Is it Time to Look at Virtual Desktops Again?

Virtual Desktops have held tremendous promise for organizations for a long while. From minimizing or even eliminating the need to purchase, maintain, and support end user computers, to having company data in a secure location, there have always been many reasons to like virtual desktops.

Despite the clear benefits, virtual desktops have often run into powerful blocks, mostly around cost. Minimizing end user compute devices is often difficult, software licensing may require “doubling up”, and backend hardware costs could quickly get out of control.

There have been changes that mitigate or even eliminate many of the historic challenges with virtual desktops and it may be time to give the technology another look. This blog will outline the pros, cons, and where we see things going.

 

Benefits of Virtual Desktops

Over the years management of distributed end user computers has improved. Adding computers to business local area networks, and implementing centralized user authentication databases was the first big step. Then deploying system policies, often through the same channel as user authentication developed and matured.

Many hurdles remain however, from hardware failure, data security and backup to software licensing and auditing. Once a computer is deployed it is often difficult to have visibility into how it is used, secured, and cared for.

An additional hurdle for many organizations was brought upon due to the quick switch from in office to remote work during the pandemic. Even with industry leading device management tools, if system management didn’t extend outside the firewall everything broke down.

A virtual desktop infrastructure (VDI) addresses many of the remote device challenges. The physical hardware hosting the VDI is often in a secured, well-equipped location by default. The computers are always on and connected to the network, so patching doesn’t require chasing people down. For similar reasons keeping software installed with consistent versions is much easier. With proper policies, device isolation can be much easier which can greatly mitigate malware problems such as ransomware. There is less end user expectations of having elevated access to computers in a datacenter, vs a laptop they have with them all the time.

VDI setups are also, inherently, more flexible. Particularly with the supply chain shortages we have recently been experiencing, provision a new user on a VDI is often a single click task. If a user needs more RAM for a particular project, increasing memory is another click away, try that with a laptop. When the need for RAM has passed, the memory is immediately available for other uses. The same holds for other things like CPU and storage.

In general, VDI also increases productivity, as end users have less time wasted either playing IT with their computers, or waiting for proper IT support when issues arise. With a VDI, a new desktop can be deployed with a mouse click. Addition with many VDI storage systems, snapshots of the virtual desktop can be taken both on demand, and at regular intervals. This can allow the end user to roll back the state of their computer without involving IT support, and have self service troubleshooting.

BYOD or bring your own device also becomes a real possibility. Any device with an Internet connection, display, and user input can now connect to the VDI. This has the potential to dramatically reduce the scope of what a business’s IT must support, while also simultaneously reducing the attack surface malicious entities are able to target.

 

Virtual Desktop Challenges

After reading the section above, it would seem that every organization would be using VDI today, everything is wonderful. Unfortunately, everything hasn’t been wonderful, as VDI still faced some shortcomings.

While VDI can make software licensing simpler, in the past it often made it more (sometimes much more) expensive. Microsoft Windows licenses often had to be doubled up in one way or another. The virtualization infrastructure often also required expensive licenses, which certainly wasn’t needed with distributed computing.

In addition to increased licensing costs, the hardware to support a robust VDI setup could be very expensive. When thinking about compute power, in general if a specific computer has X amount of compute power, a computer with 2X power will have a price much greater than 2X. So, replacing a large number of desktop PCs with a smaller number of equally powerful servers can be very expensive.

Another increased hardware cost can be in storage and networking. General desktop usage confines most storage I/O to some type of local disk, today that is often a very fast NVME, and then much less storage I/O back to a centralized file server storing the user’s data. However, with VDI, the entire virtual hard drive for a user’s computer is on some type of central storage server. This server will need to be both much larger in capacity, and have much greater I/O throughput than a centralized file server. The network connecting the storage to the VDI compute will also need to be able to handle far more traffic than a traditional file server. All of this greatly increases the cost of VDI, both in initial purchase price, but also in ongoing maintenance contracts.

 

Overcoming VDI Challenges

The onset of public cloud computing services has changed, and addressed many of the historic challenges of VDI. Using a public cloud eliminates the need for high end storage systems, expensive compute servers, and power network equipment hooking everything up. Additionally, the cost of virtualization software is effectively free.

Public clouds have existed for a while, and other challenges also have had to be overcome. Software licensing for the virtual desktop was still tricky, maybe even more so in a public cloud. Management of the entire infrastructure can also be a challenge, and to do it at scale would require large development efforts.

Microsoft’s additions of Windows 10 and 11 to Azure, and Amazon’s support of Apple Macs have greatly eased much of the software licensing challenges. Additionally, software such as FSLogix purchased my Microsoft, and products from Nerdio directly address the management of Windows VDI. For Apple Macs, JAMF is as useful in the cloud as on physical computers. Microsoft’s Windows 365 service is another exciting tool that addresses both management and licensing at once.

