There has been a lively discussion going on in the VDI related Blogosphere kicked off here by Dan Feller and Brian Madden here. This issue of whether or not to allow “User Installed apps “exemplifies the dichotomy that IT Pros struggle with architecting a system that meets the business challenges of security, cost, and compliance plus at the same time satisfying the needs of knowledge workers with high demands and expectations.
As VDI expands from task oriented deployments to broader general purpose PC replacement scenarios this issue is likely to gain more attention. Most companies don’t condone user installed apps but many do allow users to have administrator rights to their work PC and may look the other way regarding what an individual installs on their own. When it comes time to virtualize everything for VDI however now they need to pay attention. But how big an issues it ?
Dan indicates from an IT best practice standpoint it is better to develop an effective workflow that speeds and automates the IT approval, packaging, and delivery of new apps that individuals need to be productive. Will knowledge workers accept this solution ? As the commenter’s indicate, this works for some but not all situations. Brian Madden proposed another alternative, just give the power users a second VM for unique/personal apps. Keep the corporate VM pristine under IT control and let users have their own separate sandbox if warranted. This may be a bit of a brute force solution but would work If the costs are justified. I like it because I do it myself now, although I use lab VM’s as a sandbox vs IT delivered VM’s. The commenter’s however also found issues with this solution due to costs plus compliance issues about what SW/data gets installed into those user VM’s. Some offered up BYOC as a solution if users really needed their own environment. There are many 3rd parties looking to enable User Installed apps as well, however even if the technical challenges are solved will IT support/endorse/allow this? Let me put forth another option/proposal, sometimes when I’m on a system thats not mine or a thin client I connect to my home PC via GoToMyPC and keep it running as long as I need it. This gives me access to apps that are not provided by IT, I have all the freedom to install what ever I want and IT doesn’t need to deal with infrastructure costs or compliance issues. Yes this assumes that the power user has their own powered on PC and GoToMyPC does not currently have all of the features I might want for this solution, but you get the idea.
Let us know what you situations you face, is it a problem and do you see a solution for it? If you have another idea or comments on the above, please share it.