated identity, and look at the common standards, extensible application
markup language (XAML) and so forth to enable that or to look at things like OpenID.
Unable to trust
So that's quite important, Dana, because fundamentally it's moving away from a world where
PCs are personal computers that I trust, they are my resource. I don’t have to depend on anybody
else. All my data, my apps, everything is here. I'm moving to a world where it's, PC, personal
cloud. It's your cloud that I'm just renting a piece of or I have got a piece of it, where I can't
really trust you at all in some fundamental sense.
My mnemonic here for the cloud and why we can't trust it is, bear with me, SLA-HA-NA. SLA
-- service level agreements; HA -- high availability; NA -- not applicable, not available. If you
don’t have common identity, common security, and common federation standards within an
enterprise cloud, then that's not ready for full client virtualization.
Look at the public cloud. Dana, your article on 'Dealing With the Dearth of SLAs in the Cloud'
gets to the point where the public cloud is definitely not ready for enterprise-grade client
virtualization, until we get identity nailed down, if nothing else.
Quite frankly, I'm a bit jaundiced on that, because in the middle of the last decade, I was with a
large B2B trading exchange that was working on better rated identity, trust standards and
relationships among thousands upon thousands of companies.
Getting those trust relationships worked out, getting the policies written, getting all the lawyers
to agree and getting the common standards just to make one industry specific trading exchange

17. work was fearsomely difficult. Those trust issues are just going to be an ongoing deterrent to the
full virtualization of clients into public cloud environments.
Gardner: Well, we've started at reality. We've gone out to a 15-year horizon, and now we are
coming back in to the current day. Chad Jones, where does client virtualization fit in well? What
does it solve? What’s its value to the typical enterprise, rather than thinking about this in terms of
abstractions in the future?
Jones: The first thing is that the term client virtualization ends up getting applied to a lot of
different things. Just as a point of clarification, there are virtualized desktops, which are hosted
on the server side, like the VDI infrastructures, and then server-based computing of days past or
niche status. But, true client virtualization is the ability to abstract away the hardware resource
on the endpoint client and then be able to run virtual objects on top of that, and that's hosted
locally.
For the near term, as the client space begin to bake out over the next couple of years, the
immediate benefits are first around being able to take our deployment of at least the Windows
platform, from a current state of, let's either have an image that's done at Dell or more the case,
whenever I do a hardware refresh, every three to four years, that's when I deploy the OS. And,
we take it to a point where you can actually get a PC and put it onto the network.
You take out all the complexity of what the deployment questions are and the installation that
can cause so many different issues, combined with things like normalizing device driver models
and those types of things, so that I can get that image and that computer out to the corporate
standard very, very quickly, even if it's out in the middle of Timbuktu. That's one of the
immediate benefits.
Plus, start looking at help desk and the whole concept of desktop visits. If Windows dies today,
all of your agents and recovery and those types of things die with it. That means I've got to send
back the PC or go through some lengthy process to try to talk the user through complicated
procedures, and that's just an expensive proposition.
Still connect
You're able to take remote-control capabilities outside of Windows into something that's
hardened at the PC level and say, okay, if Windows goes down, I can actually still connect to the
PC as if I was local and remote connect to it and control it. It's like what the IP-based KVMs did
for the data center. You don’t even have to walk into the data center now. Imagine that on a grand
scale for client computing.
Couple in a VPN with that. Someone is at a Starbucks, 20 minutes before a presentation, with a
simple driver update that went awry and they can't fix it. With one call to the help desk, they're
able to remote to that PC through the firewalls and take care of that issue to get them up and
working.

