BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Virtual desktop infrastructure (VDI) is a desktop virtualization technology wherein a desktop operating system, typically Microsoft Windows, runs and is managed in an on-premises or cloud data center. The virtual desktop image is delivered over a network to an endpoint device, which allows the user to interact with the operating system and its apps as if running locally. The endpoint may be a traditional PC, thin client device or a mobile device.
Presenting virtualized applications and desktops to users is universally referenced as end-user computing (EUC). The term VDI was originally coined by VMware and has since become a de facto technology acronym. While Windows-based VDI is the most common workload, Linux virtual desktops are also an option.
There are three key players in the VDI market: Citrix, Microsoft and VMware. Of these, Citrix's VDI product, Citrix Desktops (formerly XenDesktop) holds the largest market share, followed by VMware Horizon and subsequently Microsoft Remote Desktop Services (RDS). Citrix and Microsoft first came to market with virtualized apps and shared desktops based on server-based computing and subsequently offered VDI workloads based on workstation operating systems, whereas VMware initially launched VDI and then later offered virtualized apps.
In 2006, VDI was created under the VDI Alliances program, and VMware, Citrix and Microsoft subsequently developed VDI products for sale. Virtual desktops were a somewhat hidden but optional capability of Citrix Presentation Server 4.0 called Desktop Server, and XenDesktop was later released as a standalone product. VMware released its VDI product under the name Virtual Desktop Manager, which later was renamed View, then Horizon. Microsoft initially released Terminal Services and changed the name to Remote Desktop Services starting with Windows Server 2008.
From the user's perspective, a virtual desktop user screen is presented at the forefront of the device. Optimally, the user experience is equal to or better than the physical workstation due to the centralized system resources assigned to the virtual desktop, as well as the close proximity to back-end databases, storage repositories and other resources. Further, session display protocols used for transmission compress and optimize network traffic considerably, enabling screen paints, keyboard and mouse data, and other interactions to simulate the responsiveness of a local desktop.
How the user accesses VDI is dependent upon administrative configuration, ranging from automatic presentation of the virtualized desktop at logon to requiring the user to select the virtualized desktop and then launching it. Once the virtualized desktop is accessed, it takes primary focus, and the look and feel are that of a local workstation. The user selects the appropriate apps and can perform necessary work activities.
The ability to save changes to the desktop and/or permanently install apps depends upon whether persistent VDI or non-persistent VDI has been deployed, as well as one or more additional layers. Persistent VDI causes the user to receive a permanently reserved VDI resource at each logon, whereas non-persistent VDI spins up a new VDI image for each user. Where non-persistent VDI is deployed, a mechanism to append the user profile, applications and other data may be layered at launch. Thus, the user is presented with a base non-persistent VDI image with unique customizations.
Persistent VDI is easier to maintain, but it is more expensive to support due to the extreme storage requirements. As a result, non-persistent VDI workloads are most commonly deployed. Non-persistent VDI also streamlines administration when it comes to management. IT has a minimal number of master images to maintain and secure, which is much simpler than managing a complete virtual desktop for each user.
How does it work?
VDI may be based on a server or workstation operating system. Traditionally, the term VDI has most commonly referred to a virtualized workstation operating system allocated to a single user, but that definition is changing.
Each virtual desktop presented to users may be based on a 1:1 alignment or a 1:many ratio, which is often referenced as multi-user. For example, where a single virtual desktop is allocated to a single user, this would be considered 1:1, but where numerous virtual desktops are shared under a single operating system, this would be referenced as a hosted shared model or 1:many.
A server operating system can service users as either 1:1 or 1:many. Where a server operating system is the platform for VDI, Desktop Experience is enabled in order to more closely mimic a workstation operating system to users. Desktop Experience adds such features as Windows Media Player, Sound Recorder and Character Map, all of which are not natively included as part of the generic server operating system installation.
Until recently, a workstation operating system could only service users as 1:1. However, in September 2019, Microsoft announced the availability of Windows Virtual Desktop (WVD), which enables multi-user functionality on Windows 10, which was previously only available on server operating systems. Thus, Windows 10 now has true workstation multi-user functionality. WVD is only available on Microsoft's own cloud infrastructure, Azure, and there are stringent licensing requirements that make it inappropriate for all but enterprise employees.
