Over the last decade many enterprises have tinkered with Virtual Desktop Infrastructure (VDI) as an alternative to PCs. A VDI user accesses a remote, virtualized Windows desktop OS delivered “as a service” from the enterprise datacenter or service provider to a PC/Mac, thin client, Chromebook or a tablet. But there’s another model for virtual desktops – one that is more secure, lower cost, and fully empowers the user: A Windows 10 PC or tablet, coupled to the cloud. The “virtual” bit here is the virtualization of data and cloud app access, and the use of virtualization on the client device, for security
VDI is promoted as the best solution for IT teams facing desktop challenges: All VDI desktops boot from the same “gold” OS, so there’s only one image to patch; Data (emails, files, documents) are centrally stored; and users can access their applications and data from many devices, including personal gear. But though it offers benefits in compliance, VDI is at best a partial solution:
- Though it seems secure – it does help a bit – VDI isn’t a security solution: Users will still click on bad things in their virtual desktop; moreover today’s VDI-aware malware persists across patching, rebuilds and reboots; and the session is only as secure as the access device – a compromised Bring Your Own (BYO) PC can steal login credentials and data. There are two endpoints to secure – the VDI desktop and the user device.
- VDI brings real costs: Servers, virtual infrastructure to run the desktop; additional license costs; data center space, power and cooling; and tons of infrastructure complexity – there are more things that can go wrong.
- The end-user experience, whilst good, is not perfect. It is still a challenge to deliver video and real-time media to a VDI user, and techniques like flash-redirect can be exploited as security holes.
But the idea of EUC tightly coupled with the cloud is spot on. Re-thinking the model slightly delivers a desktop that is manageable, secure and compliant, and that users will love. Windows 10 on a PC, tightly coupled with a cloud service such as Office 365 with SkyDrive is the perfect virtual desktop. What’s more, it is the lowest cost EUC solution.
Let’s peel the onion back slowly. Local execution is what users want – for personal and corporate apps, and in particular media rich experiences. Remoting protocols are fine for truly legacy applications. A Windows 10 device that is coupled to the cloud using SkyDrive, Box or even Citrix ShareFile keeps data centralized and backed up, but gives the user maximum freedom for offline access. Virtualizing data access is a more powerful concept than virtualizing and remoting execution. And powerful SaaS apps – such as Office 365 – offer richer functionality when you’re online, but are powerful and productive when you’re not.
But we aren’t done: Windows 10 with Virtual Secure Mode (virtualization security) uses virtualization locally to make the endpoint much more secure – with a secure boot process and protected credential store. Windows as a Service ensures that devices are always patched, enabling IT teams to get out of patching – forever. Windows 10 also offers built-in data loss protection (DLP) that can help ensure that files cached locally cannot be inappropriately accessed – again making use of the cloud: Azure AD. This gives IT the opportunity to get out of running their AD system too.
The delivery of end user computing and applications as a service – the original motivation for VDI – is superior when the applications in the cloud deliver more value than local applications do. Office 365, with Office Graph and its tight coupling to the core productivity suite, delivers far more value to end users than simply running local versions of the traditional fat Win32 applications, but when you’re offline local apps still work great.
Finally, the integrated Enterprise Mobility Management (EMM) capabilities in Windows 10 (offered in the Microsoft EMS suite) give enterprises the ability to manage Windows 10 devices with the granularity and precision that they expect for their iPads and smartphones. Encrypted at rest, remotely wiped if lost, and easy provisioning of next-gen universal apps that are vastly more secure.
There will always be legacy applications that need to be delivered to users. RDSH is a proven way to do this. Windows 10, and Office 365, with EMS, address enterprise EUC challenges with a solution that users want. Add virtualization or micro-virtualization to the client device for security to achieve a solution that is local, touchable, zippy; more secure and manageable; and that uses cloud services for management, security and to deliver a more compelling set of EUC services.