VDI moves to the cloud

To counter the strain desktop virtualization can put on data centers and administrators, some agencies and vendors are turning to desktop as a service.

 
Placeholder Image for Article Template

Many technologies have made the transition to the cloud in recent years. Now the virtual desktop is getting its turn.

Once considered a bit exotic, virtual desktop infrastructure (VDI) has become a familiar approach in a growing number of government IT departments. In a VDI environment, users equipped with thin clients or zero clients access virtualized desktops hosted on a central server. The heavy lifting of desktop computing shifts from the client device to the data center, where operating systems and applications reside.

VDI proponents cite benefits such as easier systems administration, enhanced security and lower client-side support costs.

VDI, however, places more demands on data centers and administrators -- and that's where the cloud comes in. Desktop as a service (DaaS) transfers the job of hosting and managing virtual desktops to the cloud. Federal agencies are just beginning to explore this twist on VDI and its potential, and vendors such as Amazon Web Services and VMware are getting into the act.

Why it matters

Desktop virtualization is becoming more prevalent among federal agencies. Small pilot and proof-of-concept demonstrations were the norm a half-dozen years ago, but in the past two years, much larger deployments have emerged, with the Energy Department, Navy and Defense Intelligence Agency among the larger installations.

DOE conducted a 500-user VDI pilot program, which "demonstrated that Energy can provide a good customer experience and achieve cost reductions by consolidating and virtualizing the desktop infrastructure," a DOE spokeswoman said.

She said preparations are underway to deploy VDI to 2,000 users, which include federal employees and direct service contractors. The highly available and redundant virtual desktop environment, which will use infrastructure as a service, was scheduled to launch April 15.

In addition, DOE's use of zero clients "will also reduce the required power consumption per desktop to reduce [the] overall carbon footprint," she said.

VDI can ease desktop support and shrink energy consumption, but the advantages come at a cost. Organizations might need to invest in data center infrastructure -- servers, storage, software and networking -- to make the technology work. They will also need to train or hire employees to maintain the virtual environment.

The data center costs alone might be enough to keep some agencies from pursuing VDI. But DaaS eliminates the back-end infrastructure expense and associated management chores of VDI.

With on-premise VDI, "the customer would have to procure and manage the physical hardware and the software that would manage the virtual desktop environment," said Paul Duffy, principal product manager at Amazon Web Services.

Customers would also need to provision additional hardware and software as the virtual desktop population grows. But customers that acquire virtual desktops through Amazon Web Services' WorkSpaces offering can avoid those procurement issues, Duffy said.

The ability to avoid the initial infrastructure investment is an important advantage of DaaS, said Dave Grant, senior director of product marketing for DaaS at VMware. "It's a relatively large investment upfront," he added.

sidebar describing how desktop as a service works

DaaS turns VDI into an operating expense instead of a capital expense, Grant said. Customers pay a predictable per-user, per-month fee that they can budget for as an operational expense item, he added.

Faisal Iqbal, director of systems engineering for public-sector clients at Citrix, agreed that DaaS offers the ability to potentially offload desktop image management and shift away from capital expenditures.

Some federal agencies are taking a closer look at DaaS solutions. NASA's Goddard Space Flight Center, for instance, plans to assess the feasibility of cloud-based DaaS offerings and compare them to existing VDI technologies, said Keith Keller, chief technology officer and associate director for innovation at Goddard.

He said the center's DaaS assessment project was recently selected for funding by NASA's IT Labs program. In the meantime, Goddard is moving forward with a VDI pilot project, currently scheduled for this summer. Keller said an assessment of the project will address cost, ease of management and ease of use.

DOE is also looking into DaaS, the department spokeswoman said.

The fundamentals

DaaS has been around for several years. Desktone, the company that helped pioneer the service, was founded in 2007. But DaaS didn't make much of a splash in the federal market until last year. In September 2013, Desktone launched a DaaS service for federal agencies via IBM's SmartCloud for Government. A month later, VMware acquired Desktone, which further raised DaaS' profile.

Then in November, Amazon Web Services announced WorkSpaces, which the company describes as a fully managed desktop computing service in the cloud. WorkSpaces had been available on a limited preview basis to organizations including federal agencies. The company announced general availability in March.