Each endpoint device must install the respective client software or run an HTML5-based session that invokes the respective session protocol. Each vendor offering platform is based on a display protocol that carries session data between the client and computing resource:
- Independent Computing Architecture (ICA)
- Enlightened Data Transport (EDT)
- Blast Extreme
- PC over IP (PCoIP)
- Remote Desktop Protocol (RDP)
High-Definition User Experience (HDX) from Citrix is largely an umbrella marketing term that encompasses ICA, EDT and some additional capabilities, whereas VMware user sessions can be based on Blast Extreme, PCoIP or RDP. Microsoft Remote Desktop can only make use of RDP.
The session protocol controls the user display and multimedia capabilities, and the specific features and functionality of each protocol vary. PCoIP is licensed from Teradici, whereas Blast Extreme is VMware's in-house protocol. In addition, EDT and Blast Extreme are optimized for UDP.
The session protocols listed above minimize and compress the data that is transmitted to and from the user device in order to provide the best possible user experience. For example, if a user is working on a spreadsheet within a VDI session, the user transmits mouse movements and keystrokes to the virtual server or workstation, and bitmaps are transmitted back to the user device. Note that the data itself does not populate the user display, but instead bitmaps representing the data are shown. When a user enters additional data in a cell, only updated bitmaps are transmitted.
Back-end resources and technologies
VDI requires several distinct technologies working in unison in order to successfully present a virtual desktop to users. First and foremost, a computing resource must be presented to the user. Although this computing resource can technically be a physical desktop, such is rarely used in favor of virtual machines.
For on-premises deployments, a hypervisor is used to host the virtual machines that will be deployed as VDI. Citrix Desktops and Microsoft RDS may be hosted on any hypervisor, whereas VMware Horizon has been engineered to run on its ESXi hypervisor. Where virtual graphics processing units (vGPU) are necessary to support radiographic imaging, 3D or other highly graphical applications, Citrix Hypervisor (formerly XenServer) or VMware ESXi are most commonly deployed.
A mechanism for mastering and distributing VDI images is necessary, and there is significant complexity involved with these processes. Depending on enterprise requirements, one gold image may be used for all VDI workloads or numerous gold images may be employed. Minimizing the number of images decreases administrative effort, as each image adds exponential overhead. Gold images must be opened, revised with Windows updates, base applications, anti-virus and other changes, and then subsequently re-enabled.
Storage resources can be significant and may represent the single most expensive aspect of VDI, especially when each virtual machine is allotted significant disk size. Thin provisioning may be elected, causing the virtual machine to use the minimum amount of disk space and then expand as necessary. However, close monitoring of actual storage requirements is necessary to ensure that storage expansion does not exceed actual space. To combat this possibility, thick provisioning, which causes the maximum amount of space to be fully allocated, may be chosen.
Layering technologies are often used in conjunction with VDI images. By providing a non-persistent virtual desktop to users and adding layers for applications and functionality, a virtual desktop can be customized with minimal management. For example, an application layer suitable for a marketing department may be appended for those users, whereas an engineering department would require a distinct application layer with CAD or other design applications.
Because enterprise data traverses the network for VDI communications, it is necessary to secure user communications via SSL/TLS 1.2. For example, Citrix strongly recommends using its Gateway product (formerly NetScaler) to ensure that all traffic traverses the network securely.
Converged infrastructure and hyper-converged infrastructure (HCI) products, which bundle storage, servers, networking and virtualization software -- often specifically for VDI deployments -- address the scalability and cost challenges associated with virtual desktop infrastructure. Nutanix leads the market share for HCI and can serve as the platform for Microsoft RDS, VMware Horizon and Citrix Desktops.
What's next for VDI: Cloud and DaaS
Many organizations are embarking on their journey to the cloud, and incorporating VDI requirements is an important technical aspect of architecting the next-generation solution. While "lift and shift" could be used for VDI workloads, rethinking strategies, as well as reviewing cloud offerings, will result in a more robust and updated technology offering.
The cloud platform offered by the top vendors enables enterprises to minimize their footprint in the cloud. Thus, enterprises minimize the work effort associated with maintaining VDI environments and can focus on managing and maintaining VDI workloads while the cloud solutions from VMware, Citrix and Microsoft address the infrastructure components. Cloud solutions are ever-evolving, and additional capabilities will continue to be appended.
Desktop as a service (DaaS) is a next-generation approach wherein a service provider hosts and manages VDI workloads for the enterprise. Most commonly, this includes not only the virtual desktop, but also apps and support. While simple or common apps such as Microsoft Office are often demonstrated, the reality is that business application integration --including databases, file servers and other resources -- is extremely complex. As such, the implementation of true and useful DaaS solutions is often a lengthy, complex process.
