It’s Halloween, and what could be more appropriate than dressing in some ghoulish garb, and trick-or-treating the neighborhood? This year I thought I’d go as a VDI virtual desktop. I encased myself in a getup looking like an old TV, and then planned to magically unfurl a picture of a Windows 7 desktop on the front, to spook the neighbors (many of whom work for Microsoft), illustrating a key value prop of VDI. Taking a leap of faith, I thought that that out on the streets where I’d have no pesky firewall seeking drop all UDP, I might be able to make use of PCoIP. But I was disappointed – my desktop kept falling off, and when it did work, one neighbor asked if I was trying to look like Windows XP. So I decided instead to highlight the benefits of an SSL VPN for desktop delivery using a red string to attach me to my house. But I quickly found that each time I turned a corner, I had to reconnect. And in a final coup de grace, my VPN connection was seized by a neighbor’s dog, who wound it and me around a tree.
I retired to the deck to hand out candy to the ghouls and ghosts of the neighborhood, still determined to work out where VDI makes sense. I recalled some examples of extremely beneficial VDI deployments that I have encountered in my visits to customers world-wide:
- Large software development house in China: The employers don’t trust the employees with locally cached source code on their machines. Moreover, developer desktops are a great example of a user category that demands a full desktop and custom apps. Finally, as developers move between project teams they can simply move to another thin terminal rather than have to lug their PC along with them.
- Japanese manufacturer with offshore workers: Moving software development and traditional back-end processes to an offshore location in Asia, this vendor cut costs enormously and managed to grow faster because it had been unable to find enough highly skilled workers in Japan. VDI based desktops for specific high-skill tasks made most sense, with the desktops being delivered over a high capacity dedicated link to an office offshore. No company IP is ever local to the employees in the remote office.
- Banking Support: Credit card company used a hot-desking workforce running 3×8 hour shifts in India. Office space rented from a third party, with no ability to install traditional bump-in-the-wire network devices, or enforce corporate policies. All they could do was terminate a dedicated link at a router shared by all tenants. At the end of each shift a new user takes the seat in front of the support desktop. No new log-in, just a new user at the keyboard.
- F50 Bank: The traders are allowed to trade on the 4th floor, where traders work, but not on the 5th, where the bankers work. If a trader logs on from the 5th floor, he gets a generic “surf the intranet” desktop, but none of his trading apps. Again, a great example of the need for a customized desktop/app experience for the user, and excruciating control. Oh, and all web browsing has to hit an internal proxy first, where policies related to trustworthy external sites are enforced. Gmail is not on the list of valid external sites – so the only way to access personal mail while at work is on your personal device, and a carrier network. All desktop and app access is logged for compliance. There are no rich clients, and in emergencies, users are permitted to access their VDI desktops from home (though they dislike this, in case a key logger has been installed on a home PC).
- F50 Bank (another one): Different banking groups are on different, isolated networks. The network management console for administering the internal network is hosted on a VDI based desktop that has access to all networks, and that can only be accessed from a specific internal thin client device associated with a named administrator. All accesses are logged for compliance.
The common themes are these:
- The user must be connected “by default”, and preferably on a decent network
- She is typically a power-user, with custom apps and a need for a full desktop
- The enterprise needs extraordinary control over the user’s activity to limit/empower them and to meet regulatory requirements.