VDI Deployment Models and 6 Best Practices for a Successful Deployment

What is a VDI Deployment?

A virtual desktop infrastructure (VDI) deployment enables enterprises to remotely provision resources to employees, including full desktops and applications. 

There are three main deployment models for desktop virtualization:

  • Virtual desktop infrastructure (VDI) – enables the organization to manage large numbers of virtualized desktops. Requires setting up a complex local infrastructure including a virtualization server and a connection broker.
  • Remote desktop services (RDS) – enables the organization to deliver several end-user desktops from a single Windows Server operating system.
  • Desktop as a service (DaaS) – uses a managed cloud-based service to deliver virtualized desktops to users.

Desktop Virtualization Deployment Models

We’ll review the three desktop virtualization models in a bit more detail.

Virtual desktop infrastructure (VDI)

VDI deployments run the OS on a virtual machine (VM), which is hosted on a server located in the data center. Administrators can then remotely deliver desktop images, which contain an OS and applications, to the end user. 

Each remote desktop uses a dedicated VM with an OS, which contains unique resources like CPUs, memory, and drivers. A hypervisor, which is a software layer, is in charge of managing resource allocation across multiple VMs. The hypervisor enables the VMs to run on the same server. 

Remote desktop services (RDS)

Remote desktop services (RDS), or remote desktop session host (RDSH), provides users with remote access to desktops and Windows applications, stacked on top Windows Server OS. Microsoft Remote Desktop Protocol (RDP), or  is responsible for serving applications and desktops. This service was formerly called Microsoft Terminal Server.

In RDS, a Windows Server instance can support multiple simultaneous users, and is only limited to the capacity of the server hardware. In regular VDI, on the other hand, each desktop image sits on one VM, and the hypervisor manages how they run on the server. This makes RDS more cost-effective than other VDI options. 

Desktop-as-a-Service (DaaS)

Desktop as a service (DaaS) solutions host virtualized desktops on a scalable cloud infrastructure. DaaS provides flexible options and can be quickly deployed. The cloud provider manages the infrastructure, and provides administrative functionality that enables desktop deployment. However, the majority of configurations are not customizable.

 

6 VDI Deployment Best Practices

Here are a few best practices that will help make your VDI deployment a success.

Understanding End User Requirements

To successfully deploy a high-performance VDI solution in your organization, you need to determine the needs of your end users:

  • Which applications end users need for their jobs (this will be different for each department or business unit)
  • How many end users does the organization have in each application category
  • Special hardware requirements such as high end machines for power users, or graphical processing units (GPUs) for uses like machine learning or 3D graphics

These basic parameters can help you size your VDI deployment and understand hardware and licensing requirements. 

In addition, take note of practical requirements such as:

    • Monitor support – you’ll need to support monitors your user are currently using
  • User profile persistence – identify whether users need to keep profile settings persistent between sessions
  • Peripherals – do users need USB drives, audio devices, printers, scanners, etc.
  • Authentication – use of multi-factor authentication or other security measures

Control BYOD and Remote Endpoints

VDI lets you deliver a desktop experience to many types of endpoints and devices. If your organization has a bring your own device (BYOD) program, you’ll need a strategy for device and user control. 

To ease the burden of managing a large number of device types, define a list of common devices which you will support for VDI access. Provide clear policies to users indicating what they may or may not do on their personal devices, and mandating basic security measures like antivirus. 

Most importantly, set up monitoring of any connection to your VDI site from external devices, ensure that legitimate users are following security procedures, and identify anomalous behavior that could indicate a breach.

Related content: read our guide to VDI security

Make VDI Highly Available

A critical aspect of VDI is high availability, because employees and contractors rely on virtualized desktops for their day to day job, and any interruption in service will hurt productivity and cause financial loss.

With a VDI solution, all end-user desktops depend on the availability of the backend VDI management layer. Modern hypervisors, such as VMware ESXi and Citrix, have built in features that provide resiliency and high availability. But you must make sure you have enough hosts in a VDI cluster, with redundant storage, power and networking, to mitigate availability issues.

Consider Thin Clients for Improved Security

VDI systems can enable users to install software and customize their virtual desktops, however, this has security consequences. Even if they are not malicious, users can unknowingly install malware or change desktop configuration in a way that creates security vulnerabilities. 

Many IT and security teams prefer to treat user devices as thin clients. This means devices are allowed to connect to the VDI environment, but cannot install software or permanently change the application’s configuration. When the user logs out, the settings are restored to safe defaults (a non-persistent VDI configuration). However, this type of setup has a negative impact on user productivity and satisfaction.

Hysolate Isolated Workspace provides a cost effective, more user friendly VDI alternative. Hysolate can be scaled up and deployed in minutes, and doesn’t require costly infrastructure or hardware to run. Unlike most VDI solutions, Hysolate doesn’t depend on network conditions, bandwidth requirements or latency, making it an ideal choice for remote or distributed environments. Hysolate provides a totally separated workspace on a single user device, minimising security issues by totally isolating more risky activities from corporate data.

Use Flash or Hybrid Storage

VDI workloads are highly intensive, requiring more IOPS than the average virtualized environment. It is highly advised to use solid state disks (SSD) in dedicated flash arrays, or hybrid storage systems that combine HDD with flash-based SSD. SSD can support many more IOPS and will provide a high return on investment in a VDI environment. 

Addressing VDI Challenges with Hysolate Isolated Workspace

Creating and managing a VDI solution is a large project and a huge undertaking for an organization. Creating, planning the infrastructure correctly, and making sure everything is tested, has the proper sizing to support the target population requires thousands of hours of work and a huge investment. In addition, running the servers on premise, involves tremendous costs of purchasing the servers, and of course maintaining the infrastructure leading to high OpEx and CapEx costs.

With that said, in today’s remote first world, users connecting to the datacenter VDI solution, sometimes over a VPN tunnel will get poor performance and user experience and desktops are not available when offline.

Hysolate solves these problems with an innovation called isolated workspace as a service (IWaaS). Users get a local isolated operating system running on their machine deployed within minutes which is managed from the cloud. 

Isolated workspaces enable: 

  • A higher level of freedom on employees corporate devices
  • Ability to receive 3rd party generated content in an isolated zone 
  • Access to IT admins, DevOps, developers, and other privileged users in their everyday environment
  • Access to employees from personal, unmanaged devices

 

The behavior of the workspace is managed in the cloud, while all of the computing resources run locally on user machines.

This eliminates the need to invest in a large and costly infrastructure, and provides a better local user experience, with offline availability.

Read More

Upcoming

Live Webinar:

Register for the live webinar to learn how Celsius CISO has dealt with the shift to remote work and frequent changes in business requirements, without opening up his business to security risks.

Read Now