Managing and securing end-user devices is becoming more challenging every day. IT departments are expected to support diverse groups of workers ranging from those in remote offices with desktops running various operating systems to mobile workers with an array of personal devices.
Some organizations are turning to virtualized desktops to gain greater control of these fixed and mobile systems and provide greater access to business applications.
One approach implements a virtual desktop infrastructure (VDI) within an existing data center. This entails deploying a large number of servers, virtualization software and additional network infrastructure. Although promising, this tactic has its own implementation and management challenges.
Consequently, instead of building their own infrastructure, some businesses are turning to Desktop as a Service (DaaS) to deploy virtualized desktops. DaaS is a cloud-based VDI service that allows companies to subscribe to desktop virtualization much as they would other cloud services.
The advantages of DaaS parallel those of other Software as a Service (SaaS) offerings: DaaS customers avoid substantial capital expenditures and don’t have to maintain staff to support additional hardware and network infrastructure.
DaaS also has the potential to cut costs for desktop support and bolster information security systems. Follow these best practices to realize that potential.
Not surprisingly, planning is a key first step to a successful DaaS deployment. Start by identifying user groups according to the virtual resources they’ll require. Some users run computationally demanding applications that need multiple CPUs and large amounts of RAM, while those who work primarily with collaboration and common personal productivity tools can do well with minimally configured virtual desktops. Once these user types are defined, and the associated resources and number of each type of user is determined, DaaS costs can be estimated.
Next, decide which type of virtualized desktop — persistent, session or application — is needed.
A persistent desktop, which is most like the personal desktops employees are accustomed to, saves the state of a desktop between sessions. It provides some degree of end-user customization, and because state information is preserved, some form of a desktop snapshot is stored persistently. Storage costs vary with the number of persistent desktops, so consider limiting their use to only those users with well-defined requirements for this feature.
Session-based desktops do not save state information. Instead, a default configuration is provided to users each time they log in. This virtualized desktop type has the advantage of reduced storage requirements because desktop snapshots are not saved. When a user finishes with a virtualized desktop, it can be returned to a pool of virtual machines that are shared among multiple users.
Sometimes a user may need access to a particular application but not a full desktop. In this case, a virtualized application may be the best option; for example, a legacy enterprise application designed for a client server environment that needs to be made available to employees using tablets. Rather than design and develop a mobile app, IT could provide access to the legacy software program as a virtualized application.
It may be possible to use current infrastructure to help keep DaaS costs down. IT staff may be able to establish a virtual private network (VPN) between virtual desktops and internal networks, allowing users to store files on existing network file servers instead of in the cloud. An enterprise Active Directory is also a valuable resource that should be used when deploying DaaS. If the Active Directory has been built over several years, IT probably has a substantial amount of information about users, resources and access controls, which will make it easier to define and implement security controls.
Desktop migrations can be time-consuming and challenging, no matter what type of migration is being performed. So consider combining migrations; for example, upgrading from older versions of Windows while transitioning to virtualized desktops. Because there are risks with any migration (such as losing end-user data or leaving a user with a nonfunctional device for a period of time), developing a risk mitigation plan before starting is essential.
Moving to DaaS provides an opportunity to review software-licensing strategies to ensure compliance and possibly reduce costs. A compliance review should be first and foremost because the different types of DaaS virtualized desktops (persistent, session and application) may require different types of licenses. Some software vendors may restrict the use of their software in a cloud environment, so it is prudent to review license details as part of DaaS migration planning.
Deploying DaaS instead of conventional, dedicated desktops offers many advantages to both IT administrators and end users. For IT, reduced maintenance costs and improved security come with centrally managed, consistently deployed virtual desktops. End users gain the ability to access their desktop from multiple devices. This saves them from ad hoc and potentially insecure practices such as emailing work documents to themselves so they can access them from their personal tablets or notebooks.