Making the case for VDI: Lock them down and open them up

With desktop virtualization, you can provide the freedom your users want, while maintaining the control IT needs

Dear Bob ....

I'm a CIO in county government, and we are moving toward a virtual desktop infrastructure. I just read your recent column, "Encourage innovation? What does that mean?," which is why I'm writing.

[ Want to cash in on your IT experiences? InfoWorld is looking for stories of an amazing or amusing IT adventure, lesson learned, or tales from the trenches. Send your story to If we publish it, we'll keep you anonymous and send you a $50 American Express gift cheque. ]

I've never been a big fan of locking users down and have fought it throughout my career. VDI presents a new challenge because by their nature, they are more locked down then a traditional desktop.

However, I am really looking for ways for users to utilize those other devices, such as tablets and smartphones, and VDI allows for that to happen. We are looking at tablets for inspectors, emergency management personnel, probation officers, and even utilizing them in patrol cars. The costs are so much less than providing those same users with a laptop, and we can give them their office desktop experience on the road.

This has also raised the question: Why not let them use their own tablets if they want? Do I really care that it's not county owned if they are securely connecting to their virtual desktop that is centrally managed by my IT staff?

Just wondering what your thoughts are on VDI and how it impacts user innovation?

- Want to, but can I?

Dear Wants to ...

Thanks for giving me a chance to get back on a favorite soapbox. My opinion: Depending on how you implement it, VDI can give you, if not the best of both worlds, at least a lot of it. That's because when you implement VDI, you have the opportunity to provide two (or more) computing environments on a single device.

For example, by deploying VDI on a laptop, you can provide both a highly secured, locked-down, as-impenetrable-as-you-want-to-make-it virtual machine and a user-accessible, free-for-all-style underlying physical machine. Your users can innovate to their hearts' content there, and if one of them messes up, you restore their physical machine to a pristine build without worries.

If you want to get fancier, you can provide two virtual environments: one locked down and the other more open. Or if you and your users like, you can let them use their own equipment for whatever they want, accessing your official, secure computing environment through your VDI deployment.

An enhancement I like: Some VDI deployments include provisions for "local mode," which manages virtual machines centrally but deploys them so that they execute on the user's CPU. This architecture is desirable for a few reasons:

  • It saves your data center budget, because managing configurations centrally takes a whole lot less horsepower than running them centrally. Also, you've already paid for the CPU in the user's computer, so it costs you nothing, too.
  • Because your central image and the user's local-mode VM synchronize every time the user reconnects, you can restore the user to a recent stable configuration if something goes wrong, instead of having to restore to factory settings, as it were. This will help your users out at no cost to you.
  • The way this solution works, your users will be functional even if they don't have access to your network -- for example, when they're on a flight or in a patrol car or emergency vehicle.
  • With the right client software, they can also use their desktop environment on an incompatible device like an iPad -- not in local mode, of course, but you can't have everything. When they log back in with their local-mode device, the work they did on their iPad automatically appears.

What I don't know is whether you can negotiate virtualization-friendly software license agreements. So far as I can tell, you are allowed to run Windows 7 on one physical and one virtual machine at the same time, so long as both are running on the same physical PC. As for applications, they depend on the vendor and probably on the individual software package. It's certainly worth contacting your sales reps to ask the question -- and to let them know that in the era of open source software and cloud-based alternatives, there's only one right answer.

I have to admit to an important caveat on all of this: While people I trust and respect tell me this technology is mature and tested enough for use in production environments, I have no personal hands-on experience with it. If you're interested, you'll have to perform your own due diligence. I'd hate to have one of your patrol cars show up on my front step just because I touted technology that ended up not working as promised.

- Bob

This story, "Making the case for VDI: Lock them down and open them up," was originally published at Read more of Bob Lewis's Advice Line blog on For the latest business technology news, follow on Twitter.