What is Virtual Desktop Infrastructure (VDI)?
Virtual desktop infrastructure is the creation and management of virtual desktops and applications that allow employees to access and work on these applications and services while they are in the office, outside the office, or even from a remote location.
VDIs allow users to interact with the operating system on their own endpoint devices through a network. This setup enables users in multiple locations and multiple devices to run applications from the main server, on their devices, as if they're locally installed. The endpoint devices may be other computers, tablets, laptops, or even mobile phones.
Virtual desktop infrastructures are most commonly based on the Windows operating system but VDIs can also be Linux-based.
Figure 1. What is Virtual Desktop Infrastructure (VDI)?
VDIs can be classified into two types based on Persistence; Persistent VDI and Non-Persistent.
In a Persistent VDI, after the virtual desktop has been logged off in a device, the data and all configurations of the VDI remain intact. This allows for a more personalized experience for the user who can then customize the user interface of the VDI as per his preferences.
In a Non-Persistent VDI, all data and settings are reverted back to their original versions once a device is logged off. A user can still save data on a personal external storage device but not on the virtual desktop itself. The Non-Persistent VDI has a much lower cost since it doesn't require as much storage space to save all individual user data as required in a Persistent VDI.
Why is VDI Important?
Virtual desktop infrastructures are increasingly popular and important in today's changing world. After the breakout of the Covid-19 Virus, more and more companies have started encouraging their employees to work remotely.
VDIs provide the tools and means that allow the employees to work anywhere they want. They can use the VDI's interface in the office, at home, or even on a beach a hundred miles from their office. Virtual desktops have upgraded productivity by enhancing accessibility to company resources for the employees, wherever they may be.
What are the Benefits of VDI?
Virtual Desktop Infrastructures have many benefits that help an organization in various ways. Some of the most prominent advantages of having a VDI setup are as follows:
- Advanced Security: In a Virtual Desktop Infrastructure, all data is maintained in the main server and not in the individual devices themselves. Therefore, if an end device or user computer is ever stolen, corrupted, or hacked, there isn't any data that can be stolen from the local storage of the device. This separation of data adds a significant layer of security because it reduces the risk of losing valuable and confidential company data. Additionally, the virtual desktops on all endpoint user devices are controlled through the central data center. Hence, in case of device theft, the VDI's connection can be terminated remotely.
Better User Experience: The Virtual desktop provides a uniform, standardized and familiar desktop environment to the user who has grown accustomed to his workplace computer. Whether the user uses the VDI on his/her computer, his phone, his/her/her tablet, or any other compatible device, the interface remains consistent. This system of central connectivity also gives the user remote access to all their files, applications, and services, that they usually only have on their office computers, at any remote location of their choosing.
Scalability: Cloud computing has made the concept of virtual desktop infrastructures even more accessible. If an organization plans to expand its team or its operations, VDIs can help expand the company network in mere minutes instead of days or weeks using traditional hardware means. By consolidating all of the VDI's infrastructure data and operating system on the host server, this infrastructure saves a lot of excess hardware and networking purchases and costs.
Mobility: VDIs are mobile and can be remotely accessed from anywhere in the world. This allows the organization to provide workers that work in the field access to all the data and applications they would need on the go on their own devices.
Cost Saving: Since most of the backend work is processed and applications are run on the central server, the hardware requirements for the end-user devices are much lower. This reduces the cost of purchasing new and up-to-date computers for all staff that needs to run specific programs. Instead, they can simply use any old computer, laptop, or tablet that can access the VDI.
Centralized Management: A VDI's centralized server system allows an organization to easily configure or update all the virtual desktops in a system from a single location. Administrators can easily apply security features and protocols for all VDIs across the deployment. Hence, VDIs act as a tool to fine-tune and manage the OS of all devices from a central server, which is less costly and more time-efficient than managing individual laptops running OS locally.
What are VDI Disadvantages?
Like any other technology, VDI has some drawbacks and challenges that the company needs to assess and evaluate before implementing a virtual desktop infrastructure. Some key challenges are:
- Poor Training results in poor user experience: The use of VDIs requires proper training of the potential users. If sufficient training is not provided and VDIs are implemented without first educating the user employees, it may result in various confusion and inefficiencies. The users will have access to two desktops (their local one and the VDI desktop). Hence, they may end up confusing one for the other and have problems navigating between the two desktops. The users may save files in their local PC instead of the VD or they may end up searching for files in the local PC which are actually in the VD (or vice versa).
