Changing End User Computing: Seven Facts You Should Know About Chrome Enterprise (Cloud Next ’19)

[MUSIC PLAYING] CYRUS MISTRY: Hi, everyone. AUDIENCE: Hello. AUDIENCE: Hi. CYRUS MISTRY: I’m Cyrus. I am the product
lead for Chromebooks in the commercial segment,
which means education, business, government, that whole
deal, everything other than you walking into
Best Buy, basically. So here to talk a little
bit about Chrome Enterprise, give you a sneak peek
into stuff that’s coming. And then I will try to save
time at the end for questions, because I think that’s
actually the most fun part– things you want to know about
how it works, interesting behind the scenes stuff. There’s mics up here. Or you can shout it out,
as soon as we get to Q&A. I’ll try to leave
10 to 15 minutes at least for Q&A.
So just jot down, Google Keep, whatever,
your questions. Oh, this is where I’m
supposed introduce myself. Oh, oops. That’s a pretty interesting
black and white they did. So I’ve been at Google
13 years this year. That’s a very long time
in Google standards. And I’ve been on Chrome
OS specifically– next year will be 10 years. So I was on the initial team,
which is pretty exciting. So I’ve seen it,
seen the whole ride. When I first joined they said,
what do you want to work on? Because we have two
product managers. And I said my background
is in enterprise. I said, I think this
product will do well in a managed
environment with IT, because they love the idea
of a simple, secure endpoint. So that’s what I did. I worked on the very
first prototype, CR48. Does anyone remember the CR48? No, yes, three hands– [INAUDIBLE] three
people remember that. That’s a long time ago. It’s probably worth money
on eBay if you have one, by the way, because
we only made 60,000. I was given 16,000 to give
out to schools and businesses to go try out and say, would
you like a device like this? A lot of your employees
are living on the web. What do you think? And they said, yes, can
you please take my money? I like this much better
than what I’m doing. So we thought we
were onto something. And it’s been quite a journey
in the decade that’s followed and the stuff that we’ve added
and stuff that we’ve done, so I’ll talk a little
bit about that. I’d like to start with
a little bit of context. People wonder why are
you making computers? You guys do all kinds
of strange things. Although now they ask
that less, since we have driverless cars and all kinds
of strange things going on. The background,
just so you know, this company was
born on the web. Everything we do is web, right? And we want to make sure that
we give people the best web experience. So we would optimize the web. We’d really push the boundaries. For those of you who
remember, the web used to be, of course,
static web pages. And then we slowly kind
of pushed the boundaries to do actual
applications, right? Gmail was kind of
one of its kind, embedded chat,
Google Maps, right, and the [INAUDIBLE]
actually can zoom. And all these kind of things
were very revolutionary at the time. We were pushing the envelope. Bandwidth was still painful,
very painful for those of you that remember dial tones and
what you had to go through. And so then we spun up
efforts to improve bandwidth. And that’s come
a tremendous way. Two or three different
projects we’ve had, at least, in bandwidth, and then it
became eight or nine projects. So we had bandwidth. We had great web apps. And then you had this browser
that was just painful. You had toolbars. You guys remember toolbars? People had three or
four different toolbars. The Google toolbar
was very popular. And then big buttons
for back and forward. And that entire
part of your screen took up 50% of your screen. And then there’s
this small portion below that you would
actually scroll to actually get to the content. And the part around
the actual content was called the Chrome
of the browser. So of course, kind
of tongue in cheek, we decided to call it Chrome. Because we actually
wanted to get away. Google’s in a very unique
position, where we’re not actually interested in you
staying in our products for long periods of time. Think of Search. We win when you’re
out of there fast. You’ve got your answer
and you move on, right? Same with Chrome– our goal
is to get out of the way. Make the content
front and center. And so that’s actually why
we went out and did Chrome. We tried to work with the
other browser providers. We worked hard. It was very, very hard. And when we came out with
this in 2009 or 2008, a lot of people said, do
we need another browser? There’s already
so many browsers. And of course now, Chrome,
I think most of you know, is doing pretty well,
largest browser in the world. 2 billion people use the Chrome
browser on a weekly basis. It’s just staggering when
you think about that. So we’d kind of
addressed web browsing. And then there was
the last problem. The third big problem is you
would turn on your computer. And you would go to get coffee. And you would go take a nap. And then you would come back,
