Virtual Desktop Infrastructure (VDI): The ins and outs & ups and downs
Real-life experiences with virtual desktop infrastructure migrations & insight into a hosted desktop environment across various technologies & VDI solutions.
I will start with a bit of history, as I like to ground things a little. VDI is really not new. In fact, it charts its inception on a release of NT4 way back in 1996, pre that even when Windows 3.1 was about and Microsoft granted Citrix access to the Windows NT source code to develop and market a multiple-user expansion. The expansion was called WinFrame and it was deployed over quite a few corporates.
One of the key players and founder of Citrix, Ed Lacoucci, started out developing WinFrame on IBM’s OS/2 platform. It all radically changed though when he got the keys to the NT4 source code and things started to fly. One of the key licensing stipulations back then was that Citrix wouldn’t release its own version of Winframe and instead Microsoft would release Multiwin for NT in 1998, under the code name Hydra. Terminal Services as we know it was brought to the masses with the release of Windows 2000 Terminal Services. The improved integration under Windows 2000 Remote Desktop Protocol (RDP) was honed, and I think for me the biggest impact was the release of Windows XP and then the launch of Windows server 2003 in 2001 with it the following options:
Client was available in Windows XP Home Edition and Windows XP Professional. This new RDP client allowed access to servers with activated Terminal Services.
Fast User Switching
This was also available in Windows XP Home Edition and Windows XP Professional. This allowed users to run applications in the background while other users log on and work on the same Windows XP machine. Mind you, it was only available on the Professional version but made remote support a thing of the future.
Available in Windows XP Home Edition and Windows XP Professional. Note the home. For me this was a gamechanger and something all support engineers now just take for granted. The ability, with permission, to remote control to the user’s screen from a separate computer anywhere in the world was now opened up to the home user as well as the corporate. A genius move in my book. The revolution of IT Managed Services was born and created a multi-million-pound business, estimated to be worth around £300 billion to the outsourced MSP market this year.
This was only available in Windows XP Professional, and was the birth of the Remote Desktop as we know it now. The terminal server technology now became available on the client platform. A user could operate a system under Windows XP Professional from another computer, utilising its computer and not that of the host machine, allowing for the client machine to be run thin.
Over the years, and in Citrix’s case swallowing up over 40 companies in the process, RDP and Citrix fought it out for the Remote Desktop market. Then a ‘little’ server virtualisation company started their development program in 2002 and thought “we can do that better”, launching VMware VDM five years later. By its third iteration this was renamed VMware Horizon View, and is now in its 7th release as VMware Horizon. Always known as, how should we say without offending, the more expensive cousin of the three, it has over time radically evolved and sharpened its pencil on price per desktop. VMware is a now a major player in the market offering global, entry level desktops on multi tenanted environments at seriously cost-effective price points per user.
These days RDP has evolved into Azure Hosted Desktops that will also run on any instance of Windows Server within AWS etc., Citrix has a self-maintained hosted desktop environment on its own infrastructure and VMware Horizon will run on practically anything within reason.
In the early years, many IT support companies became players in the market and were either partnering up with dedicated Hosted Desktop providers or morphing their own businesses into providing their own platforms. Their principle idea was to establish 1000’s of client seats (virtual desktops) in the business, making them more attractive for sale. I think this merry dance is still going on today; last year a reputable Hosted Desktop provider sold out to another, transferring its assets well in excess of 3000 seats to the new and now much larger provider.
If you are in the market to implement a virtual desktop infrastructure and buy a solution off the shelf, there are a few questions that should be crossing your mind:1. Is the solution multi-tenant or, in other words, a shared populated server environment?
a. If Yes you might want to question further the technical challenges and possible breaches of security that can take place when upgrades to server software or Change Control take place. Has the patch been tested in Development before being run in Live Production?
b. Sure, a Hosted Desktop provider will argue that their software, if run properly, isolates all user data and settings info from each other. However, there is always the potential for human carelessness or error. For instance, a Server Admin can mistakenly implement a security policy that affects all users of the service but actually contravenes the policies or rules that some customers need to abide by. By simply double-clicking the ‘C’ drive on a hosted desktop environment, I have been able to see all directories on an organisation’s server, including all the other companies. I could not access them but could see them and I’m sure that if I had a devious mind that there would have been a way round that. I found out later that the server hadn’t been configured correctly and after I mentioned the problem it was quickly fixed.
c. Another thing to consider is that you probably aren’t sitting on a CIS approved hardened server environment to mitigate the most common data breaches.
d. The server environment may not like your flavour of database or ERP system, so would then possibly limit you to an inferior Tech path. Also, within this, if you are forced to change technologies you will have all the engineering investment transforming legacy to the new technology which can impact a business massively.
e. As a shared server environment gets populated, they get far more complex to manage and maintain offering up the greater risk for human error and further data breaches. We have all read about Facebook and the like leaking data and leaving vulnerabilities unchecked, and it is the same for much larger multi-tenant environments.
