What is VDI and How Does it Work?

Virtual desktop infrastructure (VDI) enables organizations to deliver operating systems and applications in a centralized manner, without having to deploy a dedicated workstation for each employee. VDI solutions are based on desktop images, which a user connects to and uses as if it was running locally on their device. VDI solutions support a variety of endpoints including Windows, Linux and MacOS computers, mobile devices, or thin clients.

Learn how enterprise IT and security teams can protect sensitive assets from endpoint attacks. Click here. 

The term “VDI” typically refers to an on-premise deployment model, in which organizations run VDI infrastructure in their local data center and use it to deliver virtualized desktops to users. However, VDI technology can be operated by cloud providers or other vendors, who use it to deliver VDI as a managed service—a deployment model known as Desktop as a Service (DaaS).

This is part of an extensive series of guides about hybrid cloud.

Enterprise VDI Solutions

Enterprise VDI solutions are full-featured offerings that allow an organization to deliver VDI services to large numbers of users. They can be used by individual organizations, or by service providers to deliver managed desktop virtualization services to many organizations.

VMware Horizon

VMware Horizon is a VDI solution based on the popular vSphere hypervisor. Each user’s desktop is managed as an ESXi virtual machine. Horizon supports endpoint devices including personal computers, tablets, smartphones, thin clients, and zero clients (an endpoint device with no local storage capacity, which connects remotely to a server).

Unlike vSphere, VMware Horizon is licensed according to the number of desktops the organization can serve concurrently.

VMware Horizon components include:

Horizon View Connection Server—management server which allows desktop users to connect and authenticate via LDAP.

View Composer—installed on vCenter Server, manages virtual desktop storage and can save up to 90% of virtual desktop disk space through linked cloning.

Horizon Administrator—UI for managing the VDI deployment. Can be used to add vCenter Servers and View Composers.

View Agent—installed on all VMs that are managed as part of the VDI infrastructure. Provides features like access to peripherals and connectivity monitoring.

Horizon Client—installed on the user’s device (Windows, MacOS or Linux), and lets the user connect and authenticate on the View Connection Server, and access their virtualized desktop.

Citrix Virtual Apps and Desktops

Citrix provides a popular VDI platform, which provides fine-grained control over virtual machines, licensing, applications, and security. It enables organizations to run virtual desktops on any device, regardless of the operating system of the local device. It is based on the Citrix FlexCast Management Architecture (FMA), which can be used to deliver individual applications as well as entire desktops to users.

Citrix Virtual Apps and Desktops offers two price tiers—Citrix VDI, Enterprise Edition and Platinum Edition, with three payment models—payment per concurrent users, payment per device, or payment per team.

Citrix components include:

  • Delivery Controller—the central management component of a VDI deployment. Communicates with the hypervisor to run desktops and manage user access.
  • Database—Microsoft SQL Server used for configurations and session data.
  • Virtual Delivery Agent (VDA)—installed on each physical or virtual machine that hosts virtualized desktops.
  • Citrix StoreFront—authenticates users and directs them to the desktop or application they are eligible to access.
  • Citrix Workspace App—installed on user devices, or delivered via HTML5 in a browser. Lets users access their virtual desktop and personal data.
  • Citrix Studio—a management console that lets administrators control the VDI deployment and track licensing.
  • Citrix Director—an administrative interface that allows IT teams to troubleshoot issues and support end users.
  • Citrix Hypervisor—the VDI solution can run on the Citrix hypervisor, or use a hypervisor from another vendor.

New call-to-action

Cloud-Based VDI Solutions (Desktop as a Service)

Several major cloud providers provide managed VDI solutions, in a model known as desktop as a service (DaaS). These solutions run a VDI stack behind the scenes, but do not require an upfront investment, and allow organizations to get started with VDI quickly and pay per actual usage.

Amazon WorkSpaces

A cloud-based desktop service that lets you configure Windows or Linux desktops in minutes, and scale quickly to deliver thousands of concurrent desktops. It is billed monthly, according to the number of workspaces launched, or hourly per desktop usage.

Amazon WorkSpaces was designed to eliminate many administrative tasks related to desktop lifecycle management, such as provisioning, deployment, and maintenance. It provides one cloud-based management interface, and does require the organization to manage multiple VDI components.

Azure Windows Virtual Desktop (WVD)

This new service is the successor of the legacy Microsoft offering, Remote Desktop Service (RDS), which was also offered in a DaaS model. WVD allows users to access a Windows 10 desktop from any device. The service is fully hosted in Azure, with extensive compliance and security features.

WVD lets users access Office 365 Pro Plus, and is fully integrated with the Microsoft 365 platform. It is based on a multi-session version of Windows 10 which was especially designed for the DaaS platform. An important advantage is that WVD users receive free Extended Security Updates for Windows 7.

IBM Cloud

IBM Cloud offers a virtual desktop solution with accelerated graphics capabilities. It lets several virtual desktops use the same graphical processing unit (GPU), using high performance NVIDIA GRID hardware. This offers mobile workers a workstation-like experience for graphic-intensive use cases on any device.

IBM Cloud enhances security for virtual desktops by never sending any data—only encrypted visual output and mouse or keyboard input over the network. This means users don’t need to keep a local copy of their files.

Evolve IP

  • Evolve provides a third-party desktop as a service solution based on Microsoft Azure. Its unique features include:
  • PCoIP (PC over IP) distribution protocol for accessing local USB peripherals.
  • Integration with Microsoft Office, SharePoint and Evolve IP applications.
  • Built-in antivirus, anti-malware and two-factor authentication for virtualized desktops.
  • Full control and customization of your virtual desktop environment—configure how the solution provides application, desktop and storage space.
  • Customize the operating systems and applications provided to users to optimize license costs.

Addressing VDI Challenges with Perception Point

Perception Point Advanced Browser Security adds enterprise-grade security to standard browsers like Chrome, Edge, and Safari. The solution fuses advanced threat detection with browser-level governance and DLP controls providing organizations of all sizes with unprecedented ability to detect, prevent and remediate web threats including sophisticated phishing attacks, ransomware, exploits, Zero-Days, and more.

By transforming the organizational browser into a protected work environment, the access to sensitive corporate infrastructure and SaaS applications is secure from data loss and insider threats. The solution is seamlessly deployed on the endpoints via a browser extension and is managed centrally from a cloud-based console. There is no need to tunnel/proxy traffic through Perception Point.

An all-included managed Incident Response service is available for all customers 24/7. Perception Point’s team of cybersecurity experts will manage incidents, provide analysis and reporting, and optimize detection on-the-fly. The service drastically minimizes the need for internal IT or SOC team resources, reducing the time required to react and mitigate web-borne attacks by up to 75%.

Customers deploying the solution will experience fewer breaches, while providing their users with a better experience as they have the freedom to browse the web, use SaaS applications that they require, and access privileged corporate data, confidently, securely, and without added latency.

CISO's guide 2022