In the three weeks that have passed since being subsumed into the high-velocity Citrix machine, I’ve been spending a fair amount of time meeting with, and listening to, a broad range of existing and potential customers, both service provider and “enlightened” enterprise, as they work through the planning and delivery phases of their respective cloud strategies.
First, let me qualify “enlightened” enterprise.
I have said many times recently that I believe we now have two very distinct types of enterprise – one is the traditional large corporation (let’s say Bechtel) and one is the new “digital native” enterprise (let’s say Netflix).
An “enlightened” enterprise, for the purposes of this discussion, is a traditional large corporation who actively seeks to emulate some of the constructs of public cloud providers, such as AWS, by architecting and delivering a true private cloud solution (not just server virtualization) to support their business activities and looks to augment those with public cloud services* from one or more service providers.
* These services may be IaaS, PaaS, SaaS or more recently a new variant, DaaS, which I will cover a little later.
I may be stating the obvious when I posit that there is a clear difference between the positioning of the service provider and the enterprise – the former clamoring to enter the growing cloud services market and hunting revenues with new, innovative offerings (and believe me, not everyone is trying to imitate AWS) while the latter aims to find smarter, more efficient ways to deliver solutions or consume services that meet or exceed the growing business demand.
My new role affords me a chance to sit in-between these two very different worlds and offers me a valuable insight into “what people really want and where they might get it”. Even in a relatively short timeframe, I am gaining a sense of this “demand and supply” landscape and using these listening efforts as an opportunity to identify where the likely challenges (let’s not call them roadblocks) may arise in the months ahead.
Unsurprisingly, there are common themes that can be easily observed between the respective “drivers” – Consumerization. Cost. Speed. Agility. Flexibility. Choice – all are words I’ve heard with a heart-warming regularity, but there is one area that comes up time and again, with a little less certainty around the winning formula.
It’s name? Identity.
Clearly, the word Identity alone is enough to strike fear in the heart of most people and covers a multitude of areas, but what is really interesting are the contexts in which it arises, and what is really fascinating are the potential complexities of each contextual discussion. The more I think through this, the more I convinced myself that this area could be one that proves an incredibly tough nut to crack – possibly proving a bigger stick in the wheel of widespread cloud adoption than yesterday’s fears around security, availability and reliability.
Intrigued? Then let’s get to the crux.
In my ideal world, there would be some kind of uber single sign-on what-cha-ma-call-it that made everything so simple to use that I would never have to worry about remembering usernames to login to different applications or having to remember their individual accompanying passwords.
In fact, the entire experience, authentication and authorization, would be so smart that I would not even notice when I switched between application contexts. I wouldn’t care whether I was interacting with web applications, client-server applications, private or public cloud hosted applications and I certainly wouldn’t care whether I was interacting as a user to an application or whether, once authorized to do so, any given application was talking to another application or service on my behalf.
But we don’t live in my ideal world. Yet. Today, we live in a world that is in the throes of a massive transformation.
We (to coin a phrase) are undeniably moving from the PC era to the Cloud era, but as we do so, we continue to stretch the limits of the practicality of mixing old and new technologies, specifically around identity, and my over-arching concern is that the more we are forced to do this, the more difficult it becomes to comprehend, the more mired we become in mind-bending levels of operational complexity and worst of all, we run the risk of the user experience become fatally affected as the digital natives we will serve want to provide their own identities, especially social identities, to further underline their already blurred view of where their work and non-work lives collide.
So, rewind to the pre-cloud days of yesteryear, when by and large, Microsoft ruled the enterprise world…OK, the still do and that’s thanks to the quite brilliant (and free) Active Directory. Although there were a decent set of other enterprise directory services around, AD became extremely pervasive because, above all else, it provided a pretty darn good single sign on experience as long as you were inside the corporate firewall.
Enter the SaaS brigade – Salesforce, Google and their ilk, tempting customers large and small with innovations in delivery and pricing that put complex software in a browser, outside the firewall, in a cloud, and in such an intuitive way that it had no training requirement and no user manual.
Wow. Suddenly the traditional AD didn’t look so comfortable. Gone was my relatively simple world of Windows Integrated Authentication.
Enter the challenge – How do I now create a seamless user experience by providing single sign on from my enterprise to these SaaS applications ?
Of course, like good engineers, we figured it out with some SAML magic – products like Citrix CloudGateway and vmware’s Project Horizon fit the bill very well – but, ultimately, in the same way that Terminal Emulation programs in client-server computing gave us a window back into the past, I can’t help but think this feels like another necessary, but complexity-adding, half-step to the future.
This “inside > out” identity strategy is one I’ve talked about many times. I believe it is important to the user experience, but it really only addresses one set of issues. I don’t hear much discussion about “outside > in”, where an organization is hosting an application (typical DMZ would do just fine here, not a big SaaS player) and wants to authenticate users who already have a social identity, for example? Call it federation, call it Web SSO, call it what you like, but is that too far a leap for mere mortals today?
And that’s just SaaS…consider what happens when we add in other “hosted” services such as the single-tenant version of “Exchange Online” (where providing a seamless user experience for client-server access, requires the instantiation of dedicated networking and Windows trusts for replication) and the advent of DaaS, or Desktops as a Service, which is a relatively new term and certainly something that I am seeing a lot of discussion and interest around.
The initial concept of DaaS will be very appealing to certain sectors of the market, especially the SMB space, but will also come with challenges around identity as it matures and grows towards a set of differentiated offerings – from server-based desktops to VDI – each requiring different variations on an identity theme.
I have no reason to doubt that we, as an industry, will continue to make huge innovations in the identity arena, but for now, I would certainly suggest that as we see these new, unprecedented arrivals of “demand and supply”, my ultimate goals of security, simplicity and a delightful user experience are going to get much more complex before they become much easier.
(Cross-posted @ The Loose Couple's Blog)