In this article, we look at why solutions such as VDI and MDM are failing to satisfy end users, and the businesses need for access to any application on any device. We also look at the ideal architecture required to deliver a Digital Workspace.
Not so long ago the IT departments End-User hardware headaches mostly revolved around PCs and laptops:
- IT brought Windows PCs & laptops.
- IT managed Windows PCs & laptops.
- IT delivered applications to Windows PCs & laptops.
- End Users worked on Windows PCs & laptops
If managing and troubleshooting IT was hard enough keeping on top of it before, it’s become even more so because of the flood of alternative endpoint devices into the corporate landscape.
Not only this, end-users continue to demand less complexity and more convenience when accessing applications and IT services in the office or on the move. Services and apps aren’t being consumed on a single company-issued device, but rather on a combination of laptops, smartphones, tablets, and thin clients.
To keep up with this evolution in consumption, the application landscape and delivery have been evolving as well:
- There are multiple OS: iOS, Android, Windows PC, and Mac.
- Devices are mostly unmanaged (80%) and mostly mobile.
- There are multiple application types: Web, Windows, Network Shares, Hybrid, and Native.
- Applications can be run as a service, ie SaaS or On-premise.
The desktop virtualization, mobility and device landscape.
The issue for IT is captured brilliantly in a diagram created by Amitabh Sinha and his team at Workspot, which Brian Madden called the “The most brilliant diagram to explain the landscape of desktop virtualization (VDI), mobility and devices.”
IT wants to securely deliver any app to any device.
So now IT has to enable secure access to:
- Windows desktops
- Windows apps like SAP
- Network file shares
- SaaS apps like Office 365
- Web apps like SharePoint
- Native apps like Box
from devices running any of the following operating systems:
- Mac OS
Two potential solutions for securely delivering any app to any device.
Two different types of solutions emerged to address these challenges:
- Virtual Desktop Infrastructure (VDI) – Virtualize the desktop in the data centre and grant access from any device.
- Mobile Device Management (MDM) – Manage mobile devices the way IT manages PCs.
Virtual Desktop Infrastructure
At its simplest, VDI is nothing more than one desktop Virtual Machine (VM) per user, running on top of a hypervisor. As with server virtualization, each desktop VM is assigned RAM, disk and I/O resources. A full installation of the OS resides on the virtual disk.
In theory, VDI makes perfect sense if you want to be able to give end-users a truly mobile, multi-device experience whilst retaining centralised management and control, and resilience through device independence.
In practice the theory works too – for pilot projects with a small number of users.
As soon as a meaningful number of users’ desktops are virtualized, the theory starts to fail along with projects because of the expense, poor user experience and the added burden of managing the infrastructure on an already stretched IT department.
Why is VDI so expensive?
Using the server virtualization model doesn’t work because of some fundamental differences. Data centres were virtualized and optimised for server workloads with the following characteristics:
- 10s to 100s of virtualized machines.
- Each VM requires 5-50Gb of data storage.
- Each VM did about 80% READ operations and 20% Write.
VDI workloads break the data centre architecture because the desktop workloads have different characteristics:
- 100s to 1000s of VMs.
- Each virtual desktop requires 20-100Gb of storage.
- Each desktop does 80% WRITE operations and 20% Read.
80% WRITE is not an issue on a normal PC, but in a shared storage infrastructure it causes havoc on the performance.
IT can add more storage, but that makes the economics of VDI unsustainable, especially considering the much higher cost of data centre storage compared to desktop storage.
Why does VDI deliver a bad user experience?
If you tried to implement VDI a few years ago, you probably came across the same complaints time and time again…“I want my desktop back,” or “I can’t use this because it’s too slow.” I’m sure there were other comments with far more colourful language that you’d rather not remember.
With early attempts at VDI, applications were being delivered from the data centre, which brought latency and bandwidth issues into play. The remoting protocols have vastly improved over the years, but even they can’t overcome the distance and speed of the connection.
Remoting all apps from the data centre only makes sense if you’re delivering Windows apps. In general users don’t like having a Windows desktop experience on their mobile devices.
Why is VDI harder to manage?
