When the business and personal smartphone collide

The battle over who will control your smartphone — the business or the user — is already ending. The winner: Both. As more and more companies accept users bringing in their own smartphones (more than half do aready, according to Forrester Research) and IT gives up on the ideas of making everyone use a BlackBerry for business purposes, a profound shift has begun.

What’s changing is that vendors have figured out how to give IT the control necessary over corporate data and applications while granting users the same control for their personal data and applications — on the same device. In fact, there are several ways to do this now, with more to come. As IT and users realize that the separation between business and personal needn’t mean discrete devices, both can move on to figuring out how to take more advantage of mobile, freed from the battle over who controls it.

The technologies that make business/personal unification possible Although the major mobile OSes have plenty of differences, they’re becoming more similar in their ability to manage the personal/business duality.

Source tagging. Apple’s iOS 4 and Research in Motion’s BlackBerry OS 6 — both new — provide a simple, elegant approach to managing business content and apps separately from personal content and apps. They track where the data and apps came from, and let that provider manage what it delivered. On a BlackBerry running OS 6 and connected to the latest edition of BlackBerry Enterprise Server (BES), anything provisioned by BES can be managed by IT. Email, apps, contacts, appointments, and so forth can be remotely wiped or locked down, leaving the users’ personal data and apps alone. Thus, the user can have one email and calendar client across business and personal, but IT can wipe the business email and calendars at any time; for the user, that information has simply gone.

Apple’s iOS 4, when used by the new breed of iOS-savvy management tools available this summer, can do the same thing. However, it doesn’t have some of the BlackBerry’s finer controls, such as the ability to set a policy that prevents forwarding messages from a BES-provisioned account to another account on the smartphone (to prevent users from forwarding their way out of your policies).

At some point, Google will copy the source-tagging approach into the Android OS; the folks at mobile management vendor MobileIron say the Android team gets it and is moving quickly in this direction. It’s a no-brainer for Microsoft to do the same for the forthcoming Windows Phone 7, as Exchange already has the notion of server-managed information separate from local information. For the record, that’s where the Exchange-oriented iOS got the idea, though in iOS 4 Apple has implemented the concept devicewide without relying on Exchange ActiveSync.

Sandboxing. All the major mobile OSes let developers create sandboxes for their apps. Those sandboxes are separate from each other, so they can be managed separately. That’s the path IBM has chosen for deploying Lotus Notes access on iOS and Google’s Android OS, in fact. Any email, calendar appointments, contacts, and file accessed through Lotus Notes Traveler is stored in that sandbox, separate from everything else. Notes can wipe that sandbox, leaving the rest of the mobile device untouched. (NitroDesk’s TouchDown app for Android, which allows for secured Exchange connections, works the same way.)

But sandboxing is a Band-Aid approach: It separates the user experience as well, so you have to check multiple calendars, contacts lists, and email inboxes — a surefire way to double-book yourself. But it’s the fallback that IT and users alike can count on to separate business and personal.

Cloudsourcing. All the major mobile OSes — now that BlackBerry OS 6 includes a WebKit-based browser — can run apps from the cloud, whether public or private. So businesses can provision Web-based apps whose data never resides on the mobile device. It’s a perfectly sensible way for businesses ilarge and small to provision apps across devices, especially as wireless broadband becomes nearly uniiversally available (it’s even in aircraft now). But it becomes awkward for mainstay tasks such as email and calendars for the same reason as sandboxing: Users have to jump back and forth between isolated views of calendars and so on that are better seen as a whole. Still, it’s an option.

As HTML5 adds more capabilities, including local storage and support for geolocation and other mobile sensors, such Web apps could become more popular, though the notion of local storage raises once again the issue of how to secure the corporate data. IT may have to create local applets to do so, says Tom Goguen, vice president of enterprise product development at RIM; he notes that the BlackBerry developer environment offers a widgets capability that can be used for such management.

Thin clients. One of the most popular iOS apps in the Apple App Store’s Business category is consistently Citrix Systems’ Citrix Receiver app, which lets you run Windows apps from an iPhone, iPod Touch, or iPad. (It’s available for Android and BlackBerry as well.) Just like desktop thin clients, the mobile thin client provides a pane of glass to a Windows terminal services environment, so you can run apps and access files across the Internet regardless of the device you use. And IT gets the complete separation of data needed to meet the stringent security requirements at highly regulated companies, notes Chris Fleck, vice president of community and solutions development at Citrix.

On a smartphone, working with the back-end app such as Microsoft Office for Windows is a pain, as most such apps are designed for a full desktop monitor and thus require endless scrolling on a small screen, but on an iPad, I found it really easy to run Windows Office via Citrix Receiver. Citrix and competitors such as Wyse Technology have done the necessary UI conversion for their mobile clients, such as converting touch-based gestures to keyboard shortcuts and mouse movements, so server-based apps not designed for mobile UIs nonethless can work with them.

Client virtualization. This doesn’t exist yet, but EMC VMware is working on it. It’s more technically complex for the vendor than source tagging, but it provides an advantage for IT that source tagging cannot: It lets IT write one version of a mobile app that works (via a virtual machine) on multiple mobile OSes. The concept is more like Java than traditional desktop virtualization; I tend to think of client virtualization as allowing non-native apps and related services to run on a software abstraction layer (SAL) on top of the operating system. Thus, companies would create VMware client apps that ran on iOS, BlackBerry, WebOS, and so on through this SAL.

Perhaps VMware could deliver a more complex form of client virtualization that included a subset of Windows to also provide access to Windows apps that may have no mobile clients (workable on an iPad or slate, though painful on a smartphone), such as for emergency management of a server by an off-duty IT admin.

