MacStadium recently unveiled a virtual Mac desktop cloud solution, and because it’s a unique option, I wanted to find out more about the company’s thinking. So I reached out to MacStadium’s Senior Vice President and CTO, Chris Chapman, to learn more about the company’s thinking and stratehgy.
MacStadium introduces Orka Workspace
First, a little about the solution itself. Like AWS, MacStadium has offered M1 Mac minis-as-a-service for a while; what’s new is the introduction of virtual desktops, which you can work on remotely. It basically means you can use a Mac from anywhere, at any time, and on any device. MacStadium calls this Orka Workspace.
Like so much that is emerging in the Apple enterprise, Orka Workspace meets the needs of remote work. Specifically, it’s built for companies who seek secure and flexible ways for employees to access secure work computing environments from anywhere.
Why is this a good time for Mac-as-a-service?
“The time is right for Mac-as-a-service because the Apple ecosystem is growing and accelerating at an amazing rate,” Chapman said. “It is not only the primary way we use tech in our personal lives, but also is increasingly becoming the tool of choice for our work lives.”
As the ecosystem expands, the use cases also grow. “In the enterprise world the landscape is shifting from centralized to decentralized workforces and people are leveraging bring your own desktop (BYOD), which is leading to Mac as a primary choice,” said Chapman. “As an enterprise, providing consistent, secure tools has become paramount. And providing access to the Mac platform is a large gap in current cloud capabilities.”
How can the Mac become a service?
The Mac is not inherently remote friendly. It’s built as a bicycle for an individual’s imagination and not intended to be the velocipede for a hive mind. It is not a machine you work from remotely, and its OS is not designed to live in the cloud. MacStadium had to figure out how to bridge that gap.
“We have put a lot of effort into engineering both physical and software technology around the Mac to provide both performance and management capabilities for creating a good experience,” Chapman said.
That meant working with Apple’s own tools, the inherent abilities of Apple Silicon and the M1 and using the Mac’s virtualization framework. The result: Orka Workspace.
“Creating on-demand Mac desktops really requires a cloud and we are uniquely positioned to deliver Mac as a cloud,” he said.
Who is Orka Workspace for?
Orka Workspace is for developers, testers, creators, contractors, and for company IT seeking to effectively deploy Macs in their business. The idea is that it becomes possible to equip temporary workforces with a virtual Mac.
“We believe there [is] a large and growing group of enterprise Mac users that need access to Mac compute or additional Mac compute to do their work and that they will be able to use this product to do things like developing, Q & A testing, training, education, and so on,” Chapman said.
He thinks enterprises will use Orka Workspace as an easy and convenient way to deploy Macs to employees across borders, given the many challenges to global supply chains and logistics.
“Global supply chains and logistics are more delayed and tangled than ever, the work environment has permanently shifted to hybrid and remote work anywhere,” he said. He argued that while endpoint management is well served, matters of delivery, access, logistics, and Mac expertise may confound some firms.
What happens when you use it
In use, administrators can quickly create Mac desktops running on actual Apple hardware and distribute access to their teams. The system also provides a thin client way of accessing that Mac desktop from a browser.
While the service is available internationally today, IT admins concerned about data sovereignty should know the Macs are stored in the company’s data center. (This may matter less, given the limitations of desktop storage, more about which below.)
MacStadium currently has data centers in the US and Ireland and plans to open a new one in India in early 2023.
As you’d expect, the data centers are well protected, compliant with robust standards such as SOC I, II, III, ISO-27001, 2, Privacy Shield, and GDPR. In use, each environment runs with multiple firewall layers and proxies to protect endpoint and host access. The environments are encrypted at the data layer and use AES256 encryption for the transmission of the desktop to the end user.
Each customer gains access to a pool of dedicated Macs owned by that customer. The client can choose between running one or two virtual desktops from each physical host. This ownership and limited use of desktops per Mac brings the service in line with Apple’s EULA requirements for virtualization.
You’d anticipate some lag when using these remote machines, but MacStadium has built software to optimize memory allocation while the Macs are used. The company has also done work to optimize the data journey, Chapman told me.
“We have built a default protocol that compresses traffic and provides reasonable performance within about 1,500 kilometers of a data center. It provides a good experience for users working with development tools, office tools, and so forth.”
The company plans to introduce higher-performance protocols later this year that leverage WebRTC for super low latency interactions capable of supporting video and audio.
These Macs are Macs at every level bar one — the desktops are not persistent. The admin can deploy tools and integrations on these remote Macs, but the end user cannot permanently store data on those desktops.
It’s important to understand that these are cloud-native systems, and this extends to data storage. “We recommend integrating company data solutions like file shares, OneDrive, Google Drive, and other online storage solutions to provide secure data management of end user data,” Chapman said.
Chapman thinks use cases will expand into higher performance users and hopes to introduce persistent storage for individual desktop customization, device passthrough and integration so that more end user devices, such as webcams, can be used within these environments.
MacStadium also intends on introducing a variety of enterprise integrations. These will let IT use authorization and ID management tools, MDM solutions, troubleshooting and ticketing systems, and more. Achieving this will require the company to introduce Workspace APIs to enable such integration.