From a long-time role as a niche employee, the mobile worker is now one of the most strategic employees in an organization, delivering significant productivity gains across organizations and industries, and holding the key to quantifiable organizational benefits. For organizations worldwide, the scope of workforce mobility has expanded beyond the traditional business traveler in a hotel or an airport who is seeking remote access to office resources. Mobile technology is now shaping various patterns of mobility across employee functions and roles that could impact any organization, regardless of its size, business focus, and industry.
Today's IT organizations are facing the challenges of enabling mobility for:
- Office-based mobile workers, such as the traditional mobile professionals whose primary workplace is the office but who conduct business elsewhere; for example, in airports, in hotels, and at customer sites
- Non-office-based mobile workers, whose primary workplace is not the office and who may be:
- On location, roaming within a facility, campus, or other remote location, such as indoors in a hospital, restaurant, or warehouse, or outdoors at a construction site
- Sales and field-service employees on regularly traveled routes, or routes that vary from day to day
- Home-based mobile workers, who use their home as a workplace all or part of the time. Tele-work can range from a few days a month outside of the organization's office to working full-time at the employee's residence or at a client location
As both developed and emerging economies embrace the advantages of workforce mobility, the worldwide mobile workforce is expected to continue to grow in size and expand in scope. According to IDC, in 2009, the mobile worker population will reach 878.2 million, or 27.3% of the global workforce. This is a significant increase from 2004, when there were 676.0 million mobile workers that represented 23.1% of the global workforce. Mobile PC shipments are expected to approach parity with desk-based units globally by 2010, and mobile PCs will outsell desk-based PCs in many mature markets. Even in emerging markets, mobile PCs are expected to make great strides, and will approach one-third of all PC shipments by 2010. Two related technology trends driving workforce mobility are the widespread availability of wireless broadband connectivity in all major metro areas, and the adoption of powerful handheld devices that are compatible with both cellular and Wi-Fi networks.
The Impact of Workforce Mobility on App Delivery
A majority of enterprises have already delivered mobile e-mail to wireless handheld devices, such as Blackberry and Smartphone devices. However, as enterprises try to expand mobile application delivery beyond simple e-mail and calendaring tasks, they face daunting challenges. Enterprise line-of-business applications are more interactive and, for optimal user experience, they require larger screens than those provided with handheld devices. Some companies are rewriting their applications for small screens; however, this leads to additional cost and increased time to market. There is a linear progression in performance and capability between text messaging, browser-based applications, Java-enabled clients, and native clients. Native clients provide the best performance; however, development costs often limit the range of supported devices.
Laptops provide an alternative, because they are well-suited for running a full range of corporate applications and can be used both in the office and while the user is mobile. However, enterprises must contend with a diversity of applications, users and roles, devices, and networks. For example:
- Application diversity
- Productivity or line-of-business applications
- Desktop, client-server, or Web applications
- Local or centralized application storage. This choice can impact bandwidth, complexity, security, and compliance needs
- Graphics-intensive or multimedia-streamed applications
- Users, roles, and device context diversity
- Power users, knowledge worker, or task worker
- Limits to access sensitive data when user is remote
- Trusted or non-trusted device, compliance standards
- Number of devices per user allowed
- Network diversity
- Usage patterns differ when always mobile or nomadic
- Reliability while roaming across different networks
- Variable throughput due to congestion and high latency
This diversity makes it difficult to provide a consistent, end-to-end user experience.
Further, the IT staff has little visibility into network access costs that are buried in departmental expense reports, as employees connect from hotels and airport hotspots. This increases overall costs and exposes the corporate network to security threats. There are also significant risks associated with storing corporate data on remote devices that may be lost, stolen, or otherwise compromised. Managing remote devices can be challenging, and there is often no visibility into the end-user experience, which makes it difficult to support remote users.
An ADI for the Mobile Workforce
This section describes a systematic approach organizations can take to enable workforce mobility that provides clear business benefits while mitigating the security risk.
The planning phase of this approach includes the following steps:
- Conduct a comprehensive audit that includes mobile users, applications requested, hardware, and existing network contracts.
- Evaluate both current-state usage and future-state scenarios, and then prioritize the use cases based on strategic value to the business.
- Define a mobility policy that enumerates what combinations of users, devices, and applications will be supported over what networks. A security policy is also included that safeguards any data in transit and on the device.
- Design a policy-based access control system that can be enforced at many distributed points, such as firewall, gateway, Web server, file system, applications, and databases.
When a mobile user requests access to an application, the request passes through many tiers of the system and each tier handles a different type of access control. A clear separation between the various management tiers is recommended; however, these tiers should be coordinated to provide an optimal user experience. The following diagram illustrates how the four tiers of the integrated system function when the system responds to a mobile user's request for application delivery.
