Virtual solution to consumerisation

Archana Venkatraman looks at how the virtual desktop can help businesses with employees using their own devices

Most UK datacentres are not prepared for the IT consumerisation trend, but a move towards virtual desktop infrastructure (VDI) is a step in the right direction.

This year is set for the year of IT consumerisation, with many employees preferring to use their own laptops, smartphones and tablets to corporate-issued devices, often in officially sanctioned bring your own device (BYOD) or bring your own computer (BYOC) schemes.

But some experts say UK businesses have only just reached the stage of acknowledging this trend and have not taken the steps to build the proper datacentre infrastructure.

While many options provide users with access to Windows resources on their own devices, server-hosted virtual desktops offer a managed environment for non-mobile workers.

In Forrester’s Five steps to a successful BYOC program, analyst David Johnston writes: “This is a better option for those who travel little and do most of their work where there is good, high-speed connectivity to the company network. But they require costly datacentre resources and skills and the infrastructure is complex.”

Licensing costs slow virtual desktop adoption

Analyst NelsonHall expects strong growth of traditional virtual desktops in the next two years, but this will slow down after that period.

The end of Windows XP support in 2014 will drive adoption of virtual desktop services in 2013 and 2014 as a proportion of clients contemplating an operating system (OS) migration will instead adopt virtual desktops.

From 2015 onwards, VDI adoption by traditional clients will slow down as the need for an OS migration will have disappeared and clients will turn their end-user computing budget to other objectives, for example bring your own device schemes, adopting cloud-based office and productivity applications or hardware refresh projects.

Adoption is constrained by economics and the cost of virtualisation software licence rights.

In a traditional VDI installation, build services represent a quarter of all virtual desktop services spending. This is a high ratio and is due to the cost of software licences. This cost will erode over the next few years as virtualisation software suppliers lower their licence prices. The percentage will however not change drastically, unless Microsoft changes its Windows pricing scheme.

The cost of a PC over an expected life of four years ranges from $3,500 per device for the period (including $1,000 in the actual PC) to $6,000.

The $3,500 figure corresponds to four years of outsourced desktop service ($600 per year) plus the cost of the machine itself ($1,000).

The $6,000 cost corresponds to four years of internal service or outsourced desktop services with specific requirements ($1,200 per year during four years and the cost of the PC).

The cost depends on two factors. First, how standard the PC is and to what extent end-users can use it for personal use. The second factor affecting the cost of a PC over four years is how much of the desktop service has been outsourced.

The cost of a virtual desktop offering needs therefore to be below that of an outsourced desktop service and therefore below $500 per user and per year and below $3,000 over a four-year PC life period. This represents a 20% saving on the annual desktop management cost

Microsoft currently allows Windows clients to use Windows on virtual machines in two main instances.

When the client is a software assurance (SA) client: the service is then offered free of charge. SA is an upgrade to Volume Licensing (Enterprise Agreement and Open Value) or to clients with new PCs with licences. This means the client must have purchased both the licence and SA.

SA is expensive and represents a yearly estimated cost of 15% to 25% of the Windows licence (subject to price negotiations with the reseller or Microsoft). It is attached to client-owned devices but does not cover thin clients, which means clients need to buy Windows licences under the virtual desktop access (VDA) scheme.

Virtual desktop access (VDA) is a new licence scheme that first appeared on 1 July 2010. It can be used by clients that do not purchase SA or for PCs not covered by SA, for example thin clients or any combination of hardware and storage.

VDA allows some flexibility about accessing the virtual desktop from home computers, PCs outside of the corporate environment or contractors’ PCs. It is an incremental cost to Windows licences and costs $100 a year per device through volume licensing agreements.

Clients only interested in virtual desktop-related Windows licences must select the VDA option, which carries an additional cost of $100 per year. This compares with the $600 cost per user per year for managing a physical desktop. The cost of VDA (itself 17% of the total cost) can therefore make the business case for moving to virtual desktops hard to achieve.