and it would still be booting. And then when you finally got
in, startup would take forever. You would log in and pop ups
would come in and annoy you. And you were just waiting to
click the Browser button to get on with your life. And a lot of people
can’t even remember this. It has been a while. This was the state of computing. It would get slower over time. If any of you have a five
or six-year-old desktop computer in your
basement, you know exactly what I’m talking about. You probably never want to turn
on that thing again, right? It’s loud. You don’t even know what’s
going on in that thing. This was the computing
world back then. The cheapest
computer at the time was $450 when we
started our journey. And we came out with
this completely radical $199 computing,
fastest way to get on the web in the world,
five seconds to boot. So it was very
revolutionary at the time. And a lot of analysts credit
the Chromebooks and the journey we’ve been on for kind
of completely changing how computing works. And this is a little
bit of our journey. It’s a lot we’ve done
in 10 years, when you look at Chrome and Chrome OS. When Chromebooks came
out, a lot of people don’t even remember this. This is now way dating. Chrome version 9,
I think, 8 or 9. You didn’t even have
multiple windows. It was just literally a
single browser, full screen. That was it. You couldn’t minimize. And as strange as
this sounds, it drove people crazy that
there was no wallpaper. They said I want
to see my wall– and we said, well,
there’s nothing to see. There’s no applications to pin. There’s nothing. It’s just the web. And they said, well, I
still want to minimize it, so I can see the wallpaper. There was this
very strange thing. So we actually did that. We gave them the
ability to slide it away and look at a picture. But that was the very first
iteration of Chromebooks. We then added all kinds
of features for schools. We added kiosk mode. And we added this cool feature
called Managed Guest Sessions. It used to be called
Public Sessions, which was this completely ephemeral
way of running a Chromebook. And we then added the entire
Play Store, which is crazy, the 2 million or
whatever applications. So you have the entire
mobile application ecosystem on a full desktop browser,
which has also never been done. We’d recently, which
we just launched in 73, the enterprise controls for
full Linux application support. So a lot has happened in
a short period of time. So let’s go in and look
at some of the myths that are out there about Chrome OS. I think these are fun. First, you’re only an edu play. What the heck? Well, first of all, I
can tell you about edu– phenomenal growth in education,
as you probably know. We are number one
in many countries. Every quarter to
two quarters, we become number one
in another country. Almost 70% share in the
United States in education– so phenomenal growth,
but the good news is it’s been growing in all the
other segments extremely well. This is the non-edu,
business growth of Chrome OS. And you can see this
is a good trend. We’re on the right
side of the trend. As companies move to the cloud,
this is exactly what they want. They want a secure
endpoint that is fast, that is shareable, et cetera. So the rest of the PC market,
unfortunately, fortunately, is fairly flat. In many areas, it’s
negative 1%, negative 6%. Overall in the
commercial segment, it’s right around
flat, 1% to 2%. So this is very
good for us to see. And the good news is it’s
accelerating, not just staying that way. A lot of companies are using it. People ask, who’s actually–
is this a real thing? And they’re using it for
a variety of reasons. They’re not just using it
for your front line workers. There’s people using it
for information workers. People using it all
day long– using it for content management. They’re using it for ERP. They’re using it for point of
sale, all kinds of use cases out there. And this is obviously
a very small sample of some of the customers
that are out there. Do you have enterprise
class Chromebooks? Yes. [INAUDIBLE] got a laser pointer? Oh, yeah. Of course, it won’t work. Oh, it does kind of work. This device is an example. I was going to– I don’t know if I
can mention the name. But I was going to
a large hotel chain, and I went to their call center. And they had thousands
and thousands of people in this call
center, taking reservations, handling support. And I said, oh, this is awesome. What application are they using? What are they doing? And this was before
Chromebooks even launched. I said what are they using? And they said well,
they’re just using the web. They just use Chrome all day. And I said, oh,
that’s fantastic. They use Chrome all day. What are they using? They said, well, we’ve
given them Mac Minis. I said Mac Mini– that’s
a pretty fancy thing. And only in the browser? Yeah, and he said, it’s a pain. People take them. They steal them. [INAUDIBLE] And so I said, my gosh. That’s [INAUDIBLE]. Do you want something better? Because you just want the web. And they said, yes, absolutely,
