VDI is NOT about making desktops easier to manage

Last October, I wrote an article "Desktop Virtualization is NOT about cost savings or saving money." In it I argued that desktop virtualization was really about providing new and awesome capabilities for users, but that doing so would cost more than not having them.

Last October, I wrote an article "Desktop Virtualization is NOT about cost savings or saving money." In it I argued that desktop virtualization was really about providing new and awesome capabilities for users, but that doing so would cost more than not having them. I also argued that those who thought they were saving money with VDI were actually saving money with something else, not the VDI itself. I used an example of a person who replaced $1,000 PCs with $700 worth of VDI and thin clients per user. That person thought he was saving money with VDI, but I pointed out that his new environment was much less powerful than his old environment. So while it's true that it was cheaper, it wasn't cheaper because of VDI—it was cheaper because he cut down the user experience. (8 cores per user to 8 users per core)

A lot of people agreed with that article, but some people said that I was still missing the point. They argued that I was only focusing on capital costs, and that even if VDI cost the same to build, companies could save OpEx costs with the ongoing operation. So, they argued, I was wrong and VDI was actually about saving money.

So this article is my reply to them. Today I claim that VDI is not about saving on management either.

Why? It's simple.

Most people argue that VDI is cheaper and easier to manage because multiple users can share a single disk image. If you have 100 users, surely managing one single disk image is much easier than managing 100 separate images, right?


Yes, I agree with that. I agree that managing a single disk image is cheaper and has lower OpEx than managing a lot of individual ones. But does that mean that VDI is cheaper? No so fast!

The only way that you can actually have 100 users share a single disk image is if you lock down the images (since individual users can't install software) and implement some kind of user virtualization, app virtualization, and/or layering. So when you do all that, then yeah, 100 users can share a single disk image and that will be cheaper.

But here's the thing. If you do that, your cost savings comes from the fact that you take a Wild West "before" environment where any user can install anything and replace it with a formal, well-designed, locked-down environment where users don't have the same freedoms as they did before. In other words, your savings isn't coming from VDI at all—it's coming from the fact that you're taking away your users' freedoms.

Cheaper? Yes. Because of VDI? No.

If you just want to save money, why don't you just take away your users' rights on their existing traditional desktops? You don't VDI to do that at all! App virtualization, layering, and user virtualization all work well on traditional desktops and can make traditional desktops easier to manage.

More VDI hating?

I'll reiterate what I've had to defend about 100 times in the past few months. I don't hate VDI. What I hate is when VDI fails because it's used in situations where it doesn't make sense. I hate when people try to take their existing Wild West environment and formalize it and fail, and then blame VDI.

I'll be very clear. VDI is awesome. You can use it to allow users to work anywhere on any device. You can use it to provide the ultimate reliable desktop. But these awesome capabilities come at a price. You can't expect to have all these awesome new features and to pay less money than you pay now. That's just not the way the world works.

VDI means central VMs. Surely that's easier to manage?

Many people know that I love 1-to-1 VDI (where each user's disk image is individual) because that's the most like "normal" desktop computing. So if we're talking about 100 unique users out in the field somewhere versus 100 unique users in VDI, wouldn't the VDI users be easier to manage? Even if you have to use SCCM or Altiris or Windows patching, wouldn't you much rather do that to 100 VMs in your data center rather than 100 laptops out in the world somewhere?


But again, making these desktops easier to manage is not the primary reason for going to VDI. VDI is expensive. It requires a major change in the way that users work, and a lot of things that users could do before just won't work. So in this case, I'd argue that the 100 VMs being local is a nice bonus of VDI, but it's certainly not a reason to go to VDI. If you just wanted those 100 random machines to be easier to manage, I'd probably go with something like VIrtual Computer NxTop, Wanova, MokaFive, etc. Way cheaper than VDI. (Because again, VDI is not about saving money—it's about enabling awesome new capabilities.)

