A little background
I speak with customers all the time on various technologies. One such technology that I speak about is virtual desktop technologies, architecture, sizing, and so on. I don’t know if I can say that 2011 is the “Year of VDI”, but I can say I have spoken to quite a few customers about it. Remember that 2009, 2010, & 2011 were touted as the “Year of VDI.”
I will say that I exclusively use a VMware View instance to do my daily work at EMC. Yes I have an EMC laptop, but I typically use it for demos, testing, and a few other things. I was lucky enough to have been allowed to have one of the first phase of VMware View instances rolled out. To be honest I’d be lost without it.
Now, to get back to my topic…
A typical end user conversation
I was talking to a friend earlier today, and during our conversation, their laptop had an error about a particular application. They asked me “Do you know anything about application.exe?” As this was a phone conversation, I couldn’t really see the error message, so I asked them to read me some of the debug information.
The application didn’t sound like a normal Windows application, and it appeared strange, given that the location of the file was in the Prefetch folder of Windows XP. I said words to the effect of “It sounds like some type of malware.”
I asked if they had received any odd/strange emails lately. “I got one the other day, and I clicked a link to unsubscribe from it. Why?” they asked me. I told them that could have been a possible point of infection.
They asked, “Can you help me with it? I already ran a virus scan, and it didn’t find anything.” I suggested that they call their IT Support department for escalation. They responded with “They’ll just ask if I ran a virus scan, and then it will take me months before they take a look at it. So… can you help me?”
Before coming to EMC, I was in a position that required me to work more than the typical 40 hours a week. I handled everything from hundreds of mission critical physical & virtual systems to desktop support (depending on the workload of the day/week and staff available).
It was honestly difficult to appropriately prioritize troubleshooting a user’s laptop/desktop when there so many systems to be accounted for. This can often become the norm.
In a situation where a vulnerable system falls to the wayside, what is the immediate, or long term, impact? Is it actually a virus or other malware? If it is, there are some distinct questions to ask:
- Is there customer data at risk?
- Is there intellectual property at risk?
- Is there a possible impact to short or long term operations/revenue?
- and many more…
In an organization where a single system (laptop/desktop) can be overlooked, keeping up can be difficult, if not impossible, unless an adequate amount of manpower is available to provide the appropriate end-user service and support.
Also, maintaining anti-virus engine and signature updates, both from a vendor and IT staff perspective, can be difficult. What happens if a zero day exploit comes out? What if the user’s laptop hasn’t received a AV signature update in weeks, because the user hasn’t connected to the VPN to work (and get AV updates)? What if…
The VDI difference
Anyone who is familiar with virtualization knows how VMs are significantly easier to manage than physical systems. From installation (deployment) to backup to recovery, virtual systems are significantly easier to manage.
In the real-life example I mentioned earlier (it happened today) the user followed their company policy by scanning their system when they perceived a threat. The antivirus package that their company installed did not indicate a threat (it remains to be determined). They then were leery about escalating to their IT department, feeling that it would be months before their problem would be looked at. This is probably true, given that they are a remote user, and are only in the office on an irregular basis. If they were fortunate to have an IT person look at the laptop the next time they are in the office, the problem might be resolved.
If they aren’t fortunate enough to have an IT person look at the laptop, they will probably have to endure something like the following:
- Back up their data
- Wait for a temp/replacement laptop
- Get the temp laptop & move data to it
- Ship the troubled laptop to IT
- Repeat when the troubled laptop is sent back (repaired)
How much time is this process going to take? How many hours (at what rate) is it going to take to resolve? Keep in mind, I only talked about the productivity effects on the end user. I didn’t go into IT troubleshooting/re-imaging/etc, or even the queue of other tasks that take precedence to this user’s laptop.
Had the user been using VMware View, it would have been much easier to resolve:
- Call IT: “My VDI instance looks like it has malware, can you please reprovision it?”
- IT then reprovisions the VDI Instance
- The user can get back to work
This could even be mitigated, using non-persistent VDI desktops that “reset” after every reboot.
I will admit it, it isn’t exactly that easy. There are many variables to take into account. But…
When implemented properly, virtual desktops can make a significant impact on the troubleshooting/resolution process, and allow users to get back to work. The amount of time to get an end user back to work is significantly less than traditional solutions. At the same time, the amount of time IT staff need to work to get the user up and running again, is also significantly less.
I often hear arguments for or against moving to a VDI solution in comparison to a traditional desktop/laptop configuration. Things like licensing, hardware, bandwidth, storage, & their associated CapEx/OpEx costs are talked about. More often than not, discussions about the support costs are overlooked.
My best recommendation to anyone that is thinking of implementing a VDI solution, is look at it from ALL perspectives, not just the traditional compute, network, storage, & licensing costs.