ProHoster > Blog > Administration > Comparison of VDI and VPN - parallel reality of Parallels?

Comparison of VDI and VPN - parallel reality of Parallels?

In this article, I will try to compare two completely different VDI technologies with VPN. I have no doubt that in connection with the pandemic that unexpectedly fell on all of us in March of this year, namely the forced work from home, you and your company have long made your choice on how to optimally provide comfortable working conditions for your employees.

Comparison of VDI and VPN - parallel reality of Parallels?
I was inspired to write this article by reading a comparative "analysis" of the two technologies on the Parallels blog β€žVPN vs VDI – What Should You Choose?", namely, its incredible one-sidedness, without even a minimal claim to impartiality. The very first paragraph of the text is called "Why a VPN solution is becoming outdated / Why a VPN solution is becoming outdated", further in the text "VDI advantages / VDI advantages" and " VPN limitations.

My work is directly related to VDI solutions, primarily with Citrix products. So the direction of the article should have been to my liking. However, this prejudice only makes me dislike. Dear colleagues, is it possible, when comparing two technologies, to see only disadvantages in one of them, and only advantages in the other? How can one, after such conclusions, take seriously everything that such a company says and does? Haven't the authors of such β€œanalytical” articles come across popular phrases in the IT world, such as β€œuse case” or β€œit depends”?

Benefits of VDI according to Parallels:

The underlining highlights the advantages of VDI indicated in the article (in my translation)

VDI provides centralized data management.

  • What kind of data? The task of VDI is to provide remote access to a virtual desktop. When using a VPN to access a corporate network, such as corporate SharePoint, data will also be managed centrally.
  • Perhaps, if user profiles are meant by centralized data management, then this statement is correct.

VDI provides seamless access to work files and applications using the latest encryption protocols.

  • What are you talking about, gentlemen? What are Parallels latest encryption protocols? TLS 1.3? What is a VPN then?

VDI has no need for optimized bandwidth.

  • Seriously? If I understand correctly, Parallels RAS doesn't care if the user has two 4K 32" monitors or one 15" laptop? It is for bandwidth optimization that protocols such as ICA / HDX (Citrix), Blast (VMware) were created.

Since VDI is located in the data center, the end user does not need "powerful end-user hardware"

  • This statement may be true, for example when using ThinClients, but it is completely abstract and does not take into account various scenarios.
  • And what is called powerful end-user hardware in 2020?

VDI provides the ability to connect from various devices such as tablets and smartphones.

  • Certainly a correct statement. But let's not prevaricate, if you can somehow work from a tablet, then from a smartphone .... Unless from some smartphones with an external monitor
  • The user's work should be comfortable, and not spoil his eyesight. For example, I use a 28" monitor, but I plan to switch to a larger diagonal.
  • The laptop is the most popular computer for corporate use today.
  • Let me remind you that VPN clients can be downloaded for both tablets and smartphones.

VDI provides access to Windows applications from other operating systems such as Mac and Linux.

  • I believe that colleagues simply made a mistake here, and this is not about VDI at all, but about Hosted Application.
  • As for VPNs, leading vendors such as Cisco or CheckPoint certainly offer VPN clients for both Mac and Linux. Citrix also offers VPNs, including for its VDI solutions

Disadvantages of VDI

Deployment cost

  • additional iron is required, a lot of iron.
  • purchase of additional licenses is required, both for the basic infrastructure (Windows Server) and for the VDI itself (Windows 10 + Citrix CVAD, VMware Horizon or Parallels RAS).

Complexity of the solution

  • you can't just take and install Windows 10, call it a "golden image" and then just multiply it into X copies.
  • when designing, it is necessary to take into account many nuances, ranging from geographical location to an assessment of the real needs of users (CPU, RAM, GPU, Disk, LAN, Software)

VDI vs. HSD

  • why the topic of discussion is only VDI and not Hosted Shared Desktop or Hosted Shared Application. This technology requires significantly less resources and is suitable in 80% of cases.

Disadvantages of a VPN

No granular control to monitor and limit user access

  • A VPN Client can have a fairly complex and granular access control mechanism, such as something like "System Compliance Scanning, Policy Compliance Enforcement, End Point Analysis"
  • Since the article is about VDI, there is also no particularly granular control here, everything is very simple, either there is access or it is not.
  • Analytics systems have already appeared that, based on data about VPNs and other connections, centrally monitor the situation and warn about non-standard user behavior. For example - a non-standard or untimely increase in bandwidth.

Corporate data is not centralized and difficult to manage

  • Neither VDI nor VPNs are designed to centrally manage corporate information.
  • I can't imagine that in a serious company, critical information is located on the user's local computer.

High bandwidth connection required

  • I agree with this statement only partially. It all depends on the specifics of the user's work. If he's watching 4K video over the corporate network, then sure.
  • The real problem is that remote users have all Internet traffic routed through the corporate network. Probably worth trying to set up separate traffic.

The end user needs good hardware

  • This statement is not entirely true, since the actual consumption of resources depends on the configuration, but it is also minimal.
  • The VDI client also consumes resources, and in general it all depends on the intensity of the user's work.
  • In general, the corporate user is provided with high-quality equipment, based on a reasonable period of use and payback. By design, the cost of such equipment should be less than the cost of downtime for the end user. No one puts obviously bad equipment into the project

It is not possible to access Windows applications on other operating systems.

  • The reason for this statement is apparently that colleagues are not aware that VPN can be for almost any modern platform - Windows, Linux, MacOS, IOS, Android, etc.

Criteria affecting the use of one solution or the other

Infrastructure for VDI

It seems that VDI advocates are forgetting that VDI requires significant infrastructure, primarily servers and storage. Such infrastructure is not free. Its deployment implies a careful selection of the necessary components, in accordance with your particular scenario.

User workstation

  • What should the user be running? On his personal laptop or on a corporate laptop that he can take home? Or maybe a tablet or a thin client is quite suitable for him?
  • Can a user connect a home computer to a corporate network?
  • How can you ensure that your home computer is safe and that your company's security requirements are met?
  • And how is the user with the speed of Internet access (perhaps he will have to share it with the rest of the family)?
  • Keep in mind that there are different groups of users in your company, such as the sales department that is used to working from home, or the technical support department that sits in the call center.

Required applications

  • What are the requirements for the user's main work applications?
  • Web applications, applications installed locally, or do you already use VDI, SHD, SHA?

Internet and other company resources

  • Does your company have enough bandwidth to serve all remote users?
  • If you already have a VPN, can your hardware handle the extra load?
  • If you already use VDI, SHD, SHA, are there enough resources?
  • How quickly can you grow the necessary resources?
  • What about meeting security requirements? Working from home will not be able to meet all safety requirements.
  • What about technical support, especially if you decide to quickly implement a new technology for users?
  • Perhaps you are using hybrid cloud solutions and will be able to redistribute some of the resources?

Conclusion

As you can see from the above, choosing the right technology is a process based on a balanced assessment of many factors. Any IT specialist who a priori claims the unconditional advantages of a particular technology only shows his unsuitability. I wouldn't waste my time talking to him...

Dear reader, I wish you meetings only with competent IT specialists. With those who treat the client as a partner for long-term and mutually beneficial cooperation.

Always glad to constructive comments, and a description of your experience with the product.

Source: habr.com

Add a comment