I love VDI. It's just not about saving money *or* about making desktops easier to manage. Yeah, there are a lot of things you can do to make desktops easier to manage, but you don't need VDI to get them.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Hi Brian,

You are much respected but I am fairly disappointed with this post.

Over the years I have seen you and many others get all hot and bothered about the proposed security, management, and cost benefits of VDI. This is most likely due with the exposure you and others get with customers as well as hearing too much of vendor kool-aid.

I understand the need to question, especially because your examples are a no brainer that VDI does not introduce the benefits that is is claiming. Instead, it is one of those "how to lie with cost models" situation.

I come with a software development and systems management background, or DevOps if you will. I know that size does matter when it comes to security, management, and cost where the smaller the code base is the more focused you are. I understand the importance of code sharing to limit bloating as well as performance overhead.

With this in mind, it is clear on the direction the world should head. In addition, advances to user personalization (namely the recent release of AppSense StrataApps for free) enables users to install their own applications or plug-ins without requiring admin rights. This single product (and how it will evolve) just revived the case for shared desktop images because it sets a standard that nobody other than admins will ever need admin rights.

Also, this blog has previously talked about client hypervisors with client hosted desktops (IDV) and that all of the benefits can also be acheived by using a variety of other technologies, which is actually the point. A client hypervisor eliminates the need for those other technologies and bundles the uses in it's own product. This is also the same with server hosted desktops (VDI), where you can have BCP, or RDP access to your computer from home via VPN, or better power management with SmartBars, or a patch/AV management system for distributed desktops, or including apps in your base image and ghosting computers, etc. But with VDI, all of these features are bundled at an extra cost.

In my scenario, we have "enterprise consumerization" where a separate network was designed to enable work to be done without restriction. Users have admin rights, users have PCs, users have Macs with VMWare Fusion/Parallels and Windows on it. It's a free for all that needs to be optimized and secured while still ensuring productivity.

I really think you along with Simon Crosby (lots of respect for him too) and others missed the point on the security, management, and cost advantages of VDI or IDV compared with traditional computing.

I actually found it strange in Simon's case because he is apart of Bromium which should advocate virtualization.


@Icelus, I agree with everything you wrote.. I think that's inline with this post? (i.e. I think we're both on the same page?)



I don't think we agree, I guess my ramblings should have been more to the point.

I believe VDI can acheive better management, security, and cost of current desktop implementations. The problem arises when you shoehorn in a technology where it shouldn't be or not supplementing it with another technology. Case in point is since I have Macs with a distributed copy of Windows installed in a VM, I should not deploy client hypervisors.

Also, it's difficult to fully understand the cost implications and determining if the whole solution costs less than the sum of it's parts. Maybe if you only need some of benefits that VDI offers but not the others, then it can be cheaper to not do VDI.

These are not exactly apparent, but what is apparent is that we cannot continue along the path of status quo.

The Canadian Federal Government budget that is coming out in 2 days will hit every department/agency fairly hard for the next few years to save billions annually. That initiative combined with IT Shared Services will make it an interesting landscape for innovation to increase productivity with the mentality of "doing more with less".

We are just a small piece of the pie, with very unique and important requirements.


I agree with Brian...

@icelus - "These are not exactly apparent, but what is apparent is that we cannot continue along the path of status quo."


I don't think I see VDI as important as you do to achieve the goals you mentioned..  although i do see VDI advantages in some circumstances.


VDI (HDV/DVI/VWhatever) should have been about either saving money or providing great TCO/RIOC – Reduction In Operational Costs (NOT ROI). If the savings are in the form of remote productivity or access anywhere, so be it but I am no longer a fan of these arguments either.

I have begun to promote decentralized and decoupled computing as a main IT strategy. A single point of failure is better that a whole infrastructure failure, especially with the daily reports of international hacking. Many businesses can and should remove their Active Directory environments and provide access to the company tools via sandboxed networks. Again…not all, but many. This is the power of “Cloud Computing”. Other secure agencies (government, certain healthcare providers, etc) “may” require more controls and multiple levels of authentication, but these industries can also benefit from the 1-to-many image scenario.

