When deploying any new application or service to our customers (internal or external), the choices for exactly how that service is delivered are growing at what seems to be an exponential rate. New Software-As-A-Service (SaaS) offerings are driving innovation and a mass exodus to public cloud providers for specific point solutions to business problems. Microsoft, Amazon, and VMware are battling it out for ownership of the Platform-as-a-Service space, which promises all the services you might find in your own datacenter. With all these choices, it might be tempting to outsource your new service offering to the ‘cloud’ in the hopes of gaining all the advertised benefits – lower cost, simpler management, and greater efficiency of operations.
In response to this trend, many companies are already heading toward implementing their own IT-as-a-Service model in their effort to retain control of their intellectual property while at the same time lowering the costs of their services to their end user. Unfortunately, no service provider to date has the ability to offer an entire set of enterprise services to a large corporation in a service model – at least, not without also completely outsourcing the entire staff as well. While specific applications can be outsourced to a SaaS provider, moving entire classes of service to the cloud remains an unviable option for large enterprises.
Choice & Flexibility of solution and design
First and foremost, an outsourced desktop service offering will not provide the same levels of choice and flexibility that the equivalent service provided by your own IT staff could provide. Service offerings through outsourced providers eliminate costs and promise lower TCO primarily through elimination of choices. While it is true that an outsourced desktop may provide sufficient functionality for a specific use case, it is generally not suitable for general-purpose desktop replacement, or even more than one use case. This is due to the simple fact that as the number of users and use cases for a desktop virtualization project grows, so do the number of applications required, the locations the users are coming from, the number of internal resources they need access to, and the plethora of peripheral devices the solution must support. Sooner or later, the outsourced ‘service’ environment begins to look a whole lot like your own datacenter. As these requirements are imposed on the service provider, they must eventually provide greater and greater levels of service, which the customer must pay for. In the end, this largely eliminates the primary mechanism the service provider uses to suppress costs – standardization and elimination of choice and flexibility.
Security and Control
While the technology challenges for securing intellectual property in a hosted facility have been largely overcome, there is one significant challenge that will not be overcome- trust. One has only to read the headlines to know that the threat of corporate espionage is a growing threat, either from ‘recreational’ hackers, state-sponsored espionage, or disgruntled employees. While these threats will never be completely eliminated, two obvious strategies to diminish the risk of data theft is to decrease the overall attack surface of the solution, and to ensure the circle of trusted administrators is as small as possible. A single application, delivered through a Software as a Service model, offers minimal risk compared to a Desktop-as-a-Service offering, as it only typically only provides a single method of entry (web browser), and only handle the data associated with a given application. Furthermore, that application typically is not the primary revenue generation tool for the enterprise, but rather a lower priority application handling a business function, such as messaging or HR, and the data for that application may reside ‘in the cloud’ alongside the functionality of the application itself.
A desktop, on the other hand, is used to deliver exponentially greater functionality, and as discussed above, risk to the enterprise increases commensurate with the increase in choices for a virtual desktop solution. This means the opportunity for theft of /loss of data is also exponentially greater. Many applications must be delivered to the desktop, and while some of those may be a web based application, many will not. Furthermore, much of the data accessed by those applications must out of necessity reside in the corporations databases and file shares. Placing the desktop within the enterprise not only provides greater security for the overall solution, but also places the application closer to the data, offering a better experience for the user, as well as more efficient security for the IT staff.
Disaster Recovery
One obvious benefit to any virtualized solution in your own datacenter is economy of scale. Once an initial investment has been made in your virtualization solution, that investment may be leveraged for additional projects and initiatives. For example, by combining EMC storage replication with VMware Site Recovery Manager, any server or desktop that might be virtualized can immediately be protected for disaster recovery. This means that rather than employing different one-off protection tactics for multiple applications, a single protection strategy may be implemented for the entire virtualized environment, including desktops. EMC has already worked with many of our customers and with VMware to implement disaster recovery plans for corporate data, applications, and desktops. A service offering for desktops from a provider will force you into paying for or implementing a separate strategy for desktop service business continuity.
Efficiency of operations
Finally, the largest risk to the enterprise by leveraging an outsourced virtual desktop service is a split operational model. As the number of users (and their requirements) grows, the ease and likelihood of outsourcing all the desktops diminishes. If, then, only a portion of the desktops are outsourced, this fundamentally splinters your operational model, and forces the company to adopt and implement separate policies and methodologies for security, application deployment, patching, and even potentially licensing.
If, instead those desktops are virtualized in-house, many of the same policies and methodologies may be retained and enforced. While it is true that desktop management will remain split between physical and virtualized desktops, the effects of that split will be minimized. Similar patching schedules may be maintained, as well as application and operating system upgrades. The virtualized desktops may be integrated through policy and technology with the physical desktops, ensuring the same data loss prevention techniques are applied universally to all desktops.
In conclusion, while an outsourced desktop does provide some advantages, those advantages are largely realized only if the number of use cases can be kept to a minimum. As the number of use cases grows, so do the requirements. A virtualized desktop in your own datacenter provides the best mix of flexibility and choice, while at the same time maximizing your security, control, and operational efficiency.
My Occasional IT Blog... 