adempercem - stock.adobe.com

Chrome OS: Why it may be time to approach desktop IT in a different way

The managed desktop has been running for nearly 20 years. Surely there must be a better way? We investigate

This article can also be found in the Premium Editorial Download: Computer Weekly: The desktop is changing

For almost two decades, the dominant desktop operating system in enterprise IT has been Microsoft Windows. 

Windows remains cemented in the enterprise mindset, even though user or client-side computing is a world apart from the desktop IT of the late 1990s. 

The combined installed base of Android and iOS far exceeds that of Windows-based PCs. Browser-based and mobile app-based enterprise applications are also commonplace, due to the maturity of software as a service (SaaS) in business. 

Yet the majority of older enterprise applications are designed for Windows users, and desktop administrators have spent years fine-tuning the management of the Windows estate. 

Microsoft will officially stop supporting Windows 7 on 14 January 2020, but many businesses still rely heavily on it. They have yet to shift to Windows 10. 

There is therefore an opportunity for IT to ask a difficult question: “Is there anything better out there?”

Windows alternatives

Mac OS is clearly the most direct rival, and Apple has managed to ride on the success of the iPhone with a range of premium laptops that look far smarter than many corporate laptops. 

But Mac OS X is derived from the Berkeley Software Distribution (BSD) Unix kernel. It is a traditional operating system, designed to provide a platform with an extensive set of services to support fat client applications, akin to the Windows system, albeit with a different user interface and kernel. 

“Chromebooks work offline as well as online. Enabling offline mode will keep a document available in local storage allowing you to continue to work. You simply synchronise to the cloud as soon as the internet connection is restored”
Tech Data

Google has taken a very different approach. It began in 2011 with the release of Chrome OS, a Linux-based operating system that relies on cloud-based applications with the Chrome browser as its primary user interface. 

There is no real concept of local applications and local storage. The idea is that everything is accessible online. Chrome OS is designed to run browser-based applications as efficiently as possible. The experts Computer Weekly has spoken to believe it not only achieves this, but surpasses the web experience on fat client operating systems such as Windows and Mac OS.

But as IT distributor Tech Data points out, Chrome OS is not limited by the availability of network connectivity. “Chromebooks work offline as well as online. Enabling offline mode will keep a document available in local storage allowing you to continue to work. You simply synchronise to the cloud as soon as the internet connection is restored,” Tech Data explains. 

Why Chromebook running Chrome OS is secure in the enterprise

Chromebooks use the principle of “defence in depth” to provide multiple layers of protection, so if any one layer is bypassed, others are still in effect, says Paul Nicholas, business manager, Google, Tech Data. They provide the following security features built-in:

  • Automatic updates: The most effective way to protect against malware is to ensure all software is up to date and has the latest security fixes. This can be difficult to manage on traditional operating systems, with many software components from many suppliers, all with different update mechanisms and user interfaces. Because they manage updates automatically, Chromebooks are always running the latest and most secure version.
  • Sandboxing: On a Chromebook, each web page and application runs in a restricted environment called a sandbox. If the Chromebook is directed to an infected page, it can’t affect the other tabs or apps on the computer, or anything else on the machine. The threat is contained.
  • Verified boot: Even if malware manages to escape the sandbox, the Chromebook is still protected. Every time the Chromebook starts up, it does a self-check called verified boot. If it detects that the system has been tampered with or corrupted in any way, typically it will repair itself without any effort, taking the Chromebook back to an operating system that’s as good as new.
    Data encryption: When using web apps on a Chromebook, all important data is stored safely in the cloud. Certain kinds of files – such as downloads, cookies and browser cache files – may still be present on the computer. The Chromebook encrypts this data using tamper-resistant hardware, making it very difficult for anyone to access those files.
  • Recovery mode: If anything goes wrong with a Chromebook, you can simply push a button or use a quick keyboard combination to enter recovery mode and restore the operating system to a known good version.

Source: Paul Nicholas, business manager, Google, Tech Data

Google traditionally targeted the education sector and a number of hardware companies sold low-cost Chrome OS laptops, but it has now changed tack. There are now Chromebooks at every price point. 

Google itself has released a high-end Chromebook that competes in terms of price and sheer elegance with the very best ultrabook laptops that Apple, Microsoft, HP, Dell and Lenovo have to offer. 

Cloud changes things

So, with the advent of cloud-based storage and the fact that many enterprise software publishers now offer SaaS, could now be the time to consider Chrome OS as a viable desktop operating system for the enterprise? 

As long as you use the right applications, it is the right tool – it does one job, which is run a web browser,” says Mark Ridley, group technology officer at Blenheim Chalcot. “Chrome OS doesn’t have all the power of Windows or Mac OS, but this limit makes it simple to roll out. 

Ridley pioneered the use of Chrome OS when he was CIO at recruitment firm Reed. He believes the operating system provides a secure environment, making it a good choice when regulatory compliance is a top priority. 

“A Chromebook device running Chrome OS is constructed to be so single-minded that your security exposure shifts to the security of the cloud services you connect to”
Mark Ridley, Blenheim Chalcot

“The attack surface of Chrome OS is much smaller than Windows. Chrome OS is tied so closely to the hardware, the way the device boot is protected, and the fact that you can leave everything in the cloud, means the threat from data loss is significantly less. A Chromebook device running Chrome OS is constructed to be so single-minded that your security exposure shifts to the security of the cloud services you connect to.” 