IT Managers who continue to lock down environments and make employees less productive will ultimately be the cause of their own demise. They are silly to think that they are providing key services. Every day, I see IT managers focusing on the wrong problems and slowly but surely the C-levels are catching on. Folks – please do yourselves a favor and start saving your companies some money. The status-quo is silly.

@Icelus – You’re right that every company is different, and shoehorning (one size fits all) is not the right solution, but I draw the line with regards to personalization and cost. If you want to lock down the computers, do it. Explain to employees what the reasons are. You have every right to be Draconian or Totalitarian. It’s your business.

The point I’m making is that there are now so many VDI solutions, remote access/SBC implementations, & management tools that unfortunately we are spending more money on driving complexity not solving business problems.



@SillyRabbit and @Brian

Our business problems are not solved mainly because the business requirements weren't clearly defined, and a solution which may or may not be a technology was not properly selected.

I agree that there are many technology driven solutions available, but the problem is that either they are missing features or they were incorrectly selected.

VDI does make management easier in my case because of the following requirements:

1. The OS and base apps need to be managed

2. We bundle all core apps into the base image and do not deploy departmental apps

3. All other non-core apps are installed by the users. (300 or so)

4. We have extremely limited desk space

5. workstations are shared so a follow-me workspace would be ideal

6. We have a large Mac user base and access to Windows would be ideal

7. Remote access to the desktop is required for other networks

8. We have dirty zones where hardware can't come out. A thin client instead of a PC would be ideal.

9. Possible use of iPads or alternate device to hold data electronically and replace pen and paper. Some other uses need to be defined.

9. We are in a situation that we have to "do more with less". Less money and less IT resources

The key take away is that we do not want to deploy XenApp or any RDS technology because it adds complexity where we don't need since we can just bundle the apps into the base image and virtualize the desktop.

The point that I am making is that VDI is about better management, better security, and lower cost despite what yourself, Shawn Bass, Simon Crosby, and other respected expert says.

Citrix XenDesktop failed for us, but VDI-in-a-Box with AppSense StrataApps looks more promising. AppSense holds the key for us because our business depends on "enterprise consumerization".

I develop a business critical application similar to an OS, with a large workflow linking multiple functions/apps together. We code using the following rules:

1. If code exists and can be shared, then use existing code

2. If code exists but cannot be shared, then create a copy and modify for user/group personalization

3. If code doesn't exist, then create new code but enable code sharing as much as possible

For decades, Desktop Support have been skipping step #1.

You can either set up a system to manage a single centralized object or set up a system to manage many decentralized objects. I have done both and I can say that if a centralized approach is appropriate than it is far superior than a decentralized approach.



I guess the point is almost all that VDI promises can be achieved without VDI. There is no question about that. Sure VDI may make sense in some cases, like any other technology.

You lost me in two things:

"The Canadian Federal Government budget that is coming out in 2 days will hit every department/agency fairly hard for the next few years to save billions annually. That initiative combined with IT Shared Services will make it an interesting landscape for innovation to increase productivity with the mentality of "doing more with less".

Canadian Federal Government, Shared Services and Innovation with increase of productivity are things that will NEVER appear on the same sentence. IT in general in the GoC is well know for being extremely slow and NOT innovative at all. I say that as someone that spent over 15 years work with GoC exclusively AND in over 15 different agencies. You think of a GoC department, I worked there. It is like that.


"The take away is that we do not want to deploy XenApp or any RDS technology because it adds complexity where we don't need since we can just bundle the apps into the base image and virtualize the desktop."

--> You have to be kidding me that RDS/XenApp is more complex than VDI. Seriously. Especially in this day and age with most apps compiled with the TSAWARE flag, with App Virtualization out there and so on.




you are one of the respected analysts that I was mentioning, I believe you were on the podcast a while ago with others talking about whether VDI is more inherently secure or not than traditional desktop management.

