Brian & Gabe LIVE #22 - Part 3: Guise Bule talks about how Microsoft doesn't allow VDI multi-tenancy


Listen to the whole interview with Guise Bule here!



What’s your personal take on why Microsoft does not allow multi tenancy? What possible, plausible reason would they have for forcing you to overbuild your environment with all this waste?

Guise: I have no idea. It could only exist as a break against the space in development of a market. I have no idea why else they put that no multi tenancy rule right in the middle of their ULA. I have no idea why they’d do that beyond wanting to break a space.

Brian: It’s interesting because they’re so smug about being green. They’re like people who drive Priuses and they’re just like all the silverware campus is compostable and they’re all like eco whatever because of that stupid rule, they’re making people have all these extra services burning coal all day long because I’ve got two users from two customers and I’ve got full servers running for them. I think they cancel out. That one line in that license agreement cancels out.

Jake: Their solar panels or whatever.

Brian: Yeah. All the solar panels in Redmond are cancelled out by that one line.

Guise: Sure. In a desktop situation if it’s not being used. It’s sitting idle, the resource. It’s doing nothing. You’re exactly right.

Gabe: Would there be a large market? We emailed a little bit. I wrote an article a few weeks ago about, it was right after we had Claudio on, about how the lack of small businesses that may want to take advantage of this are priced out or it’s just not practical for a hosted provider like yourself to provide desktops for less than 50 users. 

These small 10, 15, 20 user companies are just they can’t even approach a solution like this because there is no multi tenancy. Do you think that there is a business out there or a market out there for small numbers? 10 people, 20 people, that kind of thing?

Guise: Huge, absolutely. It’s the bulk of the market. Where are the most desktop users outside of the enterprise? They’re in the small business. They’re in the small to medium sized business market or personal desktop space. We are flooded with leads. I speak to every other chief exec in the hosted desktop space, apart from the ones that don’t like me, and they’re all telling me the same thing. We’re flooded with leads. 

The one’s that I can’t handle flow through to the terminal server Guises. On a personal note, I find it disgusting that Microsoft in principle agrees with the idea of the hosted virtual desktop enough to let terminal server providers ply their desktop routine brackets, but I’m not allowed to do it with a proper Windows 7 OS that’s licensed? That drives me nuts.

Gabe: Rick in the chat room says that Microsoft is obviously making a TLA revenue, the enterprise license agreement stuff. I would just have to think that from a small business perspective those Guises don’t have VLAs anyway, so they’re not protecting anything. They’re just making harder on people. 

Guise: They’re making it harder on people. They’re basically saying if you give us a lot of money, we aren’t’ going to tell you what you can and can’t do with our desktops. Hosted virtual desktops are free if you have software running from Blades. You just have to report the usage in most cases. Speaking in Germany, you just have to report the uses. 

There is no Microsoft licensing cost in those infrastructures. Think of that and then you kind of compare that to the small market, the small business end of the space where Guises are buying 10 or 15 desktops for their business, companies that could really benefit incidentally from outsourcing management for their desktops and IC infrastructure to someone who could do it best. 

They’re not being allowed to enjoy the same benefits. They’re really not. Even if they go the TS route, they’re paying much more in licensing per desktop users than people with software assurance ever do.

Brian: Hey. In the chat room, I’m reading this from across the room, but says they’re protecting their OAMs is the comment. Can you expand on that? What would that mean?

Guise: I don’t know. I don’t deal with OAMs. I deal with virtual desktops, not ones that are locked to a physical machine.

Gabe: So in that regard, I’m guessing that that means they’re protecting Dell and HP and those Guises, the people that right now are the primary source of desktops for small businesses or for any business really. So they’re protecting those Guises, their business because otherwise if you’re virtualizing these things, you’re not buying boxes from Dell.