but we need a headless device, because we have big monitors. We want to have our
standard keyboards. So we don’t want a
laptop form [INAUDIBLE].. I actually went back– I went back to our team
and I said, can you make me something small? No battery, no
keyboard, no monitor– and we actually did that. We actually came up
with the Chromebox. And the reason I gave that
story is because we actually made these devices
for enterprise, right? And there’s a lot of them
now, almost all the OEMs make these– Chromebox, as well. But we’ve got Chromeboxes. We’ve got Chromebooks. We’ve got convertibles and 360s. We’ve got detachables. We have tablets. We have stylus. We have all the way to I7 units. We have core I5 view, where
you can get 16 gig units. You can get Chromebooks that
are up to $1,500 Chromebooks. Every major OEM
makes Chromebooks. So you can absolutely get
enterprise class hardware, any form factor you want, touch,
4k, all of those cool things. So that’s another
good thing to know. Oh, good. Here we go. Did I do it? OK, good. They don’t really work offline. Gosh, the number of people
that have told me this. There is a lot of
people that actually– and I’m not kidding when
I say this– probably 10 times I’ve been asked this. This is just amazing. How does it work? So there’s no disk at all. The disk is in the cloud? No, no, no. These are still computers. They have a disk. They have everything offline. You need a disk for caching and
all of those types of things. So it absolutely works offline. The web has offline, of
course, assuming your web provider has made offline work. And then, of course, the entire
Android ecosystem is available. Those applications, all
of those two million were actually built
offline first. They all of them assume
offline, in a lot of cases. Almost all applications,
including web applications, will obviously work
better, in some cases, work only on the web,
meaning when you’re online. That’s to be expected. But getting developers to
start building offline first is actually very good. It’s a good thing for
them to do anyway, because the applications
tend to be much quicker. They work better in
flaky connections. They handle things like
syncing, et cetera. So I usually encourage
developers, if possible, build in that mode, in
that way of thinking. So there’s tons and tons
of offline applications available on Chromebooks,
which is just good to know. Does it only do the browser? Well, OK. I think I probably
covered that a few times. Of course, it has the whole
mobile application ecosystem, which again, is, I think,
a super cool unique thing. When you think about where
people are building apps today, no one is dusting off their
.NET and C# books and building for Windows. They’re building for the web
or they’re building for mobile. That’s it. And so the good news is,
when you think about that, it’s actually
really, really great to have the entire
mobile application ecosystem available, as well as
the full desktop browser, which is kind of very, very unique. In addition, I mentioned
running Linux apps. And it probably is worth
saying you can also run legacy Windows applications
on a Chromebook, which is great. There’s lots and lots
of ways to do it. There are providers that
stream Windows apps down. You can use on-premise
virtualization. There’s even on-device
virtualization options available now that
we have Linux. And then you can run your
Windows applications, kind of a little bit inception. But there’s lots of
virtualization options. So if you really want to– but
the main thing we want to do is for all of these, make sure
that it is ultra, ultra secure. None of these should open
up new security holes. Everything is containerized. Everything is sandboxed. Nothing gets access to
the OS in general anyway. The OS is read only and blocked
from anyone updating it. On a lot of other
operating systems– one of the reasons
viruses happen and computers get slow
is because applications, once they’re installed,
become super users. They can basically do anything. They can modify the OS. They can write to different
parts of the registry. They can just kind of
litter themselves all over. For those of you that
remember– and it’s very hard to change this in an OS. Although OSes are absolutely
all getting better. It’s very, very hard. Even uninstall was a big
problem in the olden days. You had to go out and
find all of the bits that might have been littered out
throughout your operating system. So this was just built an
extremely different way. Hm. Oh, there we go. Well, my clicker
sometimes doesn’t work. Maybe I need to stand here. What about regular updates? How does that all work? So our update
mechanism is different. And I think this is one of
the extremely unique things about Chromebooks. Every Monday morning,
whether you’re at school or at a business,
when all of your employees lift the lids and
start working, they’re all running exactly the same
version of the OS, which is in itself remarkable. All updates are delivered
