by Thomas Krampe, CTP
Ten years ago we talked about the Hypervisor and which vendor has the smartest and fastest product. Should we use ESX or better XenServer and what about Hyper-V?
In the last years, the Hypervisor has become more and more a commodity and nobody really takes care of the virtualization layer. Ok, sometimes we have discussions about vSphere, XenServer or Hyper-V but that’s no longer a show stopper in a VDI project. If you have a Hypervisor infrastructure in place – no matter from which vendor – everything is fine (all discussion in that direction is more kind of political than technical).
These days I think that the same comes up for the VDI solution we use, because it just delivers the plain virtual Desktop to the end user. It’s not rocket science to setup a VDI solution and deliver a plain Windows in a virtual world. So what are the pain points when we talk about the future Desktop model for our customers (and for our own Desktop as well)?
In my opinion it’s all about applications and more important, it’s all about data, right? But there are a lot of other things we have to keep in mind. Just think about a cloud-based Desktop which comes to you via WAN connection from your trusted DaaS provider (in my opinion the important thing is Trust here). How can you deal with all the things around? Let me clarify this a little bit more in detail. What else do we need to manage a DaaS Desktop?
First of all we need to authenticate our users and there are several questions we have to answer.
- Should we use our internal Active Directory?
- Is a separate “Cloud” AD with Trusts to our internal AD a better way?
- What about read-only Domain Controllers in the Cloud?
- Is AD on Azure a good solution to ship around the security problems we have with the solutions above?
- What if I like to change my “authentication provider,” are there any other AD on whatever provider or should I use something like OpenAuth or other open standards?
Next step are the user profiles. In a DaaS scenario it’s not an easy question where to store my user profiles. Based on best practices we have to place them near to the Desktops, which means at the end of the day in the DaaS provider data center. For doing that we need storage space and of course data security because sensitive data are often stored in the users’ profile.
- How can we secure user profile data without having longer logon times based on the encryption?
Applications are also important. Sure I can a provide a lot of SaaS applications like Office 365, Salesforce etc. into my DaaS Desktops, but I have internal apps with special prerequisites as well. How can I make sure that all applications (SaaS or internal) use my external authentication provider for authentication? On the other hand how should I provide these internal apps to the DaaS Desktop? Should I provide them in the base image and control the usage with tools like FSLogix or should I provide them via XenApp or App-V?
- What about the data. Where to place the data to be securable and accessible for my applications (SaaS or other kind of apps)?
The other stuff around, like Backup, Monitoring, PKI etc. are currently available via cloud services. But here we also have to deal with the authentication problems mentioned above. What comes from the big three, VMware launched their Horizon DaaS which is bought from Desktone, Microsoft brings a lot of stuff into Azure (where else) and Citrix has its Workspace Services (which looks good so far). Is that enough to address the problems? What is missing?
And don’t forget the management, today’s customers don’t like hundreds of consoles to manage their stuff. What about a single pane of glass to manage all that different stuff from different providers or on-prem technologies and services?
I created a small graph to visualize everything I talked about before. What I really like to archive with this article is a discussion with all of you guys to see how the future Desktop model can work and which pain points we’re currently facing. And don’t forget, I’m German, every typo is protected by German law! 😉