- Pip install Boto3 - Thu, Mar 24 2022
- Install Boto3 (AWS SDK for Python) in Visual Studio Code (VS Code) on Windows - Wed, Feb 23 2022
- Automatically mount an NVMe EBS volume in an EC2 Linux instance using fstab - Mon, Feb 21 2022
VDI disadvantages
I have to admit I am a pronounced opponent of VDI. In my view, the poor user experience of remote desktops, which is often put forward as a major downside, is only a slight problem. I think many VDI advocates overestimate the benefits of running desktops at a central location.
Whereas a central location may have been an advantage in the times when sneakernet administration was common practice, with all the powerful remote management tools we have nowadays, it doesn’t really matter where the desktops are physically located. Disaster recovery, frequent updates, desktop customization, and so on can all be done remotely as long as the desktops have a good network connection. And security? Same argument. Desktop firewalls, anti-malware, intrusion detection, etc., everything can be managed remotely. If you have the same security settings on all your computers, your attack surface is essentially the same no matter if you have 10 or 1000 physical machines.
A major disadvantage of VDI is that you are working in an uncommon environment, which usually causes numerous problems that don’t exist on physical desktops. I have quite some experience with installing software on Citrix servers, and I can tell you it is not fun.
At my former employer, we provided all kinds of bibliographies, eBooks, and eLearning software for a university with 50,000 students. You can imagine that we had to install quite a few different applications (hundreds) on our Citrix servers. I can assure you that we ran into countless problems that you have never seen. And the more software you pack on your servers, the worse it gets.
A single Windows desktop will get more and more unstable over time as you install more updates and software. This problem is multiplied by the number of virtual desktops you run in a server environment.
Of course, in a strict sense, session-based Remote Desktop Services is not VDI. If hardware virtualization comes into play, the virtual desktops are separated from each other just like with physical desktops. The problem with software conflicts is therefore the same as with conventional desktops. However, running a large number of virtual machines for end users at a central location causes other problems.
In most cases, you have to add quite a bit of additional hardware and software to your datacenter, which means more (not less) work for admins. VDI is complicated and requires experienced (and expensive) admins who are able to manage redundant, highly available, and usually very expensive server systems. Even if you save a little with your thin clients compared to costs for PCs, the high costs of your additional server hardware, server racks, additional network bandwidth and equipment, air conditioning, and so on eats these savings up in most scenarios. I don’t want to mention the additional licensing costs and license management nightmares. I think nowadays nobody seriously believes that you can save costs with VDI.
In addition, you always have to ensure that enough resources are available and that everything is in perfect condition because, if your VDI goes down, your company will probably go down too. This keeps VDI admins busy and guarantees a heart rate constantly above those of common desktop admins.
VDI in the cloud
I could go on for a while with my rant against VDI, but I think you got the picture. So, if I am such a VDI fan, are you wondering why I am reviewing WorkSpaces on 4sysops? The answer is simple. The cloud changes (almost) everything. As mentioned in my introduction, Amazon takes care of the “I” in “VDI,” and it is mostly the “I” part that makes VDI such a nightmare.
With DaaS in the cloud, you never have to worry about the available resources, redundancy, bandwidth, and so on because this is the daily job of Amazon’s cloud experts. Since Amazon does not work with Remote Desktop Services, and each WorkSpace is a single instance, you don’t have to worry that your servers will get bloated over time. Best of all, the calculation of your VDI costs is super easy because you simply add the number of your WorkSpaces users and multiply that by the price of your WorkSpaces bundles.
Amazon WorkSpaces is real cloud-based DaaS. Some DaaS providers just slap "cloud" on their products for marketing reasons but only offer simple online services. In Amazon’s cloud you don’t have to commit for a year or longer and if you want, you can just run one virtual desktop. You can add new desktops one by one or remove unused desktops any time. This brings the agility of cloud computing to DaaS. Thus I do believe that Amazon WorkSpaces is a game changer in the DaaS market.
The “almost” in parentheses above refers to the fact that you will still be working in an uncommon environment, which can cause new problems. You have to be prepared that, in the beginning, you will need time to learn how to deal with WorkSpaces and Amazon’s cloud. Even if you have experience with virtualization solutions, the cloud is definitely a different beast.
Conclusion
Although I like WorkSpaces, I doubt that many organizations will move all their desktops to AWS any time soon. It will take a while for us to know how reliable the service is and what additional problems it can cause.
In my view, WorkSpaces is particularly interesting for special environments where VDI can outplay its advantages. Some examples are teleworking, branch offices with low bandwidth, application provisioning across organization boundaries, and all scenarios in large organizations with many branches where users have to access one or two applications from many different locations.
Windows for post PC devices
Organizations who want to move their desktops and laptops to an alternate operating system, such as Android, can use Amazon’s DaaS for running Windows applications on post-PC devices. Of course, this is what makes DaaS so dangerous for Microsoft, and it is probably the main reason why they have been screwing the desktop virtualization industry, as Brian Madden once put it.
As much as I admire Brian’s heroic deed of giving up his MVP title for the better cause, I think it is Microsoft’s right to ensure that their own business is not endangered by their licensing policy. We will see what Redmond could do to make WorkSpaces unattractive when it becomes obvious that organizations use this service mostly as a transition technology to the post-desktop era.
