After my first blog, I received a few comments focused about user-installed applications and how there isn’t much talk about them. Faisal posted a comment that stated he was doing a pilot with XenDesktop. Right now the biggest complaint is that users can’t install their own “personal” applications and this is one of the big questions regarding virtual desktops. We had a few comments from others wanting to know the same thing (some really good posts). Well, here are my thoughts
With a physical desktop model, users could essentially do just about anything to their workstation. How much of a good thing was this? It makes the user happy, but what are the associated risks?
- Managing the endpoint became a nightmare. Hard to know what application conflicts will ensue with these unknown applications.
- Introduction of viruses, malware, spyware, etc. Many of the applications users install are freeware/shareware from untrustworthy sites. If it is on the desktop, does it now have the freedom to inflict damage to the rest of the network?
- Workstations became bloated and eventually slowed to a crawl resulting in IT having to completely rebuild the workstation.
Let’s now move to the desktop virtualization model. If we are using hosted virtual desktops, that typically means the desktop is now operating within the confines of the data center. If you allow users to install applications onto their hosted virtual desktop, in my opinion, you might as well just open the doors to your data center and let anyone in because that is what you are doing if you let users install anything. Doesn’t that concern you? If not, try telling this to a security person within the organization. After they recover from their stroke, they will tell you why this is not a good idea.
Now I’m not saying that we can’t and shouldn’t allow user-installed applications, I just want to make sure everyone understands the risks with doing such a thing. With the 3rd party solutions that are out there (AppSense and Atlantis Computing were mentioned in the comments from a previous blog post), my question would be
- How do we protect the data center from unknown apps.
- How do we keep the virtual desktop optimized and supportable. I don’t want manage more bloated desktops By the way, this makes a great case for a Bring Your Own Computer (BYOC or BYOPC) model.
I do just want to add one more point. I’ve been using a hosted virtual desktop for about 2 months now with a shared disk, so any changes I make (application installs) go away after reboot. Truthfully, I haven’t had much of a problem. I did need to download and install a few freeware tools to help me finish a project, but I only used those items for about 2 hrs. The nice thing, in this instance, was after I rebooted, they were gone. I don’t plan on using them again. And if I do, I’ll just re-install. Of course this isn’t an application I need.
So the final question is should we really allow user-installed applications to persist or should we have a process in place where IT can quickly virtualize and deliver these applications to the respective users through a standardized application delivery approach?