Virtual Desktop Infrastructure - The Key to Secure Mobility?

By Bret Kinsella, Vice President, and Steven Shim, Chief Solutions Architect, Harris IT Services — April 24, 2012

The rise in mobile computing is explosive. Every day we see new statistics about mobile data growth, tablet adoption and smart phone use that exceeds the most aggressive forecasts. The productivity increases are a boon to enterprises and worker satisfaction. On the other hand, the proliferation of corporate data on a rapidly increasing variety of devices is a big risk for IT departments. 
 
Mobile device management (MDM) software with its security, encryption and containerization tools has helped fill the gap enabling centralized security standardization and techniques. However, IT departments, chief information security officers and chief privacy officers can’t help being concerned about data circulating on devices that have unknown security holes, no antivirus protection, are easy to misplace and increasingly are employee owned. Complicating this further, many corporate data security standards prohibit certain customer or patient data from residing on devices not owned by the corporation. Virtual Desktop Infrastructure (VDI) is one technology that provides a data security solution in the age of mobility.
 
From Thin Client to Common Desktop
 
Application and desktop virtualization are not new. Vendors such as Citrix pioneered virtualized applications more than a decade ago and introduced shared virtual desktops several years back. More recently companies such as VMWare have moved beyond server to desktop virtualization and Microsoft from the desktop operating system (OS) to virtualization OS. Even Dell is getting involved. Its recent acquisition announcement of Wyse Technology was driven by a desire to get into the VDI niche, Desktop-as-a-Service. 
 
The original focus for these solutions was on thin client computing or shared processing capabilities. Initiatives were typically driven by cost reduction objectives and application control. Enterprise IT is starting to wake up to the new possibilities around VDI enabled mobility. 
 
Mobility Security Challenges
 
The first question for many IT leaders is how to cope with the rise in employee use of both corporate and personally owned mobile devices and the need to protect corporate data. One corporate CIO told me mobile device management equals security. While he wasn’t downplaying the administrative benefits of MDM, he was placing emphasis on the first order issue mobility causes for enterprise IT. Organizations may put up with some administrative hassle associated with managing mobile devices on multiple platforms, but they have a short window for risk when it comes to protecting certain types of corporate data. 
 
VDI addresses this issue head on. Whether it is patient data, customer credit information or intellectual property, a VDI session is conducted entirely on a secure server. The mobile device only views the information directly from the server or other computing infrastructure. That means no data utilized in a VDI session persists on the device. If the device is lost or stolen, the sensitive data remains tucked safely behind the corporate firewall. As a result, VDI is an ideal solution where sensitive corporate data is being accessed and manipulated by a variety of corporate and personally owned mobile devices. 
 
The Common Session Challenge
 
Ubiquitous computing has plenty of advantages. The emergence of smart mobile devices has significantly extended borderless computing powers beyond the laptop. There may be social disadvantages of always available computing for workers, but there are profound benefits in terms of convenience, real-time decision making and shift of work as being done at a place to being done by a person, wherever she happens to be. The user computing challenge is more subtle than these impacts. 
 
There used to be one computing environment per user – a single desktop or laptop. It is now more common for an employee to have at least two and increasingly three or more computing environments. One laptop, one smart phone and one tablet, for example. That creates challenges for IT in managing a rapidly increasing device base, but it also creates a challenge for the user. Each of his devices is capable of sophisticated computing, but each may have a different computing interface and access to different applications or data. 
 
For true ubiquitous computing, there needs to be commonality across the computing platforms. From a user perspective, adjusting to three different computing environments is inefficient. There may be unique features associated with the different devices, but levering common applications, data and enterprise services in a common manner has clear benefits.
 
Again, VDI creates a unique opportunity to address the new challenge posed by mobility. VDI can create a common desktop and therefore a common session and usability experience across devices by decoupling the computing environment from the local device OS. This enables a session to be started on one device, stopped midstream and picked up by another device seamlessly. It also enables all of the data to be stored centrally so you don’t have to synchronize or replicate it on each device. Think of it as cloud computing for the individual. The key point here is that while VDI creates data security benefits, it also provides a new feature that significantly improves the user experience where mobility is the norm.
 