entirely from the cloud. There’s nothing to do
on prem, et cetera. But there’s a few differences
with how we do updates. First of all, all
updates are completely seamless to the user. They’re done in the background. And the reason we can do
them in the background is every Chromebook has two
versions of the operating system at all times. There’s an A and a B copy. As you’re running on
A, B gets updated. And of course, we don’t
update the whole thing. It’s just delta updates
every six weeks or whatever. Just the bits that need
to change are changed. As soon as we reboot, or as
soon as the user reboots– and by the way,
because it’s so fast, this is another interesting
tidbit that a lot of people don’t even know, most people
at Google don’t know this– because booting it’s so fast,
because it’s 5, 6 seconds, when you log out and you get
back to the login screen, if an update is ready, we
will actually do a full reboot and take you back
to the login screen. And most people don’t know. They say, oh, that log out
took a few extra seconds. And they’re back at
the login screen. But we’ve actually not
only done a full reboot, but we’ve swapped. And we are now running
on OSB as the primary OS. At the same time
that we do that, two of the seconds of the boot are
actually taken up by something we call verified boot, which
is actually an entire process to verify the operating system. We verify every bit of
the operating system to make sure it is
exactly what we expect. So in the event that we
have missed something, and something squeaked
through and was able to compromise
the OS, we won’t even let you boot with that OS. We will revert
back to A and boot. So this is actually
all the stuff that goes on when you
boot a Chromebook. And it all happens
completely in the background, which is pretty nice. I think that’s good on this. I kind of started
alluding to this. How can they be so secure
if there is no antivirus? I don’t get it. And I cannot tell you how many
companies said I don’t get it. I really wanted antivirus. And I said, well, I don’t
know what to tell you. There’s no such thing. You cannot have a virus. I shouldn’t say that. You don’t need an
antivirus, as of now, because there is no such concept
as something compromising the OS in a persistent
way that wouldn’t be detected when you boot. So one, how do we do this? And how has this even been
possible after 10 years of employees and
hackers and students? By the way, students are
some of the best hackers in the world because
they want nothing more than to use
their computer to go surf inappropriate things. And so it’s really
fantastic that we have penetrated all of that. First is the OS itself. It’s kind of kept
completely locked down. Nothing gets access to the OS. Again, I can tell you all
kinds of interesting stories, since I’ve been on
the team for so long. But there’s a small shell
that you can actually run, called the cross-shell. For those of you
that know about this, we can actually run
some basic commands. They didn’t take an
entire operating system and then build Chrome
OS on top of that. They actually did the opposite. They said we need
the Chrome browser. What are the minimum pieces
we need underneath it to make it work, period. That’s what we’re
going to put in. The command ping,
for those of you that know what that command is,
the most basic, simple command in the world, there
was an email thread about whether we
should allow ping. They look with that
level of detail, because every
single thing you add is potentially another
vector, another threat. So they’re very, very, very
careful about what they add. Nothing can get
into the operating system of any channels
open to get access to the operating system. It’s only done using private
Google APIs that we have. The second thing we do
is we sandbox everything. We sandbox the entire
browser process. Within the browser process,
we sandbox each tab. The entire Android
container is sandboxed. Every app within the
Android container, then, in a separate sandbox– the thing is
defense in depth is, of course, used in security,
in physical security and in software security. This is exactly what you want. Things would have to hop
out of many, many containers and sandboxes to get access. Then I mentioned, we
also have verified boot in case we’ve missed something. And of course, we
have humans that do all kinds of reviewing
of extensions and apps. We also have– which
is pretty cool– we have a lot of AI and ML
that actually reviews all of the application and
application updates that come into Play
Store, in the web store. Things are automatically taken
down before a human even sees it, which is also pretty cool– which is very hard to
do given the scale. Is this an enterprise
class device? Can I run this in my company? Well, the good news is, yes. There’s a lot of stuff in there. There is 200 plus different
policies that you can set. The good news is almost no one
sets anything close to that. They need, like, 15 or 16
different controls, at most. But the options are there if you