Over the past 18 months, Computacenter has seen a surge in demand for Chrome OS. 

Windows 7 is nine years old, so it is not a contemporary user interface any more,” says Paul Bray, chief technologist for digital workplace technologies at Computacenter. “We see a hybrid world, where Mac OS and Chrome OS are interchangeable.” These generally sit alongside Windows in the enterprise. 

Reflecting Ridley’s experience, Bray says Chrome OS is being used in very specific use cases, particularly among the IT leadership team, suggesting that IT chiefs are looking seriously at Chrome OS as a viable enterprise operating system. “Google has broken out of the shackles of being just in education,” he says.

There is now a Chromebook at every price point. While the manifestation of Chrome OS has actually been at the low end of the market, premium devices tend to offer better build quality and robustness that enterprise customers regard highly. 

One of the big changes is manageability, says Bray. “The high-end devices also provide better fleet management, such as the management capabilities built into HP and Lenovo Chromebooks. Google and Airwatch also provide good management capabilities.”

For instance, at Dell EMC World last year, VMware and Google announced an expanded partnership focused on accelerating Chromebook adoption. This expansion includes VMware Workspace ONE support for Chromebooks, enabling secure identity-based single sign-on (SSO) to any app on Chromebooks, including cloud services, internal web apps and virtual Windows apps and desktops.

“We have customers with quite progressive strategies to exploit Chrome OS, where they can unlock web and cloud apps. The benefits are ease of use and simplicity,” says Bray.

Being primarily a browser-based operating system, Chrome OS is intuitive to use, according to Bray. 

Time for change

In the late 1990s, research published by analyst Gartner identified massive waste in desktop IT. At the time, Gartner estimated that the average running cost of an unmanaged PC was $8,000 per year. To tackle this huge drain on budgets, IT leaders made desktop IT management a priority, leading to a locked-down Windows environment. 

But with the consumerisation of IT during the late 2000s, people felt corporate IT – and in particular their work computer – was inferior to the slick devices they used in their personal lives. Mobile device management evolved as the industry’s answer to balance the management requirements of corporate IT with the flexibility of allowing workers to use their own devices to access corporate systems. 

Today, layer upon layer of technology has built up to support an increasingly complex Windows desktop computing environment. But while many corporate applications remain locked to the Windows environment, some of the most popular – such as Office 365, Concur, Workday and Salesforce – are cloud-based SaaS products, which implies they can be run in a browser or as an app on Android or iOS. 

“We have been on a web journey for 15 years, but the enterprise is still heavily dependent on Windows. The Chromebook and Chrome OS is a symbol of operating system diversity,” says Bray.

Think differently

With Windows 10, Bray sees an opportunity for IT to rethink desktop IT management, and this rethink should include a serious conversation about the viability of browser-only apps on Chrome OS. 

Computacenter uses the term “evergreen computing to describe how, with Windows 10, it is no longer the responsibility of desktop IT administrators to keep PCs up to date. That responsibility now rests with Microsoft, and its Windows update programme, which rolls out security patches and new Windows features automatically. 

“From a management perspective, when we broaden the conversation of evergreen Windows 10, Chrome OS is a viable alternative and has a low overhead,” says Bray.

“From a management perspective, when we broaden the conversation of evergreen Windows 10, Chrome OS is a viable alternative and has a low overhead”
Paul Bray, Computacenter

Chrome OS is still quite marginal, he says, but he admits it does have a certain appeal. 

And while, in the purest sense, use of Chrome OS should ideally be solely browser-based, it can be extended. The latest Chromebooks even allow users to download Android apps from the Google Play store. Users can access a full-blown Windows environment via Chrome RDP, which provides a plug-in virtual desktop infrastructure (VDI); accessing Windows file shares and remote terminal emulation is possible; and there is even an interactive developer environment from Cloud9 on Google Play for developing Amazon Web Services (AWS) apps collaboratively. 

For IT departments that need to run line-of-business Windows applications locally on their PC, Crossover from Codeweavers may be an option. It is built on the open source portability library Wine and offers a library of Windows applications that have been verified to run. 

There will always be people who need masses of local storage, powerful processors and vast amounts of memory. A high-spec MacBook Pro, HP ZBook or Dell XPS mobile workstation will cater for their needs. But in this always-connected world, it is now entirely feasible to use the cloud-optimised Chrome OS operating system to stream feature-rich, compute-intensive applications onto a Chromebook. 

As to which Chromebook to choose, there are now options from sub-£200 devices with around 30GB of SSD and 2GB RAM, to a top-of-the-range £1,600 Google Pixelbook with 512GB of SD storage, 8GB of RAM and a Kaby Lake i7 processor, which makes it a full-blown mobile workhorse.

“Heavy users with more than 12 tabs open will see a benefit. High-definition video use will be better with a faster processor. SSD storage, while previously not as important, will now bear more relevance as people download and store Android apps,” says Paul Nicholas, business manager, Google, at Tech Data.

Read more on IT operations management and IT support