Desktop Virtualization Drives Security, Not Just Dollar Savings
May 03, 2008
Thin is back in, and you can thank server virtualization. We all know what happened last time IT tried to make business desktops smaller, leaner, and easier to manage: Users balked at being told they couldn't install their pet applications. IT realized that a data center-based operating system rendered on a diskless thin client yielded only marginal cost and manageability improvements. And security groups never took up the cause of terminal services because they worried about the implications of an attacker gaining access to the central server. But now, virtualization on the server side has paved the way for broader acceptance throughout the business. Today's virtual desktop infrastructure, or VDI, might not make your end users any happier than yesterday's thin clients did, but IT and information security pros are paying attention, and liking what they see.
In a VDI, server memory is divvied up among individual virtual machines, bringing significant manageability and security benefits. This is a new paradigm in desktop computing--secure, mobile, and platform independent. Clients are "thin" in the sense that the operating system isn't tied to hardware but centrally stored. A compact, specialized desktop hypervisor is the sole interaction point between client and network.
All the big names in server virtualization have desktop offerings. VMware provided the push that got VDI into IT's consciousness. Citrix Systems, long a leader in terminal services, acquired XenSource last year, and Microsoft announced in March that it would buy VDI vendor Kidaro. At present, virtual desktops need Windows licenses just like their fat kin, so Microsoft is in a win-win situation. And not all your applications will be supported in a virtual environment--AutoDesk, for example, doesn't recommend using ProductStream or Vault virtually--but most mainstream apps will run fine. As a bonus, with virtual desktop infrastructure, you can strictly manage licensing and ensure that any given application is accessed only when and by whom it's meant to be used. Support for legacy systems that need nonstandard operating systems will be eased.
Not to be outdone, hardware vendors are moving in with offerings geared to VDI. Architecturally, VDI shifts the repository of user desktops to a central server or servers and requires a large, fast storage system--most likely, a storage area network. For users to take advantage of the latest and greatest hardware-assisted virtualization, systems equipped with CPUs optimized for hypervisors will provide the best performance. Intel is supporting VDI in a big way with its vPro and Virtualization Technology-embedded CPUs, and so is Advanced Micro Devices.