By Pete Langas, Nerdio
Over the past year, we have seen a fundamental shift in the way people across the globe work and run their businesses. With large corporations like Microsoft, Facebook, and Spotify opening up work-from-home (WFH) options, organizations are forced to come up with cost-effective, powerful, and reliable remote solutions. In today's world, businesses are forced to consider a much more dynamic “office” with WFH users in separate geographic locations all over the country or world, and on varying networks. Understanding all this makes it important to consider robust solutions that support hybrid work environments. One of these solutions to consider is Windows Virtual Desktop (WVD) when approaching these challenges.
Understanding WVD & Basic WVD Deployment
It’s important to spend a moment discussing what WVD is, before exploring the technical benefits of the solution. In Microsoft’s own words, “Windows Virtual Desktop is a desktop and app virtualization service that runs in the cloud.” In other words, WVD allows people to run both fully customized virtual desktops and/or specific remote applications in virtual environments without needing to purchase any of the physical hardware themselves. WVD is a solution offered through Microsoft’s virtual cloud platform known as Microsoft Azure. Azure provides the ability to configure a virtual office space that conforms to the highest security requirements, while also being one of the most dynamic and flexible solutions on the market today. Enterprise organizations get to work with the confidence that their virtual environments are backed by Microsoft’s trillion-dollar security backbone and the most modern and advanced security features.
With a basic understanding of WVD, we can now take a deeper dive into the benefits of the solution.
One of the primary concerns with the modern office is security. Users are working on either company or personal devices and the networks they connect to can be anything from their home network to a local coffee shop. As a result, the security of critical company data is at risk, especially if users are in the habit of saving folders or files on their desktop. Let’s break this conversation down into three distinct categories:
- Network Security – Starting on the Network layer, Azure has a plethora of options for you to choose from when it comes to ensuring your client environment is secure. These include things like Azure Firewall, Azure DDoS protection, and Azure Monitoring and Threat Detection. Utilizing one of these, or even a combination of them provides you the flexibility to shore up your environment based on best practice and the industry requirements for your client.
- User Security – With Azure’s Resource Based Access Control (RBAC), administrators can set specific user-layer permissions or broader group permissions for access to resources within Azure. This can be something as simple as an Azure Marketplace application, or as broad as an entire Azure subscription with all the subsequent resources. As an administrator Azure RBAC allows you to abide by the philosophy of “least privilege”, keeping your environment secure if a user account is compromised. Through Conditional Access Policies (CAP) you can set rules to enforce MFA for all users or a subset of users.
- Data Security – It’s easier to invent a new coding language than it is to introduce a new process or workflow for end users to follow. As a result, introducing the cloud can be a daunting prospect. However, WVD does an excellent job of simplifying this to one easy change. Since WVD publishes an entire virtual desktop for each unique user, you can configure it so the end user experience is identical to their local machine. You can copy over their Favorites, Desktop, Documents, and even Downloads folders to the cloud. You also can set their background to be identical, and even customize their taskbar settings. To add to this, WVD does an excellent job on the audio/video and USB passthrough so that local devices can be accessed from WVD and video calls can be easily taken within the WVD session.
Now, this is all great, but you might be asking, “How does this help with data security?” Well, the answer is quite simple. Users working and saving data locally present an incredible security risk, especially since the endpoint and network they are utilizing might not be secure. If you can create a parallel experience in the cloud, end users will have an easy transition and often don’t even notice they are in their WVD environment when they log in each day. If the employee leaves the company, sensitive data remains fully secure and can be controlled. If the end user's device is lost or stolen, it is easy to process a password reset and send the user another device. In this case, no sensitive company data is lost since end users have everything in the cloud.
Flexibility And Cost Savings
One of the big advantages of leveraging cloud services is that you only consume what you need, and that’s what you’ll pay for. Need a few more machines because user demand increases? No problem. No longer need them a few hours later? Fine. Turn them off and you will no longer be billed for consumption. From a cost control perspective, this is exactly the flexibility IT leaders need.
The last thing to discuss around flexibility and cost savings is in regard to hardware refresh in the cloud. With WVD, you no longer must deploy and maintain these machines and services separately; this is all done by Microsoft. They will update, patch, and make sure all components are redundant, resilient, and more. In other words, it’s simple, consistent, and your (customer) deployments - at least from a backend perspective - will always be the same.
When considering the modern dynamic office that consists of employees working throughout the country or globe, it can be challenging to ensure great end user performance. This is especially true when users are attempting to access data or applications stored on company servers.
When it comes to WVD pools and the resources user sessions are run on, you have an incredible ability (using tools like Azure Resource Monitor) to gather time-of-day data on when users are most active and what standard work patterns look like. This allows you to configure the environment to size up appropriately when users are working, and then size down when they have signed out for the day. Knowing exactly when users are active and architecting the environment to accommodate for that helps to ensure a fantastic end user experience, while also allowing you to capture great cost savings.
WVD Deployment Success Story
Need proof about the value and impact of WVD in the hybrid work environment? When COVID-19 hit in 2020, the New York City Department of Environmental Protection (NYC DEP) used Nerdio Manager for WVD to move roughly 2,000 employees to remote work in a matter of days—90 percent faster than it could have using VPN connections (and without the need for new hardware). NYC DEP also used Azure Active Directory Application Proxy and Azure Application Gateway to provide more secure remote access to internal applications with multi-factor authentication.
To support around-the-clock operations, the IT department runs multiple data centers across the city’s five boroughs, and it continually reassesses how to provide seamless disaster recovery and broad scalability. As part of this strategy, NYC DEP was an early proponent of virtualization and cloud services, and it has stayed true to this commitment.
About The Author
Pete Langas is Sr. Director of Enterprise Sales at Nerdio.