What is Virtual Desktop Infrastructure (VDI)?

What is Virtual Desktop Infrastructure?

Virtual desktop infrastructure (VDI) is an end user computing model enabling clients to connect remotely to their desktop operating system environment through a central server, which can host multiple of these desktops for many users at once. One of the many modes of desktop virtualization, VDI serves users with the desktop image over a network, which may be secured along with the various endpoints involved in the process: PCs, smartphones, tablets and thin client terminals.

A server hosting virtual desktops may be managed on-premises or in the cloud, and the most common type of VDI operating system available is Microsoft Windows, but there are options available via Linux and others. From their endpoint device, the user can operate and interact with their virtual desktop as if they were sitting at the PC, and accomplish tasks on their network even from very far away and without the required resources present locally. For this reason virtual desktops are vital for empowering remote work and productivity.

How Does a Virtual Desktop Work?

From the perspective of one using virtual desktop infrastructure, the experience is very similar to what they’d otherwise see on a PC: a virtual desktop screen presented on their chosen endpoint device. However, the experience also differs somewhat in its speed - given that hardware and other resources required by desktop operations are usually closer in proximity than they would be to a local PC. A server hosting VDI is closer to backend databases, memory repositories and storage, and more.

At the same time, interacting with the virtual desktop feels like using a local PC because the model is designed to reduce latency, compressing traffic to optimize the speed of inputs like a mouse click or typing on the keyboard. A big clue that tells the user they’re not in a local environment is how they access their virtual desktop environment - usually by manually logging on through their local PC - though it’s possible to spin up a virtual desktop upon logging into a device.

Another way that VDI works differently is that users may not be able to save changes as they would a normal PC, but this also depends. On a “persistent” VDI the user can make changes that will show up the next time they access the virtual desktop, but this is also more expensive and complicated to maintain. Companies using a “non-persistent” VDI avoid these management obstacles but also limit the utility of their virtual desktops by giving users a permanently reserved (and immutable) VDI resource each time they login.

No matter what kind of VDI deployment is in use, they do have some common characteristics:

Centralization

Virtual desktop infrastructure is always enabled by virtual machines on a centralized server, whether locally managed or in the cloud.

OS Image

VDI always includes an image of a specific operating system such as Windows - the most common OS to be virtualized.

Hosting

Because each desktop is host-based (through its server), many instances are stored and used at the same time.

Constant Connectivity

Endpoints are unable to display a virtual desktop if they aren’t connected to the central server, so users must remain connected at all times when taking advantage of VDI.

VDI Broker

An extra layer in the process involves what’s called a connection broker, which orchestrates the acquisition of a virtual desktop for each user when they connect, from the server’s available resources.

Hypervisor

The hypervisor is a tool that manages the various virtual machines on the host server, and ensures that desktops accessing them have the resources they require.

Why Do Organizations Need Virtual Desktops?

Virtual desktop interfaces are useful no matter the type of deployment an organization or individual uses. For example, a nonpersistent virtual desktop can be used to provide static, constant access to an unchanged desktop, while a persistent VDI grants access to a personal virtual computer that serves as a customizable workspace. This is beneficial for business of all kinds, especially as remote work becomes more popular. Mobile employees and contractors are able to efficiently access the resources they need to do their jobs, no matter where they are or what kind of hardware they’re using.

VDI is an enabler of remote office and mobile utility, because a virtual desktop is a purposeful stand-in for the “real thing”, regardless of the situation of the end user (or the endpoint). Employees who are always on the road can connect safely to their “home” PC and all the applications they normally use in their roles, and capably complete their work from afar. This type of on-demand remote office is crucial, because when employees are not equipped in this manner, distance, device, and other factors become an obstacle to success.

IT teams also love virtual desktop interfaces because they increase simplicity, integrate easily with existing cloud-based resources, and reduce costs in several ways. For one, it’s crucial to remember that because VDI processing needs are handled within the server, auxiliary (and often pricey hardware isn’t necessary. Another reason that VDI is a cost-reduction solution is that it can be accessed with a relatively basic client machine such as an old PC or tablet, and not an expensive laptop capable of running virtual applications locally.

Security of Virtual Desktop Infrastructure

Running a VDI is a safer way of accessing an operating system over running it locally, at the most basic level. This is because all resources are held on a secure server rather than a laptop, for example, which is much more mobile and therefore able to fall into the wrong hands, connect to unsafe Wi-Fi networks, and more. Even if a laptop that can connect to your company’s VDI is stolen, the thief isn’t able to access resources held in the server.

In the case of a managed VDI solution, the provider also adds a measure of security. With responsibility for patching and maintenance on this third-party (and its bigger pool of resources), companies can feel safer that there is only one set of hands on the controls, and not many. Liability for applying updates or changing configurations isn’t on them, and presents a more streamlined and less complicated way of doing things.