Benefits of VDI
VDI as a platform has many benefits. Because little actual computing takes place at the endpoint, IT departments may be able to extend the lifespan of otherwise obsolete PCs by repurposing them as VDI endpoints. And when the time does come to purchase new devices, organizations can buy less powerful end-user computing devices, including thin clients.
VDI is a powerful business solution for well-aligned use cases. For example, developers may use VDI workstations to test end-user functionality, and roving call center agents require only a login to get started with telephonic support.
Bring Your Own Device (BYOD) programs mesh well with VDI. Where users are bringing their own endpoint devices into the workplace, fully functioning virtual desktops eliminate the need to integrate apps within the user's personal physical device. Instead, users can quickly access a virtual desktop and access enterprise applications with no additional configuration.
Because all data lives in the data center, not on the endpoint, there are significant security benefits of VDI. A thief who steals a laptop from a VDI user can't take any data from the endpoint device because there is no data stored on it.
VDI provides a centralized, standardized desktop, and users grow accustomed to a consistent workspace. Whether that user is accessing VDI from a laptop, thin client, kiosk, roving workstation or mobile device, the user experience is exactly the same, with no need to acclimate for any physical platform.
Where an organization expands temporarily, such as seasonal call center agent contractors, the VDI environment can be expanded quickly. By enabling these workers to access an enterprise virtual desktop workload and its respective apps, these contractors can be fully functional within minutes, compared with days or weeks to procure endpoint devices and configure apps.
Other benefits of VDI include the ability to more easily support remote and mobile workers. Mobile workers comprise a significant percentage of the workforce, and remote workers are becoming more common. Whether these individuals are field engineers, sales representatives, onsite project teams or executives, they all need access to their apps while traveling. By presenting a virtual desktop to these remote users, they are able to work as efficiently as if they were in the office.
Drawbacks of VDI
When VDI first came to prominence about 10 years ago, some enterprises implemented VDI without a solid, justified business case. As a result, many projects failed simply because of the unexpected back-end technical complexities, as well as a workforce that wasn't fully accepting of VDI as an end-user computing platform.
Without sufficient training, providing the user with access to two desktops, i.e., the local desktop and the virtualized desktop, may be confusing and result in a poor user experience. For example, if users attempt to save a file from the virtual desktop, they may search for it in the incorrect location. This may result in additional support requests to find missing files that were simply archived on the incorrect desktop.
The financials associated with VDI should be reviewed in depth. While there are monetary savings associated with extending the life of endpoint hardware, the additional costs for IT infrastructure expenses, personnel, licensing and other items may be higher than expected.
VDI requires several components working together flawlessly to provide users with virtual desktops. If any of the back-end components encounter issues, such as a desktop broker or licensing server automatically rebooting or a VM deployment system that has run out of storage space, then users are not able to make virtual desktop connections. While the vendor-provided monitoring systems offer some details regarding system issues and related forensics, large environments in particular will likely need to acquire a third-party monitoring system to ensure maximum uptime, which further adds to system costs.
Although storage costs have been declining, they can nonetheless cause VDI to become cost prohibitive. When a desktop runs locally, the operating system, applications, data and settings are all stored on the endpoint. There is no extra storage cost; it's included in the price of the PC. With VDI, however, storage of the operating system, applications, data and settings for every single user must be housed in the data center. Workload capacity needs, and the cost required to meet them, can quickly balloon out of control.
Maintaining staff to support a VDI environment can be difficult. In addition to recruiting and maintaining qualified IT professionals, ongoing training and turnover are very real challenges that enterprises face. Further, when new projects are undertaken, external consultants may be necessary to provide architectural guidance and initial implementation assistance.
Software licensing is an important consideration. In addition to initial procurement for VDI licensing, ongoing maintenance and support agreements affect the bottom line. Further, Microsoft Windows workstation and/or server licensing is required and may represent an additional cost. VDI can complicate vendor software licensing and support because some licensing and support agreements do not allow for software to be shared among multiple devices and/or users.
No network, no VDI session. VDI's reliance on network connectivity presents another challenge. Although internet connectivity is quickly improving throughout the world, there are still many locations that have little or no internet access. Users can't access their virtual desktops without a network connection, and weak connectivity can cause a poor user experience.
VDI technologies from Citrix, Microsoft and VMware address business and technical requirements that enable users to access consistent virtual desktops remotely. Business needs and user experience should be weighed against resource requirements, costs and technical complexities to ensure that VDI is the right platform for a given enterprise.