When AWS WorkSpaces was first announced, e360 began having many conversations with clients concerning Desktops as a Service (DaaS) offerings. These included the pros/cons, total cost, “cloud first” business initiatives, and handling of legacy applications in the Modern IT infrastructure. Now, with the recent announcement of Microsoft Windows Virtual Desktop (WVD), along with Citrix/VMware updating their solutions to extend and leverage AWS/Azure, the conversations have started again concerning where is the correct location for the desktop to reside (whether it be DaaS offering or extending an existing solution into the public cloud to host desktops/applications).
While there are many differences between a DaaS and the cloud hosted desktop in terms how you get billed, and what level of control you have when it is delivered “as a Service”, both have the same very critical decision of leveraging a public cloud to host the desktop/application virtualization OS versus hosting desktops/applications virtualization on-premises.
Note: If you already have a VDI broker in place but want to understand all the workload locations by that product or another product, click HERE for a chart that summarizes where workloads can be located based on products.
This critical decision is really what client should be asking themselves. This blog will review the critical questions you should ask yourself and your organization before making this decision (and thus for the sake of simplicity we will refer to “cloud hosted desktop” to represent both DaaS offerings and deploying a desktop in the public cloud).
There are many benefits to a cloud hosted desktop such as being quick to deploy, just needing a credit card to acquire, migrating from CAPEX to OPEX, enhancing security or mobility with public cloud services, and multiple data centers ready and waiting for use just to name a few.
Additionally there are also ideal use cases for cloud hosted desktops such as:
- Seasonal workloads with 100% SaaS or cloud-based applications
- Users/contractors who do not need access to the corporate network and leverage 100% SaaS or cloud-based applications
- IT shops that want to hand off desktop administration to a business unit
- IT shops needing to quickly get desktops in multiple data centers where corporate IT currently has no data centers
However, that doesn’t mean that all use cases can benefit from cloud hosted desktops. It also means that for a one benefit gained you might lose a capability you have had for years.
Entisys360 would like to share critical questions (some business related and some technical related) and our (hopefully) thought provoking explanations of why these questions must be answered when deciding on the location of virtual desktops/applications.
Business questions
Sometimes without doing the analysis to understand the Total Cost of the solution, you can be paying just as much or more to deliver a virtual desktop 40+ hours a week in the public cloud versus on-prem virtual desktop. There are always use cases for cloud hosted desktops but you need to make sure you understand the use case. Also remember that you still need an end point to connect… what are the plans to manage these devices (e.g. BYOD, CYOD, COPE, COBO)?
You might be losing capabilities to administer the system which can result in fewer administrative choices/troubleshooting capabilities. Additional costs may be incurred acquiring 3rd-party solutions to address limitations. Because of the way public cloud works, you may also be limited in your choices based on the service or offerings by that cloud provider (e.g. to run Windows 10 – not Windows Server OS skinned to look like Windows 10 – in AWS WorkSpaces you have a commitment of 200 per region, or to leverage Windows 10 Multi-User you have to run it in Azure).
You might be making a short term decision to reduce costs without fully understanding the impact of handing off IT decisions to another company.
As mentioned early, the cost of running of desktop (or server) 24x7x365 in the public cloud can be more expensive than you think.
Have you included costs for the Operating System (if not included), the network egress or additional storage that might be needed for user data? Will you need to deploy services in the public cloud that are not currently there (e.g. Domain Controllers, File Servers, application services, etc.)?
And, as some companies have migrated back to on-prem for any number of reasons, what is the backup plan if costs get too high, or the public cloud provider decides to deprecate a feature/service you are utilizing? And while you might be thinking your organization only has one cloud partnership, whether it be through mergers & acquisitions or changes in cost (Is it cheaper to run Windows in Azure or AWS this month?)… the core question here is “What are your backup plans?”
Moving to a cloud hosted desktop, you still need to account for the OPEX of managing the OS and applications. While this might be apparent for organizations extending into the public cloud, it seems to be something most DaaS customers overlook.
DaaS offerings often suggest that app owners should be able to do this, but the tools/experience are not intuitive. This model of shifting application management to app owners has not been proven out in the real world to be successful. The cloud team at most organizations isn’t interested in managing desktops while the desktop team doesn’t have the skill set to log into the public cloud consoles to manage the service. This results in confusion with “Who supports what?” as app owners are expected to do more with less support.