Guise: I think it’s a bigger conversation that this though, Guises. It’s not just about the kind of desktops user should be able to use or shouldn’t be able to use. It’s about giving them multiple desktops to mitigate risk. We need to take this problem of security much more seriously than we are and the non-persistent VDI model kind of cushioned with other techs around it is a valid way of dealing with security threats on a personal or corporate level for any size business. 

It works. It just works. It really does work. It’s not about the kind of desktop users should have. We want to give the three or four desktops or five desktops and bring the cost down to a point where it’s affordable to do so. To leverage and have that kind of protection against attacks and against malware and against all the nasty’s who suck all your personal information off your computer and sell it. It’s a viable model of fighting proactively these kinds of attacks and we need to start bolting down the hatches. 

I see this model being picked up in major defense contractors, governments, federal agencies. We work in this space remember? We know this non-persistent virtual desktop model is being picked up and deployed globally by those with IPs to protect, but typically these companies have software assurance in place. Smaller companies don’t have the resources to even know about this subject, let alone deal with cyber-attacks. They just want to run their businesses.

Gabe: The multiple virtual machine for security perspective, that makes a lot of sense in government and high finance and that kind of a thing, but by and large across all users everywhere, people don’t want to know that they’ve got different machines running.

Guise: Do you agree the idea that this desktop’s for nothing, but online banking and your financial affairs, maybe it’s an online trading platform. You use it for those two tasks and for those two tasks alone and you know it’s secure for that reason. You contain the risk. You’re only accessing two key websites. Then another desktop for general web browsing and all the kind of internet stuff that you’re being told is risky. You’d use two different desktops if they were cost effective enough. You’d have three or four. 

Gabe: That’s true, but I guess my point though is that that is a niche of a niche and so we’re getting very specialized at that point. We’re not talking about the task workers out there that also can benefit from some of this types of technology, but don’t need to know, don’t want to know, can’t handle the fact that stuff is coming from multiple locations and multiple desktops on a single machine. 

Guise: Sure.

Gabe: Ideally we have the high security solutions, but we also have the other solutions that are just kind of the low hanging fruit.

Guise: Sure. For everybody else let’s give them a non-persistent desktop with layers of persistent apps and user person on it and tell them it’s a terminal server desktop. Tell them it’s a desk top. Let me sell them in an automated fashion in a way the TS Guises can. Modify the rigs we have got to serve the small business market.

Gabe: That’s how it pretty much is right now. Those large VDI deployments that you hear about, they aren’t as prevalent I think as you’re lead to believe. I know that you’re involved with some and Citrix says they are. VM says they are. They exist. I’m not disputing that, but they are not as prevalent as you might think or as we’re lead to believe. If you ask the consultants out there, I’ve asked a lot of people what the largest VDI deployment they’ve worked on is and nobody has said over a thousand. In most organizations it’s still just a terminal server based desktop.

Guise: You Guises know the desktop space right? You Guises know everybody in the desktop space I do. It’s such a small space. We can count on one hand the number of Guises that have deployed over 10,000 desktops twice.

Brian: A few steps back and I’ll get to a couple of questions in the chat room in a second, but first of all just educate me. I’m not a security conscious person maybe. I don’t know. Why do I need a separate VM for banking? What’s the risk?

Guise: Let’s talk about the corporate use case for non-persistent which is the experience I can speak to because we’re dealing with customers that have software assurance in place. The mitigation of risk is that say you’re a financial institution, you’re local native desktops are running whatever applications specific to your financial service industry. You locked out internet access to those desktops completely, but just give them a second non-persistent virtual desktop to conduct all of the internet facing activities your users need to do to keep in touch with friends, family, loved ones, colleagues. 

That environment is completely separate to your internal infrastructure. Information cannot pass between that hosted virtual non-persistent desktop and the local machine. Furthermore, you’ve got a sect team in the DC who wrapped intrusion detection, who’ve wrapped deep packet deep content inspection around that non-persistent platform giving you 360 battle space awareness. 

