One of the benefits of using VDI is that even the most inexpensive thin clients, such as cheap Chromebooks, offer...
security and management benefits compared to traditional PCs.
There are many other choices for VDI endpoints -- thick clients and tablets, for example -- and each has its own advantages and disadvantages. Many organizations, though, find that lower-cost endpoints, such as thin clients and zero clients, offer the best value proposition for a VDI deployment.
On the surface, the primary benefit to using low-cost VDI endpoints seems obvious: They're inexpensive, which decreases hardware acquisition and replacement costs. The financial benefits of using cheap Chromebooks, which come as low as $149 and Raspberry Pi devices, which sell for under $50, are undeniable. But some of the other benefits, such as improved security and device management, might be just as compelling to organizations.
Simplifying endpoint management
Low-cost devices can substantially reduce an organization's endpoint management burden. Even in VDI shops, the organization must ensure proper management of devices connecting to the corporate network. Depending on the types of devices users work with, management consists of applying patches, keeping antivirus software up to date and performing regular software inventories and security audits. These maintenance tasks are time-consuming and expensive -- both in terms of labor and required software -- which can undermine the benefits of VDI.
In contrast, cheap Chromebooks and some other low-cost thin clients can automate device management. For example, when a user turns on a Chromebook, the device automatically goes online and downloads the latest updates to the ChromeOS operating system (OS) without any need for IT to intervene.
Locking down virtual desktop security
No matter what steps IT takes, it's safe to assume end users will expose themselves to security threats. Most VDI security planning focuses on virtual desktops and back-end infrastructure. But it's also not uncommon for users' endpoint devices to contain keystroke loggers from outside of a VDI session, which can then also track virtual desktop activity. Even though the user is working within an isolated virtual desktop, the malware on her endpoint device is still logging keystrokes.
Most of today's malware targets Windows or Mac OSes. Some operating systems, such as the ChromeOS installed on cheap Chromebooks, benefit from security through obscurity. In other words, because ChromeOS is less popular than other OSes, the bad guys write less code targeting it.
Low-cost Chromebooks also perform a verified boot, so they match the security of Windows machines in that respect. During the boot process, the OS performs an integrity check to make sure none of the system files have been tampered with. If the check detects any tampering, the OS reverts to a pristine state.
Easy device replacement
When a user loses a laptop, it can be a serious problem for an organization. The organization must consider the hardware replacement cost, but there are also other pressing issues, such as the potential exposure of any corporate data on that device. If the organization is part of a regulated industry, this can include severe penalties for failing to safeguard personally identifiable information (PII). Even if industry regulations aren't a factor, many states have laws requiring companies to notify anyone whose PII was potentially compromised.
Mobile thin client devices, such as low-cost Chromebooks, maintain data privacy because the data does not exist on the device itself, whereas laptops might contain corporate data on the hard drive. The same benefit applies to any other mobile thin clients, but Chromebooks achieve data security a lower price point.
Of course provisioning is also a consideration. Even if IT uses image-based provisioning, it still takes time to set up a new laptop. Cheap Chromebook and Raspberry Pi devices largely address these problems because they can connect to VDI instances with little to no device provisioning involved. The devices are so inexpensive they're almost disposable.
Every organization has a unique set of needs, and low-cost Chromebooks and similar inexpensive endpoint devices are not the best fit in every situation. For many organizations, however, low-cost thin client devices solve the same management and security issues as the more expensive options.
Virtual desktop vs. PC performance
Complete guide to VDI thin clients
When to reuse a PC as a VDI thin client