DaaS offerings and cloud hosted desktops tend to lock you into a specific public cloud. So what happens when you are using desktops in AWS but the company you just bought has everything in Azure or has everything on-prem? Will IT be able to move fast enough when dealing with a scenario?
Technical questions
Background: Location, Location, Location.
To address the issue of desktops being further and further away from data centers (AKA latency), VDI solutions are most optimally deployed in the same data center as the data attempting to be accessed.
-
- Is the data the users will be accessing SaaS applications (e.g. WorkDay, Office365, SalesForce) or cloud based applications in the same cloud provider as the cloud hosted desktops?
- Will the users need to connect back to on-prem databases, file shares and applications to do their job?
- Will a desktop in AWS US West work with a database in Los Angeles? Yes… but will it perform well? Probably not. You need to test. Then what happens when you have to build some new desktops in AWS US East. Will they perform as well when data is located in Los Angeles? Or in Azure because of acquisition of an organization that has everything hosted in Azure? Hybrid cloud architectures are still the most common architecture because they give the most flexibility for IT and the business. So, it makes sense to understand that even if you plan for single cloud architecture, a hybrid and multi-cloud architecture will most likely be the end result.
- Will you be deploying network optimizations (increased cost for AWS Direct Connect or Azure Express Route) to attempt to address latency and does it have any effect on performance of the cloud hosted desktop to the on-prem data/database?
Background: The security/InfoSec teams may have a policy for addressing what types of data can be cloud and how it can be stored. They also may have a policy for access/authentication/authorization to corporate systems that you don’t want to ignore when delivering cloud hosting desktops.
-
- Have you worked with the security/InfoSec team to determine the requirements for if/what data can and cannot be stored in the public cloud? And much like on-prem, are they aware of any impact when users decide where data resides to make it easier for them even if it means going against corporate policy?
- Have you reviewed client device capabilities and the level of controls do you have?
- How will the access be configured to allow remote access to these systems? Options include public access through gateways in the public cloud or requiring all users go through a corporate data center to access the cloud hosted desktops. This decision has implications on security and end user experience.
- How will on-prem applications be accessed? Options like VPNs or network optimization (AWS Direct Connect/Azure ExpressRoute) will incur additional cost and complexity of the deployment.
- What kind of data can be stored in the public cloud? and how will data be stored/encrypted/backed up/replicated? Data can be stored in SaaS data sources (e.g. Microsoft OneDrive), Windows File Servers, virtual disk drives (Microsoft’s FSlogix acquisition) or public cloud storage but each has security implications or complexity in deployment decisions based on the public cloud provider.
- DaaS specific : what level of security control do you have today (if you have existing virtual desktop/virtual application delivery solution) that may not exist in the DaaS offering?
- Can you disable printing/client drive mapping/USB device mapping?
- If you can disable them, how granular can you get? Is it on or off? Group membership? based on location? based on authentication method? based on the results of a scan of their device (e.g. registry watermark, domain joined device, AV enabled and up to date)?
Background: Not all cloud hosted desktops offerings have the same capabilities as existing solutions you might be used to requiring you to buy additional products or modify your expectations/procedures.
-
- Most of the virtual desktops solutions have been developing or acquiring solutions to address enterprise issues, so what is required by the cloud hosted desktop to have the same admin experience?
- Domain joined versus non-domain joined? What are the requirements for a domain joined from networking requirements or deploying Domain Controllers?
- Image management?
- Application packaging/delivery options?
- Profile management?
- Environment management (GPO replacement for registry key/drive mapping/application configuration settings)?
- Integrated with single sign on (SSO) solutions (OKTA/MS AD Federated Services/SAML, etc.) for authentication? What about SSO for applications within the DaaS offering?
- Is there a help desk tool to offload common issues such as profile issues, session connection issues, networking performance issues, shadowing, session resets, etc.?
- Cost of GPUs in the cloud and impact on user experience not having GPUs?
- Are 3rd party solutions required to address these concerns thus increasing costs and complexity such multiple management consoles or upgrade cycles?
- What are you able to customize? (Example: Company logo/color scheme on the landing page, add legal/security agreements before the user logs in, integrate with an existing solution you have for desktop management).
- Do you have the same monitoring and troubleshooting capabilities (probably not since the public cloud is trying to take these responsibilities away)?
Cloud hosted desktops do not allow you to see hypervisor issues, network utilization, server utilization, storage utilization, etc. Your management is used to contacting IT when things are “slow” but who do you or the end user contact when you think a VM is slow? Do you just double VM resources (and costs) to attempt to address the issue? Can you easily move the VM to another region to see if it runs better? What impact does that move have on communication to the backend of the application/user experience?