I think this post is less than fair to VDI and its benefits. The drawbacks are pretty accurate and have been covered. Here are some real-world benefits from our VMware Horizon View deployment at a private college, now in it’s 2nd year of production:
1) Perfect for student labs! We maintain roughly 300 physical seats, but only need to provision about 200 VDI Desktops, saving on licenses. We also were able to repurpose our old XP physical workstations into “thick clients” running a full version of Windows 7 (which includes the VDA license) , thus saving on new thin client costs, as well as pushing our hardware refresh from 4 to 7 years, saving additional replacement costs. We also have our pool of VDI Desktops to refresh on logoff, which means any local threats introduced by a student are deleted as soon as they move on. (We of course run AV and layer 2 filtering to prevent network-based attacks from succeeding.)
2) Security updates are quick and almost immediate! By myself, I can download, test, update and then deploy the latest round of Windows/Adobe/Java updates to all 200 VDI Desktops in 6 hours or less. Even with SCCM 2010, we never got that kind of success or turn around with physical desktops.
3) “Heavy” desktops are no problem! Granted that we do have pretty beefy datacenter hardware in place, we’ve had no problem deploying VDI Desktops with over 100 software packages installed and available for faculty and student use.
These are just a few quick examples where VDI fits extremely nicely into our higher ed environment. I think it would serve other Sys Admins well to include as many viewpoints and industry verticals as possible when reviewing technology such as VDI. Cheers!
Phil, I believe I am fair to VDI, but I think you are unfair to your students. Did you every type yourself on a keyboard that is older than five years? How often does a student have to click on average until one of your lab mice reacts? I guess your computer screens are not the latest models either. I think one of the reasons why VDI is relatively popular in educational institutions is that students can’t refuse to accept to work with worn out devices that no employee would agree to use. Did you also include the costs of the image damage for your College in your Excel sheet?
I have been leading an IT department at a University for more than 10 years, and I think your arguments are wrong. We had a lot more lab computers than you and they were distributed all over the city. Some of the machines were one hour drive away from the IT department. So you might think that this the perfect environment for VDI. It was not. I calculated it many times.
First of all, did you ever calculate the costs of maintaining old PCs? Computers for students wear off pretty fast because they are used more than 8 hours a day by young people who don’t really care much about things they don’t own.
In many educational institutions two different budgets for payroll and equipment costs exist. You have to pay the admins anyway, right? And they don’t really know what to do all day, so it is okay to let them repair old PCs. Am right? Yes or definitely?
We had a five year warranty for our PCs and our vendor repaired or replaced malfunctioned PCs at no additional costs. None of our admins ever had to repair a PC. The costs for new PCs were minimal because we bought them together with other colleges and got a huge discount. Even though they were high end PCs, they were cheaper than any PC you can buy in a department store. The truth is that hardware costs for desktops can be more or less neglected when it comes to TCO.
About your other points.
With 200 PCs you can roll out updates in a couple of minutes if you use the right tools. SCCM is overkill for such a small network. With an appropriate patch management solution for the size of your network, you can have a 100% success rate and any newbie admin can do that.
There are many sophisticated solutions out there that allow you to reset a physical desktop whenever a student logs out. Actually, I wrote a simple script myself when we first deployed computers for students. I don’t see any advantage of VDI here.
Of course, you can deploy everything with VDI with a “beefy datacenter.” I guess the costs to maintain this datacenter are beefy, too, and the money for modern computer screens for your students is now on a VMware bank account.
No offense, but I heard your arguments many times. I think there is a reason why VDI never really took off.
Just a quick follow-up to clarify a few points:
-Did you every type yourself on a keyboard that is older than five years? No need – peripherals are part of our annual repair budget and get replaced immediately.
-How often does a student have to click on average until one of your lab mice reacts? Just once. We have sub 20ms latency between the VMware endpoint clients and the VDI Desktops they connect to.
-I guess your computer screens are not the latest models either. Nope. Why would we install the latest wide-screen monitors only to have them destroyed in a week “by young people who don’t really care much about things they don’t own.” (Your words) 😉 In reality, damage to equipment on our campus is a non issue. We get maybe 1-2 incidents per year.
-You have to pay the admins anyway, right? And they don’t really know what to do all day, so it is okay to let them repair old PCs. Am right? Yes or definitely? Not even a little bit. I have never had to repair anything. As a Sys Admin, I look after all of the college’s servers as well as the VDI environment.
-The costs for new PCs were minimal because we bought them together with other colleges and got a huge discount. Excellent move! We did the same with our VMware licensing, so it was negligible.
-With 200 PCs you can roll out updates in a couple of minutes if you use the right tools. SCCM is overkill for such a small network. Just to clarify, our network is 1200+ nodes. I was using the 300 student lab seats as a case study.
-No offense, but I heard your arguments many times. I think there is a reason why VDI never really took off. (No offense taken.) I’m sure VMware, Microsoft, Dell, and now Amazon would disagree that VDI never really took off. Why would Amazon (master of earning money) enter the VDI marketplace if it wasn’t a growing trend? I think their Workspaces product is going to fabulous and we’ve enjoyed our preview of it thus far.