Tier 1 is the network access control tier that is responsible for collecting information from an endpoint, to make a decision on whether or not the system will allow a device to connect to the network. After a device is allowed to connect and the user authenticates, the user receives an assertion that he can then use as proof of identity.
Tier 2 is typically a gateway or an application firewall. The user is assigned a session, and any new protocols and ports that are used in the session are subject to access control. These controls can reach the content of each packet via a TCP stream.
Tier 3 is concerned with whether or not the user has the rights to perform certain tasks, such as accessing an application, a file, or a Web page. This level of access control is generally enforced by the operating system.
Tier 4 includes fine-grained access controls that can be applied inside an application, such as SAP.
Guidelines for Configuring the ADI for Workforce Mobility
This section contains best practice guidelines for configuring the specific functions that are available in each of the ADI elements, to enable a seamless end-user experience.
Select the Best Delivery Method
If the type of mobile user (office-based or non-office based), the device, and the connectivity details are known, apply this policy to determine the appropriate mix of applications and delivery options, to ensure the best end-user experience. When making the decision, consider the following table of typical use cases and suggested delivery options:
| Mobile worker |
Application |
Device |
Considerations |
Delivery option |
| Office based |
| |
Productivity |
Corporate laptop |
Requires offline use |
Client-side app virtualization |
| |
Line-of-business, client-server |
Corporate laptop |
Unsecure wireless hotspot or hotel network |
Server-side app virtualization |
| Non-office based |
| Roaming on site, such as on a campus or in a hospital |
Line-of-business, task worker |
Wireless PC tablet |
No local application data, rapid device provisioning |
Server-side app virtualization or server provisioning |
| Home-based task worker |
All applications |
Thin client |
Ease of remote support |
Server-side app virtualization or
system virtualization |
| Home-based power users |
|
Desktop or laptop |
|
Server-side app virtualization or
system virtualization |
Optimization
Traffic management is an important function that ensures the scalability and availability of the application delivery infrastructure. Load balancing within each site and clustering solutions can provide the required capacity and high availability to ensure high service levels for mobile users. Further, global enterprises with widespread mobile users should consider distributed sites and implement Global Server Load Balancing functionality, to re-route traffic to alternate sites in the event of network and other disruptions.
The acceleration function, centrally implemented in front of the Web servers, provides all mobile users with high performance. By offloading the resource-intensive tasks from the servers and buffering mobile user requests that are sent over slower links, application performance is improved significantly.
Consider the use of WAN optimization, for mobile users with locally installed client software. The client can also be integrated with the Virtual Public Network (VPN) client. The compression module can significantly reduce the data transferred over the wireless network. Further, the TCP flow control module can adjust the data transmission rate to optimize performance over the high-latency and congestion-prone wireless networks. Finally, protocol optimization for commonly used tasks, such as file transfer, can considerably reduce round-trips, thereby improving application responsiveness for mobile users.
Security
Establish a single entry point into the corporate network for all types of mobile workers and ensure the appropriate level of scalability and availability. Mandate the use of two-factor authentication to identify users, based on secure token or biometric devices. Strong authentication, along with robust network access control, provides the critical first layer of security. Further, many mobile workers connect through public networks, such as the Internet. Intrusion detection systems (IDS), intrusion prevention systems (IPS), and encryption functions make up the next layer of defense required for safely transporting sensitive data over public networks.
The access control layer plays an important role in providing mobile access, and is primarily responsible for managing the diversity of users and devices, and enforcing the mobility policy described previously. When mobile users move from device to device and location to location, the access control layer determines whether or not to grant access, and then determines the correct user permissions based on the current access scenario. Finally, the audit function can be used to create detailed logs for sensitive applications.
Management
Managing the end-to-end infrastructure for supporting workforce mobility requires granular visibility into datacenter and network operations. Further, the mobile user experience is often overlooked. The endpoint agent on a mobile device can collect data on hardware, application, and network usage. This information can be uploaded at established intervals to provide a baseline for normal performance, as well as queried in real-time for immediate problem resolution.
Often, by the time a mobile user contacts the help desk, the user is already frustrated and unproductive. Real-time alerts allow you to monitor mission-critical applications and devices, and notify designated staff members in the event of a problem, before mobile users call to report the problem.
Successful mobility initiatives require both proactive monitoring and good baseline data about system availability and network traffic. These capabilities help to resolve a wide range of system management issues, and also help IT staff make effective upgrade and migration decisions. For example, for a smooth operating system transition, it is important to understand how well applications, systems, and the network perform before, during, and after the migration. With a geographically dispersed mobile workforce, it is necessary to test the effects of a global software change on a small group of devices and analyze the results, before planning for a larger rollout.