The typical process to roll out a VDI project involves:
- Running a proof of concept.
- Architecting and sizing the infrastructure for the optimal user mix.
- Acquiring hardware and software.
- Standing up an environment.
- Provisioning users.
For most IT departments, this process means that numerous team members, including senior specialists from the networking, server, hypervisor, desktop, and storage teams need to be involved.
Secondly a lot of components are required to provide a virtualized desktop from the data centre. These include:
- Load balancer & VPN gateway
- Broker software
- Microsoft Windows Server and SQL databases
- Portal/enterprise storefront software
- Configuration/monitoring software
- Image management software
- VDI licenses
- Hypervisor host license
- Server and storage hardware
- Storage management software
That’s a lot of services that need to be monitored and managed by different teams, and you know what fun that can be when troubleshooting issues:
- Server admin for the compute workload.Storage or SAN admin to create, provision, add or remove to/from the virtual machines.
- Network admin to maintain and diagnose problems with the switches and routers.
- Virtualization admin to optimize and scale out your hypervisors.
- Desktop admin to make sure all the images have the proper updates and patches.
If you’re lucky enough to have staff trained in the technology, you’d have to pull multiple members away from other projects. If you don’t, you either have to invest time in training new people or enlist outside consultants, all of which drives up your costs even more.
So most attempts at VDI haven’t really fulfilled the promise of “just virtualize the desktop in the data centre and offer access from any device.”
Mobile Device Management
MDM was an attempt by vendors to apply PC management philosophies to mobile devices. But MDM didn’t solve two problems:
- How do end users access their business apps and data?
- Are business workflows available on the device?
The extensions to MDM to solve these two problems have been a literal alphabet soup of solutions:
- Enterprise Mobility Management (EMM)
- Mobile Content Management (MCM)
- Mobile Application Management (MAM)
- Secure Browser
- Mobile Information Management (MIM)
- Per-App VPN, and many more.
Neither VDI nor MDM is a complete solution
Both VDI and MDM added multiple layers of infrastructure to the data center. But the biggest problem was that these add-ons broke enterprise workflows!
- A user couldn’t click on a link because it was behind a firewall.
- They couldn’t download a file and edit it.
- They couldn’t run a Windows app to report expenses.
The user experience was confusing to say the least.
So companies continue to deliver applications and data across a variety of devices via a number of delivery mechanisms. The traditional method of deploying corporate desktops and projecting applications to an end user environment (which we can call VDI 1.0) and locking down mobile devices (EMM) is complex and extremely hard to manage. So in most organisations IT continues to struggle to reduce complexity and simplify the user experience.
So how do you address the challenge presented in the grid?
Overlaying the above solutions on the grid introduced earlier clearly shows they are falling well short of the user requirements: Access any app (SaaS, Web, Windows client-server, CIFS, HTML5 and native) from any device (iOS, MacOS, Windows and Android).
VDI – Mainly Citrix XenDesktop / XenApp and VMware View
PCLM – Landesk, Systems Center and Alteris
EMM – MobileIron, Airwatch, Good and XenMobile
Other smaller players in VDI, PCLM & EMM
To reduce IT complexity while meeting the flexible, self-service approach demanded by end-users, the industry needs a unified approach that combines delivery models, centralizes management and security, and supports a wide variety of endpoint devices. Enterprise Strategy Group (ESG) defines this approach as a Workplace Delivery Platform.
In addition to the challenges associated with supporting endpoint device environments, a number of trends such as “Bring Your Own Device” (BYOD), “Choose Your Own Device”(CYOD) have surfaced.
This involves organizations offering employees pre-approved devices to choose from, and alternative application delivery models are forcing IT organizations to look again at ways in which digital workspaces are provided to employees.
Changes in the Desktop and Application Delivery Landscape
From ESG’s research it follows then that 60% of organizations are investigating and pursuing various alternative endpoint and application delivery models for either certain employees or everyone.
What are the characteristics of the Digital Workspace
A Digital Workspace is a secure area for end users to access desktops, applications or data on any device, whether the device is managed or unmanaged.
The number of unmanaged devices far outweighs the managed devices in companies if you consider the ever-expanding use cases even for smaller organizations.
