If you’re implementing virtual machines — whether directly on physical devices or through VDI sessions — you’re bound to face the perennial question of whether to use persistent or non-persistent VMs.
Before we get to the answer, let’s level-set on what we mean by persistent and non-persistent.
- Persistent VMs means that each user’s virtual desktop has all their personal settings, including favorites, shortcuts, passwords, and screensavers. Users can save files, change configuration, and customize at will. Their experience is akin to a physical desktop.
- Non-persistent VMs are stateless. The desktop state is automatically destroyed at regular intervals. Depending on company policy, it could be at each logoff, every night, or even once a week. Whenever it happens, nothing is saved. All of a user’s activities, settings, and files are erased. Each subsequent time the user logs on, they get a clean master image.
- There’s also a middle ground in some virtual desktop implementations where the user’s profile is persistent but all the rest is non-persistent.
As to which type of VM to employ, there’s no one-size-fits-all answer. There are pros and cons to non-persistent and persistent virtual desktops, or operating systems. What you choose depends upon your use case, type of users, and goals, such as security, productivity, and cost savings. Many of Hysolate’s customers provide each end-user with both persistent and non-persistent VMs on their devices.
Non-Persistent Virtual Desktop
- Advantages: Nothing is allowed to live within the virtual operating system for long. This means malware isn’t allowed to fester. That’s a huge security win. It’s also what makes non-persistent VMs essential for when you can’t trust that the user’s device is not exposed to hackers. And as we all know, that’s virtually impossible to ensure unless the device is completely locked-down.
Other advantages include less storage requirements on the device since nothing is retained in the VM, simpler desktop management, and the fact that the user always gets a clean, pristine desktop.
- Challenges: End-users may naturally assume that their personalizations and files will be there at their next logon. IT needs to make them aware that they’re working in a non-persistent virtual machine.
Persistent Virtual Desktop
- Advantages: Persistent VMs are convenient for end-users. Each time they open the VM, everything looks and acts the same. All their personalizations and files are there. Knowledge workers who continually create and work on their own local documents expect this. Their productivity often depends on it.
- Challenges: IT organizations have to allocate time to managing individual persistent virtual desktops and profiles. The user’s device needs to have sufficient storage. However, with storage so inexpensive this is much less of an issue than it was in years past.
Ensuring security can be quite difficult. Malware that infiltrates the end-user’s VM sticks around and, often, does damage. This is true even if you’re using persistent VMs in a virtual desktop infrastructure setting. Because VDI doesn’t isolate the remote sensitive resources from the devices used to access them, any malware that gets in can easily access and control the VDI operating system and resources. Plus, with VDI you have a single persistent desktop that is just like a normal Windows box. It typically has access to sensitive corporate apps and internet apps like email. An infection in the persistent desktop means malware has full access to everything the user can access.
Hysolate: The Best of Persistent and Non-Persistent Desktops
Hysolate eradicates the security challenges typical in persistent virtual desktops. We enable users to securely access and run sensitive information in a locked-down, persistent virtual machine on their laptops. The persistent VM runs alongside a VM that’s open to internet access and day-to-day work — and can be configured to be non-persistent.
These two VMs are fully isolated from each other. Any malware that reaches the open, non-persistent VM is completely contained within it. Hackers can’t even see that any other VM exists on the device. Hysolate provides added security control by enabling you to do remote wiping from our platform’s central management console. This gives you the option of eliminating malware that is discovered on the open VM before it automatically reverts to the clean snapshot.
Learn why security leaders are replacing VDI solutions with Hysolate. Request a demo to see the productivity and high security benefits for yourself.