When attacks occur where they get into attacking your infrastructure because you parceled off the risk and isolated it to a specific dedicated infrastructure and you’re in a better position to deal with it when you are attacked because you have the technology in place to identify an attack and deal with it in real time, if you have sect Guises in the DC. If you’re building a second infrastructure for that purpose you will have. That’s the use case.

Brian: Do I need Windows to do this? I guess I’ve got Windows applications and if I have any applications I need Windows and Windows licensing, but for the VM, Chrome is Chrome right?

Guise: No, you don’t. Well we need HDX and HDX doesn’t work with Linux desktops. I favor Windows 7 desktops with HDX pushing out over the wire. I’m a huge fan of HDX. The desk ten platform runs HDX. It’s just kind of what we’ve standardized on. It works. It works. It really does.

Brian: For what you do at TuCloud, it’s almost like you’re an MSP kind of. It’s sort of custom built private clouds.

Guise: Custom built private cloud, nominal ownership. We don’t own those infrastructures. The client owns those infrastructures. We provide a service, professional services around that platform we build as architects. We design it, deploy it, run it, manage it, provide technical support around it to its users, but it’s not our platform. It’s the customer’s platform. They extend their licensing across to that platform. It’s a well-trodden path. It’s the game Desktone plays. They’re in the same space we are.

Brian: A couple of questions have been about this non-persistent, if non-persistence’s the future. Then people are asking about what about users with different apps, printers, plug-ins, all that kind of stuff? What’s the approach for sort of capturing that in non-persistent desktops?

Guise: It depends. These kind of questions… If you’re deploying an infrastructure for the cyber sec purposes to mitigate against attacks then printers are easy to connect and all that kind of good stuff. Citrics has lots of different little techs that connect printers and USB peripherals and all that good stuff. We never have an issue with that, but they’re not being used, these desktops. 

Remember they’re being used to mitigate against cyber-attacks and to enhance your cyber security posture as an organization. They’re not being used to do day-to-day work. They’re being used for internet facing activity, social networking, webmail, LinkedIn, whatever it may be Web Exes, they’re allowing you to completely lock down your internal infrastructure and your internal desktops where you do all the good stuff day-to-day to make a living.

Brian: Then for the users who want to install stuff, do they have another desktop somewhere else or does the fact that users have iPads and iPhones now.

Guise: Users can install. In our environments, users can install applications. They typically work through One Desk or something. There’s typically some sanctioned way that apps users can get access to applications and have those installed. We deal with tightly regulated industries and high security and priority. So it’s not the norm, Brian, but typically users can install they’re own apps on our desktops, but if the client requirement demands it, then why not. 

There’s all kinds of cools stuff you can do, installing persistent app layers on top of non-persistent desktops, using things like AppSense. There’s all kind of cool techs. Liquidware Labs have got their own ways that they’re kind of coming up with to achieve the same goal, the illusion of persistency whilst using non-persistent desktops.

Brian: Yeah. We had Ron on last week, two weeks ago. I know the layering’s come a long way also just in general and app sends and res and all those folks are doing things. To the comment about IT managing two desktops for every user, I guess that’s not the case though because if these are non-persistent desktops then…

Guise: There’s no management, there’s no management. We run thousands of these, tens of thousands of these and do you know what 99% of the support tickets are about? Password changes. They’re non-persistent. Nothing breaks on them. They’re session based desktops. They just run and all you do is focus on intrusion detection and making sure that infrastructure’s safe. It’s 99%. Don’t want VDIs calling me here, but I run tens of thousands of hosting virtual desktops that are non-persistent. 

95% of our tech support inquiries from users are about password changes. I can tell you that from experience and I’m running more of these desktops than anyone else on earth. Consider me the subject matter expert on this one. Nothing much goes wrong. Of course, they require patching and updates, but we do that. We don’t bother the customers with it. That’s all done behind the scenes by my SIS engineers. Why do I need to talk to customers about patching and updating? I don’t. They want a clean environment they can mitigate risk into.


View All Videos

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.