When to Use Offline VDI
Desktop virtualization isn't an online-only strategy. Here's what is involved in taking users offline as well.
- By Kevin Strohmeyer
Enterprise IT organizations that may be just beginning their move toward desktop virtualization, as well as those who are far down the path with significant deployments, increasingly ask about "offline VDI."
Those at least somewhat familiar with VDI associate the technology with centralization, security and control, manageability, and flexibility. The common reaction from many end users and administrators alike is, "I would love to use VDI, but what if I'm not connected to the network?" To answer this common use case, the industry has developed several approaches to offline, or local, VDI.
This article should help you understand these approaches and how to evaluate the use of offline technologies as part of a more holistic desktop virtualization strategy.
What is offline VDI?
Let's start with some working definitions for the purposes of this discussion. When most people think of VDI, it is the concept of creating a user's desktop image, making a virtual machine out of it and running it in virtual infrastructure locked away in a datacenter or server closet where it is accessed over the network from virtually any type of client device. Therefore, VDI by most definitions is an "online" technology requiring a reasonably performing network connection to effectively access and use the virtual desktop.
Offline VDI, at its most basic concept, is the ability to create and manage a desktop as a virtual machine, but instead of executing the virtual machine in the data center, that virtual machine may be executed on a business-class PC.
Inherent to the solution, however, is the need to still deliver on the security and centralized control and management of the desktop, apps and data on the device. This leads to some technical challenges that can be addressed in a few different ways, but to evaluate these options, you first have to understand what you are trying to achieve.
What use cases drive consideration for offline VDI?
There are a number of use cases where offline or local VDI should be considered:
Mobility -- When coming from a comprehensive desktop virtualization perspective, the most common use case for offline VDI is handling those users who spend much of their time traveling and who need a way to get work done when disconnected from the network. There are a number of technologies that can apply here, but for those users who will primarily work from a laptop that may very often be disconnected from the network, offline VDI can be a great option.
Fixed PC management --
Less thought about, but nonetheless valid, is the idea of using offline VDI to manage fixed, office-based PCs. Offline VDI technology that leverages self-managed Type-1 hypervisors can be used to abstract away the hardware driver differences from one PC to the next, reducing the number of required golden master images. The virtual machine may then be synchronized when connected to the network, allowing administrators to patch, restore and move the virtual machine as needed. Many organizations transitioning to VDI want to leverage the power of their newer PCs. Offline VDI can do just that while delivering the management features admins want today.
Network constraints -- There are some cases where a remote or home office may have constant network connectivity, but high latency or poor throughput of the network may not support a virtual desktop when hosted in a remote datacenter. In these cases, an offline virtual machine may be a good alternative be synching the differential files and OS changes over the network without impacting real-time performance.
Secure Environments --
In cases where locally executing PCs and laptops are a requirement for any reason, running a Type-1 client hypervisor can provide significant security mitigation. Allowing the entire OS to be disk encrypted with centralized authorization and policy management provides significant security benefits over typical PCs alone. Multiple OS/desktop environments can be loaded on the same machine and instantly switched, providing different OS environments or levels of security. For many firms and government agencies, this means having a locked down desktop with no Internet access for confidential apps and transactions, and then an isolated open or personal desktop environment for more personal use that enables users to interact with social media sites, personal e-mail and other apps that may otherwise compromise a secure, regulated environment.
How do I figure what's right for my users?
As with any new IT project, it is important to perform a thorough assessment of user groups and their business priorities. Only then can you begin to analyze how a desktop virtualization project will provide value to the organization while empowering your users to be their most productive. Here are a few considerations:
Do your users want to access their desktops or apps from multiple devices? Where do they do the bulk of their work? If users want to use their personal desktops, plus a desktop at the office, and app access from tablets or smartphones, you will want a centrally-hosted application and desktop environment. You may still want to use an offline VDI desktop for their primary work machine if it is often disconnected from the network, but don't expect to move the VM around from server to laptop. Instead, leverage virtual apps, roaming profiles and folder redirection to re-create a user desktop for occasional hosted use.
Data Security -- When people think security and VDI, the inherent value is the idea that the user's data stays in the datacenter. While centralization provides a high level of control, there are ways to mitigate the risk of data leakage on a device through full disk encryption, timed lockouts and poison pills. There are vulnerabilities with any system, so carefully evaluate security features to determine your requirements.
Apps -- Perhaps the most important part of any virtual desktop strategy is understanding your users' requirements for applications. While the idea of having the freedom to work offline is appealing, there is only so much you can do off the network. While some applications may perform better while running locally, others perform better when hosted in the datacenter, as the time to transfer app data between client and server is optimized when both are running in the datacenter. But when the primary desktop usage is for those apps designed for disconnected or synchronized app data, offline VDI is an ideal solution permitting ultimate freedom and security when network connectivity can't be counted on.
Management Goals --
There are many reasons that IT organizations turn to desktop virtualization, but if the primary reason is to provide access from any device, then a hosted desktop is most likely the right answer. However, if any of the use cases for offline VDI fit your users' needs, then running VMs locally on a PC or laptop with a Type-1 hypervisor offers a powerful, efficient and secure method of managing those devices.
Offline or local VDI is a technology that has evolved rapidly over the past few years. Whether you are trying to tackle the management of your laptop fleet or are deploying desktop virtualization broadly and want to leverage the compute power of your newer PC assets while centrally managing the image, offline VDI can be a great fit in any size of organization.
There is no one form of desktop virtualization that is optimal for all users, so any desktop virtualization strategy should plan for a range of desktop and application delivery technologies to meet the needs of each user. By leveraging the latest desktop layering technologies that deliver apps, profiles and folder redirection, IT can build a common architecture enabling a range of hosted and local desktop models. This flexibility delivers a personal, high performance desktop experience to any device, delighting end users while maintaining an optimal mix of security, management and control.
Kevin Strohmeyer is director of product marketing for the Enterprise Desktop and Applications group at Citrix.