Some use cases of a digital workspace include:
External access by non-employees
- Partners, outsourced IT development and support centres, external call centers, vendor support and other contractors, mergers and acquisitions.
- These external, non-employee use cases typically leverage the VPN gateway, terminal server or SHVD as the mechanism for enforcing access policy and limited access to specific IT assets.
Work from home/flexible working
- The trend for allowing part-time work from home, hot-desking, etc. has seen strong growth over the past few years because it has been proven to be attractive for both the employee and business.
Employee device ownership
- Employees can acquire relatively cheap computing devices and (when allowed) use these to carry out work-related activities.
- Email and calendaring are such a case, and companies are starting to mature their policies and implement tactical solutions to allow access to even more resources.
Requirements of a Digital Workspace
- Desktop Access: The workspace must provide end-users with the ability to access a Windows desktop, whether it’s a physical desktop or a virtual desktop.
- Application Access: The workspace must provide end-users with the ability to seamlessly navigate between corporate applications – Web, Windows, and native. IT needs tools to add/delete/update applications on the device.
IT also needs configuration policies tools to control the behavior of applications e.g. printing from within an application.
- Data Access: The workspace must provide end-users with the ability to securely access documents from SharePoint and Network File Shares, view and edit documents offline. The solution must incorporate data leakage prevention mechanisms.
- Cross-Platform Architecture: A digital workspace needs to be portable across different kinds of devices. It should be available on iOS, Mac OS, Windows OS, and Android. It should be available on phone, tablet, and laptop form factors.
- Device Security: The workspace needs to ensure that the device is safe to use: It is not jailbroken, and there are no rogue applications on the device. IT should be able to define policies to control the behaviour of the workspace e.g. copy-paste between applications, download documents, etc.
- Contextual Security: In an environment where IT doesn’t fully manage the device, IT needs analytics, reports, and tools to understand what the end-user is doing with work-related assets. The solution needs to give those responsible for security a granular view of end-user business activities on a mobile device for compliance and auditing.
Valuable outcomes from Digital Workplace initiatives
Diversity in the devices that access IT services is a trend that will persist for a very long time, and IT departments seem to be evolving to accommodate it with varying degrees of success.
Some of the benefits companies can see with moving on to digital workspaces:
- Reduce complexity for end users when accessing IT resources from their devices.
- Improved communications and collaboration.
- Better customer and client service.
- Technical improvements (better performance, platform support, improved security, etc.).
- Process improvements associated with cost savings.
The growth of the Digital Workspace market
Businesses are starting to look at how to start creating Digital Workspaces that are portable and secure across various devices.
Solutions designed with the end-user in mind that simplify the experience in accessing business applications and data on personal devices will get the most attention. With IDC Research expecting the WaaS market to grow at a CAGR of 12.1 percent from 2015 to 2022 and data from Transparency Market Research expecting the market to reach US$ 18,375.7 million by 2022, you can expect more entrants in a few years time.
What’s available now?
There are multiple solutions offering a workspace solution today:
- Citrix and VMware want to solve it with a Workspace Suite (a collection of their existing product portfolio).
- Citrix Online has ShareConnect, which is the next generation client of GoToMyPC.
- nComputing has OneSpace.
- Workspot is offering a Digital Workspace solution.
The key difference between these approaches is the architecture. The right architecture leads to a better user experience, lower total cost of ownership, and faster time to value.
Citrix and VMware are focussing developments on existing products to address user experience, multiple devices, and changing consumption models.
By adding additional products to existing stacks organisations will be able to securely deliver workspaces to end users, but this may also make the management of the overall stack more complex and harder to manage.
Vendors like Workspot have started afresh and developed a product that embraces Cloud, Hyper-Converged Infrastructure (HCI) and mobile technologies from the outset. This approach keeps control in the cloud but leaves your desktops and data onsite. With the addition of HCI, ROBO also becomes a viable solution.
Both approaches have their pluses and minuses and further investigation is highly recommended. Workspot has released a technical white-paper detailing their approach to Digital Workspace/Workspace as a Service which you can download here.