This is an extract from Virtual Desktop Services Assessment and Forecast, by NelsonHall (May 2012). Click here to read the full article and other papers on virtualisation

However, Tony Lock, programme director at analyst Freeform Dynamics, says: “Many businesses in the UK and in Europe have no idea of how to deal with the consumerisation of IT.”

One problem is that existing datacentre network infrastructures are just not built for the strain of serving multiple mobile devices.

“There is a big network black hole in organisations’ efforts to face the consumerisation of IT,” says Roy Illsley, an analyst at Ovum. “Businesses have yet to address connectivity issues and manage device traffic and varied connectivity speed.”

Meanwhile, businesses that have adopted desktop virtualisation are prepared for the consumerisation trend, but only a small proportion have gone in that direction, says Clive Longbottom, managing director of research company Quocirca.

Then there is the strain on existing infrastructure if the use of a particular application goes viral.

In a recent presentation, Ted Schadler, senior vice-president at Forrester Research, related how Kraft Food gave its executives a dashboard app for their iPads; but due to the unexpected success of the app, Kraft’s datamart needed upgrading as many more people started accessing it, leading to greater datacentre costs.

Preparing for consumerisation

The first step is for IT professionals to design and implement a server topology that supports VDI or hybrid VDI.

In hybrid VDI, parts of the desktop are virtualised and other parts are streamed to access devices as required to make the most of available resources, but only if they are sandboxed from the user’s own consumer environment, says Longbottom.

Either way, VDI server farms need the right storage infrastructure.

This can be achieved using thin provisioning to restrict the available memory from the start. Desktops should start small and can be scaled up later as required.

Server topology and thin provisioning are the biggest hardware considerations, says Longbottom.

Improving the performance of the storage area network (SAN) is key if users who previously booted off a local hard disk run Windows from a datacentre. Anglia Ruskin University has implemented a second storage area network, using Violin flash memory array, connected directly to blade servers running VMware Views VDI software, to improve performance.

“The Violin flash memory array sits in a separate SAN in our datacentre to run virtual machine images for virtual disks. Local storage runs on our original SAN – which means we can support a greater number desktops,” says Gregor Waddell , assistant director, Anglia Ruskin University.

He noted that if the university had run VDI on the existing SAN that supports the university’s core applications, the number of input/output operations – that is, the number of disk reads and writes – from VDI users would have swamped the network. Extending its existing storage area network would have required many shelves of disks, which would consume more power and require significant cooling.

Introducing a high-density server/storage farm to support a few thousand users may also have an impact on power availability and distribution and cooling requirements in the datacentre, Longbottom says.

Developing a BYOD strategy

Once the proper infrastructure is in place, companies that let employees bring and use their personal devices for corporate purposes have to create a BYOD policy – or data access policy – compliant with industry regulations: “A policy to make the auditors happy,” Ovum’s Illsley says.

Any new internet-enabled mobile device attempting to access the network must also be monitored and its capabilities and context must be assessed in real time.

“Those devices that do not meet hardware requirements or the capability to support specific software needs – VPN, Java, whatever – need to be locked out,” Longbottom says.

Devices that meet the basic hardware requirements but lack the software requirements – where this can be rectified by downloading the software directly to the device – need to be air-locked out of the network until the software is loaded on to the device, he added.

IT professionals must also determine how to maintain all the desktop images – patching, upgrading and so on – and put the right tools in place.

Meanwhile, data also has to be aware of the context and systems need to be in place to act accordingly.

“Users must allow some components of their personal devices to be managed by the IT department”

“For example, if the user is coming in from a device that is connected to a public Wi-Fi spot in the middle of, say Moscow, you may not want much information to be sent over the link at all – even if a VPN is in use,” says Longbottom.

“If they are coming in over a more trusted Wi-Fi environment, then you may want to make life a little easier.”

In a well-trusted environment, such as a validated home connection, device users can work without too much issue. This means IT professionals will have to develop data taxonomies and store and transmit data in an encrypted manner.

Digital rights management should also be applied to prevent onward actions being carried out once it is on someone’s device.

IT departments must educate employees on BYOD policies. “IT professionals must get the users to allow some components of their personal devices to be managed by the IT department,” says Lock.

Read more on Microsoft Windows software