VDI. The secreT To secure mobIle compuTIng?

globedeepMobile - Wireless

Nov 24, 2013 (4 years and 7 months ago)


VDI. The secreT To secure
mobIle compuTIng?
The rise in mobile computing is explosive. Every day we see new statistics about mobile
data growth, tablet adoption and smart phone use that exceeds the most aggressive
forecasts. The productivity increases are a boon to enterprises and worker satisfaction. On
the other hand, the proliferation of corporate data on a rapidly increasing variety of devices
is a big risk for IT departments.
Mobile device management (MDM) software with its security, encryption and
containerization tools has helped fill the gap enabling centralized security standardization
and techniques. However, IT departments, chief information security officers and chief
privacy officers can’t help being concerned about data circulating on devices that have
unknown security holes, no antivirus protection, are easy to misplace and increasingly
are employee owned. Complicating this further, many corporate data security standards
prohibit certain customer or patient data from residing on devices not owned by the
corporation. Virtual Desktop Infrastructure (VDI) is one technology that provides a data
security solution in the age of mobility.
Application and desktop virtualization are not new. Vendors such as Citrix pioneered virtualized
applications more than a decade ago and introduced shared virtual desktops several years back.
More recently companies such as VMware have moved beyond server to desktop virtualization
and Microsoft from the desktop operating system (OS) to virtualization OS. Even Dell is getting
involved. Its recent acquisition announcement of Wyse Technology was driven by a desire to get
into the VDI niche, Desktop-as-a-Service.
The original focus for these solutions was on thin client computing or shared processing
capabilities. Initiatives were typically driven by cost reduction objectives and application control.
Enterprise IT is starting to wake up to the new possibilities around VDI enabled mobility.
MObIlITy sECurITy ChallEngEs
The first question for many IT leaders is how to cope with the rise in employee use of both
corporate and personally owned mobile devices and the need to protect corporate data. One
corporate CIO told me mobile device management equals security. While he wasn’t downplaying
the administrative benefits of MDM, he was placing emphasis on the first order issue mobility
causes for enterprise IT. Organizations may put up with some administrative hassle associated
with managing mobile devices on multiple platforms, but they have a short window for risk when it
comes to protecting certain types of corporate data.
VDI addresses this issue head on. Whether it is patient data, customer credit information or
intellectual property, a VDI session is conducted entirely on a secure server. The mobile device
only views the information directly from the server or other computing infrastructure. That means
no data utilized in a VDI session persists on the device. If the device is lost or stolen, the sensitive
data remains tucked safely behind the corporate firewall. As a result, VDI is an ideal solution
where sensitive corporate data is being accessed and manipulated by a variety of corporate and
personally owned mobile devices.
ThE COMMOn sEssIOn ChallEngE
Ubiquitous computing has plenty of advantages. The emergence of smart mobile devices has
significantly extended borderless computing powers beyond the laptop. There may be social
disadvantages of always available computing for workers, but there are profound benefits in terms
of convenience, real-time decision making and shift of work as being done at a place to being
done by a person, wherever she happens to be. The user computing challenge is more subtle than
these impacts.
There used to be one computing environment per user – a single desktop or laptop. It is now
more common for an employee to have at least two and increasingly three or more computing
environments. One laptop, one smart phone and one tablet, for example. That creates challenges
for IT in managing a rapidly increasing device base, but it also creates a challenge for the
user. Each of his devices is capable of sophisticated computing, but each may have a different
computing interface and access to different applications or data.
For true ubiquitous computing, there needs to be commonality across the computing platforms.
From a user perspective, adjusting to three different computing environments is inefficient. There
may be unique features associated with the different devices, but levering common applications,
data and enterprise services in a common manner has clear benefits.
Again, VDI creates a unique opportunity to address the new challenge posed by mobility. VDI
can create a common desktop and therefore a common session and usability experience across
devices by decoupling the computing environment from the local device OS. This enables a session
to be started on one device, stopped midstream and picked up by another device seamlessly. It
also enables all of the data to be stored centrally so you don’t have to synchronize or replicate it on
each device. Think of it as cloud computing for the individual. The key point here is that while VDI
creates data security benefits, it also provides a new feature that significantly improves the user
experience where mobility is the norm.
There are clear VDI benefits for the enterprise. However, there is often confusion within IT
departments about the term. That is because VDI is often used interchangeably to describe three
different types of solutions:
• Virtual Applications
• Shared Virtual Desktop
• Private Virtual Desktop
Virtual Applications
Virtual Applications have been around the longest. At its core, this is server-based application
computing. These solutions originally enabled applications to be run on any computing
platform that could pull up a local thin client, browser or connect directly to the server. Key
benefits included more efficient use of server computing resources, eliminating the need for
data synchronization and decoupling application performance from local OS characteristics.
There was no personalization of the computing environment, but that is a minor consideration
when accessing a single, enterprise application.
Shared Virtual Desktops
Shared Virtual Desktops (SVD) took this computing paradigm to another level entirely. Instead
of enabling a single application, SVD enabled a common interface for a suite of applications.