Note: Most recently an Azure expert within Microsoft stated “If something runs slowly in one region of Azure, try running it another region because the other region might not be as busy”. There is no way to tell how busy or how much contention is occurring within the public cloud. - What are the SLAs that are expected and does management understand that IT no longer has any involvement in uptime of the service? The business needs to understand that most common SLAs are 99% (3+ days of downtime/year) and 99.5% (almost 2 days of downtime/year).
- What are your plans should the service might be deprecated? (since these are services, the public cloud provider may decide to deprecate features or the entire solution due to lack of adoption or profitability).
- Most of the virtual desktops solutions have been developing or acquiring solutions to address enterprise issues, so what is required by the cloud hosted desktop to have the same admin experience?
Background: At the end of the day, it is all about user experience and if users don’t like it, it won’t be used. Not all public cloud providers have the same capabilities/services in every region possibly resulting in different experiences based on the location the user connects to. Not all DaaS offerings will look similar for users requiring them to adjust learn a new way to perform a task (e.g. print or access a local file).
-
- Have you tested worst case scenarios for latency to understand the impact on the user experience?
This should include testing from end point to the cloud provider and from the cloud provider to the backend application (the last part assuming a portion of the backend is located on-prem). - DaaS specific (but can also apply to all cloud hosted desktops if the desktops are further away from users than their traditional data centers): Do you understand the latency and throughput requirements of the protocol being used?
Not all protocols are created equal or perform the same over high packet loss/high latency networks. If you haven’t tested for this then be prepared for the “it’s slow” calls to start up again as more users from more locations start utilizing the DaaS solution? - DaaS specific: Is the user experience going to be the same for all? Mac? iPad/iPhone users? Android tablets? Linux?
Most of the older solutions like Citrix and VMware have been addressing client experience for many years so they try to deliver the same experience even with older devices or OSes. The DaaS offerings may only focus on Windows users primarily (since they are still the majority of endpoints) and may leverage HTML5 (or a limited version) for non-Windows devices. If you have a large Mac community, are you sure their experience will be sufficient, or will they have a worse experience due to the client? - DaaS specific: If you made an investment in thin clients, have you verified they will work with the DaaS offering you are looking at?
Some thin clients may not have the interface capability or the client/protocol to connect to a DaaS-based desktop. You should check with your thin client manufacturer to determine what protocols and connection methods they support with the models you already acquired or are evaluating. - Is client printer mapping going to work efficiently when desktops are hosted in the cloud but the print servers are back on-premises? Do you plan on deploying print servers in the public cloud to reduce the number of hops to print? Do you need to look at newer cloud printing architectures like Tricerat or PrinterLogic to simplify printer management and eliminate print servers?
- Have you tested worst case scenarios for latency to understand the impact on the user experience?
Background: Microsoft is very specific with cloud providers about how they can charge for Windows. You need to understand which OS you are obtaining and the potential costs of obtaining the OS you were expecting. With Microsoft WVD announcements, there have been also been many changes.
Note: If you have not been keeping up with Microsoft Windows Virtual Desktop (WVD) in terms of cost structure and benefits, then you need to get ramped up on it sooner rather than later. We can help with that discussion and education
-
- Do you understand if you are receiving true Windows 10, Windows 10 multi-user or a skinned Windows Server OS? A branded Windows Server OS that looks like Windows 10 isn’t Windows 10 if you have to call a vendor for support or you try to install some communication software (Cisco Teams or Microsoft Teams) on it.
- How is Microsoft OS licensing being handled? It is because of your EA agreement, because you purchased MS VDA licenses or are you paying for it as part of the cloud hosted desktop? Are you paying multiple times for the same functionality? Can you “bring your own licensing” (BYOL)?
- What options are there for getting to the correct OS you need? (example: AWS WorkSpaces allows you to run the real Windows 10 OS but you have to commit to 200 sessions in each region to enable this).
Background: Your organization will need to adjust to the cloud, because it won’t adjust to you. If moving to cloud hosted desktop will require a major re-architecture and purchasing of additional products to migrate to the cloud, then you need to be aware of the CAPEX and OPEX costs that come with managing on-prem solutions and cloud solutions at the same time as you may not have the consoles already in place.