 

Taking a deeper look at Windows 365

Microsoft Windows 365 service has a number of plans for both small businesses and large enterprises. Some of the plans can provide a power user experience for almost all but the most demanding computer needs.

 

Assigning a Windows 365 License

To create the virtual desktop, start with logging into the Microsoft 365 Admin portal here:

https://admin.microsoft.com/

Then go to Billing – Purchase Services and type in Windows 365

edblog1

scroll to the bottom of the results list and click Details under Windows 365 Enterprise

edblog2

For this demo, select the free one month trial with 2vCPUs, 8 GB RAM, and 128 GB of storage

edblog3

Click Try Now, and Continue

Now that you have the license, you can assign it to a user in the admin portal the same as with any subscription.

After the license is assigned, we need to provision the new virtual desktop.

 

Provisioning a Windows 365 virtual desktop

Connect to: https://endpoint.microsoft.com and click on Groups – New Group

The Group type should be security, and we can use Windows 365 for the name and description, then add our test user to the group and press Create

edblog4

Now select Devices and under Provisioning, select Windows 365

edblog5

Click on Provisioning policies, and select Create policy, and enter a name like Windows-365, then select Azure AD Join (if you have on-prem AD, and want to AD join the Virtual Desktop, you will need a VPN setup between the on-prem environment and Microsoft Azure).

Under Region select a region, close to where the test user will be.

edblog6

Press Next, and now we have to select the image type. For our test, choose Gallery image, and press Select. We are using Windows 11 Enterprise + Microsoft 365 Apps.

edblog7

Press Select and Next

For configuration, we are staying with English (United States) and for services we selected Windows Autopatch

edblog8

Click Next

Now we need to assign this policy to the group we created earlier, Windows 365

edblog9

Press Select and Next

In the Review + create section, click Create

edblog10

Now we need to create a User Policy, under User Settings and select Add

edblog11

We are going to name the policy Windows 365, we are not going to give the user local admin rights, but the user will be able to initiate the restore service. This is an import point to highlight. We are setting the snapshots to every six hours. If the end user has an issue, they can just roll back the PC to the last snapshot that worked, and be back in business. If they have something like OneDrive synchronization enabled, they would loose no work, and have been able to troubleshoot their own issue without any IT intervention.

edblog12

Click Next

We need to assign it to the same Windows 365 group we created earlier.

edblog13

Press Select and Next

edblog14

Press Create

Now select All Cloud PCs and you can see the PC being provisioned.

edblog15

It will take about a half hour to provision the PC.

Once provisioned, we can click on that PC to manage the device.

edblog16

 

Managing the new virtual desktop

The system can be managed exactly the same as any other end user computer in your organization. If you have an on-prem AD, and VPN to Azure, you could have had the system joined to your domain and all assigned GPOs would work. In our example we have it Azure AD joined, and will now assign some Microsoft Intune policies to the device.

In our demo, we will setup a device group that the virtual desktop will be a member of.

From: https://endpoint.microsoft.com/ go to Groups and select New group and:

  • Group type: Security
  • Group name: Windows 365 Devices
  • Azure AD roles: No
  • Membership type: Assigned
  • Click on: No members selected
  • Add your virtual desktop
  • Click Create

edblog17

 

Setting up Microsoft OneDrive

From: https://endpoint.microsoft.com/ we will create a profile to automatically enable Microsoft OneDrive. Select Devices – Configuration Policy – Create Profile

Select Windows 10 and later under Platform, Templates under Profile type, and choose Administrative templates, and select Create

edblog18

We named the Policy OneDrive Configuration and then select Next

edblog19

Select Computer Configuration and OneDrive

Enable the following settings:

  • Silently sign in users to the OneDrive
  • Silently move Windows known folders to OneDrive (2.0)
  • Warn users who are low on disk space

edblog20

Click Next and Next in Scope tags, under Assignments add the Windows 365 Devices group and click Next, and then click Create.

 

Using the Virtual Desktop

To use the now provisioned and configured virtual desktop, the end user needs nothing more than a web browser. However, we recommend working with the appropriate Microsoft Remote Desktop app for the end users local platform.

With a browser go to:

https://windows365.microsoft.com

Sign in with the test user credentials and setup for the Cloud PC.

edblog21

Press Next a few times, and then Get started to start the end user configuration of the portal. Once in the portal clicking on the down facing arrow in the top left allows for downloading the Remote Desktop app and will provide configuration information.

edblog22

It is also possible to connect to the VM through the browser with Open in browser.

 

We feel that while it may not yet be time for all end users’ systems being replaced by VDI, it may be time to look at it for some end users. There are many situations where this can be a quick and easy solution to providing access to a businesses compute environment. Microsoft’s Windows 365 service in particular needs much less set up and configuration than past VDI solutions.

At iuvo Technologies we have had success providing this to clients, and would be happy to talk you about your virtualized desktop needs.

 

 

Subscribe Here For Our Blogs:

Recent Posts

Categories

see all