Pros and cons of using VDI for BYOD management

Virtual desktop infrastructure eases the stress of managing employee-owned devices in the enterprise, but beware connectivity and compatibility snags.

Virtual desktop infrastructure can reduce the administrative and management headaches introduced by user-owned...

devices in the enterprise, but network connectivity and device compatibility may present problems.

Bring your own device (BYOD) policies can allow employees to use devices that do not belong to the company -- but under IT rules and supervision. Still, IT departments have struggled to find the best ways to exert that control and centrally manage BYOD devices. Could VDI be one way to improve BYOD management?

Simplifying BYOD management

VDI enables sensitive applications and data to live in the data center where they can be centrally protected and managed. In general, users get a desktop that they can customize and use like it is their own PC, but they control the virtual desktop from a thin client at their desk. When VDI is done well, the user neither knows nor cares where his desktop VM runs or how it is assembled.

This approach can also be applied to mobile devices, with a mobile device in place of the thin client. The device then allows the desktop to be accessed from anywhere with a network connection. Staff can use various devices in different places to remotely access the same data and applications in the data center.

Still, IT must also contend with performance, usability and licensing issues, so the decision to provide users with access to virtual desktops through their devices should not be taken lightly. Nonetheless, combined with a well-planned BYOD policy, VDI can prevent users from taking IT into their own hands and putting the organization at risk.

VDI benefits for BYOD

If used properly, VDI can help manage mobile devices by delivering a full suite of company applications and data to an employee-owned device, without having to modify existing applications or expose sensitive information.

The first benefit of keeping the desktop inside the data center is improved security. Rather than the device becoming an uncontrolled security time bomb full of sensitive company information, it's simply an entry point to unmodified applications and data that reside in the data center. The virtual desktop continues to be the place where information is protected from disclosure and loss.

Confining data and applications in one place can also streamline the licensing process in some cases, and reduce the licensing liability risks that can accompany BYOD management. It can also help meet a company's backup, recovery and compliance needs by preventing employees from storing unique company data on their devices and in cloud-based applications.

All these attributes contribute to another key benefit of using VDI for BYOD: easier management for the IT department. IT doesn't need to manage a whole lot of devices, which allows it to focus on managing the data and applications inside the firewall and, even better, inside the data center. Since any device with a VDI client can be used, employees gain flexibility without creating friction with IT or risks for the organization. With more secure options for getting work done remotely, there are productivity benefits for both IT and users.

Potential downsides to using VDI for BYOD

While VDI reduces security and compliance risks and can remove the need for IT to manage disparate devices, there are two major drawbacks to using VDI as a BYOD tool. First, VDI works only with a network connection -- preferably a strong one. Second, desktop user interfaces may not be compatible with every device.

More on BYOD management

How data access control improves BYOD security

Simplifying device management with VDI and BYOD

Challenges of using View 5 for BYOD management

Since a VDI client -- whether it's a traditional thin client or a mobile device -- is simply a way to access the virtual machine, there needs to be a network connection between the VDI client and the desktop. Most products have some sort of over-the-Internet transport using Secure Sockets Layer (SSL) for encryption; these allow secure access to the virtual desktop from the Internet or any other untrusted network.

The speed and latency of that network can become an issue on the user end, as all screen updates must move over the network, and a slow network can make the virtual desktop slow to update its screen. Slowness is most often visible with mobile networks, although newer networks like LTE are raising the standard. In rural areas with 3G networks, staff are more likely to experience patchy coverage or reduced speed, leading to difficulties accessing their virtual desktop.

Some VDI products enable downloading the VM from the data center to a user's laptop and running the virtual machine on the laptop, removing the need for network access. But these offline VDI technologies are not recommended, especially for BYOD, since they remove the benefit of keeping applications and data inside the data center. Moreover, they usually don't work with Apple laptops or with most tablets and smartphones. In cases where connectivity is a problem, it usually makes more sense to give staff members a corporate-built laptop than to allow them to use their own device for work.

The other major obstacle to using VDI to facilitate BYOD management is that putting a modern desktop operating system onto a small handheld device or a device designed for touch is a real challenge. The issue is that most desktop operating systems are designed for a WIMP (Windows, Icons, Mouse, Pointer) interface. Tablets and smartphones don't have W, M or P -- instead, they have full screen applications and typically use touch. Whether this translation works for your staff depends largely on their purposes for using the VDI desktop and where they plan to use a mobile device.

Using a touch device as a VDI client may prove surprisingly useful with support from newer desktop operating systems and VDI client releases, but your VDI mileage will vary. Testing by real users and the real devices they will use is important in deciding if VDI should become part of your organization's BYOD policy.

This was last published in September 2013

Dig Deeper on Virtual desktop infrastructure and architecture

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

8 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

How would you use VDI to help manage BYOD?
Cancel
Because of the lesser burden on mgmt of devices, easier admin and increased security
Cancel
In my organization many people want ipads and then don't realize that they can do what a laptop or even a windows tablet does, such as the control over network resources(files), they want a solution to the money they have spent. We are using Citrix Access Gateway to get to the outside and it simplifies the need for the VPN connection as well as allowing access to the application published for the user. while it might be difficult at times to not have a pointer and mouse, I have addressed that purchasing by Bluetooth Mouse. Which works pretty seamlessly. I have used it on a really slow network and was able to function well for the most part. Can't help for complete loss of the network
Cancel
to protect company network.
Cancel
What is you wanted to have your cake and eat it too?

Want a solution that gives you all the security of VDI (and more!) but is mobile form factor aware, highly performant and touch/gesture enabled?

Then check out Armor5, a provider of 'Mobile Virtualization' at http://www.armor5.com and be pleasantly surprised.
Cancel
That's cheap
Cancel
Why do you even suggest putting a modern desktop OS on a mobile device? That completely contradicts the VDI model.

Client software for mobile devices has been common for several years now, and the best solutions -- let's say from VMware -- provide both access to a virtual desktop from mobile devices and access to specific apps hosted in the data center (think "Horizon Workspace").

Neither VDI nor access to controlled apps requires a local operating system, and both maintain the traditional VDI benefits of using a stateless device (or, for BYOD, what amounts to a stateless partition), so that data isn't lost or compromised.

Otherwise, nice article!
Cancel
The right answer to this question isn't simply Yes or No. It depends which devices are included in BYOD and which VDI you're using.

There are still some places -- let's say the NSA (haha, cough!) -- where BYOD probably isn't a good idea. See http://www.vmware.com/files/pdf/techpaper/vmware-horizon-view-byod-federal-secure-desktop.pdf for more on that topic.

A lot of attention has been given to MDM lately. It's often, if not always, best to manage devices centrally: vShield Endpoint for anti-virus and anti-malware management in the data center, Horizon Workspace for securely managed apps that display in a separate [layer|partition|area|choose your term] on the BYOD form factor, etc.

Plus, of course, a virtual desktop that can be accessed from a variety of devices, preferably but not necessarily a thin client. Even if you use your own, unmanaged MacBook Air, you access your VDI desktop remotely and don't store corporate data locally.
Cancel

-ADS BY GOOGLE

SearchEnterpriseDesktop

SearchServerVirtualization

SearchCloudComputing

SearchConsumerization

SearchVMware

Close