Additional costs: There are a lot of additional costs associated with VDI hence any company that plans to implement VDIs should deeply plan all financial aspects beforehand. While VDI has a lot of cost benefits in the long term, the additional costs for IT infrastructure hardware expenses, specialized personnel hiring, licensing, and other initializing costs may raise the initial setup costs significantly. The storage of the operating system, applications, data, and settings for every single user must also be stored and maintained in the central data center.
Reliance on internet connectivity: No network means no VDI. VDI's are highly reliant on network connectivity. Users can't access their virtual desktops without an active network connection and a weak internet connection can cause poor performance. VDI virtual desktops must also be deployed near the location of the end user's device for best results. Hence a geographically dispersed workforce may experience challenges with bandwidth and speed that may fluctuate depending on the location of the user.
How does a VDI Work?
VDI provides a virtual workspace where the user can run various apps without downloading or storing them on their own computer. It provides a safe and remote solution to employees to work remotely wherever they need, hence boosting their productivity.
The first thing a VDI needs is a hypervisor and a virtual machine server. A hypervisor is also called a virtual machine monitor or VMM. It is software that constructs, runs virtual machines (VMs). It first segments servers into smaller virtual machines which are then used to host virtual desktops. Users or employees can then access these virtual desktops remotely from any of their devices and all processing is done on the actual host server. The end users can connect the virtual desktop to their devices through a connection broker. A connection broker is software that acts as a gateway between the user and the server.
Now when we talk about the actual VDI characteristics, there can be many versions and models based on the needs of different organizations but some of the common characteristics of any VDI are:
- Virtual Desktops are completely installed, maintained, and stored in the centralized server.
- Each VDI is run using an operating system such as Windows or Linux, which is then projected to the user devices.
- The VDIs are host-based, meaning there can be many users working on the same VDI that lives on a server in the central data center.
- The end-user devices, such as PCs, tablets, or laptops, etc., must be constantly connected to the central server through a network (LAN or online) to maintain access to the virtual desktop they're using.
- The connection broker is software that acts as a gateway between users and virtual resources. It finds and links a virtual desktop within the resources of the server to a user upon access request.
- A hypervisor. As mentioned before, it creates, runs, and manages the host machine virtual desktop infrastructure that then provides individual virtual desktop environments to the users.
As for the working of the VDI, there are two main software components that create the VDI. The hypervisor and the connection broker. When a VDI is created, a hypervisor program creates the infrastructure and enables multiple instances to be created from the main server that is then used by individual end-user devices. Next comes the connection broker that, as the name suggests, is a broker that provides each individual user device with a connection to the individual instances created by the hypervisor. The connection broker also checks and authenticates every user that requests access to the VDI and acts as a security checkpoint.
How to Use VDI?
Using a virtual desktop is actually fairly simple. A user can gain access to a VDI using the following steps:
- A user enters his login username and password and sends the request to the Gateway URL or application to start the connection.
- The user IDs and passwords are validated against the server's directory of authorized users called the Active Directory (AD).
- Then the Gateway, which is the connection broker, forwards these credentials to a StoreFront which validates the users against the AD.
- Then the Virtual Desktop Controller retrieves the data from the centralized SQL database.
- The available resources from the database are then sent to the StoreFront, which is then displayed on the virtualized desktop on the user device.
- Now the end-user can select his desired data or application from the resource pool of Windows or Linux applications and get to work.
Who Uses VDI?
VDI has a diverse portfolio of users. Generally, local and remote employees who perform their work on desktops from a centrally located site can benefit from a VDI.
Some usual VDI use cases are as follows:
- Remote Workers: VDI enables employees and team members to access the same applications, and resources, while being geographically apart from each other.
- Regulatory Compliance: Many regulatory compliances demand strong internal controls over storing confidential information improperly. By centralizing the management with VDI, the threat of data leakage and theft is eliminated.