-
- Will the existing solutions be able to translate into a cloud hosted desktop (e.g. If you use hypervisor-based AV scanner, will that same solution work or will it need to be replaced)?
- Do you even have the rights or capabilities to make the changes (e.g. branding the login page)? Note: remember you may not even have access to things you previously had full control over.
- Do the same corporate policies still apply or can be enforced (e.g. PCI or Patient Data cannot be stored in the public cloud, but can it be enforced when the profile or home directory for that user also exists in the public cloud)?
- What are the implications for supporting the environment including application vendor support? (e.g. a hospital’s EMR may not be supported on the cloud hosted desktops due to lack of testing/troubleshooting capabilities/protocol used).
- Does the cloud hosted desktop integrate with your company’s mobility strategy for device and data management?
Background: If you made it this far, you understand the impact any of the questions/answers above have on the total cost. You now can fully analyze the cost of the solution (deployment, migration, user training, IT training, change in procedures, possible additional solutions, etc.)
-
- Is it really saving you money? I mean have you really done the analysis concerning OPEX costs (including network, storage consumption, profile storage, etc.) beyond the upfront price tag that shows up on the website?
- Have you determined the cost of migration and retraining IT staff (and possibly end users) on how to the use the new cloud hosted desktop solution?
- Have you analyzed the impact on user support when the call about performance issues?
- What are the correct sizes of instances? How can you monitor the utilization of instances to make sure you haven’t over-provisioned/under-provisioned? Is that a built-in tool, or is that a 3rd-party tool?
- What options are available for scaling up and down to optimize your costs by only booting instances when necessary and safely shutting them down when not being used? Also what options do you have to ensure there are enough resources Monday morning at 8AM rather than making users sit around for 5-15 minutes as all the instances are booted?
- Have you analyzed the options of reserved instances vs consumption? Based on your usage you could find that reserved instances might cost you a bit more per month, but they can also reduce fluctuations in usage which could result in unexpected large bills during certain months.
- Have you analyzed the impact on IT in terms of training help desk through architecture groups?
- Have you analyzed the impact on application support from all your vendors?
In Closing…
While it might sound like I am “anti-cloud”, but the point I’m trying to convey is that your decision to place the desktops/applications is critical to the user, the administrators, and the business objectives. It is far better to become educated on the pros and cons of a decision with your eyes wide open (and let’s be honest most cloud providers will only focus on the pros of putting more and more in the cloud).
You can also view the table below for a simple chart on which brokers support which deployment locations for workloads (We will another blog soon going into more details about which Operating Systems and management models are available for each broker).
Wrapping up, these aren’t all the questions when discussing cloud hosted desktops and where your virtual desktops/applications should reside. We at Entisys360 are hoping you will see the value in bringing us into your organization for these discussions. We believe a trusted partnership in your cloud journey (most likely hybrid multi-cloud journey) is required and we hope to be that trusted partner for you.
From the data center to the end user, from consulting services to automation, from on-premises to the cloud to hybrid multi-cloud, and from classic to modern IT, Entisy360 has you covered with our years of experience and expertise in these areas.
I’ll leave you with one more thing from Nick Carr, author of Does IT Matter?, The Big Switch and The Shallows.
“It’s worth keeping in mind that in the cloud we’re all guinea pigs, and that means we’re all dispensable. Caveat cloudster.” – Nick Carr
Chart of Broker to Workload locations (Current as of 7/24/2019)
VDI Broker Solutions | On-premises workloads | AWS workloads | Azure workloads | Google Cloud (GCP) workloads | IBM Cloud workloads | Oracle Cloud workloads | VMware Cloud workloads |
---|---|---|---|---|---|---|---|
AWS WorkSpaces | X | ||||||
Citrix Cloud – Virtual Apps and Desktops |
|
X | X | X (Limited features) |
X (Limited features) |
||
Citrix Virtual Apps and Desktops |
|
X | X | ||||
Citrix Managed Desktops | X | ||||||
Microsoft Windows Virtual Desktop (WVD) | X | ||||||
Nutanix Xi Frame |
|
X | X | X (Early Access) |
|||
VMware Horizon |
|
X* | X* | ||||
VMware Horizon Cloud on AWS | X | ||||||
VMware Horizon on Azure | X | ||||||
VMware Horizon on IBM | X | X | |||||
VMware Horizon DaaS | X |
* Cloud Hosted desktops on AWS or Azure with VMware Horizon/VMware Horizon DaaS will require VMware Cloud on AWS or VMware Cloud on Azure