Why There is Still a Role for VDI in the Security World

The rush to move applications to the cloud is well under way, from personal productivity tools to ‘Big Data’ analytics. This raises the question: what is the role of your virtual desktops, and should you be moving them to the cloud too?

I believe there is still a place for VDI in the security world, where it offers a number of benefits either instead of or used in combination with cloud. 

The major security benefits of VDI are:

  • No programs are held locally, so everything is in effect sandboxed
  • Access to the same desktop from any location and device (even mobile phones, although realistically no-one would use them for this purpose). 

Let’s be honest and admit that VDI is not perfect. You really want to deliver the same desktop to every user. The more different desktop templates you have, the more complicated your VDI set-up becomes.

Some users will always have to be outside the VDI fold because their needs cannot be met by a standard desktop device, for example if they require high resolution graphics or view and edit high resolution streaming video, or you may have to beef up the VDI back-end to handle their requirements.

You may also have to deal with outdated USB sticks or, even worse, local devices with drivers to install such as smart cards, accessibility aids or scanners, which defeat the move to the ‘same on any device’ ethos of VDI.

Investigating any issues that arise can also be more complex when using VDI. Today’s investigation tools are manufacturer agnostic, but you need to configure them carefully and also need a good understanding of the system to identify the problem, as there are extra components and traffic within the solution. All of these issues have to be traded off against VDI’s security and mobility benefits.

However, using the cloud also has its downsides. A lot of the complexities that arise when using cloud are dependent on the core applications a business runs. Web browser interfaces are more common, but they still require a particular version of IE/Chrome (and some will work with Safari, others won’t), Java, Silverlight etc.

HTML5 was supposed to solve this, but again the developers of the specific applications that your business runs need to make this happen. Web browsers also leave ‘temporary files’ which contain a surprising amount of useful information, while application programmers can be very messy with how their application runs and again may leave files behind. This is still where VDI excels, as it means nothing is stored locally.

With VDI, you are already sending a keyboard and screen to each user. If you put these virtual desktops in the cloud alongside all the applications, VDI will play better, but are you really planning to move every single application to the cloud? The chances are that some cannot be moved effectively: this is where latency can become an issue. The round trip from your PC to the cloud, via a server elsewhere and back again, takes some time, depending on your internet connection and the way the application works.

Applications that continually transmit and receive large amounts of data can really clog up the pipes, especially if traffic is going up and down from the cloud to the local network before screen changes are sent to the end device.

The result is that users constantly tell you that their PC is slow, when in reality it is latency from the cloud or from application interaction, which the users don’t care about as all they see is the screen in front of them.

More and more applications, such as Microsoft Office 365, are now being offered as SaaS or ’cloud based’. Application vendors, depending on where they are in their application lifecycle or whether they want to deliver a new version, will increasingly develop SaaS solutions.

These will have a primary aim of tying organizations into their solution, so it is vital to go in with your eyes open and make sure that there is an easy way out if needed before you commit time, resources and budget. 

Many cloud providers also offer Desktops as a Service (DaaS). Although this is a potential solution, realistically, just as with the original concept of VDI, the desktops need to be close to the applications to minimize the latency. Therefore, both desktops and applications need to run in the same cloud.

The logical conclusion is that you need a solution that can do both cloud and VDI. While traditional VDI could work – and the cloud vendors will assure you that it can – it is not comprehensive enough in a cloud scenario.

Products are now available that have been designed specifically for this purpose, enabling you to set up VDI in the cloud from where it then talks directly to the cloud applications. This enables you to have the best of both worlds. 

To make this effective you will of course need the discipline to program things properly rather than just finding a way to ‘make them work’. However, in my opinion the security benefits mean that there is still a place for VDI in today’s corporate IT networks.

What’s Hot on Infosecurity Magazine?