Microsoft execs are fond of the term "people-centric IT" -- it's their way of saying that workers are using whatever devices they want to, and are using them at home, on the train, in a hotel, on the beach, while skiing.... You get the idea. But IT needs a way to at least make sure this explosion of user choice does not put corporate data at risk.
Four of the features in Windows Server 2012 R2 are meant to bridge the gap between yesterday's world, where users have a corporate-issued laptop and a BlackBerry, and today's new BYOD environment, where users bring their own phones to work, use their personal tablets, work from a variety of locations and generally have a varied approach to how they engage with computer resources.
The new workplace join feature
Here is how the feature works:
- Your user works on a document or spreadsheet and then saves a file to her Work Folders folder. This is a special folder, but to the user it just works like any other directory in Windows.
- The document is stored on a Windows Server 2012 R2 file server in a share.
- The file server automatically classifies the document (if you have configured File Classification) based on its content and then encrypts the document.
- The file server pushes a copy of this document out to all of the user's devices that are subscribed to the folder.
- Your user can use her computer or tablet at home or on the go to access the document from her Work Folders directory on the device itself, and all changes sync back to the master copy of the document by reversing this process.
There are a few limitations, however. For one, in this release, the Work Folders feature is supported only on local file servers. Documents must be stored in shares that are on storage local to the box that is running the operating system, not remotely or over a storage area network (SAN).
ADFS is a key driver of federation in Microsoft networks now and its role will continue to grow, especially as use of Microsoft's other cloud services like Office 365 and Windows Azure become further entrenched. ADFS is also a foundation for exposing identity information and authorization data to key users, devices and partners in a secure way. ADFS and the Web Application Proxy role make all of these new features work.
Improving and automating virtual private network features
VPNs have long been a necessary evil for IT to deal with; they are really the most mainstream technology for connecting corporate devices that are out on the road or otherwise off campus back to the company's internal network. (There are alternatives, one being DirectAccess, which I have written about extensively at Computerworld, but these have not been widely adopted.)