Remote working strategy: desktop virtualization or remote access?

This blog was originally published on Wandera.com.

Written by Alex Wells from Wandera

Creating a technology roadmap for your business can feel like an impossible task as there is always something new on the horizon that you need to account for. It doesn’t help that analysts are trying to predict the next big thing, news sites and bloggers are reporting on the latest updates, and vendors are promoting their newest service. Having a technology strategy, whether it’s remote access or desktop virtualization, can help cut through the noise, deciding on which pathway and technologies your business will and won’t use will allow you to discard unnecessary information and avoid low-value projects.

The pressure to create a remote working strategy

All over the globe people have been forced to lockdown, staying at home, and not traveling to their place of work, creating the world’s largest work-from-home experiment. This is put remote working and productivity tools in the limelight. The use of video conferencing tools exploded, Wandera measured a nearly 2000% increase in the amount of Zoom traffic during the pandemic. Tools like VPN, which provide workers with secure remote access to business applications, also saw a massive rise in usage.

60% of VPN services will be replaced by ZTNA by 2023 – Gartner

VPN is a contentious technology, it is a very old tool and suffers from poor UX and performance. Zero Trust Network Access (ZTNA) is the successor to VPN, with Gartner’s predicting in their latest market guide that 60% of VPN services will be replaced by ZTNA by 2023. However, providing remote access to corporate applications isn’t the only way to enable remote workers, there are also virtualized desktop environments. As a technology leader, how can you decide whether remote access, virtualization, or both should be part of your organization’s technology roadmap?

Remote access vs desktop virtualization

Wandera has conducted analysis on remote access technologies, including comparing VPN and ZTNA, and which ZTNA architecture is best. At a high level, these services work by creating secure tunnels between an endpoint and an application, keeping all of the information transmitted encrypted and private. Business data accessed, manipulated, and uploaded by an app running on the endpoint.

Virtualized desktop environments operate in a very different way, the endpoint does not run the application, and data is not transmitted to it. Instead, the applications run on a desktop hosted on a server and the user effectively interacts with a video stream of that environment. All of the data in the virtualized desktop remains in that environment, meaning that information must be manually exported, users can not even copy and paste from it to their device. There are three categories of desktop virtualization, each with its own advantages and disadvantages.

Remote Desktop Service

Created by Microsoft, the Remote Desktop Service (RDS) allows users to log in from almost any device via the Internet to a centralized server managed by the organization. Each user is presented with the same virtual desktop environment, with few options to customize it to their needs.

Virtual Desktop Infrastructure

All Virtual Desktop Infrastructure (VDI) users have their own dedicated resources which are hosted as completely independent virtual machines (VM), something that can be important for regulated or highly secure enterprises. Each user will also use a familiar Windows interface that they can customize to their needs, administrators managing the platform may choose to limit some options for security or functional needs.

Desktop as a Service

Essentially, Desktop as a Service (DaaS) is VDI hosted in the cloud. Like many as-a-service offerings, DaaS is charged per month and has a range of different tiers from fully managed to those that require an admin to create and manage the virtual environments.

What’s the difference between RDS, VDI, and DaaS?

When should virtual desktop environments be used?

When laptops and home PCs lacked performance it made sense to offload tasks to a powerful server, however today even low-cost devices can easily run many productivity tools such as word processors, spreadsheets, and presentation applications. Virtual desktop environments also mitigated the need to transmit large amounts of data to endpoint devices. This was valuable when home broadband and cellular connections provided limited throughput, but high-speed Wi-Fi and 4G are now ubiquitous, with home fiber and 5G set to increase connection bandwidth further.

The need for desktop virtualization has changed over the years to more niche use cases. Desktop virtualization is suitable when there are intensive or specialized applications or a need for highly consistent or restricted environments.