i. Having said all that, I still think from personal experience and watching the market like a hawk for the many years now that if you are a small business of say 5 to 200 stakeholders then a shared server is definitely the way to go. The ease of set up, “out of the Box” scenario and the migration for the SME outweighs the development cost of setting up their own solution on say Azure or AWS.
ii. The consequences are stated above and you are limited to the applications you can run in this environment, unless you branch out to external CRM or ERP functions within a different cloud environment, but then you have more licensing and SLA’s to read over. iii. The fact is that in this Post-Covid world stakeholders will still need to work remotely and securely. The Remote desktop solution, even with the multi-tenant environment is a far more secure world than that of a remote VPN into a server somewhere in the office, having the ability to download sensitive company documents to a laptop that gets left on a train. Don’t get me started on Bit Locker, but if you haven’t installed it yet on your local machine yet - DO!!!. It’s one of the only things free from Microsoft and will save you a whole load of pain telling your CFO the company spreadsheet from hell with all the company accounts on is now open and in the wild.
2. If the path you take is to write your own platform, with help from an experienced MSP, the security aspect alone drives the deployment.
a. You gain the ability to run an MDM through the deployment.
b. Set up and configure your own firewall.
c. The ability to set up secure VM’s with CIS hardened templates for both AWS and Azure.
d. To run your own AD and be able to locate the servers in the country of origin, so having more compliance over GDPR etc.
e. The ability to add 2FA into the solution
f. To freedom to manage and maintain Change Control and Application Change Control, and scale with much more ease.
g. Run and manage your own Disaster Recovery policy and Backups.
h. Peace of mind that you are running on a dedicated VM environment and not sharing your data on the same physical server.
i. PEN testing and even real-time Vulnerability scans can be implemented along with a Security information and Event Management (SIEM) through providers like Splunk and widening out to a Managed Security Operation Center if cyber security is absolutely essential.
j. Offering even more security over the public internet with complete secure connectivity to your desktop environment with Software Defined Networks or SDWans.
k. Have a written security policy you can give to vendors for compliance etc.
Let's sum it up
If you are a large SME or small corporate then placing your environment within the Azure or AWS environment really makes perfect sense, and the management of this environment outsourced to the right MSP becomes ultra-secure and ultra-reliable. The management of the platform becomes much easier to maintain and thus engineering gremlins leading to data breaches become a thing of the past.
With both solutions your software licensing headaches go out of the window as both will be maintained by either the hosted desktop provider or the MSP. Network security will also be administered and documented, and you will have a completely backed up and written DR policy in place. Your stakeholders will be working in a world where all document handling will be away from their local machine and sitting on a more fit for purpose environment, security will be maintained and the best part is - they can work from anywhere.
I am reading more and more about “life after Covid-19 never being the same”. Clients are talking about never going back to the London Office, there is talk of employing staff overseas as companies are now shifting their business from a face-to-face model to Zoom call to Zoom call model. I think this is a little extreme for some businesses where, for instance, Barclays CEO Jes Staley classically stated “The notion of putting 7,000 people in a building may be a thing of the past.”, “I think people will rethink their real estate footprint.” and “We are going to think about our real estate mix, given the lessons that we’ve learned.” This followed the Internal IT department at Barclays setting up 60,000 employees working from their kitchen tables, with most on a hosted desktop environment I’m guessing. So basically, nothing changed in their working lives apart from the odd cat or small child inclusion on a zoom call. Funnily enough, Jes Staley has now stated that this might be a bit rash and has gone on the record as saying “But Barclays wants to get its people back into some offices.” and during the bank’s poor results announcement, he commented that it would, for example, maintain “a major presence in places like Canary Wharf”. “We do need to get people together physically, I think, to evolve and improve your culture and collaboration,” he added.
I bank with Lloyds and I recently had to do a little bit of telephone banking. After the initial call, we got chatting about security and working from home. The phone operator happily told me that they had to work within a locked spare room, and had a security webcam installed and pointed at her screen but apart from that, nothing had changed. The VDI or Virtual Desktop Infrastructure solution she logged into in the tower she normally sat in was identical. She even told me her quality of life had got better as she could have lunch with her husband and children and go for a walk in the evening, where before she would be commuting on a busy train. Plus, there were all the cost savings on transport and the expensive coffee habit we tend to acquire at work.
Hosted Desktops are becoming the new norm in working from home but I still think people will be back in the office for a few days a week just because I feel that face to face collaboration is key to a healthy company. So, make sure you choose your platform carefully. Always get a demo of the infrastructure you are connecting to, there are many out there and some are a lot better than others. And if you ever need any professional advice - obviously don’t hesitate to email me on firstname.lastname@example.org or alternatively call my DDI on 0330 127 1877. Here’s to next time!