The VDI skeptics firmly believe that business comes first, not technology. While they feel that VDI technologies are undeniably cool, they don’t necessarily believe that they offer true value to a lot of the businesses that pursue them. In this series of articles, the skeptics outline their arguments for and against various VDI technologies, helping you focus on what your business actually needs — not on what vendors want to sell.
One of the hardest parts of our job as IT consultants is helping clients realize that the path they choose isn’t the path they really want, even when that path has little to do with meeting one’s annual goals. Right now, everybody wants to jump on the VDI bandwagon.
In our visits with clients, we get to hear all the reasons why virtual desktop infrastructure (VDI) is the answer to their problems. In many cases, we get the giddy opportunity to explain in clear English (and not a small amount of mathematics) why a range of simpler alternatives is likely to solve their problem better.
Here are three reasons for choosing VDI that we hear all the time:
1. “We need to provide desktops to users when they’re out of the office.”
We hear this first reason most often, and it’s a very valid requirement for today’s not-always-in-the-office workforce. A desktop that’s accessible from anywhere with an Internet connection enables employees to connect from … well … anywhere. Yet desktop virtualization represents only one of many different mechanisms to achieve this.
The most obvious — and significantly lighter-weight — alternative is Remote Desktop Services (RDS) or Citrix XenApp. Using either of these products, a desktop full of applications can be easily transmitted anywhere with an Internet connection. Many businesses want to give their employees full desktop access. This access used to be difficult to lock down because you’re effectively giving the person a server desktop and not a Windows 7 desktop. But you can use policy controls in both products today to lock down any published desktop to just the applications you’ve specifically allowed.
2. “Yes, but our applications don’t run on RDS or XenApp.”
This comment represents another reason why our clients believe that VDI must be the answer. Indeed, some applications experience problems when run atop RDS and XenApp. Some won’t install. Others inappropriately store data in computer-specific locations as opposed to user-specific locations. Even others won’t run on a server operating system. Yet, in our experience, most of these incompatible applications reflect more on the admins than on the apps themselves.
Apps with hard-coded IP requirements are now supported in both platforms. Those that require peripherals do very well in RDS and even better in XenApp. Redirection policies in either enable registry and file writes to be transparently relocated to the correct location if an app attempts to send it to the wrong one. Microsoft itself has finally codified its formal workflow for fixing incompatible applications through a combination of the RDS Application Analyzer and the Application Compatibility Toolkit. Yes, there will always be apps that will never run atop a session-virtualization system, but they become rarer and rarer almost daily.
3. “Our applications require users have administrative privileges.”
A third tactic (once the first two fail) commonly involves invoking the administrator boogeyman. For some, RDS and XenApp can’t work because neither can deliver elevated privileges to otherwise nonelevated people.
Some applications absolutely require administrative privileges in order to run. Yet it’s important to remember that administrative privileges and administrator privileges are two very different things.
These applications at their core require some portion of themselves to be labeled with administrative privileges. Perhaps that portion is a file or folder, a registry key, or the registration of a Dynamic Link Library, device or service. Virtually all of these “needs for admin” can be eliminated via an array of privilege-management products. Offerings from Viewfinity, BeyondTrust and others can break the “person as administrator” notion into a more granular collection of people, potential actions and policies, and it becomes possible to elevate a specific application without elevating the whole person.
So, here are three more strikes in our continued skepticism of VDI. As we’ve said before, we believe that use cases indeed exist for virtual desktops. We also believe that those use cases are far rarer than virtualization vendors would have you think.