1. Intensive or specialized applications – Graphic designers and engineers may need to use applications that have extremely high processing requirements or require specialized hardware to run. Modeling and simulating complex building architectures or animating 3D scenes are common examples of this. Providing each user with a workstation that capable of running these applications may be costly or impractical if the device is not portable. Virtualization allows quick access to large data files and computing resources if needed, these resources can be shared or reallocated when not in use.
2. Consistent or restricted environments – In some healthcare, legal or education scenarios it is important to provide highly locked down or consistent environments in order to protect data, meet compliance requirements or protect the end-user. Virtualization provides a simple way for administrators to create and manage user environments, as well as easily deleting a user when they leave. It also allows users to bring their own devices without administrators worrying about application compatibility or helping users install endpoint.

Why desktop virtualization often fails

Often virtual desktops are used as a quick-fix, to enable a new employee that hasn’t received a laptop yet or a partner that needs access to an internal system. This is not a sustainable solution, especially as the number of users working remotely grows.

76% of enterprises expect to increase the amount of remote access over the next 2 years – IDC

The cost of expanding virtual desktop environments can explode quickly as additional servers are deployed or DaaS licenses are purchased. According to Gartner, a fully managed DaaS solution can climb to over $100 per user per month, making any large-scale deployment untenable. The alternative, having a limited number of licenses has led to partners and contractors sharing virtual desktop licenses, diminishing the amount of work that they accomplish.

Additionally, many workers struggle using virtual desktops services for extended periods of time. Unfamiliar interfaces and shortcuts, especially if the operating system on their endpoint and the virtual environment differ, can create confusion. Improperly scaled screen resolutions can make icons and text illegible, this is compounded with dual monitor setups. The inability to save files to the endpoint makes offline work or local network tasks, such as printing impossible

How remote access compares

Although there are many different remote access technologies, from VPN to reverse-proxy, for strategic decision-making purposes it is most appropriate to consider a cloud-based software-defined perimeter ZTNA solution.

Performance

Unlike virtualized desktops, remote access solutions don’t run applications so don’t have high processing and data storage requirements. Instead, applications are run either on the user’s endpoint or by an application running a server, whether it be hosted in the data-center or cloud. In both scenarios performance is generally better:

• Remote access solutions provide applications running on endpoints with connections to data sets, the information can then be processed on the device. Only one worker uses a device at a time allowing its resources to be fully dedicated entirely to them. Modern devices have gigabytes of memory and multicore processors that can handle productive applications with ease.
• Applications running on servers are easier to scope, scale and have few overheads than virtualized desktop environments, meaning that performance is often far better. ZTNA solutions can securely connect end-users to application servers wherever they are located, even across multiple datacentres or hybrid cloud services.

User experience

End users and software developers often expect certain applications to run a certain way, remote access facilitates this by securing the access layer and making no other changes to the user’s workflow. Virtual environments have a significant impact on the way applications are run, and often have a negative impact:

• Developers rarely anticipate that their applications will run on a virtual desktop. As they are not optimized for it there is more latency and users often have a worse experience in comparison to their native counterparts.
• With remote access, users have more freedom to customize their device experience and workflow, allowing them to be more productive. Additionally, unlike virtual environments, there is no need to export data out of one environment into another, remote access allows data to be moved or copied without these tedious and time-consuming steps.
• Virtual environments are often Windows-based, which can be troublesome for macOS users or if they are trying to use a mobile device. Remote access allows applications to run natively on the endpoint, this means if a user has multiple screens, a different operating system or a smartphone, performance isn’t degraded.

Maintenance

Cloud-hosted remote access solutions require virtually no maintenance as there are no on-premises components. This means they take up far less IT administrator time than virtual desktop environments. Being software-defined and having on-premise components makes the solution much more flexible and allowing it to be configured and changed much more quickly, this not only reduces the number of hours required to set up services it also delivers projects faster. Remote access solutions can be deployed without a device manager and with privacy controls in place, making it suitable for BYOD and personal devices.

Cost

Centralizing all the resources that support desktops in one place consumes a lot of time and money, making virtual desktops both expensive to build and run. In comparison, cloud-hosted remote access solutions require no infrastructure to be bought, installed or managed, dramatically decreasing the cost of the service.

Summary

There are certain use cases where virtual desktop environments are a good candidate, however for the majority of businesses remote access is the better option. Technology strategists should build their roadmap around software-defined solutions as they are a futureproof means to enable remote workers.