I was watching one of my all-time favourite movies “The Matrix” the other evening and this quote stuck in my head;
“You take the blue pill – the story ends, you wake up in your bed and believe whatever you want to believe. You take the red pill – you stay in Wonderland and I show you how deep the rabbit-hole goes.”
This got me thinking about DaaS vs On-Premise VDI solutions and how businesses are seeing DaaS as the red pill; the unknown, the journey to a different style of working, the step change, finding the true capabilities… dare I say possibly even the future?!.. Debatable!
Within this post I am going to cover high level concepts and not pick out specific vendor(s) as a delivery mechanism, but provoke discussion around why you may or may not decide to go DaaS. Please note that I am not covering what some people are calling on premise DaaS, because this is purely a managed VDI solution and has its own discussion points.
Firstly why do people like the sound of DaaS?
Most organisations look at the XaaS model to potentially look at fixing the following points (not limited to):
- Reduced Operational Risk
- Someone else is managing the back end infrastructure, and you only get access to a set of administration tasks that the DaaS provider allows you access too
- Granular Scalability per user
- DaaS models are generally based on per user licensing models
- No overhead of managing the back end infrastructure lifecycle
- Allows ease of a BC & DR solution
- Possibly even built in DR depending on provider
- Move from a CAPEX to an OPEX operating model
- Ease of expansion from the unknown business growth
- You just request from your portal another x number of desktops and they get provisioned for you. No worry about storage, server computer etc.
- Access your desktop from anywhere on a range of devices
- Less complex due to you having less to manage
- In some circumstances can be cheaper when reviewing the operational shift, uptime, manageability and CAPEX cost of purchasing new licenses and infrastructure, but this isn’t always the case.
Most DaaS models allow a self-service portal where organisations can spin up more desktops as and when necessary. DaaS self-service portals should be an easy-to-use web interface that abstracts infrastructure from end users/customer. Underlying information such as data stores, resource pools and desktop images should not be something that users should be required to have knowledge about, but what needs to be thought about to implement a successful DaaS strategy?
What needs to be considered when going to DaaS?
Below are some of my thoughts on what needs to be discussed or investigated before moving to a pure DaaS model.
Just because you can have a desktop in the cloud doesn’t mean it is any use without the data and/or applications. Most organisations that I have dealt with have an application count ranging from 100-1000s depending on the size of the organisation. Yes some of these applications maybe multiple versions of applications like Adobe or Office, but these may be required due to compatibility issues. Within a DaaS offering how do you provide this seamless integration when specific versions are required? The answer at the moment is another desktop image or service where you can suite/bundle applications and deliver them into the desktop. Which leads to the question of how long does it take to get an application into my image in the DaaS platform considering the image is managed by the provider? And who owns/manages that?
For a lot of organisations this is counter-productive in trying to achieve their agile and efficient business approach; response times for this are extended, and can even be longer than what they currently encounter with an on premise solution.
It is common knowledge that most successfully launched new applications in the market can be delivered as a SaaS model or are web driven, in turn this means there are less requirement on the desktop. Though this still doesn’t help most organisations that have legacy application requirements.
A further problem affecting the DaaS model is the access to corporate files. Most organisations may look into keeping the data within the corporate data centre but there are bandwidth and latency constraints to keep in mind. Do some of you out there remember the days of your staff complaining about file access speed from branch offices? The fix previously was to host some of the data in the branch office replicated using some form of SAN replication or DFSR approach, or even WAN optimisation products to assist. Within a DaaS model how would you achieve this?
Typically within a DaaS model the data would be hosted within a corporate data centre or a customer may move it into a cloud environment that may sit in the same cloud service as your desktop. This is why DaaS providers will look at offering you a small fee for a desktop, knowing that for optimal performance you will want to look into moving data and applications also! Sneaky little money earner for them!
To ensure a good quality of service and experience for users irrelevant to the protocol(s) being used for access, organizations looking into DaaS need to ensure that there is enough bandwidth available between the DaaS environment and corporate data centre for backend services access, corporate file transfer, print traffic, video, voice, scanned image files etc. The question is how do you size this and is your DaaS provider going to charge you bandwidth utilisation also from the DaaS environment? If so this could make your costs creep.
