Mar 28 2012
I've recently posted a few negative articles about VDI. (Well, I don't think they're negative, but I've definitely been accused of being a VDI hater.) I wrote that VDI is not about saving money and VDI is not about making desktops easier to manage. So if both of those are true, then where does VDI make sense? Quite a few places, actually:
Datacenter-based desktops, without the hassle of RDSH
The primary purpose of VDI is that you get the benefits of hosting desktops in your datacenter without the hassle of Remote Desktop Session Host (RDSH) / Terminal Server. Your VDI desktops can run a "normal" OS and "normal" applications. You can have vastly different application sets for different users. Users can have admin rights. You can do everything you do today, but with the benefits of centralized computing.
Of course you also have the downsides of centralized computing. It's more expensive that running Windows on your end points. Users can't work offline. Some applications just won't work at all. Some peripherals won't work… So it's a trade off. But to be clear, moving to VDI has fewer trade offs than moving to RDSH.
This is something that should be kept in mind as you read about the other use cases for VDI, because really each of these could apply to RDSH too. Maybe this article should be titled "Why data center-based desktops?," and then for each of these that you need, you can choose VDI or RDSH?
Security at any cost
This is the reason that VDI was invented, and it's as true now as it was ten years ago. I love that VDI is the "normal" version of Windows. Every user can be different. You don't have to deal with app virtualization, layering, and user virtualization if you don't want to. You can take your exact desktop environment as it stands today and move it to the data center. Then you have no data on client devices. You can configure it so users can't cut-and-paste or map drives. You have a fully secure yet "as normal as possible" computing environment.
Note: Moving to VDI doesn't automatically make your actual Windows operating environment more secure. Viruses, crazy apps, and crazy users work the same way regardless of whether their desktop is running in the data center or out in the field. The potential for enhanced security with VDI has to do with the client devices themselves and users' physical access to the desktops. (For example, users can't re-image their own laptops with VDI.)
Also, some people have suggested that VDI is worse for user security because you take all your users and put them in your data center. This is true. But I hope that you don't just put them in the data center on the same firewall segment as your servers. Whatever protection you have around your servers and data center resources before VDI should be extended to protect against the VDI servers in your data center too. Users are users, regardless of where they're coming from.
Allowing users to instantly work from anywhere with no advanced notice
Also known as the "snowstorm solution," VDI is great if you have some kind of emergency and you instantly need all of your users to work from some alternate location. A VDI desktop can work from any device without any pre-planning, which is great from both a platform and client horsepower standpoint.
Another way to think about this is that VDI allows a user to be able to walk up to any device, anywhere on the planet, and access his or her full desktop computing environment in 100 keystrokes or less. Pretty cool!
Allow users to use whatever device they want
I love the idea that with VDI, I don't have to give a hoot about what devices the users want. If I have regular users who don't complain, I'll give them a Windows laptop with everything installed locally. If they want to use a Mac, maybe I'll give them their Windows desktop via MokaFive or VMware Fusion. But if they start talking about their Android tablet, home computer, phone, coffee table, or whatever other device they find, at some point I just throw my hands up and say, "Eh, okay, here's a URL. Go nuts from whatever you want."
At that point, I'm done. I deliver a VDI desktop and sleep fine at night. Are my users on tablets able to be productive? Hey, if they picked the tablet themselves, that's not my problem. If they want to be productive then I'll give them a Windows laptop. If they don't like it, fine, they can use something else. VDI allows me to not care.
Allow users to install whatever they want
I love VDI because it allows my users to install whatever they want. Interestingly I do NOT mean that they can have admin rights and install whatever they want into their VM (which is possible, but not something I like). Rather, I like that I'm delivering their VDI desktop to whatever device the users have as a simple remote application. The users are free to install whatever else they want on their devices, and I couldn't care less! If they're accessing my VDI via their own laptop,, I can say "Sure thing, go ahead and install whatever game you want. Doesn't bother me at all!" I know that my VDI is safe and completely separated from whatever they're doing on their end, and they get the feeling that they're in control.
Are any of these reasons to run out and move all your users to VDI? Probably not. But these reasons are why people use VDI today, as everyone has some users that fit into some of these categories. I've written in the past that I believe every company can use some VDI—just like every company can use some laptops and some desktops.
(Note: You must be logged in to post a comment.)
If you log in and nothing happens, delete your cookies from BrianMadden.com and try again. Sorry about that, but we had to make a one-time change to the cookie path when we migrated web servers.