Government-focused alliances are also falling into place. In addition to its relationship with IBM, VMware has an arrangement with Harris in which VMware's desktop virtualization software provides the platform for DaaS.

VMware has also partnered with Carpathia, a cloud services and managed hosting provider, to offer a government version of its VMware vCloud Hybrid Service. Grant said DaaS should be running on top of the hybrid cloud by late this year.

Another alliance has SAIC working with Hitachi Data Systems Federal under a partnership announced late last year. The companies will work together to develop and deliver a desktop-as-a-service solution for government agencies, according to an SAIC statement.

Advice for creating your own DaaS tool

For agencies that are considering becoming desktop-as-a-service providers, here are a few tips from Thomas Sasala, chief technology officer at the Army's Information Technology Agency:

  • Obtain commitment. A successful DaaS deployment requires unwavering organizational commitment, senior leaders' continual involvement and a close attention to detail.
  • Be prepared to manage change. Most of the resistance to ITA's DaaS initiative came from skeptics who were in charge of the current environment and were unwilling to embrace change.
  • Engage all stakeholders. DaaS is generally an IT activity, but adopters should not forget their users' needs and perceptions. Regular forums can spark engagement and create support for DaaS.
  • Learn from others. Agencies should talk to feds who have already adopted DaaS before they start their own project -- and continue those conversations throughout the process.
  • Use a proven design. Rather than starting from scratch, agencies should tailor a successful DaaS design to their environments. That approach will minimize integration issues and let agencies focus on their specific needs.
-- John Moore

Although federal agencies might choose to subscribe to a cloud provider's DaaS tool, others will offer their own DaaS solutions. Grant said he has seen increasing interest among Defense Department organizations in using VMware's multitenant desktop virtualization platform at their own data centers. Those organizations act as service providers by offering DaaS in a private cloud behind their firewalls, he added.

The Army's Information Technology Agency is taking on the DaaS provider role as it installs 2,000 unclassified and 2,000 classified DaaS stations for the Joint Chiefs of Staff. Thomas Sasala, ITA's chief technology officer, said ITA deployed the hardware and software for the back-end infrastructure, while the Joint Chiefs' command, control, communications and computers/cyber division is handling the deployment on the client end.

Sasala said virtual desktops are already easing his agency's administrative and security compliance tasks. "With the VDI implementation, we patch the master image and recompose the desktops over...one evening, reaching 100 percent compliance in under 24 hours," Sasala said. "This reduces the time 50 [to] 95 percent sometimes, thus resulting in a significant labor savings."

The hurdles

With cloud-based services, the primary obstacles to federal acceptance tend to be security, security and security. Industry executives say that is the case with DaaS. Agencies want assurance that vendors can keep cloud-hosted desktops safe, and they are likely to rely on Federal Risk and Authorization Management Program (FedRAMP) certification to give them that peace of mind.

"I feel the big driver that could make DaaS very appealing down the road is FedRAMP and cloud certification of security," said Matt Brooks, senior director of federal sales at Hitachi Data Systems Federal.

Vendors are already moving in that direction. In March, VMware announced that it was seeking FedRAMP's authority to operate for the hybrid cloud service it is bringing to market with Carpathia. Around the same time, Amazon Web Services said all four of its infrastructure regions in the U.S. -- including GovCloud -- had received provisional authorization under DOD's Cloud Security Model for Impact Levels 1 and 2, which cover unclassified public and unclassified private information. Achieving authorization under DOD's model requires adhering to security controls beyond FedRAMP's baseline standards.

Amazon Web Services' DaaS offering is not covered under the DOD provisional authorization, and DaaS has yet to debut on the VMware/Carpathia hybrid cloud service.

Agencies planning to build their own DaaS offerings face another hurdle: coming up with an end-to-end solution that works.

"A full solution will most likely encompass a combination of both hardware and software from many different vendors that need to function as one," said Ken Liska, a virtualization specialist at NetApp U.S. Public Sector. "Finding a pre-validated solution that has been jointly architected by multiple vendors is highly recommended, as it can save huge amounts of time both upfront and after deployment."

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.