In VMware’s view, smartphones would have multiple profiles — a personal default one from the operating system, with additions as desired, such as one provisioned by the company. IT could manage the company profile remotely, and all data and apps are stored in or associated to that profile. Users wouldn’t see these profiles as distinct operating system; the calendar would appear to be unified, for example, with perhaps different colors for different accounts as iOS and the rest already do. But under the scenes they would be separate, unified at the interface level by the virtualization software.

Also, users wouldn’t launch a virtualization app as a Mac user today might launch Parallels Desktop or VMware Fusion to run Windows and Windows apps. Instead, mobile OS vendors would include the client in the operating system, so it launches as needed when you open an app from your home or equivalent screen, says Srinivas Krishnamurti, senior director of mobile solutions at EMC VMware. He says today’s smartphones have fast enough processors and enough memory to run such an embedded client, especially because the client virualization that VMware envisions for mobile is not the full-on OS environment à la VDI but functions more on the app level.

The gating factor is acceptance by the OS vendors to include the technology as part of their core offering, which he thinks will take some time to occur. RIM’s Goguen says RIM is not opposed to the idea of virtualization on the BlackBerry OS; Apple, Google, Hewlett-Packard’s Palm division, and Microsoft declined to comment.

Although I like the concept, I’m not as optimistic that the major smartphone vendors will come around. Apple has made it clear it wants no alien apps on iOS, so far banning Flash, Java, and Adobe AIR; the only options are native and HTML5 apps. RIM’s Giguen said he thought other technologies could fill the bill, so he didn’t expect to see much enthusiasm for client virtualization, but RIM nonethless supports Flash Player, Adobe AIR, and Java on its BlackBerry OS (Adobe still hasn’t delivered the first two, though).

Google has pooh-poohed Java, complaining about its weaknesses, and bought the Java-based Android instead. HP may have no issue with alien apps, given it is letting Adobe port Flash to WebOS. The two remaining major mobile platform vendors, Microsoft and Nokia, have supported Java already and thus may be open to the client virtualization concept as well, though both are fading away as relevant in the mobile space.

Under-the-hood virtualization. Another virtualization approach in the works is the use of a hypervisor between the device and the mobile OS(es), apps, and thin clients — what’s called Type 1 virtualization. OK Labs has deployed this approach on the Motorola Evoke cell phone, which can run both Linux and BREW applications but presents a unified interface to the user. The hypervisor approach is more secure than the Type 2 virtualization approach familiar to most users (where a virtual machine runs on top of an operating system, such as to run Windows on a Mac), says Rob McCammon, vice president of product management of OK Labs, because it has exclusive access to the device’s processor, so can ensure separation between any operating systems and apps running on it.

McCammon says that device makers, cellular carriers, and even mobile OS providers are showing increased interest in the concept of such Type 1 mobile virtualiation. Enterprise IT is also expressing interest in the concept, he says, because it would allow secure, consistent management of devices across multiple platforms, which would support the strong “bring your own device” trend without compromising necessary IT control. Plus, it allows the deployment of a single app across multiple devices, assuming they share a primary or secondary operating system.

Multiple technologies combine. It’s likely that IT, users, and vendors will combine multiple approaches. Certainly, sandboxing and cloudsourcing will be widely used, given their universality. If VMware succeeds in getting most or all major mobile OS vendors to adopt its embedded virtual client approach, client virtualization will get strong IT support for its enablement of cross-mobile applications, strong security, and cross-mobile management. Ditto if OK Labs’ approach becomes common.

The thin client and VDI approaches probably will have the least uptake, given the complexity of setting up terminal services and the unsatisfying experience of running desktop and server apps on mobile device’s constrained UIs. But for companies already deploying thin clients for desktop users (usually large enterprises and government agencies), implementing thin clients on mobile devices — especially slates — is a no-brainer.

Beyond unification: When the smartphone and PC merge Both Citrix’s Fleck and EMC VMware’s Krishnamurti see the unification of personal and business on the mobile device as the first step to supplanting the PC. Given the processing capabilities and networking ability of mobile devices, why would users need a PC? If mobile devices can dock (likely wirelessly) to monitors, keyboards, mice, projectors, and the like, why have a separate PC?

Fleck says he already sees enterprises where mobile workers rely mainly on iPads running a mix of cloud apps, local apps, and a thin client to Windows. Today’s iPad, iPod Touch, and iPhone support keyboards via Bluetooth, network access via Wi-Fi, and monitor/projector output via a VGA cable, he notes, so much of the needed connectivity to be dockable already is in place. The creation of Wi-Fi-enabled or UWB-enabled monitors and adding iOS 4 support for mice could take Apple’s devices the rest of the way.

Slates and smartphones from other providers have similar capabilities — most also support USB for physical connection to printers and other local devices. Local memory might be a gating factor today for iOS devices, but over time the built-in memory will only increase. And most competitors already have slots to add more storage.

Naturally, this is easier said than done. The truth is that there are very few Bluetooth keyboards in use at most companies, and there are no wireless monitors as yet (and imagine what happens when you unthinkingly pick up your iPhone to answer a call when it is tethered to your screen via a VGA-out cable). But the components necessary are not expensive and can be brought in through natural hardware refresh cycles once they become available. And we’ve seen how fast enterprises can adopt new technology when users, management, and IT are all excited.

“This will fundamentally change how enterprises think about computing,” says Krishnamurti. “What does a PC client really mean — is it tied to a physical desktop or not?” The answer is no. As mobile devices become the computer you always carry for personal and business use, and as virtualization, cloudsourcing, and thin clients push much of the computing to the network, you won’t need a separate PC. It’ll be a whole new world.

This article, “When the business and personal smartphone collide,” was originally published at InfoWorld.com. Read more of Gruman et al.’s Mobile Edge blog and follow the latest developments in mobile technology at InfoWorld.com.