Desktop Virtualization – Has it hit your desk yet?
The discussion on desktop virtualization, or hosted virtual desktop, is heating up. Some view it as futuristic. Others say it is throwback to the world of mainframe computing. With economic concerns forcing businesses to take a hard look at expenses across the enterprise, however, there are many reasons this is such a hot topic.
In our current cost conscious world, the potential to reduce IT costs are obvious: virtualization significantly reduces the need for idle computing hardware and drastically lowers power consumption - especially in mission critical environments like healthcare where machines need to be on 24 hours a day. Lower power consumption comes from reducing the need to run lightly loaded but high powered CPUs at each desktop and delivering desktop sessions for multiple users from a server that can be heavily loaded. Most importantly, virtualization frees up IT from having to maintain large numbers of desktop systems that are largely user managed. It also eliminates the need to constantly re-image machines that have degraded through common usage. Imagine how many fewer head aches we would have if we could have a new copy of the OS Image everyday - and not have to suffer through the 'plaque' build up that slowly kills performance.
This all sounds good. But, before diving headfirst into the virtualization pool, it's important to realize that the benefits of desktop virtualization also lead to a new security challenges - especially around managing user identities, strong authentication and enforcement of access policies.
With user identities being relevant in multiple points within the virtual desktop , coordinating and enforcing access policies becomes far more difficult and error prone as all the systems have to be in sync. Since one of the advantages of having virtual desktops is the ability to dynamically create desktops specific to the user's role within the organization, having a centralized way to manage user identities, roles and access (or desktop) policies is critical in this new virtualized environment. Allowing users to only access tailored desktops specific to their role or access location can be tremendously valuable in controlling access to computing resources. Being able to leverage a single location for authenticating users, obtaining desktop access rights and auditing session related information is equally important, if not more so, than what we have in a conventional desktop environment.
While it is still some time out before adoption becomes common - security capabilities and limitations present a barrier to adoption - we're beginning to see customers who need to address these issues - connecting the user identity with authentication and policy link all the way from the client to the virtualized session and even to the virtualized application.
Desktop virtualization has tremendous promise - however, until we can replicate the user's current experience --and more importantly--make it easier to set and enforce authentication and policy in this environment, there's still work to be done.
Are you working through some of these issues? I'd be interested in hearing how you fill the policy and authentication gap while keeping your critical infrastructure secure.