Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Desktop Virtualization Drives Security, Not Just Dollar Savings: Page 2 of 7

DIG DEEPER
CHIPS AHOY
Intel and AMD offer new chip designs that will help IT make the most of desktop and server virtualization.

In terms of security, you've probably heard the lingo: hardware-assisted virtualization, unified threat management, adaptive security, Trusted Platform Modules. Symantec promises virtual security appliance Intel vPro desktops in about 18 months. A VDI station could run the user guest VM plus a security VM or virtual security appliance. Vendors know it's only a matter of time before security becomes a key decision point for organizations considering VDI, and they're taking two tacks to grab our interest: Some, including Intel and AMD, want to make the physical desktop smarter, more secure, and more manageable via intelligent, virtualization-aware processors. Others, including VMware, Pano Logic, and Stoneware, say we need to get rid of the client-server model altogether and invest in their revamped architectures.

We don't buy everything being pitched, and we don't believe that now is the time for ubiquitous VDI. But we do know that information security pros who aren't investigating the security advantages are missing out.RUN THE NUMBERS
Especially when budgets are tight, costs are weighed against competitive benefit, business alignment, and how well the new initiative aids security and compliance efforts. VDI is a good investment on these counts, assuming you have the data center wherewithal to support the extra servers required. The computing power has to come from somewhere, and sites with limited rack space or that are running out of amps or have overtaxed air conditioning or ventilation systems should run the numbers.

VDI's biggest benefit comes from centralization. Changes to the desktop image are greatly simplified by abstracting the operating system. Financially, we expect to see lower total cost of ownership from extended thin-client hardware life, fewer cycles spent on hardware-induced OS failure, and lightened deployment efforts. Business continuity is another win. If you've been forced to back up desktops because policies allow for local storage of data, VDI will make your life easier. Possibly sensitive information no longer will reside on vulnerable end-user machines, and there are a litany of data management options enabled when all your files reside in a centralized site.

But what happens when a mashup meets virtual desktop infrastructure, or you're deep into building a service-oriented architecture? VDI doesn't intrude on Web 2.0 trends. And buying software as a service plays right into the general argument for virtualization: SaaS is simply a virtualized application deployed from the Internet. VDI and SaaS complement each other for mainstream productivity applications.

ARCHITECTURAL WONDER
In the diagram on p. 48, we illustrate how virtual desktop components are delivered. A typical enterprise deployment begins with a server cluster in the data center. End users can connect with current hardware; simply remove Windows and install a hypervisor. When an employee fires up her desktop, she's immediately asked to log in and is issued a virtual desktop image. True IT control freaks will like the new dumb terminals, but with full desktops often in the $300 to $600 range, and good "thin" VDI clients in the $250 to $700 range, we're not yet convinced of the economics. With a legacy desktop, sure, an employee could bring in an OS on a flash drive and do mischief, but nothing is bulletproof. You will want to keep some fat desktop clients around to deliver access to apps that run only natively on Windows. Once an employee is connected, the desktop machine is simply a conduit. SSL protects traffic as it traverses the wire.