Virtual desktop infrastructure can reduce the administrative and management headaches introduced by user-owned devices in the enterprise, but network connectivity and device compatibility may present problems.
Bring your own device (BYOD) policies can allow employees to use devices that do not belong to the company -- but under IT rules and supervision. Still, IT departments have struggled to find the best ways to exert that control and centrally manage BYOD devices. Could VDI be one way to improve BYOD management?
Simplifying BYOD management
VDI enables sensitive applications and data to live in the data center where they can be centrally protected and managed. In general, users get a desktop that they can customize and use like it is their own PC, but they control the virtual desktop from a thin client at their desk. When VDI is done well, the user neither knows nor cares where his desktop VM runs or how it is assembled.
This approach can also be applied to mobile devices, with a mobile device in place of the thin client. The device then allows the desktop to be accessed from anywhere with a network connection. Staff can use various devices in different places to remotely access the same data and applications in the data center.
Still, IT must also contend with performance, usability and licensing issues, so the decision to provide users with access to virtual desktops through their devices should not be taken lightly. Nonetheless, combined with a well-planned BYOD policy, VDI can prevent users from taking IT into their own hands and putting the organization at risk.
VDI benefits for BYOD
If used properly, VDI can help manage mobile devices by delivering a full suite of company applications and data to an employee-owned device, without having to modify existing applications or expose sensitive information.
The first benefit of keeping the desktop inside the data center is improved security. Rather than the device becoming an uncontrolled security time bomb full of sensitive company information, it's simply an entry point to unmodified applications and data that reside in the data center. The virtual desktop continues to be the place where information is protected from disclosure and loss.
Confining data and applications in one place can also streamline the licensing process in some cases, and reduce the licensing liability risks that can accompany BYOD management. It can also help meet a company's backup, recovery and compliance needs by preventing employees from storing unique company data on their devices and in cloud-based applications.
All these attributes contribute to another key benefit of using VDI for BYOD: easier management for the IT department. IT doesn't need to manage a whole lot of devices, which allows it to focus on managing the data and applications inside the firewall and, even better, inside the data center. Since any device with a VDI client can be used, employees gain flexibility without creating friction with IT or risks for the organization. With more secure options for getting work done remotely, there are productivity benefits for both IT and users.
Potential downsides to using VDI for BYOD
While VDI reduces security and compliance risks and can remove the need for IT to manage disparate devices, there are two major drawbacks to using VDI as a BYOD tool. First, VDI works only with a network connection -- preferably a strong one. Second, desktop user interfaces may not be compatible with every device.
More on BYOD management
How data access control improves BYOD security
Simplifying device management with VDI and BYOD
Challenges of using View 5 for BYOD management
Since a VDI client -- whether it's a traditional thin client or a mobile device -- is simply a way to access the virtual machine, there needs to be a network connection between the VDI client and the desktop. Most products have some sort of over-the-Internet transport using Secure Sockets Layer (SSL) for encryption; these allow secure access to the virtual desktop from the Internet or any other untrusted network.
The speed and latency of that network can become an issue on the user end, as all screen updates must move over the network, and a slow network can make the virtual desktop slow to update its screen. Slowness is most often visible with mobile networks, although newer networks like LTE are raising the standard. In rural areas with 3G networks, staff are more likely to experience patchy coverage or reduced speed, leading to difficulties accessing their virtual desktop.
Some VDI products enable downloading the VM from the data center to a user's laptop and running the virtual machine on the laptop, removing the need for network access. But these offline VDI technologies are not recommended, especially for BYOD, since they remove the benefit of keeping applications and data inside the data center. Moreover, they usually don't work with Apple laptops or with most tablets and smartphones. In cases where connectivity is a problem, it usually makes more sense to give staff members a corporate-built laptop than to allow them to use their own device for work.
The other major obstacle to using VDI to facilitate BYOD management is that putting a modern desktop operating system onto a small handheld device or a device designed for touch is a real challenge. The issue is that most desktop operating systems are designed for a WIMP (Windows, Icons, Mouse, Pointer) interface. Tablets and smartphones don't have W, M or P -- instead, they have full screen applications and typically use touch. Whether this translation works for your staff depends largely on their purposes for using the VDI desktop and where they plan to use a mobile device.
Using a touch device as a VDI client may prove surprisingly useful with support from newer desktop operating systems and VDI client releases, but your VDI mileage will vary. Testing by real users and the real devices they will use is important in deciding if VDI should become part of your organization's BYOD policy.