The Case Against Desktop Virtualization

By Anil Desai
published: Tuesday, June 10 2008

Ladies and gentlemen of the jury: You are being called upon to partake in one of the most important duties of an IT professional.  You will be asked to objectively evaluate claims and determine whether a relatively new development in virtualization technology - desktop virtualization - is a valid and useful solution for your environment.  You have already heard many strong arguments for desktop virtualization from much of the industry.  You will now hear from the other side: A discussion of how you can gain many of the benefits of virtualization without moving desktop computing to the confines of the data center.

OK, all drama aside, I should be clear about the point of this article.  My goal is not to convince you that desktop virtualization is not a good idea.  Rather, I'd like to provide some counter-point to a lot of the hype that we have been hearing lately.  Specifically, I'll point out how many of the problems that desktop virtualization is designed to solve can be addressed in other ways.  The goal for you, the reader, is to determine which of these is the best way to solve these problems.  Order in the court!

Note: In this article, I am using the term "desktop virtualization" to refer to the running of entire end-user operating systems within a server-based VM (VMware calls this "Virtual Desktop Infrastructure" (VDI)).  This is not to be confused with the running of VMs directly on a desktop computer using applications such as VMware Workstation and Microsoft Virtual PC.

Opening Arguments: Desktop Challenges

Members of the jury: You're already aware of the many challenges that you face when managing client computers.  Foremost among them are centralized management, protection of sensitive data, and dealing with configuration management.  Client computer deployment and provisioning can be a time-consuming and laborious process.  And you often lose sleep worrying about the theft of data.  Finally, you're faced with reducing costs while increasing capacity.  While desktop virtualization might be able to address some of these issues, I will demonstrate that you have other options for achieving the same goals.

Desktop Deposition: Deployment and Provisioning

As an IT professional, you're often called upon to prepare new client-side computers for users as quickly and as efficiently as possible.  This starts with the OS installation and configuration process.  You can automate the process for most operating systems by using network-based booting, scripted installs, and deployment and configuration management solutions.  These tools are available, for example, for all current versions of Windows. 

Of course, the entire provisioning process also involves installing applications and configuring OS settings to prepare the machine for use.  These steps can be largely automated by using application-level virtualization products.  Overall, you can use these new features to get new systems to users quickly and to dynamically install and remove applications as needed. 

Hostile Witnesses: Managing Security

Proponents of desktop virtualization often tout the very real risks of losing data that resides outside of the confines of the data center.  The misplaced or stolen notebook computer that contained hundreds of thousands of customer records can be dangerous, costly, and embarrassing.  While desktop virtualization allows data to physically reside in the data center, in effect, this approach is only as good as its implementation.  Systems administrators must carefully design and maintain access rules.  And, they must devise a method of securely allowing users' VMs to be taken offline (if mobile users are to be supported).

Fortunately, security has been taken seriously by most major operating system and application vendors.  By using centralized domain-based security, carefully managed permissions, and security compliance monitoring, you can be reasonably assured that sensitive data remains in the data center.  To protect computers that tend to move around (with their owners, of course), you can use multi-factor authentication, data encryption and hardware-level access control.  Oh, and let's not forget about training end-users - a challenge that software may never completely address.

Cross-Examination: Monitoring and Management

It can be a real challenge to monitor a large, distributed environment of client computers.  Some employees might be disconnected from your corporate network for days, if not weeks.  It's hard to patch those systems and verify that they're working properly.  And, users are increasingly turning to web-based services for important computing tasks such as creating and storing documents.  In order to remain in control of the entire IT environment, administrators must be able to manage all of their systems.  This applies, it should be noted, whether the "systems" are physical or virtual and whether they're located in the Himalayas or within your corporate offices. 

Most enterprise management solutions have been designed to provide monitoring and management of the entire environment.  This ranges from verifying desktop configuration settings to ensuring that all servers and workstations are properly patched.  Monitoring is often performed continuously and alerts are generated whenever a system deviates from its desired configuration. 

Disorder in the Court: Analyzing Costs and Administration

Now, like you, I'm a simple and practical IT professional.  I suspect that some of you are asking, "What's wrong with desktop virtualization?"  Well, my friends, there are several potential downsides to consider.   I'll start with costs: In general, data center hardware resources are far more expensive than their desktop counterparts.  Storage space, CPU cycles, and memory are costly.  Add in the issues of physical space in the data center, power requirements and heat management and you've got a lot of overhead to consider.  Compare these costs to sub-$500 client computers, and it's difficult to pull off the cost-benefit math.

If you're planning to implement desktop virtualization today, it's likely that you'll need to install and coordinate among several different software products.  While more unified "connection brokers" are in the works, today you'll find the need to evaluate many different pieces of the puzzle.

Folks, I'm no fancy-talkin', office-workin', server-rackin', big city lawyer.  I type, point, and click like the rest of you, and I normally don't like to sling FUD into the mix.  But desktop virtualization, in many ways, is a new approach.  Early adopters are coming out with mixed results.  And let's not forget the end-user experience.  Thus far, the remote desktop experience is not quite the same as working on a local computer (although it is appropriate for many business functions).  While the technology (and its implementation) will improve, there's a very real risk of being cut if you like to live on the bleeding edge.

Objections, Appeals, and Reasonable Doubt: The Case Against the Case Against Desktop Virtualization

In all fairness, I think I should point out some aspects in which I believe desktop virtualization provides some important advantages to environments.  VMs are portable and can be quickly moved, copied, and deployed.  By storing them centrally, organizations can gain some potential management efficiency.  VMs are, for the most part, self-contained.  Systems administrators can spend less time worrying about hardware compatibility and drivers on the client side.  Again, some of these benefits can be obtained in different ways.  I have mentioned them here because they can provide important advantages that organizations might want to consider.

An Appeal: Can't We All Just Get Along?

Certainly, there's room for compromise in this argument.  That is, desktop virtualization isn't an all-or-nothing proposition.  Techniques such as presentation virtualization and application virtualization certainly can provide valuable benefits to users and IT departments.  And few (if any) organizations are suggesting the full-scale replacement of desktop computers with virtual machines.  So what's the bottom line?  IT personnel should clearly define the problems they're trying to solve and then consider desktop virtualization as one among many different potential solutions.  And with that, I rest my case.

Closing Statements:  Resting the Case?

In closing, ladies and gentleman of the jury, I don't presume to know what's best for you and your environment.  I believe you have the right and privilege to decide that yourself.  All that I ask is that you consider the alternatives presented by this one humble IT professional when attempting to separate hype from real benefits.  And with that, I close this case (along with the seemingly endless stream of bad puns).  It's now up to you, fair jurors, to make your decision.