VDI Oh My!

This is a post originally written for the company blog — posted here for posterity.

Have you seen the cost analysis sheets from various entities over the years pointing out how much money you can save with Virtual Desktop Infrastructure (VDI)? In most cases, they’re wrong. But like most things, there are outliers. Today I want to look at VDI and break it down and tell you why you might want to use it – and why you might not. Then we’ll take a look at a few options for VDI, along with their specific advantages and maybe even a few disadvantages thrown in.

Why VDI?

  • Security: I believe that the number one benefit to any organization that VDI brings to the table is security. Security advantages to VDI include:
    • When you abstract the desktop away from the end-user environment, you also have the ability to abstract the data away and into the data center where you can better manage, backup and protect that data.
    • When you use VDI, you create a smaller attack surface. It also makes the attack surface easier to patch, update, monitor and audit.
    • Through proper policies, a VDI environment can be centrally controlled and harder to subvert – basically you have the ability to restrict data transfers, unauthorized access, and even revoke unwanted access from miles away. In the simplest terms, you can better control the number one cause of data breaches: people (Source: Baker & Hostetler, LLP. “BakerHostetler 2016 Data Security Incident Response Report”).
  • Application Management: This one may get me in trouble from VDI purists. I tend to look at VDI today as more than just delivering a desktop, and I suspect most consumers do as well. Most major VDI products have the capability to handle application package management, provisioning and access controls. What this allows you to do is maintain a stranglehold on software access and subsequently licensing usage. Licensing costs are HUGE in enterprises, and true-up and/or violation costs can be surprisingly daunting. Avoid them (or get really close) with VDI. It can make a real difference in cost. I won’t tell anyone if you don’t.
  • Availability: When you put your VDI in your data center, you are inherently gaining redundant power, UPS backup, dual connectivity and typically a better hardware class for your VDI infrastructure than you would have with haphazard desktops. Need I say more?
  • Management: Management become much easier. While I hinted at it above in the security section, it is necessary to point out that you make things easier to manage when you can update a single shared image, application or host server and have that roll out to all your users with the click of a button (or two).

Why Not VDI?

  • Security: If you are looking to invest in VDI and you do not take the time to properly secure the solution, it can be a disadvantage too. Security disadvantages to VDI include:
    • You just allowed all of your users to access their desktops from anywhere…maybe. If you have not properly locked down remote access to the right groups, secured peripheral access, and/or set up security policies, you could be opening some additional risks while eliminating others.
    • When you implement VDI using best practices, your VDI environment will become isolated from your server platforms. If you just throw VDI in without working through proper segregation, you can end up with users in the same network space as the server farms. This is generally not a good thing.
  • Management: It may be easier to manage those desktop images and you won’t need to manually go to desktops as much anymore, but the trade-off is that you’ll likely need a more skilled engineering staff to manage the underlying VDI infrastructure. With the proper staff, training, and/or the right partner (like Sentinel), you can head this off at the pass fairly well.
  • Cost: I don’t deal in money much, but I can tell you that you would be sorely mistaken to think that you will save money with VDI. You may lower either capital or operational expenditures, while increasing the other. The reality is, you are gaining features (security, application management, central management and even controlled costs) while spending the same if not more in some cases. Your mileage will vary.

Which VDI Is Best?

There are two major players in the VDI and published application world: Citrix (XenApp & XenDesktop) and VMWare (Horizon/View). Both are fully capable application and desktop delivery platforms. Citrix has the historical install base and decades of experience, but VMWare has been making leaps and bounds with their very solid product offering. VMWare owns the hypervisor space that most deployments will be installed on, yet there are some bells and whistles in Citrix that the advanced VDI deployments may need. The truth is, without sitting down and having a discussion to review your specific needs, no one can tell you which is best. I won’t try here.

Outside of the vendor platform, there is always Desktop-as-a-Service, which is available through Sentinel CloudSelect®.

Bottom Line

The bottom line is this: If you plan it well, implement it on solid technology (check out my previous article on HyperFlex as an example) with the right policies, procedures, and partner, your business and customers will be very happy. Just don’t expect to fill up a piggy bank with the extra savings.

The article here is my opinion, I wrote it.  I work for/with the companies/technologies mentioned here — if you don’t like that, tough.  If you want to learn more about Virtual Desktop Infrastructure (VDI) and determine the best solution for your business, please contact Sentinel; they pay me and that allows me to keep work on technologies like these and writing these blogs.  If you ask really nice, you might even be able to work with me.  Never know.  If you really want to help me out, contact me directly — I will get you all setup with the right people to help you out.