Wednesday, January 20, 2010

Is VDI the right way to go?

I am going to combine a couple of thoughts here and add a little blue sky thinking.  One thing I have noticed from dealing with various organizations at different levels of virtual desktop maturity is that there still seems a few barriers to 100% adoption across the entire organization.   I am generalizing as things are not the same for every customer.   The real TCO for VDI is not substantially reduced until the PCs are replaced by Thin Clients (or desktop appliances); and there tends to be the sticking point for some.  Sometimes as much as IT would love to move users to a lower support cost desktop alternative the users or business is reluctant to go.  This can be for various reasons such as protectionism from the desktop support teams, peoples general reluctance to change or a misunderstanding of the technology being deployed to site a few.  In situations like this VDI tends to be used for 2nd desktop requirements and remote access. 

VDI provides the opportunity to manage the corporate image while at the same time providing very flexible options for delivering it to the user locally or remotely.  Although it is not exactly a consolidated environment (I am setting aside technologies like View Composer, Provisioning Server, Storage virtual cloning, for a moment) it is a centralized distributed environment of desktops.  I have had the opportunity to look at a slightly different option recently and wanted to share some thoughts.  I have been reviewing Microsoft’s DirectAccess Technology which is a new feature of Windows 7 and Windows Server 2008.  It goes along with my own thinking that technology should not change anything about the way the user works or plays, it should just do its job seamlessly. 

Now this approach from Microsoft is designed for the IPv6 world although it will run with IPv4.  The fundamental opportunity that IPv6 promises is that everything is globally addressable.  What this means is that potentially all things have unique addresses unlike today were we use NAT to extend the lifespan of IPv4 networks.  Traditionally we use VPNs to connect devices remotely which often adds overhead and delays to the login process.  Additionally, they are often dependant on user interaction to start them up.  DirectAccess automatically establishes a bi-directional connection from client computers located remotely to the corporate network using IPsec and IPv6.  It uses certificates to establish a tunnel to the DirectAccess server where the traffic can be decrypted and forwarded to your internal network.  If you have deployed IPv6 and Windows 2008 internally the connection can be securely transported to all your application servers.  Access Control is used to allow or restrict access.  The promise of this technology is that it allows you to extend your corporate network without changing the user experience or sacrificing how the desktop is managed.  It also makes your corporate network perimeter much more dynamic.  Essentially it allows you to overlay your corporate network in a secure fashion over private and public networks. 

Now make no mistake this solution from Microsoft does presume that the end user device is a laptop and that it has been deployed and managed by IT services.  The reason I thought about the relationship between VDI and Windows DirectAccess is that often customers deploy VDI for remote access to avoid a full VPN solution.  With Microsoft DirectAccess and Windows 2008 and 7 integration Microsoft has provided another option that might be a good fit in certain situations.

No comments:

Post a Comment