In summary, I don’t think VDI is a silver bullet solution for everyone. I was not involved (or even hired yet) in the decision for my college to implement VDI, but I have enjoyed using/managing it and can see the benefits.
I look forward to your future content on this and other subjects and if I may request an in-depth BYOD review/strategy be put on the lineup that would be great. Having a solution for this topic is highly desired and keeps me up at night! Cheers!
I have worked in both VDI and non VDI environments and can confidently claim that the ONLY department this technology benefits is IT, and even that becomes an illusion when you run into a system wide outage or performance degradation. Your users will hate it, and your CFO will hate you when he/she discovers that you are actually paying MORE to support VDI than a standard desktop. VDI was birthed upon the foundation that PC’s were expensive to buy and repair, but now with SSD desktop drives, and the plunging price of hardware, that whole justification is moot. Bottom line I don’t care how much high end infrastructure you throw at it, your VDI session will NEVER be as fast and responsive as a new core I5 box running a 128gb SSD and 512mb video card. So if VDI is more expensive, and runs slower, what’s the point? Oh yeah, it gives the IT department some false sense that there is less administrative overhead in running the network. Too bad IT doesn’t decide their own paychecks. But the joy of VDI doesn’t stop there.. In a standard desktop environment when a user submits a ticket that their “pc is slow”, your helpdesk tech can immediately tell if it’s the OS or network. In a VDI environment you basically just neutered your guys’ ability to do any effective troubleshooting. Is it the OS? Is it the SAN? Is it your WAN link to the data center? Is it an iSCSI bottleneck? Is it a problem with the PCoIP protocol? Is it the VMXNet3 adapter settings? So many variables come into play and your helpdesk guy isn’t qualified to figure it out. Everything you can do with VDI can be done with a standard desktop environment, for less money, and with better performance. VDI serves only IT, not your users.
Phil, I envy for your impeccable students. I suppose your teachers and scientists get the benefit of real desktops? I am not aware of any statics but based on the fact that I read quite a few IT sites every day, I can say that VDI plays no noteworthy role in today’s IT. The reason why we see some big companies entering the market is that DaaS and especially VDI in the cloud is a completely different animal (as I outlined in the article). It remains to be seen if IT departments will give VDI a second under this new conditions.
Jason, totally agree. As to troubleshooting, did you ever to have to reboot a server with users logged on? This is really fun. I wonder why you think that IT departments benefit from VDI? Because they get many new toys? Or because it is a good way to ask for a salary increase because things in IT are a bit more complicated now?
The benefits are illusory and misguided, and basically are “lazy” in nature. Faced with a VDI network that had ongoing problems and a user base in revolt, my question to the head of IT that decided on the blanket VDI implementation as to why he decided to implement was answered with the following: “I don’t have port security issues to worry about, or users saving things to their desktop, can roll back their desktops via snapshots, and roll out a new station in 5 minutes”. My answer was “heard of 802.1X auth, folder redirection, system restore, and WDS?”. “But I don’t need to know or deal with the hassle of managing any of that, its all taken care of by VDI” he said. “Ok, so let me get this straight, you’ve basically taken the most classically simple part of your network– your desktops, and turned them into the most complex part of your network, just so you don’t have to implement some easy and well documented technologies?”. The logic I’ve heard used in justifying these VDI migrations are simply mind boggling.
“…its all taken care of by VDI” I like that part. 🙂 I think the source of this misunderstanding is that people imagine a network of desktops which are physically far apart and then they imagine the same desktops at one central location in a virtualized environment. Looks so much simpler, right?
A second source of misunderstanding is that many people believe that the benefits of server virtualization can be transferred to desktop computing. The problem is that Windows desktops were not designed to work in a server environment which is the main reason why you need so much “beefy” technology for VDI. Many problems of VDI don’t exist with server virtualization simply because “server-based computing” and servers are a much better match than “server-based computing” and desktops. Desktops just fit to “desktop-based computing.”
I think these misunderstandings are the reason why people don’t think this through before they implement VDI. And once all the money is spent there is no way back when all the problems pop up. In my career I have never heard an IT department leader say “Oops I think we made a big mistake.” This is the time when the “mind boggling justifications” you mentioned come into play.
And many VDI experts (for instance consultants) who earn their money with VDI are so fascinated by all the beefy technology that they don’t want to see all the problems that only become apparent when they already left the company.
I found this article looking for something else. It’s telling how wrong the author was/is about VDI. My company’s been using VDI for several years now and it’s not only saved us money, but gave us support that we couldn’t afford as a small company. I’ve used our virtual desktop over wifi at 30K feet in a plane. When someone leaves the company, we just disable their access and don’t worry about a million files being left behind on the laptop they didn’t give us back.
Jack, thanks for the comment. VDI has its advantages, but security isn’t certainly one of them. Virtual desktops that can be accessed from everywhere are exposed to all the hackers and crackers on the planet. However, a laptop that is encrypted with BitLocker that falls into the hands of an average sneak thief is no security risk at all.