For many years, medium and large businesses have been implementing the use of virtual machines (VMs) in various flavors. Almost every one of them have most of their servers virtualized, but many others are still adopting virtualization for use with desktops. A Virtual Desktop Infrastructure (VDI) solution has grown at a rapid rate. The goal is to discuss the benefits and features of VDI so you can determine if it’s a fit for your business.
Envision a desktop that is not only fast and reliable but can also follow you wherever you go. While it’s nice to carry around a laptop and have it at your disposal, let’s not forget that you may sometimes forget it, drop it, or dare we say spill a drink on it. A VM, or in this case a virtual desktop since we are discussing VDI, poses none of these issues and becomes a convenient option to consider.
Building Out a Virtual Desktop Infrastructure (VDI) Solution
There are various flavors to build a VDI infrastructure on, but what they all have in common is reliable hardware, and a design that should be built with full redundancy as the goal. What we mean by full redundancy is no single points of failure in power, network, or hardware.
The environment should tolerate these:
- Power Outages – Alleviate with battery backups, generators, and/or multiple power sources
- Network Failures – Alleviate multiple network interfaces, multiple switches, multiple firewalls, and even load balancers
- Hard Drive Failures – Alleviate with a reliable storage device (SAN or NAS) or even local storage with RAID redundancy architecture
- Hardware Failures – Alleviate with multiple servers in a cluster
The infrastructure can be built in many ways with various technologies. Some are faster than others, but they are all typically built to be fault tolerant. They are much more reliable than a regular desktop or laptop. Remember, enterprise-grade hardware is built with quality and reliability in mind.
For our engineers out there, here’s a quick 4-step deployment guide
Deployment is quite simple. Looking at the list below, some or most may already be in place and could save you time and money
- Install and configure the hardware for the virtual infrastructure
- Build out active directory
- Install and configure the VDI infrastructure
- Configure networking for VDI – switch(es), firewall(s), load balancer(s)
How do I gain access to VDI?
VDI is purely built on the notion that you will be accessing it remotely, and you have many options:
- Desktop or laptop
- Mobile phone
Here are a few different protocols that may be used:
- Blast – One of the most versatile options which can be used as HTML5. You can launch your desktop from almost any browser on any computer. The ability to do this, alongside the ability to also access your VM at any time from your phone or tablet, makes accessing your desktop a trouble-free task.
- PCoIP – This may still be the most commonly used one. It offers outstanding performance, using less bandwidth than its predecessor (RDP). Zero clients, specifically those using the Teradici chipsets, rely heavily on this protocol.
- RDP – Almost everyone in the IT industry is familiar with this protocol. It’s still used to this day, but has some major drawbacks, those being security, performance, and bandwidth usage.
Blast and PCoIP each are a great fit for most deployments, and the good news is you don’t have to stick to just one choice. You have the option of setting up your environment to allow the user to choose which protocol to use, depending on use-case. If you’d like to use the HTML5 option within a browser, it must be Blast. If you’d like to use Teradici-based zero clients, it must be PCoIP. If a user is connecting with one of the software-based clients, he/she may be presented with a choice of protocols.
What About Remoting into a Physical Desktop or Laptop?
Look… we know there are other options that may be pondered over, such as GoToMyPC, LogMeIn, and the like, but what do all of these have in common? They all require to be installed on a physical machine, one that you’d always have to keep running 24/7/365 in order to have access to it .
What would you do if you have a work laptop and you bring it with you? It’s no longer on your corporate network. You’d then need to rely on a Virtual Private Network (VPN) service, which is an added layer of complexity, and may not be as seamless as VDI.
What would you do if you have a work desktop that you cannot bring with you? You are now relying on that hardware to be your sole method of connecting into your environment. You’d have to install a remote agent and hope that desktop never powers off.
With VDI, none of the above issues would be a concern. Most VDI environments are built as always on, always available, running on enterprise-level hardware that is typically built to be robust and fully redundant.
We’ll leave you with two of our favorite benefits of deploying a virtual desktop infrastructure.
Your VM is always on, and always connected to your corporate environment. To connect to your VM, you do not need to be on your corporate network. All you need is an internet connection (mobile broadband, WiFi hotspot, internet café, you name it) and almost any device. Once connected to your VM, you will have access to everything you would have while in the office, except the physical presence of course.
There’s no need for a VPN. There’s no need to remap network drives. There’s no need to keep an extra copy of your shortcuts or files on your mobile device.
With VDI, all you need is an internet connection and a device to connect with. It’s that simple.
Logging in is quite simple, but how secure is it?
Out of the box, the connection server you log into to connect you to your VM relies on AD authentication, but administrators do have the option of also enabling two-factor authentication.
For external access, the ideal setup would be to have a proxy/security server in front of your connection server. This can be a load balancer, or even a virtual appliance specifically built to act as your proxy. With two-factor authentication, you may rely on a hard token (keyfob) or soft token as your first method of authentication. After authenticating with a token, you are then prompted for your AD username and password. Your session then remains active in a secure tunnel.