Virtual Desktop Infrastructure (VDI) Protection

The digital transformation brought about by the pandemic has been talked about to no end globally. With more than half of the world’s workforce hunkering down at homes and ambient home noises becoming a constant during daily stand-ups for many organizations, the question arises, will the ascent of SaaS platforms see a decline in endpoints? 

It is but a natural question to ask.  When employees are at home, connecting to the corporate network may be difficult.  Also, when employees WFH with high-powered devices – those devices can end up becoming a point of failure.   Think coffee spills, dropped laptops, cracked screens, charging cables that go bad;  all of these are real things that can happen when people WFH.  And when employees are at home, provisioning a fresh device isn’t simple. 

Also, reachability to these end-user devices for patching, security updates, new software deployment, etc. is all challenges.  Traditional mass deployment methods don’t always work when employees aren’t on the corporate network. 

 In this climate, businesses are questioning the wisdom of entrusting each such employee with a high-performing compute device – which has to be supported, patched, secured, and eventually replaced. And the technology most poised for success in this climate seems to be Desktop Virtualization.  Sometimes also known as Virtualized Desktop Infrastructure (VDI) or as Desktop As A Service (DaaS) – when offered as a SaaS service – Desktop Virtualization definitely shows promise. 

What is VDI and what it stands for?

Virtual Desktop Infrastructure (VDI) is a form of desktop virtualization technology and is defined as the hosting of the desktop environments on a central server. Rather than deal with a high-end corporate asset in each employee’s home, wouldn’t it be so much easier if the employee could use any old home device to whip open a web browser and access a secure, company authorized, compute device in the cloud?  That’s the promise of desktop virtualization! 

As businesses start considering desktop virtualization seriously, it is but natural for one to think of endpoints as a slowly regressing dinosaur, coming under the metaphorical meteor of digital transformations. 

Without getting too nuanced, VDI gives each user his or her own dedicated VM running its own operating system. The operating system resources—drivers, CPUs, memory, etc.—operate from a software layer called a hypervisor that mimics their output, manages the resource allocation to multiple VMs, and allows them to run side by side on the same server. 

Also, rather than have each user install applications, VDI supports the notion of having a standard desktop with a set of pre-installed applications – quite similar to a ‘golden laptop image’ that many enterprises adopt.   

To make for a satisfactory user experience, it is important to make the most efficient use of network bandwidth in these situations.  Since transmitting all data and changes made by each end-user to the back-end hypervisor isn’t efficient, VDI software usually makes use of a display or session protocol.  These session protocols minimize and compress the data that is transmitted to and from the user device in order to provide the best possible user experience. For example, if a user is working on a spreadsheet within a VDI session, the user transmits mouse movements and keystrokes to the virtual server or workstation, and bitmaps are transmitted back to the user device. Note that the data itself does not populate the user display, but instead bitmaps representing the data are shown. When a user enters additional data in a cell, only updated bitmaps are transmitted. 

What are the VDI benefits? 

• All endpoint computing is centralized – so, it is certainly more efficient from an organization’s standpoint. 
• Old endpoint investments don’t have to go to waste.  They can be repurposed as dumb terminals from which VDI browser sessions can be initiated. 
• It is more secure.  Security controls can be applied centrally.  Patching physical endpoints for security vulnerabilities becomes a thing of the past.  Endpoint DLP may not be required – after all, there is nothing of value in the endpoint anyway. 
• It results in a consistent user experience for users 
• Patching, application management, maintenance, support – are all easier 

Disadvantages of VDI

On the other hand, desktop virtualization isn’t necessarily cheap.  Storage costs, licensing costs, personnel costs, user training – can all add up quite quickly.   Also, the technology is complex and requires multiple modules to function together flawlessly.  But most importantly, if there is no network connectivity – there’s no desktop.  Desktop virtualization relies 100% on good network connectivity to be available.  That’s unfortunately not a given in many parts of the world even today.  Also, if users want to work offline – desktop virtualization isn’t for them. 

As this blog goes into publishing, Apple is all set to announce its A14 Bionic Chipset, replacing its dependency on Intel chips.  It is a massive investment in terms of money, engineering, and time by the most valuable company in the world – and is not a bet they would make on a dwindling market.  Also, in late July, when we were all busy working from home, Intel announced that it has something big planned for September 2020, which is suspected to be its 11th gen CPU.  Endpoint SOCs are still Intel’s biggest revenue driver and it’s unlikely that user endpoints are staring into the sunset anytime soon. 

The BYOD market is expected to reach USD 430.45 billion by 2025. These indicators make it clear that endpoints are here to stay. Sure, the way we connect and engage with them on an office network may change, but endpoints aren’t going away anytime soon.  If at all, they will morph into bigger, more collaborative spaces. We even wrote about it, if it interests you. 

All that said, the VDI market is growing.  According to VM Ware, as of May 1st, 2020, adoption of VDI increased to $660 million from $646 million in 2019.  In a recent report by Gartner, 70 percent of companies will be permanently transitioning substantial numbers of their employees into full-time remote positions – so this trend will continue to increase. 

Virtual Desktop protection

Remember though that desktops and laptops – virtualized or not – still need to be protected.  Just because they are in a hypervisor, or in the cloud, doesn’t mean they’re auto-protected somehow.  At the end of the day, they have to be defended against external attacks (like Ransomware), internal attacks (like malicious deletion) and have to be kept regulatorily compliant. 

Security solutions like Anti-malware, Data Leak Prevention, and Full Disk Encryption are critical – as well as data protection solutions like Backup. 

For a more detailed analysis of VDI advantages and disadvantages and the associated data management challenges, Watch our webinar on this subject. 

So, while you toy with the idea of investing in VDI and evaluate your options, give hard thought to protecting your endpoints, even the virtualized ones. Because, in the Jurassic world of IT infrastructure, endpoints are anything but dinosaurs!