Jeremy ChapmanOffice and Office 365 STPM Microsoft Office Division
Strengths No footprint on device Works on most common browsers (IE, Safari, Chrome, Firefox) Files are rendered remotely in full fidelity* Multiple paths in - SharePoint, Office 365 and Windows LiveWeaknesses Much less functionality compared to native apps Fidelity loss in edit mode Requires SharePoint access in managed environments. *except, OneNote and OWA. They do not use remote rendering
Worker Processes FunctionalityWord Viewing [or PowerPoint] Service Highly sandboxed 6 Workers processesApplication Converts document or Functionality presentation to series of images or XAML Services conversion Temporarily stores Application requests for output locally on disk Manager documents Creates and manages Web Application workers Stores output to Web Apps Cache Proxy Group Home Sites Functionality Word Viewing Provides [or PowerPoint] G location of Service service Application applications in 5 Proxy farm. 4 3 7 Functionality - ASPX Provides HTML WordViewer.aspx Checks cache for Layouts renditions (& handlers) Request renditions 2 from service app. 8 Functionality - Cache Office Web Apps Cache Stores rendered documents 1
3 Web Application Functionality Home Provides HTML Sites Translates .DOCX Layouts and .ONE files to OneNote.aspx / lightweight HTML / JS WordEditor.aspx Caches updates on2 server OneNote only – auto saves notebook 1
Excel Calculation Service Proxy Group Functionality Functionality Manages editing Excel Provides Excel Calculation sessions G Calculation location of Autosaves workbook service Service Service applications in Responsible for re- calc Proxy farm. Connects to external Web Application data sources (if applicable) Home Sites 3 2 46 Functionality - EWA Provides HTML Layouts Excel Web Load-balances sessions between Access (EWA) Excel Calculation Services Dispatches requests to the ECS 5 1
Strengths Offline capability Tailored to device UI and usageWeaknesses Self-Provisioning via App Store & Android Market May not have access to central and secure storage User needs to apply updates Files may be cached or saved to the device.
Strengths No footprint on device Manageable configuration Citrix ica clients available for most common device types Uses remote resources to render and compute Enables core platform deficiencies, such as printingWeaknesses User experience Hard to get and keep running Multiple points of failure.
Control file traffic totrusted devices & users How to define and enforce what “trusted” means? Can you enforce enough configuration? How good is device crypto? How are untrusted devices connecting to network resources?
Limiting Access to Data and Network Resources The Traditional Management vs. Consumerization Tug of War Rights Management Reduce what untrusted devices can see and connect to Limit the amount of data kept on devices (for example, mailbox sizes) Allow doc reading, but not editing or local saving on untrusted devices Keep data central with secure remote access
Identity-based protectionControls access to information across the informationlifecycleAuthorized access based on trusted identitySecures transmission and storage of sensitive informationEmbeds digital usage policies (print, view, edit, expirationetc. ) in to the content to help prevent misuse after delivery
View Protected attachments in OWA IRM in Exchange Active Sync Enhanced collaboration using Microsoft Federation Gateway Cross Premises IRM support for Exchange OnlineTransport Protection RuleOutlook Protection RuleJournal Report DecryptionTransport Pipeline DecryptionIRM in OWA ExchangeProtected Voice Message Exchange 2010 SP1 2010 RTM Exchange 2007
Keep Everything in the Data Center Deliver Cloud Services Remote Desktop Solutions Host data in your private cloud You don’t need to say “no”, but you will need to ask for resources The end user experience may not be ideal, but both parties get what they want
There is no one-size fits all solution hereSecurity is a sliding scale; lock down as neededTo be “policy-managed” is not a checkbox; it variesdramatically from vendor to vendorYou can limit access to documents without completely cuttingunmanageable devices offYou can give people access to restricted resources, but itcan be expensiveThis is a catalyst to get more resources and cement IT asthought leaders in your organization!