need a lot of advanced stuff. There’s full fleet
management here. But the nice thing I
will say about this is the stuff that’s in here
is entirely cloud-based. So the entire management of your
fleet is entirely cloud-based. A lot of people don’t know
this, but our management system, it’s the largest cloud-based EMM
in the world, or MDM, for those of you who know what that is. No cloud EMM in the world
manages as many devices as this one does. Tens of millions of
active devices running, another 10 million
devices just in education gets enrolled into the
console in just a period of a few months,
July and August. And Google doesn’t
feel it at all, right? It’s one of the benefits
of having the scale. The IT administrator can be on
their phone on their car ride home, hopefully not while
driving, and can actually go in and make changes, look at
their fleet, disable a device, lock one down if it’s stolen– those types of things. You can do all of that entirely
from here, which is nice. Provisioning a Chromebook
and rolling a Chromebook, for those of you
that have done it is, I think, about seven seconds. Think about a different
OS, I won’t say who, how long that takes
to provision that and enroll that and
image that and get that with all the applications
that you need. It’s not seven seconds. So that’s pretty exciting. And of course, all
the applications, extensions, everything
you do is done from here, as well, which is kind of nice. And I think this may
be the last myth. I don’t know. Let’s see. Can you integrate with
your legacy IT world? Because I have a legacy,
and how do I handle that? Every company does though,
which is the good news. Unless you’re a small
business, very small SMB, or you grew up in a serverless
company, which the new ones do, fortunately, most new companies
don’t bring out big servers and stick them
under their desks. So yes, there’s lots
of options here. First of all, you can
actually, if you really love Active Directory and
SCCM and group policy, you can manage your
Chromebook using that. It’s more painful, name
value pairs, and JSON blobs. But if you really
love that, that can be how you manage
your Chromebooks. You can, of course,
access MS Office if you need for your employees. There’s actually lots
of different ways to do that, of course. There’s native web
ways to do that. There’s Android
versions to do that. There’s the full
Office functionality if you really need– that team that needs the Excel
macros and their VB stuff from 1997. So all of that is there. And SSO certificates,
802.1a ethernet– all of the stuff that
you think you might need. Are we done? No. There’s an enormous list of
stuff that companies need. But the good news is,
whenever we talk to– almost every CIO
I’ve ever talked to, I don’t need to
convince them that this is a better model for them. Anyone that’s ever tried it and
tested it is, like, I love it. I want to expand this. But they say, this
is the stuff I need. Right? So that’s exactly the
right place to be. We are in exactly
the right situation because we’re on the
right side of the trend. We already have
natural pull from CIOs. So it’s just a matter of
making sure this has all the enterprise capabilities. There’s an entire
dedicated team that just works on making sure
you’ve got all of the enterprise functionality you need. Of course, you
could run it today. You’d have to do some
work around the center, but we want you to be able
to run it with everything that you possibly need. OK. Let me see what is next. OK. What’s coming up? Now the sneak peeks,
now no photos. Is what true? No photos? AUDIENCE: [INAUDIBLE]. CYRUS MISTRY: No. No photos for this part– there will be some very
exciting stuff here. So this part here is a little
bit, a sneak into what’s coming and how we think about
the vision of Chromebooks in the future. When we think about everything
that we’re building, we really think
about two sections. The first is, of course, we’re
talking about for the end user. That’s where our life begins. That’s our world. Secure and productive,
those are the two things that we want to make
sure that they are. They’re secure and
they’re productive. OK? And we’ll talk about
those in a second. And the second piece, of
course, is the IT department. Many times, unfortunately, more
important than the end user. Because they’re also the
ones buying and deciding and deploying and
doing all of that, making sure that they have
very powerful, easy to use, and management is
very important. And we’ll talk about both
of these really quick. And I’ll give you some
glimpses into stuff that is coming, which
I think is pretty cool. Let’s talk briefly
about the end user. The first thing
is very assistive. And when I say
assistive, I don’t mean the Google Assistant,
which is amazingly cool. You can ask it a question. You can do hands-free
assistant now on Chromebooks. And you can just say the
magic words, which I won’t say or everyone here with
an Android phone– it’ll listen to my voice. But being able to
ask good questions and all that is great. But what we mean here is, when
