Google Cloud Apps Admins

Will These 5 Chrome Enterprise Features Finally bring Google devices to the midmarket?

Written by Christopher Alghini (Senior Cloud Strategist) | August 23, 2017

 

 

Google's Enterprise Cloud initiative is real and with what seems to be unlimited resources, people power and innovation being thrown at it, Google's getting real.   Not only are they listening to the needs of enterprise IT departments but they're acting on them.  This is evident not in recent announcements but actions including this week's new revamp of Chrome Device Management Licensing.   

My love-hate relationship with Chrome devices began here in 2010.  That next year my nickname went from The Apps Admin to The Crankie Chromie for for a bit in 2011 but then again one of my main clients was a cranky warden who hated change.

"Google distributed about 60,000 Cr-48 Chrome Notebooks between December 2010 and March 2011[97][98] for free to participants and in return asked for feedback such as suggestions and bug reports. The Cr-48 was intended for testing only, not retail sales.[99][100][101]"    
 - Wikipedia - Chromebook Cr-48

Back in June we showed off two modern day Chrome devices, The Lenovo N23 and the Asus Chromebit.  Both devices provide exceptional value and true flexibility with the addition of Google's new Chrome Enterprise Management License.  

I've used the new "Leno23" all summer and while the phrase is too often overused, the new capabilities of Chrome devices present a gamechanger for companies and IT Departments managing the smallest to the largest of enterprise deployments.      

The biggest problem with a Chromebook is the reputation of an underpowered thin client but 2017 Chromebooks from US Channel partners pack a punch and the Cloud centric management in Chrome Enterprise offers management and deployment at scale unforeseen in the IT industry.

Imagine deploying 50-5,000+ devices that are configured and ready for work out of the box.

With the new Chrome Enterprise management licensing restrictions and features are controlled in the G Suite Admin ConsoleVMware Workspace ONE or Active Directory.    Coolhead Tech even offers a White Glove service on all of the top Chromebooks in our Apps Admin Shop.  

 

"The biggest problem with a Chromebook is the reputation of an underpowered thin client but 2017 Chromebooks from US Channel partners pack a punch and the Cloud centric management in Chrome Enterprise offers management and deployment at scale unforeseen in the IT industry."

 

The white glove service includes warehouse testing, Chrome OS updates and Chrome Enterprise Enrollment. The devices arrive able to connect to your Wi-Fi networks and pre-configured to your specifications. Contact Coolhead Tech for more information or build and submit a quote in the shop.

There are over 200 settings available to sysadmins in Chrome Enterprise management, here are some key features announced and appreciated by us and our midsize customers.

 

Managed Google Play (beta)

Announced "as if" last year Google Play management is finally, officially in Beta.   Deploy and manage apps and extensions across the enterprise, customize browser management and enable Chrome sync to ensure an optimal user experience and high levels of user productivty  

With Managed Google Play access IT and Apps Admins can deploy public (and custom) Android Apps as well as allow users access to their apps through their personal accounts.   The same goes for Chrome extensions, you can deploy custom and public Chrome extensions to user's Chrome browser sign-ins.  For example, we push RingCentral for Google to our users to add Unified Communications to G Suite Business.

All in all there are over 100 policies available to apps admins that provide managed control of content, bookmarks, cookies and more across any device running Google's Chrome browser.

 

Microsoft Active Directory Integration

We're excited that Google Cloud is playing better with our friends who use Microsoft Technologies.   Google has long offered Active Directory and Password sync options but they've been cumbersome to configure and maintain.   The recently updated Cloud Sync offers a more complete solution while the recent Calendar Interop upgrade makes an O365/GSuite Office a coordinated reality.

The new Chrome Enteprise feature easily allows for flexible fleet management by joining Chrome devices to your domain,provisioning certificates and configuring file shares.

Active Directory Credentials on Chromebooks..  IT Admins can now allow users to sign-in to Chromebooks with any number of options including Active Directory, their Google Accounts, Any other SAML Identity Provider.   SSO Creds pass into their sessions for a seamless experience. 