This provided similar benefits to virtual application infrastructure and added far more
computing efficiency across key enterprise applications and services accessed by employees.
It also created a common interface to the application suite which reduced training and
maintenance cost and maintained the decoupled nature of the server side application and
the local device OS. The drawback is the lack of personalization. Whereas a purely common
interface for a single application is relatively easy to accommodate the need for greater variety
in usage patterns and organization roles increases as the productivity suite expands.
Private Virtual Desktops
Private Virtual Desktops (PVD) extend the virtualization technology further by enabling
personalization. Whereas Virtual Applications and SVD are both one-to-many architectures,
PVD is typically deployed as one-to-one. PVD employs the same technical stack as it peers, but
is designed for personal employee computing. The benefits of this are immediately obvious.
It combines the security features of data not persisting on local devices and allows users to
experience a common session and interface no matter what device they access. This approach
is tailor-made for mobility where a user may need to compute from a tablet, laptop or smart
phone at different times of the day.
You can see from the diagram below that each of the virtualization technologies have their place in
the enterprise. Depending on the user personalization requirements and the scope of productivity
needs, enterprises should evaluate which technique aligns best.
applyIng ThE rIghT VDI MODEl TO ThE nEED
Organizations derive the most value when applying the right technology solutions to the right
situations. VDI is no exception. The following table provides a breakdown of use cases and the
recommended virtual desktop solution that is most appropriate.
Group Description Recommendation
Group 1
Users are mostly within one or two applications all day. This
application is the main line of business application. Their
performance is based on speed and accuracy.
Shared Virtual
Group 2
Users have a core set of applications they require to do
their jobs. Oftentimes, these users must be able to modify
system-level settings like environment variables, or install
their own applications.
Personal Virtual
Group 3
Users focus on content creation utilizing Microsoft Office
and Adobe Photoshop. They users also browse for content
and graphics online via a browser.
Shared Virtual
Group 4
Users utilize a few applications that consume significant
amounts of CPU resources when doing certain activities
(video rendering or code compiling).
Personal Virtual
(Table adapted from “Citrix User Segmentation Analysis”)
The cost justification of VDI can also be driven by the accelerated adoption and acceptance
of IT solutions in a given industry. In the case of healthcare, there is tremendous pressure to
increase the quality of care while reducing costs and increasing care delivery efficiency. VDI allows
physicians and other care givers to take full advantage of emerging Electronic Medical Record
solutions on their terms with personally owned devices and ubiquitous access to information. This
in turn promotes improved patient outcomes that alone justify the deployment of VDI technologies.
One item worth noting is that VDI’s many benefits require reliable connectivity. When virtual
applications were operating over the wired network, this was not a big problem. The traffic was
light and the connectivity reliable. When VDI in its various forms are introduced in a mobile
computing environment, connectivity and its variability, become key usability factors. If the mobile
device loses connectivity, the VDI session is lost. Productivity is halted.
From an enterprise perspective this often means ensuring wireless networks are designed
to handle the increased device and data load brought on by numerous mobile devices in use
simultaneously. Mobile Infrastructure Management (MIM) involves forecasting new usage patterns
to ensure wireless access and bandwidth is available when the user needs connectivity to a VDI
session and that they can continue their sessions reliably.
In a holistic enterprise mobility management framework (see diagram), VDI is a key technology
in the Mobile Application Delivery quadrant, is dependent on a robust Mobile Infrastructure
Management (MIM) strategy and complements MDM. CIOs are recognizing that MDM is necessary
when managing multiple devices and BYOD programs, but is often insufficient when organizations
begin to convert core applications for use in mobile environments. VDI is a complementary solution
that goes beyond device level security and administration by restricting certain types of computing
to enterprise controlled resources.
Harris is a registered trademark of Harris Corporation.
Trademarks and tradenames are the property of their respective companies.
© 2011 Harris Corporation 3/11 518324 SEC d0513
Harris IT Services
21000 Atlantic Boulevard, Suite 300
Dulles, VA 20166-2496, USA
sECurIng ThE FuTurE, TODay
Like most innovations, smart mobile devices introduce both benefits and challenges. While the
consumerization of IT is a key driver of mobility proliferation, a recent study of government IT
executives by Meritalk showed 49% realize that the real enterprise driver is productivity. In an age
when organizations of all stripes, from government to healthcare to financial services, retail and
even manufacturing, are being asked to do more with less, innovations that drive productivity are
The challenges for enterprise IT posed by mobility are many. By ensuring that sensitive enterprise
data does not persist on mobile devices while simultaneously providing rich computing resources,
VDI provides a unique set of sorely needed benefits. When you add the need for enabling common
user sessions across a variety of devices with different OS platforms and computing resources, the
emergence of private virtual desktop technology fills yet another gap in enterprise computing.
Mobile computing will certainly take many forms. There will be a significant amount of local
computing utilizing native mobile apps and synchronization techniques. You can be sure it won’t
be one size fits all whether it be mobile apps, software as a service (SaaS) solutions or virtual
desktops. However, VDI’s security, computing productivity advantages, personalization and multi-
device session commonality can address several emerging mobility challenges at once.