Though VDI is a simple way to manage multiple desktops for employees, it is also vulnerable to attacks and can be compromised if it isn’t done correctly. Some basic security tools go a long way to securing a virtual environment properly, however. With SSO enabled in the authentication phase, an extra layer of security is added between the user and their resources, while an integrated security solution will help to enable endpoint security and additional encryption efforts for traffic.

SDP vs VPN: Frequently Asked Questions

What is a software-defined perimeter (SDP)?

A software-defined perimeter is a hardware-less type of architecture that creates an internal network quarantined from the outside by a perimeter comprised of a variety of firewalls, which prevents users from coming in without verification. It then allows granular control over specific resource access once users are within the network.

How does an SDP work?

SDP works by containing a company’s IT assets inside a closed network of firewalls that do not let unauthorized users inside. The software foundation of SDP means that both local and cloud resources can be protected from outside access, with the SDP controller being manipulated by IT to determine which users can access which resources once authorized.

What is a VPN?

A VPN, or virtual private network, is a product that helps users connect to web pages, applications, and other resources safely. It keeps their connection and data private as long as it’s active, and allows them to route (and anonymize) their traffic through different globally-placed servers.

How does a VPN work?

A VPN creates a secure tunnel between a user’s PC and the resource they are trying to access (an application, web page, etc.). The tunnel contains traffic that is encrypted by one of many different protocols including IPSec, SSL, WireGuard and others, keeping one’s data private as they interact across the web.

SDP vs VPN: What are the differences?

SDP is different from VPN largely due to the way that it enables custom internal network access policies, while VPNs are meant to provide unlimited network/resource access to users. VPNs also limit visibility across the network for IT, while SDP enables it. Another key difference is that policies are able to be automated with an SDP, and this function is rare on a VPN.

What can I use instead of a VPN?

SDP is a good VPN alternative, as is IAM (Identity Access Management) but only as a complement to VPNs. Enterprises might also try PAM or VPAM - which are Privileged and Vendor Privileged Access Management, respectively.

Is SDP a VPN alternative?

Yes, SDP is an effective alternative to VPN, as it also privatizes traffic over the network, but includes more in-depth functionality and auditing utilities.

Protect Remote Resources with a Virtual Desktop

Perimeter 81’s cloud-friendly Network as a Service (NaaS) platform enables safe and speedy virtual desktop access from around the world.

Endpoint Encryption

Encryption protocols including IPSec and SSL establish a secure connection between users’ devices and network resources when connected to their virtual desktop, reducing the attack surface.

Enable Remote Work

Give full access to remote workstations to your employees who choose to work from home. Their ability to connect from anywhere and share data securely means they’re as productive as if they were at their desks.

Virtual Application Access

One of the biggest advantages of an SD-WAN is that they’re cloud-friendly and cloud agnostic, meaning they can seamlessly integrate with the most popular products like Salesforce, AWS, and others.

The Perimeter 81 VDI Solution’s 4 Primary Capabilities

Supplement VDI Security

Enable 2FA and single sign-on across mobile devices using iOS and Android, PC and Mac desktops and the web when using VDI.

Multi-Tenant Network

Segment your network and networks according to your security policies and users, including functions like virtual desktop.

Your Unified Network

One cloud-based platform to connect and secure your network resources, access management, monitoring, and more.

Zero Trust Access

Reduce the attack surface and make your VDI a moving target, by implementing least-privilege access policies.

What Our Virtual Desktop Solution Offers Organizations

Security on All Devices

BYOD policies multiply the number and variety of devices connecting to your network. Ensure only authorized devices connect to your virtual desktops with NaaS endpoint security.

Cloud Agnostic Integration

The ease with which our solution integrates into your virtual office, whether local or cloud-based, enables organizations to protect all their resources in unified fashion.

Superior Quality Assurance

Connecting to the virtual desktop through a diverse global server array helps the QA and marketing teams determine how best to target different markets, and how successful current efforts are.

Safe Remote Access

Automatic Wi-Fi security lets remote workers connect to sensitive resources from the public internet without fear of exposure, while encrypted tunnels shield data sharing from prying eyes.

Precise User Segmentation

Beyond the capabilities of legacy security solutions, granular policy-based permissioning helps organizations exercise greater control over those entering their virtual infrastructure.

IP Whitelisting

Explicitly define the IP addresses that are allowed to access the network, granting IT teams a stronger grip on security and also the ability to assign static IPs to automatically trusted sources of traffic.

Platform

Solutions

Perimeter 81’s Virtual Desktop Infrastructure Solution