 

Public Ephemeral and Kiosk Sessions

We've set up separate OUs in deployments for Chrome Devices and these three (plus Signage) are my favorites.    IT Admins can move devices from one org unit to another and completely change the use case of the device.  We can repurpose a touchscreen chromebook from a shared device for employees to a kiosk for customers in 2 clicks. 

Ephemeral Mode is super cool to say and provide.  Google Admins can deploy Chrome in shared and public spaces like BOH for hospitality, the warehouse or executive lounge.   Users can login and use the device securely.  Data is wiped clean after each use.  Poof! You're a sandwich.

With Chrome Enterprise's safe browsing and content policies you can protect your users from mailicious web content and configure content policies to secure user's access to resources such as Javascript, images and rogue plugins.   

You can Brick a Device if it's stolen or lost.     A Forced re-enrollment option and sign-in restrictions lock Chrome devices to your organization for as long as you want.  Easily disable lost or stolen devices from the Google Admin Console.

Kiosk Mode is Great for Digital Signage.    You can deploy sign-app devices for a plethora of use-cases such as digital signage, point of sales, dashboards, ordering, entertainment, etc.  Our favorite chrome device for many of these uses is the Asus Chromebit which retails for under $100 and is about the size of a big candy bar.

 

Central Management with new VMWare Workspace One - Others on the way

The compatibility of Chrome Enterprise with VMware Workspace ONE enables organizations to deliver device policies using customizable assignment of groups based on geography, device platform, department, role, and more – simplifying policy enforcement across the company. Building on previously released integrations of Workspace ONE with Chrome OS, IT admins can also provide employees with access to all enterprise applications – cloud, web, native Android, virtual Windows – from a single app catalog to deliver a consistent experience to employees anywhere, anytime, on any device. Chrome device users can even access full Windows desktops and applications, helping to accelerate the adoption of Chrome devices in the enterprise.[1]   Learn More About Workspace ONE from VMWare.

Managed Networks & Proxies

A feature of Chrome Enterprise that's often overlooked is it's abaility to help manage networks and proxies for users.   Chrome devices can be configured to automatically connect your users and devices to the right networks (without their need for knowing SSIDs or passwords), enforce proxies and you can remote-configure VPNs.     This is useful for onboarding remote users and allowing users to focus on the work at hand.

Pricing for Chrome Enterprise Remains Cloudy

 

A benefit of Software as a Service or even device management as a service is the agile development of services.   Google follows this by introducing minimally viable products then continuously improving them.  Unfortunately as products improve Google moves previously useful free features to paid or repackages to squeeze more from their best customers who originally sought, among the cloud features,  business value. 

 We reached out to Google to answer a key question we have on Chrome Licensing.  In our test, when we suspended our Chrome Enterprise Service to see the effect on browser only management.

Many Admins (and users) really appreciate the Chrome browser logins on our Windows, Macs and Linux boxes.   Using Chrome Sign-in I can login into separate browser sessions for my personal @gmail.com account and my G Suite work account @coolheadtech.com.  For Coolhead Tech, we push out bookmarks and browser settings and extensions that all of our users need access to.

 

Suspending Chrome Enterprise in Billing disabled our Admin Console access to Chrome browser settings.

 

 

Google's Official Answer to our Query on Chrome Enterprise Licensing:

"For enterprise features and functionality related to Chrome OS devices you will need the Chrome Enterprise license for support. This also gives you access to support for Chrome browser on all platforms.

If you have Chrome browser deployed in your organization, you can manage policies (e.g. pushing out extensions) via GPO, or Cloud policy in the Admin Console. You won’t need a license for this.

If you do require standalone support for Chrome browser (on Windows or other non-Chrome OS platforms), this is available as Chrome Enterprise Support: https://support.google.com/chrome/a/answer/6351685?hl=en"

 

Bottom Line on Chrome Enterprise Licensing.

We've been solid Chrome device users, loyalists and admins since the beginning - through thick and thin.  Today's announcement seemingly a rebrand/refresh of Chrome Device Management as Chrome Enterprise Licensing with some new key features in the works.   

Remote Desktops and some of these features are old news to us, just polished for enterprise now.  I am impressed with the access to Android Apps and how much more useful it's made my Chrome Devices. After 7 years they're finally living up to Google's own hype and vision presented in 2010.    Highly recommended for large scale enterprise deployments.