you think about an operating system today, every
operating system we’ve ever used, whether
you’re using Windows or you’re using a
fruit or whatever you’re using, when you use it,
it’s a very reactive system. It’s just waiting. It’s sitting there. And it says tell me, wait
for me to click something. And it’s not helpful. It should actually know you’re
about to enter the meeting that you entered the same time
yesterday with the same three people. And it should just nudge you
and say, hey, by the way, this is the presentation you
guys were working on last time. Do you want to open it? Right? It should do it only if it has
an extremely high confidence level that that’s what it is. That’s how all AI and ML is
all just based on probability. But that’s actually
what it should do. These are simple
things to do, actually, if you are a company with
AI and ML instinctively. But these are the types
of things that you’re going to start seeing. You’re going to see an
operating system that is actually going to help you. Now interestingly, by the way,
there’s a lot of AI and ML actually within a Chromebook
today that a lot of people don’t know. There’s amazingly
cool stuff in there. Not just machine learning
around your preferences around brightness and time of
day and how much you like it, adjusting it, your
personal habits when you’re running different
apps for what we should discard, how to optimize your
battery life, your performance, when we should crank it up. All of those types of
things are actually– is actually on-device ML that
is running those things, to make it smart in the background. But we want smart
even for the end user directly for their applications. The next one is productive. It’s also extremely important
for those of you that live like me with 29 tabs
open, or probably 70, and they all just become
these tiny little icons. Does anyone use a lot
of tabs like I do? Yes. It drives me insane. First of all, I can’t
even see what it is. And that also drives me insane. So fixing that,
that is all coming. Do not worry. There’s absolutely going to be
better tab management and tab groupings and all
kinds of things. But even taking
it a step further to be able to have, of
course, multiple desktops, this has been
around an operating system for a long time. But doing even
cooler things, like if you are in a different mode
or in a different workspace, being able to take
all of that work and name it as a workspace. Keep it synced on any
device that you use. Get into focus mode. So right now I’m only
in this workspace and I don’t want to be
disturbed or accidentally go to any other things. All of those types of things,
we have seen that they work. And so you should see a lot
of this cool stuff coming out. Flexibility, of
course, is important. I’ve already covered this slide. But just want to
bring it up again, that it’s very important that
people work the way they like. If you are the type of person
that really prefers touch or if you really
prefer a tablet, or you really prefer
detachable and you want to take out the keyboard
every once in a while, you should be able
to have that option. And then IT, what’s
coming in this space– so two things that
I care about– I want to do everything
I can possibly do. And I want it to be easy to use. When you think about what
IT departments care about, they usually want two things. They want visibility,
and they want control. Visibility means I just want
to be able to see and know everything that’s going on. What are people installing? What are they doing? Why are they driving me crazy? What security things
are they doing now? And they want to make
it really, really, really easy to
control those things. So first thing is simple. I mentioned this before. We have, obviously,
a ton of policies. But we also do
something very simple called smart defaults,
where we actually go through every single policy
and make sure that it’s already set to what we think would
be the best experience and the most secure for you. We always err on the side
of the more secure option, and then let you turn
things on as you want. This means you don’t need
to go mess with 50 things to get it running. You can actually
do none of them. And then you can slowly
decide which things you want to turn on,
control, turn off, et cetera. So this one I talked about. Scalable– I mentioned this. Tens of millions of
devices handled entirely from the cloud. You never need to worry
about adding new servers or anything to manage
your devices, which I think is great. There are several
deployments of Chromebooks with more than 100,000
devices in any organization, both schools and businesses. And what’s actually
even more interesting than that is most of them didn’t
hire a single additional IT person, which is staggering when
you think about 180,000 in one situation. And they didn’t hire
anyone additional. Oh, good. Thank you so much. You can come see me. I’ll probably be
here for one minute. [MUSIC PLAYING]

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *