VDI moves to the cloud
To counter the strain desktop virtualization can put on data centers and administrators, some agencies and vendors are turning to desktop as a service.
Many technologies have made the transition to the cloud in recent years. Now the virtual desktop is getting its turn.
Once considered a bit exotic, virtual desktop infrastructure (VDI) has become a familiar approach in a growing number of government IT departments. In a VDI environment, users equipped with thin clients or zero clients access virtualized desktops hosted on a central server. The heavy lifting of desktop computing shifts from the client device to the data center, where operating systems and applications reside.
VDI proponents cite benefits such as easier systems administration, enhanced security and lower client-side support costs.
VDI, however, places more demands on data centers and administrators -- and that's where the cloud comes in. Desktop as a service (DaaS) transfers the job of hosting and managing virtual desktops to the cloud. Federal agencies are just beginning to explore this twist on VDI and its potential, and vendors such as Amazon Web Services and VMware are getting into the act.
Why it matters
Desktop virtualization is becoming more prevalent among federal agencies. Small pilot and proof-of-concept demonstrations were the norm a half-dozen years ago, but in the past two years, much larger deployments have emerged, with the Energy Department, Navy and Defense Intelligence Agency among the larger installations.
DOE conducted a 500-user VDI pilot program, which "demonstrated that Energy can provide a good customer experience and achieve cost reductions by consolidating and virtualizing the desktop infrastructure," a DOE spokeswoman said.
She said preparations are underway to deploy VDI to 2,000 users, which include federal employees and direct service contractors. The highly available and redundant virtual desktop environment, which will use infrastructure as a service, was scheduled to launch April 15.
In addition, DOE's use of zero clients "will also reduce the required power consumption per desktop to reduce [the] overall carbon footprint," she said.
VDI can ease desktop support and shrink energy consumption, but the advantages come at a cost. Organizations might need to invest in data center infrastructure -- servers, storage, software and networking -- to make the technology work. They will also need to train or hire employees to maintain the virtual environment.
The data center costs alone might be enough to keep some agencies from pursuing VDI. But DaaS eliminates the back-end infrastructure expense and associated management chores of VDI.
With on-premise VDI, "the customer would have to procure and manage the physical hardware and the software that would manage the virtual desktop environment," said Paul Duffy, principal product manager at Amazon Web Services.
Customers would also need to provision additional hardware and software as the virtual desktop population grows. But customers that acquire virtual desktops through Amazon Web Services' WorkSpaces offering can avoid those procurement issues, Duffy said.
The ability to avoid the initial infrastructure investment is an important advantage of DaaS, said Dave Grant, senior director of product marketing for DaaS at VMware. "It's a relatively large investment upfront," he added.
DaaS turns VDI into an operating expense instead of a capital expense, Grant said. Customers pay a predictable per-user, per-month fee that they can budget for as an operational expense item, he added.
Faisal Iqbal, director of systems engineering for public-sector clients at Citrix, agreed that DaaS offers the ability to potentially offload desktop image management and shift away from capital expenditures.
Some federal agencies are taking a closer look at DaaS solutions. NASA's Goddard Space Flight Center, for instance, plans to assess the feasibility of cloud-based DaaS offerings and compare them to existing VDI technologies, said Keith Keller, chief technology officer and associate director for innovation at Goddard.
He said the center's DaaS assessment project was recently selected for funding by NASA's IT Labs program. In the meantime, Goddard is moving forward with a VDI pilot project, currently scheduled for this summer. Keller said an assessment of the project will address cost, ease of management and ease of use.
DOE is also looking into DaaS, the department spokeswoman said.
The fundamentals
DaaS has been around for several years. Desktone, the company that helped pioneer the service, was founded in 2007. But DaaS didn't make much of a splash in the federal market until last year. In September 2013, Desktone launched a DaaS service for federal agencies via IBM's SmartCloud for Government. A month later, VMware acquired Desktone, which further raised DaaS' profile.
Then in November, Amazon Web Services announced WorkSpaces, which the company describes as a fully managed desktop computing service in the cloud. WorkSpaces had been available on a limited preview basis to organizations including federal agencies. The company announced general availability in March.
Government-focused alliances are also falling into place. In addition to its relationship with IBM, VMware has an arrangement with Harris in which VMware's desktop virtualization software provides the platform for DaaS.
VMware has also partnered with Carpathia, a cloud services and managed hosting provider, to offer a government version of its VMware vCloud Hybrid Service. Grant said DaaS should be running on top of the hybrid cloud by late this year.
Another alliance has SAIC working with Hitachi Data Systems Federal under a partnership announced late last year. The companies will work together to develop and deliver a desktop-as-a-service solution for government agencies, according to an SAIC statement.
Although federal agencies might choose to subscribe to a cloud provider's DaaS tool, others will offer their own DaaS solutions. Grant said he has seen increasing interest among Defense Department organizations in using VMware's multitenant desktop virtualization platform at their own data centers. Those organizations act as service providers by offering DaaS in a private cloud behind their firewalls, he added.
The Army's Information Technology Agency is taking on the DaaS provider role as it installs 2,000 unclassified and 2,000 classified DaaS stations for the Joint Chiefs of Staff. Thomas Sasala, ITA's chief technology officer, said ITA deployed the hardware and software for the back-end infrastructure, while the Joint Chiefs' command, control, communications and computers/cyber division is handling the deployment on the client end.
Sasala said virtual desktops are already easing his agency's administrative and security compliance tasks. "With the VDI implementation, we patch the master image and recompose the desktops over...one evening, reaching 100 percent compliance in under 24 hours," Sasala said. "This reduces the time 50 [to] 95 percent sometimes, thus resulting in a significant labor savings."
The hurdles
With cloud-based services, the primary obstacles to federal acceptance tend to be security, security and security. Industry executives say that is the case with DaaS. Agencies want assurance that vendors can keep cloud-hosted desktops safe, and they are likely to rely on Federal Risk and Authorization Management Program (FedRAMP) certification to give them that peace of mind.
"I feel the big driver that could make DaaS very appealing down the road is FedRAMP and cloud certification of security," said Matt Brooks, senior director of federal sales at Hitachi Data Systems Federal.
Vendors are already moving in that direction. In March, VMware announced that it was seeking FedRAMP's authority to operate for the hybrid cloud service it is bringing to market with Carpathia. Around the same time, Amazon Web Services said all four of its infrastructure regions in the U.S. -- including GovCloud -- had received provisional authorization under DOD's Cloud Security Model for Impact Levels 1 and 2, which cover unclassified public and unclassified private information. Achieving authorization under DOD's model requires adhering to security controls beyond FedRAMP's baseline standards.
Amazon Web Services' DaaS offering is not covered under the DOD provisional authorization, and DaaS has yet to debut on the VMware/Carpathia hybrid cloud service.
Agencies planning to build their own DaaS offerings face another hurdle: coming up with an end-to-end solution that works.
"A full solution will most likely encompass a combination of both hardware and software from many different vendors that need to function as one," said Ken Liska, a virtualization specialist at NetApp U.S. Public Sector. "Finding a pre-validated solution that has been jointly architected by multiple vendors is highly recommended, as it can save huge amounts of time both upfront and after deployment."