The market for virtual desktops is a hot topic right now and the maturing VDI offerings are starting to challenge business’s traditional views of the PC. However, there is a great deal of debate and some confusion around how best to use VDI and for which users it is best suited. Robin Tapp, CEO of Molten Technologies, shares his view that one size will absolutely not fit all.
There is a wide and possibly confusing range of technologies in the virtual desktop space from application virtualisation, through terminal services to full-fat VDI with a virtual machine dedicated to each user. There is also a rapidly expanding range of physical access devices from thin (or even zero) clients to iPads, Androids, netbooks and thick-clients. There is an even more mind-boggling range of different types of business users out there today. Matching all these moving parts for the best business outcome remains something of a dark art, with lots of entrenched views and some misinformation.
The following illustrates the rich diversity and some of the challenges and opportunities out there with a smattering of my point of view on how the market is starting to solve this pan-dimensional puzzle. I will build this out over the next few weeks, so the list will grow. Watch this space:-
Third parties and contractors to whom you currently give laptops
This is usually one of the first use-cases that comes to mind. There is something physiologically hard about giving a consultant or contractor a laptop when you are paying more than your in-house staff and they clearly have access to their own device already. However, many enterprises want to keep these untrusted devices out of their network and they want to give the individuals access to their data and/or applications. How else to give this access securely? A virtual desktop is an ideal answer because it allows secure access from a range of untrusted devices and does a solid job of keeping the untrusted devices out of the network. There are potential operational run cost savings, particularly when you remove the need to buy any hardware for these users at all. However, the ability to disable the desktop the instant the third party is no longer employed is an absolute winner. They cannot walk away with your data or your asset. Case closed.
Third parties to whom you currently send information
This is an interesting and fairly sophisticated spin on the above; if a business suggests this then it is always an indicator to me that they really “get it”. This is entirely an IP and data security play, rather than anything around accessibility or operational cost saving. We call this the “private data universe” concept. The idea builds on the recognition that a virtual desktop inside the enterprise network is under enterprise control and is relatively easy to lock down limiting data access, applications and even copy and paste functions. Therefore, it becomes possible to create a virtual desktop for a third party, giving them access to the data and applications they need to do their job, but preventing them from removing anything from the corporate network. To do this, the desktop needs to contain only those applications necessary for the third party to do their job. They already have email and Internet capabilities on their own machines, so there is frequently no need to include them. For example, an overseas development team might be given virtual desktops without email, internet or copy/paste functions outside of the desktop, but containing code design and development tools and sufficient collaboration tools within the team to allow them to work inside that space. They can never remove any data from the network, so when individuals leave, the IP is safe and so it is when the third party organisation completes its job or is replaced. I often use the analogy of remote control mechanical arms being used to handle nuclear material. The arms can reach into the nuclear container and manipulate the hazardous material, but the operator cannot remove nuclear material or contaminate it. I think we are going to see a lot more of this sort of virtual desktop use.
Third party task workers
The security, IP and operational benefits of virtualisation for third parties still apply to task workers, however the technology may change depending on the nature of the applications they are accessing and whether they need desktop functionality. If the task workers are accessing a small number of applications and they can be easily virtualised, then it may be cheaper to use application virtualisation rather than virtualising the whole desktop. However, there can be compatibility issues to consider, so even with only a couple of applications, it may also be worth considering terminal services or a virtual desktop running Linux (because he price of Windows full OS for each user is likely to be a deal-breaker unless the users specifically need the functionality it brings). Once you have established where you stand from an application compatibility point of view, the technology choice here is all about the business case, so shop around and find the most cost effective answer that does the job.
Bring your own (BYO) computing is an attractive goal to many businesses who want to allow their employees the flexibility and freedom to use their own machines without taking on the complexity of managing and securing the tidal-wave of consumer device-diversity. The Daasler has written before about the importance of enabling your staff and allowing device choice (see “It’s all about the people”) and virtual desktops is rapidly becoming the default solution in this space. We are typically seeing BYO associated with knowledge rather than task workers, so full-fat VDI (with a virtual machine dedicated to each user) becomes an obvious choice for it’s broad compatibility and full-desktop experience.
The travelling executive (or roaming knowledge worker)
This is a hotly debated area with the term “off-line” raising it’s head frequently. The virtual desktop nay-sayers have, for a number of years, used this as a killer argument in favour of laptops over virtual desktops; “but will it work on a plane?”. Let me make two things absolutely clear up-front:-
- It is technically possible to draw your VDI desktop down onto a laptop and use it off-line. There are a number of technologies that support this, it is a complex area, rarely seamless to the end user and may force you into technology choices that you would otherwise have done differently, but it is available now.