- Third-party Access: Where a company needs to hire a third party or contract-based employee for a certain period of time, they need to provide them with company purchased systems that contain the applications and data the contractor needs. VDI makes this situation much easier since it can be launched and accessed on the user's own device without the need to purchase new devices and all relevant data and applications can be shared with them through the VDI.
- Bring Your Own Device (BYOD): BYOD is a concept in which an organization does not provide its employees or contracted workers with company-owned equipment. Instead, they are asked to bring their own devices. VDI is an ideal solution for such an environment that will allow access to the information and application needed by the employees on their own devices. Since all data is stored on a centralized server, it also offers better security.
- Shift Workers: Nonpersistent VDI is particularly useful when looking at organizations such as call centers that have a large number of employees who have very limited tasks and use the same software daily. These users don't need customizable user displays or saved local data, making nonpersistent VDIs ideal for them.
What are the VDI System Requirements?
There are a number of different VDIs available in the market and they all have varying system requirements, but the most common and basic requirements for any successful implementation of a VDI are listed below:
A Server rack in a local centralized data center
A Virtualization platform such as Hyper-V or VMWare ESX Server
A Protocol for connecting to the virtual OS. This protocol will handle processes such as device and printer redirection.
A Platform for managing the servers and helping provision virtual machines quickly and efficiently.
A Connection Broker.
An Application virtualization program.
If we want to create a persistent VDI then we also need Profile and data redirection software to enable users to customize their virtual environment and retain the same even after they log out.
An end-user device that acts as an interface for the VDI.
What is VDI Used For?
VDIs have been used in almost all industries that utilize remote working and networks. Some industries that use VDI most commonly are:
- Call Centers: VDI allows call centers to limit and monitor access to the information given to all representatives. Using a VDI makes sure all the relevant tools and information is available to the calling agents so that they can complete their tasks efficiently and without any disruptions.
- Healthcare: Doctors and medical professionals are often on the go and they always want to spend more time treating their patients than struggling to reach hospitals and log into their physical desktop systems. VDI enables them to keep patient data on personal devices to access it anytime and anywhere they may be in case of emergencies.
- Manufacturing: The manufacturing industry often involves contracts with outsourced engineers, expert advisers, designers, builders, etc. Through VDI, companies can offer virtual desktops to these 3rd parties to allow them to work remotely and log in through their personal phones or laptops whenever required.
- Education: Setting a Virtual Desktop Infrastructure in universities makes it easy to give access to school resources to all teachers and faculty. Moreover, students don't need to have expensive computers and laptops to use these virtual desktops. Even low spec devices work fine to access the VDI data and applications.
- Finance: Finance requires a bank-level secure platform to work. Financial data is very sensitive and confidential and is prone to get compromised or stolen. Hence, they are also more vulnerable to cyber attacks. VDIs help the organisation set up different security walls such as, multi-factor authentication, data encryption, etc. Moreover, allowing the accounting and finance heads to work remotely can help pace their work and enable them to work more efficiently wherever they may be.
- Military: Industries that must have a prioritized level of high security, such as the military are one of the most prominent users of VDI. It enables the organization to have close control over the user's authentication and virtual desktops which can prevent unauthorized users from entering the desktop. VDI is used in these industries to maintain a high level of security overall confidential and sensitive data.
How is VDI Different?
The differences between VDI and some of the similar technologies are discussed below:
What are the Differences Between VDI and DaaS?
The main differences between VDI and DaaS are as follows:
First comes the cost. For a VDI, the organization would need to set up servers or a data center to host and maintain the virtual desktops, which can cost a lot upfront. However, if the number of users is going to be consistent for the foreseeable future, then most costs should be limited to upfront expenses and can lead to long-term savings.
While in DaaS, though there are some small setup fees required, the deployment cost is much smaller than that for the VDI. But since DaaS has a pay-per-user model, these costs can accumulate to be greater than VDIs in the long run. DaaS can be useful and cheaper for companies that have temporary users.
- Flexibility and Scalability
VDI configuration and deployment are generally tailored to the exact needs and requirements of an organization. This configuration is quite rigid and hard to change and evolve over time. VDI might potentially slow down your organization if your servers can't keep up with the growing volume of your workforce.
In contrast, DaaS is very flexible, since it has a pay-per-user model. This means it can easily upgrade with an increasing workforce, however, scaling DaaS will raise subscription costs.
