Two of the most common virtual application delivery methods are server-based and client-based delivery. Each has...
its upsides and downsides.
With server-based virtual application delivery methods, the app lives on a server in the data center. In a client-based model, the app lives locally on the end user's device. The approach IT takes comes down to business requirements.
Most IT departments implement a centralized server-based model because they require the ability to control the applications above all else, as well as to restrict the ability of users to copy data to or from the application -- a common data loss scenario.
Before IT professionals implement either of these virtual application delivery methods in the field, they must do a lot of research and testing so they can make educated decisions based on the use cases they have.
The server-based approach
Server-based application delivery tools include Microsoft RemoteApp, Citrix Virtual Apps and VMware Horizon Apps. Of the virtual application delivery methods, the server-based approach provides a number of advantages, including:
Central management of the user experience. This can include the ability to restrict or grant access to tools and applications based on user profiles. This makes it easier to scale up and maintain a good security posture.
Central management of patching. This is a very important consideration in the ever-changing world of desktop security. IT can patch and redeploy desktops and apps extremely quickly and with effectively little human interaction.
Retaining control. The data never leaves the data center, which helps reduce the risk of data theft in all its forms. When a user leaves the company, for example, removing access to corporate resources becomes a trivial exercise. IT pros can also enforce control at the network layer and use data exfiltration prevention tools. In short, the security posture is much more compelling.
Citrix Virtual Apps takes security even further by using one server instance and essentially running all the user sessions as a containerized experience. This means that IT does not have to squander excessive hardware resources duplicating multiple instances of the same underlying infrastructure.
The control that the server-based approach delivers does come at a cost. Most server-based application management and delivery tools require additional licensing. Such products include Microsoft Remote Desktop, which requires a Microsoft Client Access License to run. The licenses can be expensive depending on how IT provides the applications and how users consume them.
The client-based approach
On the flip side of the virtual application delivery methods, client-based models such as Microsoft App-V have a different set of pros and cons. Some of the positive items include:
No licensing required in terms of remote access. IT still may need to get licenses to run the applications depending on the vendor.
Users can run applications without network connectivity. Because network connectivity is not required, users can consume the app anywhere. Some applications still require network access to run.
On the negative side, because IT no longer controls the application centrally, there is a certain element of risk with the data living locally on users' devices, which are potentially susceptible to loss or theft. Depending on the sensitivity of the application, this may or may not be an issue. Some products enable IT to deliver the application in a securely encrypted and sandboxed deployment to help ensure security if a device is lost.
If an employee is terminated, a client-based approach can present issues when removing access from that user. IT can mitigate this to some degree by requiring network updates when a device starts up.
Backups can also be an issue because the system is not within the data center and bandwidth is not always plentiful. As a result, a client-based approach can present issues around making sure there is a backup of critical data.