Considerations for Delivering Windows as a Service to Mobile End Users

Gone are the days when each user had a physical desktop or laptop with basic needs for remote access. With the consumerization of IT, most every user has their own personal laptop, tablet, or smartphone with expectations of being able to work on it whenever they need and wherever they are. In today's highly mobile world, the smart move is toward centralized image management solutions, with VDI being one of the most popular forms.

VDI for the Mobile Workforce

With virtual desktop infrastructure (VDI) solutions, end-user desktops are converted into virtual machines running on a type-I hypervisor in the data center. That hypervisor runs on a company's servers, storage, and network. By running in the data center, these desktops will receive much higher security and reliability than ever before. A piece of software called a "broker" is run on a separate virtual machine in the data center. That broker is what routes the end users to their virtualized desktop when they connect. Mobile users can use a laptop, tablet, or Web browser to connect to their virtualized desktop. No matter the device that the end user selects, the virtual desktop is viewed over the network, and the end-user keystrokes and mouse movements are sent back. A protocol, designed for VDI, is used to make the viewing of the virtualized desktop, over the network, as "thin" (or low-bandwidth) as possible while still giving the end user a rich experience with graphics, sound, and video that match their traditional physical desktop offering—regardless of whether they are working in or out of the office.

Figure 1: Multiple devices accessing a Virtual Desktop Infrastructure (VDI).

Understanding the Benefits of Desktop Virtualization

Traditional physical desktop computers were popular for many years; however, they presented a challenge: the more desktops you had, the greater the headaches and staff that you needed to administer and support those desktops. Undoubtedly, seasoned IT staff is familiar with desktops breaking, getting stolen, becoming corrupt, and having viruses. Employees have suffered with remote access troubles, not having access to the applications they needed to do their job, roaming profile corruption, and the time that it takes to get a desktop to a new employee. All of these are very common physical desktop troubles that most every person has experienced both at home and at the office as an end user.

Figure 2. VDI functionality.

Desktop virtualization aims to eliminate all of these problems while providing additional benefits:

  • Control—With VDI, the IT group really "owns" the desktop OS, apps, and end-user data as all of that is stored in the enterprise data center. In addition, by locating these items in the data center, the IT group can easily manipulate the OS, apps, and end-user data as needed, making for easier OS upgrades and migration, application installs, and more.
  • Manageability—With traditional end-user desktops, IT pros would use a desktop management application that would go out to the desktops, contact an installed agent, and perform hardware/software inventories, handle application upgrades, and provide remote control access for support. With VDI, none of that is needed as the desktops are easily managed with VDI software, included with the VDI solution. Plus, all of those traditional management actions happen fast as the desktop images are located in the data center.
  • Security—With desktop images being run from the data center, security is greatly increased. With thin client devices used to access the desktops, physical desktops are no longer a target of theft. User data and company applications are secured because they cannot be accessed even if the physical end-user device is compromised—no local data is stored on end-user devices. Additionally, patching the OS or applications on virtualized desktops is much faster and easier as the OS and applications are already in the data center. Two-factor security token solutions are easily integrated into VDI solutions for increased security authentication (see Figure 3).
  • Remote access—With VDI, remote access is available at any time and from any device. The OS, applications, and end-user data that the end user accesses are all the same that the end user uses at the office. Thus, there are no issues gaining access to company applications, as you would typically have with, let's say, a laptop and a VPN connection. As company data is only viewed with VDI, and never transferred to the remote device, there is no latency and security is improved.
  • Backup and disaster recovery—With virtualized desktops stored in the data center, there is no need to backup end-user desktops or worry about company data loss. If a disaster did occur, as soon as that corporate data center was brought back up at a disaster recovery site, all that end users would need to access their personalized desktop and applications is a Web browser, thin client device, or other computer.
  • OS migration—When it comes time to upgrade OSS across your hundreds of thousands of desktops, desktop virtualization is a huge benefit. As all the desktop OSS are already centralized and based off of one (or just a few) "golden" image, and applications and end-user data are all stored separate from the OS, upgrading the OS will be easy. All you'll need to do is to upgrade the single, golden image to upgrade all virtual desktops.
  • Application upgrade and installation—With virtual desktops, applications are also usually virtualized/packaged, each into their own executable. Those virtualized applications don't need to be installed, so they don't intermingle with OS data and end-user data. When a new application is needed, it can be virtualized and then linked in at the application layer. This separate virtualization makes adding new applications or upgrading applications easy.
  • Provisioning—When one, ten, or a hundred new employees are added to the company, the provisioning of their new desktops is easy. Instead of ordering physical desktops for each end user, new users can be supplied with standardized and stocked thin-client devices. The desktop administrator just has to set up a new user with a user account and authorize that user account to access a virtualized desktop image that already has all the corporate applications and configurations that the new user will need.
  • Flexibility—Just as server virtualization offers great flexibility for the company and the IT pro, desktop virtualization also offers similar flexibility. With desktop virtualization, IT is able to serve the needs of the company faster and more efficiently, enabling the company to "do more with less" by managing hundreds of thousands of virtual desktops with a small staff. And when the unexpected request for, let's say, providing access to 50 new users within a few hours, comes up, IT staff will look like super heroes by providing that access with time to spare.
  • BYOD—If your company decides to support bring your own device (BYOD), the workforce mobility features of desktop virtualization will allow easy implementation of BYOD. With desktops virtualized and running in the data center, it won't matter what end-user device is being used, all end users will need to do is to run a small client application to access their desktop or even use their Web browser. This setup creates a security barrier where no data is ever located on the end-user device.

Figure 3: Security token for VDI remote access.

Benefits of Central Image Management for Physical Endpoints and Workforce Mobility

For the mobile workforce, the benefits of central image management are similar to those of VDI:

  • Full featured desktop functionality—By accessing the exact same desktop remotely that they use at the office, mobile workers get the exact same desktop experience—including apps, customizations, and file sharing—that they would receive when using a desktop at the corporate office.
  • Prevention of data loss—The odds of data loss are great for any mobile worker. Even the loss of a single device with a single document on it can cost a company millions of dollars. Through the central management of images and company data, data loss can be virtually eliminated.
  • Centralized control and manageability—For IT, VDI is even more beneficial for mobile workers than it is for traditional workers who work in the office. Physical endpoints no longer have to be updated with new OS and application upgrades and patches (as virtualized desktops are stored centrally).

When it comes to mobile workers, VDI makes the users as well as IT happier, more efficient, and the enterprise more secure.

Summary

Many large enterprises have implemented desktop virtualization across tens of thousands of desktops with success. Undoubtedly, if implemented correctly, desktop virtualization can provide both IT and end users numerous benefits around efficiency, security, and workplace mobility. While desktop virtualization is powerful and popular, IT professionals should plan to keep a suite of solutions in their toolbox so that they are ready with the "right tool for the job." After all, the goal of end-user computing isn't to give end users a desktop, it's to provide (in most cases) the Windows OS and application as a service, allowing end users to securely use the applications they need anywhere, any time, and on any device.