Virtualization of workstations and applications – what if end users didn’t receive physical workstations when starting their work? This is something I have often pondered. Most people typically have some kind of personal computers both at home and at work, but can an organization require or ask end users to use their own personal devices for work purposes – where is the line drawn and who is then responsible for information security or data protection?
The curse of BYOD devices
The first things that come to my mind are questions of responsibility. If work is done in the organization’s IT environment and with devices provided by the organization itself, we can typically be sure that the organization’s IT management has defined the desired information security settings for the endpoints and actively monitors the implementation of information security.
But how does responsibility shift if the end user works on their own personal device and is responsible for their own information security settings? Can the organization’s IT management then be sure that information security is configured according to the jointly agreed policy? How do we ensure that information does not leak from the workstation to outsiders? And what about the common threat scenario, how can IT management be sure that such a personal workstation hasn’t already been compromised?
If organizations want to utilize personal or third-party provided workstations for work, I think of device management implemented “BYOD” configurations, but above all, workstation virtualization technologies such as Windows 365 and Azure Virtual Desktop. What are these basically about, and what can the technology enable?
Windows 365
A couple of years ago, Microsoft introduced Windows 365 technology to virtualize workstation usage. It is an easily purchasable and configurable virtualization technology that enables the use of a virtual desktop in the organization’s own Microsoft cloud.
Windows 365 is licensed per user, either with Business, Enterprise, or Frontline models. There’s not much difference in resource pricing between these, but with Enterprise licensing models, you can, for example, connect the desktop to a virtual network on the company’s Azure subscription and thus access resources in the company’s internal network. Frontline licensing allows the use of individual licenses among multiple “frontline” workers, typically referring to productive workers in industrial environments, for instance. Business licensing is a purely cloud-based virtual workstation separate from environments, but even here: Intune device management enables the control and configuration of information security, just like with physical workstations, so that responsibility and visibility remain with IT management.
Windows 365 is largely based on the same technology as Azure Virtual Desktop solutions built on the Azure side, but the licensing is fixed and easily understandable, just like with other Microsoft 365 type services. But how is Azure Virtual Desktop then structured?
Azure Virtual Desktop
While Windows 365 is an easily purchasable and licensable SaaS service, implementing the same solution as Azure Virtual Desktop technology is often technically a bit more laborious and a self-maintained entity, but it allows flexibility in terms of usage and its costs, which many organizations may feel they need. Let’s take as an example a group of several hundred employees who use a virtual desktop irregularly at different times, on different days of the week. Despite the total number of users, there may only be a few dozen concurrent users, in which case it might be expensive to buy fixed licenses and pay a fixed fee for each and every user on a monthly basis.
Azure Virtual Desktop as an IaaS solution brings flexibility here. You can build virtual resources in your own Azure environment, allocate them with the number of instances you want reflecting peak demand, which automatically scales resource usage according to the actual number of users. Of course, the solution must take into account the centralized profile storage resources shared between instances in the background, and there are some other moving parts in the technical implementations. However, with good planning, the whole can be made into an easily maintained Azure solution, the costs of which can be very low compared to Windows 365 solutions, interpreting on a case-by-case basis, of course!
In addition, Azure Virtual Desktop usage scenarios have one use case that Windows 365 does not enable as a technology. Instead of publishing an entire desktop, you can publish just applications to end users in a Citrix-like manner. And this is what we’re talking about with application virtualization. From the end user’s perspective, the application looks on their own workstation as if it were running on their own workstation. So, for example, if you were running your organization’s ERP solution on Azure public cloud servers and still needed some kind of client application to use it, this could very well be the usage method that minimizes latencies between the workstation and server and makes the application work as it has historically been used from one’s own workstation. This as a usage scenario example.
Use of virtual resources?
Whatever the implementation and licensing method for virtual resources, the usage models are the same in both technologies. Microsoft enables both browser-based use and a locally installed Remote Desktop application on workstations for the use of virtual resources as needed. When using from personal devices, IT management can instruct to use resources via browser, and correspondingly, for corporate workstations, the Remote Desktop application can be pushed and centrally configured for application virtualization.
In terms of licensing, when planning the use of resources, it’s good to consider the requirements related to VDI use, which should be taken into account when considering usage. In a large part of Microsoft 365 licenses, such as Microsoft 365 Business Premium, for example, such licensing is considered in the form of Windows licensing, as well as in the Microsoft 365 F3 license from Frontline bundles.
Best choices for your own business?
Different businesses have different needs. IT managements need to consider needs on a case-by-case basis and strive to find from these technologies as well the solutions that best suit their own needs and are most cost-effective. And when you limit your company’s work use to those managed resources in your own environment – be they virtual, IT management can be sure in terms of management where the company’s data is stored and ends up. Instead of giving an external consultant a company laptop, what if you give them access to a virtual desktop you manage in the future?
We’ve come a long way from the early days of the “Windows Virtual Desktop” service, when these were proudly piloted to various customers at the forefront. Now grown to adulthood, the “Azure Virtual Desktop” technology is a trusted virtualization solution for desktops and applications for many companies. Our own customer base has selected several technologically oriented customers for whom desktop and application virtualization has been built for various usage needs. We indeed feel that we are a trusted domestic Microsoft consultant for IT managements, who may have something to offer for your IT management as well.
Above IT is a partner and resource for IT managements. A trusted ‘consigliere’ of Azure services. As our customer, you get genuine expertise also related to desktop and application virtualization, based on strong experience.