Recognize the Real Promise of Hosted Desktop Virtualization

By Jim Brennan
published: Tuesday, June 30 2009

One recently introduced technology whose adoption trajectory seems to be following that of a typical hype cycle is hosted desktop virtualization. Hosted desktop virtualization (sometimes referred to as virtual desktop infrastructure, or VDI) represents a completely new approach to the deployment of enterprise desktop computing. This article will outline the genesis of hosted desktop environments, and explain why today's technologies are able to fully deliver the benefits that have been promised in the past. In order to understand what makes it so different, let's first take a look at desktop computing as it typically exists today.

The traditional model for deploying desktop computing within an enterprise involves the use of personal computers (PCs). Each of those PCs has a fully-featured operating system installed on it, which provides all of the basic computing operations and functions. Applications such as word processors, spreadsheet programs, and web browsers are then installed on top of that operating system in order to provide users with the tools that they need in order to perform their jobs. All of the data associated with the operating system and the applications is stored on the internal hard drive of the PC itself. To provide some real-world context, I've written this article using a traditional desktop approach: I used a word processing application, OpenOffice Writer, which was running on top of the Fedora 11 Linux operating system, which was in turn running on my desktop computer. All of the processing and data required for OpenOffice and Fedora was resident on my computer, as was the file representing the article itself.

In hosted desktop virtualization, the operating system and applications that make up a user's desktop environment actually reside on servers located in a centralized data center. Users connect to these desktop environments, known as virtual desktops, using a "thin client" that has a minimal amount of software installed on it and a network connection to the data center. Unlike with traditional desktop deployments, no data is stored on these thin clients. So, getting back to our real world example...if I were to write this article using hosted desktop virtualization, my application (OpenOffice), along with my operating system (Fedora 11) and the file representing the article itself, would all reside on a server in one of my organization's data centers. There it could easily be secured, backed-up, and restored if needed.

Sounds pretty good, doesn't it? Now, we need to acknowledge the fact that the idea of thin client computing is nothing new. Like so many other things in IT, what's old is new again. Thin clients represent a return to many of the same principles that were in place during the days of the so-called dumb terminal, as well as the thinking that was behind X terminals and later the Network Computer promoted unsuccessfully by Oracle Corporation. But in reality these earlier attempts at thin client computing could not meet the needs of enterprise users, and as a result the PC remained the dominant choice for enterprise desktop deployments. Along the way, operating systems developed larger footprints and got more complicated to manage, applications became more complex, and data began leaving the office as workforces became increasingly mobile.

It is for these reasons that hosted desktop virtualization was initially met with such enthusiasm and optimism when it initially began to surface, using newly available technologies, a couple of years ago. Technology had finally caught up with the vision that had eluded earlier forms of thin clients --- memory was cheap, processing power had been growing exponentially for more than a decade, and network bandwidth was readily available. CIOs and IT managers, spurred on by the prompting of desktop virtualization marketers, started to investigate the potential of hosted desktop virtualization to realize lower total cost of ownership (TCO) on enterprise desktop deployments. Expensive PCs, they argued, would give way to inexpensive thin client devices, and enterprises would be able to benefit from cheaper licensing options for the desktop operating systems that would be running virtually.

However, buyers soon began questioning the real TCO savings that could be realized through hosted desktop virtualization. Most commonly, they pointed to the additional costs associated with the network storage and server infrastructure that would be required. Announcements by proprietary operating system vendors that they would enforce licensing models not unlike those associated with physical desktops caused further erosion in the idea that hosted desktop virtualization would lead to lower costs. All of this takes us to where we are today - a classic trough of disillusionment. But...there is a way out.

It is my contention that the real promise of hosted desktop virtualization is not, and never was, lower TCO. While there are certainly cost savings to be realized in the centralized management of desktops, these savings will be partially offset by increased costs in the datacenter. Of course, at the very least, virtual desktop deployments should not be any more expensive than equivalent physical deployments. But then, you may be asking, if the cost benefits are not overwhelming, why virtualize desktops in the first place?

The answer is simple but no less powerful: Security. We live in an age where a significant portion of the workforce does not work in a traditional office. Whether working out of a home office or a hotel room, these users transport personal, confidential and/or proprietary information outside of the physical perimeters of their organizations every day. They do it not to be malicious, but rather to simply perform their jobs. What is needed is a way to safeguard this critical data from getting lost or falling into the wrong hands. Hosted desktop virtualization is that way.

Hosted desktop virtualization enables companies to centralize and secure their data. Stolen laptops or unencrypted hard drives become a non-issue, as all data ---- operating system, application, and user ---- is now stored within secure data centers. If a thin client is lost or stolen, those who recover it will gain access to nothing more than the hardware itself.

Now, like all new technologies, hosted desktop virtualization offers the potential for the emergence of new vectors of attack --- vectors that hackers will surely seek to exploit. The consolidated nature of hosted desktop virtualization eliminates the physical isolation that exists between desktops in a traditional deployment model, along with the security benefits that result from this isolation. Without proper security measures, one compromised virtual desktop can pose a threat to all other virtual desktops running on the same host. It is therefore imperative that any virtual desktop infrastructure be properly fortified against attacks that seek to exploit this lack of physical isolation.

In the case of Red Hat's hosted desktop virtualization solution, this is achieved through the use of Security Enhanced Linux (SELinux), sVirt and the KVM hypervisor. This combination of open source technologies provides a level of isolation equivalent to that which exists in physical deployments, and in doing so dramatically increases the security of virtual desktops and the hypervisors on which they reside.

With approaches like this, hosted desktop virtualization technology is able to provide a significant gain in security, along with the increased flexibility and manageability that centralized environments offer. Now is the time for this exciting new technology to move out of the trough and on toward enlightenment...and now is the time for CIOs to look at what a modern hosted desktop virtualization environment can do to get their desktop deployments under control and more secure.

Red Hat , Desktop Virtualization