Desktop as a service is the topic today, and the last of our mini-expose on cloud service models (I can hear you all sighing “Awww…”). I covered DaaS previously from a user side, but I wanted to go a bit more into detail about the types of DaaS models, and the benefits of each. Oh and the security concerns around DaaS as well, but more on that fun topic later. For now, let’s dive right in on the last post of this week.
It comes down to organizations who want flexibility and lower IT costs through the deployment of virtual desktops. Enterprise users (including contractors, partners, consultants etc) constantly bombard the help desk with requests to update their computers (desktops, laptops), while the IT organization is tasked with maintaining the inventory of machines, ensuring that the proper patches and security controls are in place. Don’t forget the high cost with technology turnover and requirements to provide up to date infrastructure for users to work effectively, while balancing cost with system requirements. This is what is causing organizations to start to look at a managed desktop service to ease their frustration and operational costs.
Right now we are going through a huge technological revolution. Employees are demanding flexibility in the types of devices they use, they are also spread out globally and working remotely. So the coordination of maintaining the equipment pool has become more complicated than an employee simply walking up to the IT personnel and asking for support.
Ofcourse we can’t forget the security implications. Making sure all the endpoints are using the correct anti-x, making sure the privacy and data protection controls are in place, avoiding (or reducing) the amount of unauthorized applications installed, and keeping up with employee roll changes which could affect access roles and application usage. In a 2010 report from IDC, they estimated that companies spend $3 on management for every $1 of hardware. That’s quite a bad ratio if you ask me!
So what is desktop as a service (DaaS) you ask? There are a few key models including virtual desktop streaming (VDS), virtual desktop infrastructure (VDI), application or OS streaming and the least cloud-y terminal services.
Virtual desktop streaming is one of those unique adaptation of virtual desktops in which the local device utilizes virtualization to host a desktop image. This image is synced with a master image that resides in a data centre. The advantage with this is that users have access to data when they are offline.
In virtual desktop infrastructure (VDI), the desktop itself is a virtual image that is hosted in the cloud or data centre. The end-user accesses it with a thin client, usually through a web browser. The nice thing about this is that there can be regular backup schedules applied to all desktops, and should one desktop be compromised, it can be reset back to an earlier backup and business can carry on as usual.
Application and OS streaming is one of the more common models whereby parts of the application are downloaded to a remote device and executed locally. It doesn’t use a hypervisor, rather the desktop devices connect directly to the network, and then the network server mounts a disk image (either virtual machine or virtual hard disk). The application executable is downloaded each time the application is started, it doesn’t save anything remotely.
Lastly is terminal services. This is one of the more commonly known models (not really cloud so much as remote access) where the desktop is hosted remotely and accessed through a thin client. It can be virtualized or hosted on a dedicated server.
Now you’re waiting for me to start to talk about how it’s not secure etc. Good news, DaaS is actually not too bad when it comes to security. Remember, with DaaS (in particular VDI), all images and data are in the data centre, not on the local machine. This means that as long as you have authentication, encryption, VPN and proper firewall rules, it’s really not going to be any less secure than if the local devices were kept onsite in the corporate network. DLP will be less of a threat if you lock down remote device usage, which means that files must be stored in the virtual desktop, not on USB sticks or emailed through web-mail. Nice huh?
If you want to know more about desktop as a service, or any other services talked about this week, there are tons of great reports out there. Or as always, feel free to drop me a line!
Until next week.