- Drawing a virtual desktop down onto a laptop often negates the reason for moving to VDI in the first place. The data and applications are now back on the device, outside the corporate environment and can be lost, stolen or hacked. The business case is unlikely to create much of an operational saving in this case because of the complexity of this solution and the need for full-fat client hardware (which then requires support). The virtual desktop is no longer accessible from any device, it is on the laptop. Remind me, why did we go virtual again?
In my humble opinion, most travelling executives and knowledge workers working off-line really only need to read emails, draft replies, make notes, access their diary and access their contacts. These capabilities can be provided on a much thinner device than a laptop (e.g. An Android phone or iPad). VDI works fine over a good 3G signal, so connectivity is rapidly becoming sufficiently ubiquitous that few people genuinely need to work off-line. The travelling executive can work on-line at home, at the airport and in their hotel. We need to be careful to avoid sweeping generalisations here; some people do genuinely need to work off-line, but this group is smaller than it thinks it is.
Call centre staff
Call centres have some specific needs that warrant detailed consideration and, to make matters more complicated, they may also be outsourced, involve contractors or even an element of home-working. This really is a case of finding an answer that fits your specific need. However, as that is a monumental cop-out, I will pick out some considerations.
Telephony integration is typically one of the first areas for consideration and rightly so, it is a call-centre after all. Depending on the applications being run and their age, they may be integrated into the telephony system in a number of ways and it is possible that this will tie them down via an IP address or even a physical location. For example, I have seen hardwired integration on the desk between the PC and the phone. This can make a move to any sort of desktop virtualisation a challenge and the business-case may need to allow for development in this area. There are circumstances, on the other hand, where the integration is managed at the back-end and the users log-on to each desk-phone such that moving to a thin-client environment would have no impact whatsoever. Typically, when an organisation is considering thin-clients in the call-centre, it also looks at providing IP Telephony at the same time (if not already implemented). This will almost certainly enhance the overall business case for the change as long as you bear in mind that some virtualisation technologies, such as RDP, work poorly with two-way voice communications. All of these things are solvable, but may add cost. One recent client is implementing an innovative solution that uses mobile telephony integration to place an out-going call (or route an incoming one) at the same time as calling the operator’s corporate mobile phone linking the two together, which is actually pretty cool as long as you have great signal and enough lines.
“Do they actually need a desktop?” is the next consideration that I would recommend. If your call-centre staff use a single application and it is easily virtualisable, then it may make economic sense to go with virtualisation at the application level. If they use a limited set of applications that don’t contend, then terminal services may be an answer. Full-fat VDI with a dedicated virtual machine per user will be necessary if they use multiple applications that do content under terminal services or where the cost of several application virtualisation efforts exceeds that of virtualising the desktop. The latter will be impacted by the cost of Windows for each desktop (particularly if you need VDA licensing). It may still prove worthwhile, but virtualising a Linux desktop can help.
Real-time traders are a very demanding group of PC users for whom hundredths of a second are potentially worth a great deal of money. They can be among the most valuable staff in a business and they typically work in a highly regulated environment. Let me come right out and say up-front that I have yet to see a fully-virtualised desktop trading environment, so for those of you reading this thinking “no way”, you are right, at least for now. However, there are several organisations looking seriously at this area and I am convinced that we will see full-fat VDI in a real-time trading environment in the next twelve months. The three buzz-words are “performance”, “regulation” and “continuity”.
Trading rooms today often have several large PCs (or even servers) under each trader’s desk seeking maximum performance. A carefully tuned VDI service running in the same data-centre as their applications has the potential to deliver substantially increased performance as the virtual machine will be running on server hardware with much higher potential memory and processing than could reasonably be housed at the desktop (where space, noise, cooling and power will all eventually become limiting factors) with almost no back-end latency. There is latency from the data-centre to the trader, but frankly that was always there; it has just moved from back-end (in the PC model) to front-end (from the VDI service to the trader’s screen). The fact that this, typically small, latency is now only carrying a tempting protocol and therefore likely less data than in the back-end model, may actually prove a performance advantage.
Most real-time trading environments are now heavily regulated, with not only trades, but typically every communication from email to the telephone being recorded. The ability to keep the desktop infrastructure locked-down and physically removed from the traders is potentially attractive and offers a level of control that is tough (although not impossible) to achieve with a physical PC. I was once privileged to know an excellent and very practical-minded operational technologist working for a very large enterprise, who made a bit of a name for himself when he decided that it was easier to pour super-glue into the USB ports on the company PCs than it was to try to soft lock them down or delete them from the order.
Business continuity is critical for real-time traders as even a few minutes of down-time can cost them large amounts of money. Needless to say, a virtual desktop can be delivered on a high-availability physical architecture, so that no single point of failure can bring the system down (which you do not get with a PC architecture).