What's new with desktop virtualization management?

Kirill Kedrinski - Fotolia

How to balance VDI user experience and security

The balance between user experience and security in VDI shops is not easy to find. Single sign-on, two-factor authentication and user experience monitoring can help.

In the prequel trilogy of the Star Wars saga, the Jedi believe in the prophecy of a chosen one who is destined to bring balance to the Force.

In the world of VDI, balance is also essential when it comes to user experience and security. Many security measures, such as multiple complex passwords, can come at the expense of user experience. Unfortunately for VDI administrators, there is no all-powerful chosen one who can swoop in and deliver the balance they need. Instead, there are certain steps they can take to deliver the type of experience users expect while maintaining a secure VDI deployment. The first step is to allocate enough hardware resources to ensure virtual desktops perform at least as well as physical desktops do.

Read on to find out how to use single sign-on (SSO), two-factor authentication and more to deliver the type of VDI user experience end users demand with the security IT requires.

How does single sign-on bring balance?

SSO allows users to access all of their virtual resources with one set of login credentials. SSO is a particularly good fit when users' apps live outside of their desktops in SaaS deployments.

On the surface, it might seem like a security risk to have one login cover everything, because if hackers steal the credentials, they can access whatever they want. But it actually can improve security. The more passwords users have to remember and the more complex the passwords get, the more likely users are to write them down, which is a major security risk. When users only have to remember one password, IT can actually require that password to be more complex.

From a VDI user experience perspective, users don't have to go through the monotony of logging in separately to everything they use.

How does two-factor authentication boost security?

Another way to boost security with single sign-on is to combine it with two-factor authentication, which requires multiple credentials to login. Two-factor authentication can use passwords, biometric features or security tokens as authentication tools. Although a second form of authentication makes life a bit more complicated for users, it helps admins feel more secure, which is a key ingredient for balance.

VDI shops can add two-factor authentication to the mix by installing authentication server software on servers and configuring the VDI broker to use those machines. They can also turn to authentication as a service, in which a third party handles all the maintenance and security.

Test your knowledge of mobile VDI access

Users require access to virtual resources on their mobile devices. IT can manage VDI on smartphones and tablets using authentication methods, individual virtual app delivery and more. Take our quiz to test your knowledge.

How else can admins improve VDI user experience?

VDI admins should turn to end user experience monitoring tools so they can find out how long users' login times are, what the input responsiveness is like and how the graphics look. If aspects of the user experience drop below specific levels, many monitoring tools can alert admins so they know they must fix something.

Unfortunately for VDI administrators, there is no all-powerful chosen one who can swoop in and deliver the balance they need.

VDI shops should also have a plan in place in case there are any infrastructure failures. Admins should make sure all of their VDI software and hardware is redundant.

Finally, admins should look at stopping certain processes, such as hard-disk defragmentation, that are not a problem on physical desktops but waste precious resources on virtual desktops.

What about the mobile user experience?

For a long time, using virtual desktops on mobile devices was a nonstarter. The mobile VDI user experience was just too poor. But as mobile device screen sizes have increased and the resolution has improved, it's no longer out of the question. In addition, 4G data connections make virtual desktops on mobile devices more viable because users don't need a constant Wi-Fi connection to access their virtual resources.

Many vendors also allow VDI shops to deliver remote apps through web browsers or enterprise app stores instead of delivering full virtual desktops. This approach is a much better fit for mobile users.

Next Steps

Tackle VDI security on nonpersistent desktops

Explore some top VDI UX monitoring tools

What to do if SSO fails?

Dig Deeper on Virtual desktop management