- Control and Management
With VDI, The Organisation's IT department has complete control over onsite VDI servers, including everyday maintenance and security and all software and hardware updates. This can put a lot of workload on the IT department.
DaaS on the other hand takes away the burden of maintaining and updating the servers. It can also deliver much more advanced security benefits when it comes to data protection. But it provides the organizations with less internal control over the virtual desktops.
- Access to Resources
In a VDI all the resources and distributions are dedicated to a single server in the centralized data center of the organization. Hence there is no risk of outsider interference and interruptions to the data and servers. This also means, however, that when your data center is down, all your resources will be unusable.
With DaaS, the virtual desktop services are multi-tenant, which means DaaS can host the data and resources dedicated to multiple organizations on its servers at the same time. This does increase the risk of interference with the service should there be a disruption. But since it has multiple servers and backups available, the risk of a data center breakdown in DaaS is much lower.
What are the differences between VPN and VDI services?
The differences between VPN and VDI services are as follows:
VPN is dependent on the user's hardware. Since all the processing is done on an end-user device, older hardware and outdated operating systems can have adverse impacts on its performance.
VDI, on the other hand, has minimal hardware requirements from the end-user device. All processing is done on the servers assigned to the virtual machine running the virtual desktop. It is common to use cheap or outdated devices, thin clients, for VDI because they only act as front-end devices for the VDI servers.
- Data Storage and Security
VPN protects the data while it is in transit, but it has no security protocols once it is on the client's machine. It can be moved and copied wherever the user wants. Having company files copied locally can increase the [risk of a data breach] (/docs/network-security-tutorials/what-is-data-security) of classified information.
When using VDI, all applications and data remain on the virtual desktop running through the VDI servers.
In terms of performance and speed, VDI is the clear winner. Since all resources are shared through the company's own servers and directed to the user devices, the overall experience is much faster. On the other hand, VPN performance completely depends on the speed of the internet connection and the hardware of the end user device. Moreover, since the data sent through a VPN is encrypted for extra security it is actually even slower to send large files.
- Management and Maintenance
In terms of maintenance and management, VPN servers are easier to maintain but managing and using a VPN as an end-user device is much more complicated and complex than a VDI. Any updates and maintenance to the client device require an active connection to the user device itself.
In a VDI, the admin or the IT department of the company can update and maintain the VDI themselves. With this centralized server management, the admins can update multiple end-user devices at once and have much broader control over the system.
The cost of maintaining a VDI is drastically higher than running a VPN. VPN has very minimal hardware requirements and all server maintenance has to be done by the VPN company not the user, hence there is no need for additional server hardware and manganocene cost. VDI is a much more expensive solution because it adds a layer of costs incurred for maintaining the servers, purchasing hardware and hiring dedicated personnel for server maintenance.
What is the Difference Between VDI and Virtual Machines (VMs)?
A virtual machine or VM is a file that acts and performs like an independent physical computer that has its own CPU, memory, storage, etc. VM is like creating a computer within a computer. For example, a Windows PC can have a VM that runs a Linux OS independently. VM is actually the core concept behind a VDI itself. VDI uses the VM to launch and enable the use of different software on the end user devices. VDI uses a server to create instances of small-scale virtual machines on the host devices, hence the two concepts VDI and VM are not different but actually a part of one another.
What are the Differences Between VDI and RDS?
Remote Desktop Services (RDS) and Virtual Desktop infrastructure (VDI) are both tools used to deliver remote access to users' desktops. Some main differentiating points between VDI and RDS are:
- Windows Limitation
RDS is a product of Windows and can only be run on a Windows server, Hence, it can only be accessed on a Windows desktop. VDIs however, are not limited to a single OS and can be run on either Windows, Linux, or any other OS.
- Compliance and Security
With RDS, all users share a single server, which increases the risks of a potential security breach or data leak. Similarly, a single network outage on a server can affect every user in the organization. VDIs are much more resilient since each user is allocated a separate instance.
- Intensive Applications
VDI has a much better performance record for intensive applications that require high-level performance like design and video editing software. It is also better for customized user experiences.
RDS desktops are run on a single server and all employees or "users" access it through a single network. Meanwhile, VDI gives each user's device its own virtual server. Which adds a layer of security between the user devices.