You add some good comments here and I would like to add to your realistic view. The majority is extremely slow and NOT innovative at all, it's actually very hard to be fast and agile with all of the red tape and politics in every step you take.

I am not going to explain what I meant because it is a department specific viewpoint, and if the Shared Services Canada is done right it will allow department specific IT to focus more on their core business rather than the bloat of corporate IT.


Yes, RDS/XenApp is more complex than VDI in the situation that I mentioned.

Seriously, this network only has base apps and many many user managed apps but no departmental managed apps because we focus on the business services rather than corporate such as finance, hr, communications, etc.

In this scenario there is more overhead to virtualize and manage the base apps considering everyone is getting them anyway. Plus not to mention I still have a windows image to maintain.

Experience is a double edged sword, because now there is baggage.

BTW, there are about 44 departments that are heavy users of IT. You have a boat load of experience but chances are you haven't worked in my agency and a key tip off is your innovation comment.

Ever heard of 10Gbps P2P connections averaging 6600 TB of data transfer per quarter? The science community is actually very innovative.



I think you may have some misunderstandings about my perspective.  I don't think there's no market or need for VDI.  On the contrary I had one of the largest XenDesktop VDI environments in the world at a very early stage.  To me, VDI is about use cases.  If you have a use case that makes sense for VDI, then do it.  No argument from me.  However, VDI is the square peg in a round hole for many, many use cases.  Forcing it into that hole doesn't make it any more applicable.  It sounds like your needs are easily filled by VDI.  Congratulations.  The market I deal in is large Fortune 500 with hundreds to thousands of very bad applications.  VDI becomes much less practical to manage at scale in these configurations (at least in the means in which the vendors portray successful VDI which is common image).  I am not a VDI hater by any stretch.  I only tell people about the challenges they may face and that at a minimum keep 1:1 persistent VDI in mind as an option because common image is a non-starter for many organizations.

My .02.

Nice conversation, BTW.




Yes. I guess I misunderstood, and I apologize.


VDI is not a one size fits all approach, however it seems arguments against it seem to be.

Saying VDI is NOT about better management, increased security, or cost savings is a one size fits all statement which is wrong.

VDI is about all of those things, and will deliver it when the appropriate technologies are selected and deployed in correct situations.

People make errors when comparing it to a well managed traditional computing environment. They are not equals and people get sucked into the "what if" scenarios which cloud the entire topic.

Making the code base as small as possible is the purpose of Desktop, App, and User Virtualization solutions where the main benefit is cost, management, and security.



Now we are on the same page. If VDI is brought in to address a particular use case where it makes sense then for sure something on it justifies the implementation. Could be better security for that PARTICULAR case, cost savings when compared to the way the company was taking care of that particular case before and so on.

Yes, VDI is no silver bullet. Nothing actually is a silver bullet in IT.

Also RDS can be much simpler than VDI. Or much more complex, depending on the case, the apps involved and so on. My experience just shows me that in 90% of the projects I worked on over the years, compared to what it takes to do VDI today, RDS would be either less complex or the same but not more complex. Sure that is my personal experience and YMMV depending on the industry you are in, if there is a ton of legacy code to be supported and so on.

And yes I do know and worked with the 'Scientific Community' in Canada, Ottawa specifically. Some large agency here on Montreal Rd...

Cheers from Ottawa,



Like the conversation. Have been working in the VDI for years now and personally I believe that VDI is great to deal with legacy systems and virtualize traditional Windows Apps. However VDI, RDS and all the other names is not what a employee expects from IT. It's a justification to gain some quick wins,

While defining the future, I am convinced that the browser is the new Desktop. This might differ per vertical but more and more proecses will be supported by browser based solutions.

I started in 2010 with a new company called New Day at Work building the online workspace of the future three years ago. our goal is to support every user from a browser based workspace. Independent from OS or device.

WIthout ocmmericial intention, do you see this as an opportunity within the organization, or do you think the step to VDI is allready a big enough change?

Regards, Erik