When I wear my IT hat, I like Virtual Desktop Infrastructure (VDI). With it you can easily and securely deploy complete desktops from servers to your users. Well, in theory, I like it. In practice, it's often another matter.
I was reminded of why VDI drives me crazy at times in an excellent review of VDI programs by Tom Henderson and Lars Johnson. They found multiple problems that I've gotten to know all too well over the years.
First, there's the eternal network bandwidth problem. When your users are in the office, with Gigabit Ethernet and sufficient 802.11n Wi-Fi, delivering a solid desktop experience is easy. But, when your workers are often on the road with three to five Mbps DSL connections or over-subscribed Wi-Fi access points, it's another story. More often than not, there's insufficient bandwidth to deliver a quality experience.
Next, let's suppose they do have enough bandwidth at the business hotel or conference center. Hey, it could happen! Then they must have a virtual private network (VPN) connection, and that's not always easy. In these days of bring-your-own-devices (BYOD), not all devices will work with your network's VPN protocol.
There are other VPN-like solutions. For example, you can use technologies like Microsoft’s DirectAccess to either give secured access over iPV6, or tunnelling packets through HTTPS. In some situatations, you can also use Microsoft’s Remote Desktop Protocol (RDP) over HTTPS using Remote Desktop Gateway as a broker.
My response to the secure nework problem? Either the staffers use the official VPN or they're not allowed on the corporate intranet -- whether they're using VDI or just checking e-mail. It's already too easy to break into networks without someone providing an expressway into the heart of my business.
Assortment of Windows licenses
Another problem that a lot of companies face is dealing with Microsoft's bewildering assortment of Windows licenses. As Henderson and Johnson point out, "100 non-persistent sessions could decrement the entire 100-license pool quickly and permanently until the problem is found and resolved." Been there, seen that, hated it.
In addition, with Windows 8, all Windows desktop licensing got a major overhaul, so don't think that just because you had VDI licensing mastered early last year that you're still in the clear this year. Even if you have a volume license for Windows, you must be certain to carefully check the new Windows virtual machine licensing (PDF Link).
The real bottom license with Windows licensing, virtual or conventional, is it all depends on the deal you cut with your Microsoft account rep or value-added reseller (VAR). For example, the Services Provider License Agreement (SPLA) model for service providers for public and off-premise private clouds are entirely different. If you don't make sure all you i's are dotted and t's are crossed, you could find find yourself in a world of hurt.
An eternal problem with VDI is that users love, love, love to customize their desktops. If you give them a persistent desktop that maintains their personalized settings, shortcuts, files programs and data, they'll love it. You, however, will have two problems.
First, the more stuff they add, the more storage it takes on the server. Even in these days when you can have a terabyte in your pocket, all that storage adds up. There are ways around the storage issue with templated shared images, session-based hosts, and disk depublication. Each VDI vendor handles these issues in a different manner so you need to check carefully into exactly what it is you're buying into and how that will effect your storage needs.
Another VDI annoyance is what I like to call the Monday morning 9 AM login storm. That's when everyone in the company all log into their virtual desktops at once and, bang, your server red-lines and everyone desktop stalls out. That, you can plan for, but other events, such as those all hands video-conferences, can also stall out your desktops.
All the VDI vendors are constantly working on the boot storm issue. Microsoft addresses it in Server 2012 with caching and by storing user profile settings in a User Profile Disk. (PDF Link) This stores user data in pooled or session-based virtual machines. Others recommend the use of solid-state drives (SSD) for their much better Input/Output Operations Per Second (IOPS).
If resources were free, you could just throw enough CPUs and RAM at this to make sure that your users aren't locked up. Alas, they're not. Few of us have the luxury of being able to build out an infrastructure that can handle an all-out VDI login storm. To deal with this, a cloud service might be ideal but I don't know of any production-ready VDI cloud solutions, aka Desktop as a Service (DaaS), that I can recommend at this time. Eventually, someone will eventually perfect it, but it hasn't happened yet.
Even with all these new ways of handling storms and limitless resources, VDI isn't really suitable for truly big remote desktop deployments. Fortunately, there's a VDI alternative: Session virtualization.
In session virtualization, instead of every user having their own virtual machine on the server, there's now centralized desktop installation that receives user keystrokes and pointer movements and returns each user's current display. The good news is that session virtualization requires far fewer resources than VDI. Quest, a division of Dell, estimates that session virtualization can be done at 25 percent of the cost of a full VDI deployment. The bad news is users can't typically install their own applications or personalize their desktops.
Finally, now, as ever, no VDI program works with every device that users will attach to their computers. In a related issue, no VDI package will work smoothly with everyone's display. In both cases there will always be some users with peripherals and graphics that don't work and play well with a virtual desktop.
That's truer now than ever before. We used only need to worry about 1024x768 interfaces vs. 800x600 and 640x480. Now, with users replacing their laptops with smartphones and tablets, there's an almost endless variety of possible display modes and endless headaches for system administrators.
The major vendors have come a long way towards dealing with this issue. For example, I've heard of at least one hospital using Citrix on iPads. Even now, as I, and Henderson and Johnson, have found, there's still enough incompabilities out there to keep some BYOD end-users irrate and their tech support techs busy.
So, what can you do about all this? Well, first, you need a best-of-breed VDI program. For Henderson and Johnson, that was Citrix's VDI-in-a-Box. I'd agree with that assessment. I've been recommending products to business CIOs and CTOs since the company introduced its Windows VDI program MetaFrame. Citrix knows VDI.
VDI, however, even with Citrix products, is never easy. That's why today if someone were to ask me if they should introduce a VDI system into their company I'd ask them a lot of questions. The gist of these would be "Do you have a strong enough IT staff and sufficient server resources to management a VDI rollout?"
If the answer is no, and it often is, I'd recommend looking into a constantly updated cloud desktop operating system, such as Google's Chrome OS, or software as a service (SaaS) applications such as Google Docs or Office 365. Leery of cloud services? Well, as James Kendrick recently observed, chances are you're already using them anyway.
If you answered yes, though, then I wish you good-luck. VDIs can work really well for some offices. Just never forget that even with the best of intentions, deploying and running a VDI is never easy.
- NComputing vSpace 7.1: A different approach to VDI for SMB
- Oracle to halt development of Sun virtualization technologies
- Session-based remote computing: The path of least resistance to mobile app transformation
- Nexenta virtual storage appliance for virtual desktops
- VDI visibility: The mean-time to innocence