18. Those are the areas that are the lowest hanging fruit, combined with amping up security in a
completely new paradigm. Imagine an antivirus that works, looking inside of Windows, but
operates in the same resource or collision domain, an execution environment where the virus is
actually working, or trying to execute.
There is a whole level of security upgrades that you can do, where you catch the viruses on the
space in between the network and actually getting to a compatible execution environment in
Windows, where you quarantine it before it even gets to an OS instance. All those areas have
huge potential.
Gardner: It seems as if what you are doing is ameliorating some of the rigidity of the traditional
client model but still keeping it in enough of a sense that it's going to satisfy a lot of what
enterprises need to do. Is that a fair encapsulation?
Jones: Yeah, absolutely. You have got to keep that rich user experience of the PC, but yet change
the architecture, so that it could become more highly manageable or become highly manageable,
but also become flexible as well.
Imagine a world, just cutting very quickly in the utility sense, where I've got my call center of
5,000 seats and I'm doing an interactive process, but I have got a second cord dedicated to a
headless virtual machine that’s doing mutual fund arbitrage apps or something like that in a grid,
and feeding that back. You're having 5,000 PCs doing that for you now at a very low cost rate, as
opposed to building a whole data center capacity to take care of that. Those are kind of the
futures where this type of technology can take you as well.
Gardner: So, virtualization is bringing flexibility by keeping the same essential model, it’s just a
better architectural approach to it.
Michael Rowley, what you guys have been doing at Active Endpoints with your client is perhaps
for newer applications getting that stepping stone to the future, but also protecting yourself.
Because, if you're running in the browser, you don’t really care so much about what the client is,
and you can also extend out from PCs to smartphones pretty quickly.
Rowley: Yes. You end up being able to support clients and support them even as they change
what device they are on. They are not maintaining local data, so that they can move from device
to device and even take a single task that they're working on, work on it on one kind of form
factor at one point and another kind of at another point in time. This is the great promise of
cloud-based computing taken all the way into the application and used throughout the
application. I really believe a lot more applications are going to be based that way.
Gardner: I've got a sneaking suspicion that organizations that embrace both of these models
have, in a sense, put some insurance policies in place, a backwards compatibility, forwards
compatibility, services orientation, but also maintaining that all important enterprise levels of
security, reliability, control, and management.

19. Rowley: One of the things that is really new and I think will catch on is this idea that these web-
based apps might be able to communicate with the server through what the application considers
as the service tier, the business tier, rather than having a presentation tier on the server, because
of the fact that the client has gotten powerful enough to do the full presentation on its own.
Gardner: I want to again thank you all for joining. We have been here talking about the future of
clients and services with cloud and virtualization impacts, as well as how to keep this in the real
world sphere of what enterprises need to do their jobs.
We have been talking with Chad Jones, Vice President for Product Management at Neocleus.
Thank you, Chad.
Jones: Thank you, Dana.
Gardner: We have also been here with Michael Rowley, CTO of Active Endpoints. Thanks,
Michael.
Rowley: Thanks, Dana.
Gardner: Jim Kobielus, Senior Analyst at Forrester Research. Appreciate your input, Jim.
Kobielus: Always a pleasure.
Gardner: Michael Dortch, Director of Research at Focus. Appreciate it, Michael.
Dortch: Thanks for the opportunity, Dana. Thanks, everyone.
Gardner: JP Morgenthal, Chief Architect, Merlin International. Thank you, JP.
Morgenthal: Thank you, Dana. Fun as usual.
Gardner: Dave Linthicum, CTO, Bick Group. We appreciate your input as well, Dave.
Linthicum: Thanks Dana.
Gardner: I also need to thank our charter sponsor for the BriefingsDirect Analyst Insights
Edition podcast, and that is Active Endpoints. This is Dana Gardner, Principal Analyst at
Interarbor Solutions. Thanks for listening and come back next time.
Listen to the podcast. Find it on iTunes/iPod and Podcast.com. Download the transcript. Charter
Sponsor: Active Endpoints.
Special offer: Download a free, supported 30-day trial of Active Endpoint's ActiveVOS at
www.activevos.com/insight.

20. Edited transcript of BriefingsDirect Analyst Insights Edition podcast, Vol. 52 on client-side
architectures and the prospect of heightened disruption in the PC and device software arenas.
Copyright Interarbor Solutions, LLC, 2005-2010. All rights reserved.
You may also be interested in:
• BriefingsDirect Analysts Pick Winners and Losers of Cloud Computing's Economic
Disruption and Enterprise Impact
• BriefingsDirect Analyst Panelists Peer into Crystal Balls for Latest IT Growth and Impact
Trends
• Security Skills Offer Top Draw Across Still Challenging U.S. IT Jobs Outlook