From my own personal point of view, of which I am by far an expert in security, don’t worry about hypervisor security like blue and red pill attacks because if your edge security has been compromised to allow that attack you have bigger issues. Within a DaaS or virtualisation environment there are more chances of attacks to the management layers or databases, as this would cause more of an impact.
Some organisations may want to bring up the whole “what if scenarios around internal breaches”, but this isn’t really any different to how you may manage it now with physical preventions, policies and procedures. Also if it is breached from the DaaS side is this your responsibility?
Another thought around security is to think about any compliance levels you need to meet and can the DaaS provider offer them (PCI, PSN, IL2, IL3 etc) If they can fantastic, but as a food for thought comment…. What about the data and application access? Is the environment still compliant if the data/files need to be transferred across the WAN to get to the desktop within the DaaS environment? Is it a secure multi-tenant solution or just a multi-tenant solution?
To access your new shiny, fantastic, all singing and dancing desktop you will need a device to connect from. A lot of organisations look at VDI as a way to allow mobile working and BYOX strategies, with ease of BC/DR access. As a business you are still going to need policies and procedures for this as you would on an internal network. On top of this if it is a corporate issued device you are going to require a way to manage that end point, whether it is by fat to thin conversion software, SCCM, Altiris etc. If you adopt a BYOX approach you may not care what devices are in use, but guidelines on how to access and potential support from your internal helpdesk may be required to get a user connected to the environment.
When running BYOX strategies organisations believe it will resolve some of the administration overhead and cost, but without correct planning and procedures put in place it could work out as a bad move, as your help desk skill set will need broadening to assist with multiple device types for connection. To be fair though, most platforms now offer a native application install to gain access from the end point or allow HTML5 access, which makes it quite straight forward.
Wait… what about printing and scanning? This is a crucial part of most businesses and is often overlooked. When implementing or investigating a DaaS model you need to factor in bandwidth for print traffic as the printers are nowhere near your desktop. How do you size this? How can you ensure optimal performance? There are optimisation products like UniPrint or Thin Print to help minimise this print traffic, but is this available within the DaaS solution you maybe purchasing? The same thought process needs to be considered for scanning as that image file needs to end up on your desktop at some point for review.
The worry of the DaaS model
From discussions I have had about DaaS and cloud based operating models, they often throw up the same questions and worries. Some of these worries are easily answered but from a reseller or now a vendor point of view you need to have a good response for these.
Below are some questions that I have been asked or my sales colleagues have been asked to answer:
- Where are my Desktops?
- Lots of questions around compliance
- How does it connect to user’s data and apps?
- What devices are supported?
- Can I move off the DaaS environment and take my image with me in the future?
- Who owns the desktop?
- At what point does it become my responsibility?
- What if the application and data is being located in a separate location to the DaaS environment
- If I propose this to management, am I effectively proposing we outsource an element of the ICT function which puts jobs at risk within the ICT Team
- Can I not just use this as a short term fix for business growth?
Majority of issues can be resolved with the right design, architecture and provider but the key to a DaaS offering is how the provider will manage expectation with the customers and how/if they conduct an assessment prior to advising and migrating to ensure that the customer is suitable to be migrated onto a cloud platform. To me by conducting a Cloud Readiness Assessment, this would allow an advisor or provider to assess the business and its capabilities with the current available cloud offerings on the market.
Whilst VDI has been a success in terms of adoption and growth with a total market forecast of $6B (£3.6B) over the next 3 years, I believe that most organisations will take the blue pill at this moment in time and stay doing what they know best, which is on premise solutions that they can have complete control over, allowing them to be agile from a functionality point of view.
DaaS for me will not take over the market as a standard delivery mechanism for desktops and user workspace at this moment in time due to constraints where their data, applications and connectivity may be limited by security compliances, speed of connectivity (even though this is getting much better), manageability, application and data being located in a separate location to the DaaS environment. The reality is that while VDI is complex to implement from an infrastructure perspective, DaaS is just as complex to design/implement from an applications and usability standpoint; and the reasons are simple to understand (some mentioned above).
For a true end user acceptable DaaS offering, organisations need to assess the bandwidth requirements between their Data Centres and the DaaS environment or look into moving more of their applications and data into the cloud within the same data centre, utilising an IaaS offering.
BUT… How about Hybrid DaaS? Take both pills and see the benefits of both?
Thank you for reading the ramblings of a madman, feel free to comment for a discussion on this topic.