VDI security and manageability present compelling use cases for BYOD shops, but beware of desktop virtualization challenges that can frustrate end users.
If you're considering using virtual desktop infrastructure (VDI) to handle the bring your own device (BYOD) movement, make sure to weigh the pros and cons of delivering Windows desktops and applications to smartphones and tablets. It might be a boon for the IT department, but it isn't the most user-friendly option.
Table of contents:
Pros and cons of VDI and BYOD
How VDI and application streaming can help with BYOD
VDI and application streaming help address BYOD problems because they run applications and Windows desktops on back-end servers, rather than on endpoint devices. Devices communicate with servers that host the OS and applications, so the resources sent to the devices are compliant and secure. This way, devices receive the apps and data users need to work. All users need is a client on their devices to open the connection to the VDI server.
Is mobile VDI right for your users?
If you're trying to decide whether your company needs a mobile VDI platform, figure out a few key points first: If users need to access their work while they're out of the office, they need remote access, but if they need to access data and apps from anywhere, they need mobile access. You could run into virtualization challenges when choosing which VDI clients you'll use on which devices; not every vendor makes mobile virtualization products that will suit your needs. Also consider whether efficiency or convenience is more important.
Mobile virtualization challenges and benefits
In certain cases, mobile desktop virtualization can solve some BYOD issues and benefit admins and users. At the Department of Defense, for example, sending virtual desktops to mobile devices lets U.S. forces take advantage of mobile computing in a fairly secure way. But most companies don’t operate the same way as the DOD, and mobile devices don't always meet the hardware requirements it takes to run virtual desktops.
Mixing VDI and BYOD for simpler device management
Using VDI and BYOD together can free admins from managing hardware. Delivering virtual desktops to a variety of devices -- Macs, laptops, tablets and more -- allows employees to securely access data and apps from any device. Despite the fact that VDI makes device management easier for IT and increases productivity in theory, virtualization challenges can make it hard for users to get work done. Trying to use VDI on touch screens can be a nightmare.
Delivering Windows apps to iPads won't keep users happy
Remote desktop clients that connect to Windows desktops and apps don't take advantage of the easy-to-use nature of tablet devices. To use a remote desktop, tablet users need keyboards and mice the same way they would if they were sitting at their computers. Because remote desktops don't offer a good user experience, employees will turn to native apps to get their work done on a tablet.
VDI tips for BYOD shops
Addressing virtualization challenges with VMware View 5
The challenges of BYOD abound, and even though VDI is secure, users' devices aren't. VMware View 5 can help. With View 5, you can isolate untrusted endpoints, restrict access to specific pools and implement network access controls. But companies that use View 5 to support BYOD have found that the approach isn't a walk in the park. It's difficult for employers to enforce their policies for secure use.
Security and supportability concerns with RDS
Letting users connect to Remote Desktop Services (RDS) from personal mobile devices can create security and supportability problems. It only makes sense to let users access RDS from mobile devices outside the corporate network, but that external access is exactly what opens your network up to external threats. And if you let users access RDS from mobile devices, they might assume you'll support those devices, which could result in a slew of help desk tickets your team doesn't have time to deal with.
Windows RT tablets get a free VDI licensing ride ...
It looks like Microsoft won't change the VDI licensing rules for Windows 8 PCs, but things are changing for companion devices. Devices that run Windows RT won't need a Virtual Desktop Access (VDA) subscription to access VDI. Though it costs more to buy an RT tablet than it does to get a VDA subscription for iPads or other tablets users may already own, a Windows RT tablet may offer more and better enterprise capabilities, such as Office compatibility.
... But what about non-Windows devices?
If you have non-Windows devices that need VDI access, those users will need the Companion Device License (CDL), which allows users to access desktops through VDI or Windows To Go. That kind of access isn't new, however, and users don't need a CDL to do it: It's remote access to a physical PC. Device ownership complicates things even more. Company-owned iPads need full licensing, but up to four personally owned devices can be assigned to one CDL.