Three Flavors of VDI:  Mobile Application Delivery
 
There are clear VDI benefits for the enterprise. However, there is often confusion within IT departments about the term. That is because VDI is often used interchangeably to describe three different types of solutions:
  • Virtual Applications
  • Shared Virtual Desktop 
  • Private Virtual Desktop 
Virtual Applications
 
Virtual Applications have been around the longest. At its core, this is server-based application computing. These solutions originally enabled applications to be run on any computing platform that could pull up a local thin client, browser or connect directly to the server. Key benefits included more efficient use of server computing resources, eliminating the need for data synchronization and decoupling application performance from local OS characteristics. There was no personalization of the computing environment, but that is a minor consideration when accessing a single, enterprise application. 
 
Shared Virtual Desktops
 
Shared Virtual Desktops (SVD) took this computing paradigm to another level entirely. Instead of enabling a single application, SVD enabled a common interface for a suite of applications. This provided similar benefits to virtual application infrastructure and added far more computing efficiency across key enterprise applications and services accessed by employees. It also created a common interface to the application suite which reduced training and maintenance cost and maintained the decoupled nature of the server side application and the local device OS. The drawback is the lack of personalization. Whereas a purely common interface for a single application is relatively easy to accommodate the need for greater variety in usage patterns and organization roles increases as the productivity suite expands. 
 
Private Virtual Desktops
 
Private Virtual Desktops (PVD) extend the virtualization technology further by enabling personalization. Whereas Virtual Applications and SVD are both one-to-many architectures, PVD is typically deployed as one-to-one. PVD employs the same technical stack as it peers, but is designed for personal employee computing. The benefits of this are immediately obvious. It combines the security features of data not persisting on local devices and allows users to experience a common session and interface no matter what device they access. This approach is tailor-made for mobility where a user may need to compute from a tablet, laptop or smart phone at different times of the day. 
 
You can see from the diagram below that each of the virtualization technologies have their place in the enterprise. Depending on the user personalization requirements and the scope of productivity needs, enterprises should evaluate which technique aligns best.

 
Connectivity is Critical
 
One item worth noting is that VDI’s many benefits require reliable connectivity. When virtual applications were operating over the wired network, this was not a big problem. The traffic was light and the connectivity reliable. When VDI in its various forms are introduced in a mobile computing environment, connectivity and its variability, become key usability factors. If the mobile device loses connectivity, the VDI session is lost. Productivity is halted. 
 
From an enterprise perspective this often means ensuring wireless networks are designed to handle the increased device and data load brought on by numerous mobile devices in use simultaneously. Mobile Infrastructure Management (MIM) involves forecasting new usage patterns to ensure wireless access and bandwidth is available when the user needs connectivity to a VDI session and that they can continue their sessions reliably. 
 
In a holistic enterprise mobility management framework such as is shown below, VDI is a key technology in the Mobile Application Delivery quadrant, is dependent on a robust MIM strategy and complements MDM. CIOs are recognizing that MDM is necessary when managing multiple devices and BYOD programs, but is often insufficient when organizations begin to convert core applications for use in mobile environments. VDI is a complementary solution that goes beyond device level security and administration by restricting certain types of computing to enterprise controlled resources. 

 
Securing the Future, Today
 
Like most innovations, smart mobile devices introduce both benefits and challenges. While the consumerization of IT is a key driver of mobility proliferation, a recent study of government IT executives by Meritalk showed 49 percent realize that the real enterprise driver is productivity. In an age when organizations of all stripes, from government to healthcare to financial services, retail and even manufacturing, are being asked to do more with less, innovations that drive productivity are welcome.
 
The challenges for enterprise IT posed by mobility are many. By ensuring that sensitive enterprise data does not persist on mobile devices while simultaneously providing rich computing resources, VDI provides a unique set of sorely needed benefits. When you add the need for enabling common user sessions across a variety of devices with different OS platforms and computing resources, the emergence of private virtual desktop technology fills yet another gap in enterprise computing. 
 
Mobile computing will certainly take many forms. There will be a significant amount of local computing utilizing native mobile apps and synchronization techniques. You can be sure it won’t be one size fits all whether it is mobile apps, software as a service (SaaS) solutions or virtual desktops. However, VDI’s security, computing productivity advantages, personalization and multi-device session commonality can address several emerging mobility challenges at once. 

POST A COMMENT

comments powered by Disqus

RATE THIS CONTENT (5 Being the Best)

12345
Current rating: 4.1 (36 ratings)

MOST READ STORIES

topics

Must See


FEATURED REPORT

Mobility Outlook 2015: People & Process Coming Together

The progression of mobility in the enterprise so far is akin to a child entering its early awkward teenage years, according to 451 Analyst Chris Marsh. How will this change in 2015? What trends need to go and what's coming? This exclusive report explores looks ahead and Marsh provides practical recommendations.