Today desktop administrators face a wide array of challenges, from planning and implementing operating system migrations to ensuring that security controls are in place and up to date. They are also grappling with consumer devices in the enterprise. Some enterprises will continue to support traditional desktop environments, perhaps augmented with mobile device management systems to support bring-your-own-device (BYOD) users, but others will turn to Desktop as a Service (DaaS). DaaS providers host virtualized desktops in a third-party data center that delivers desktops on demand to end users.
This is a logical extension of virtual desktop infrastructure (VDI), which provides similar virtualization services, but uses on-premises infrastructure rather than an external data provider.
The appeal of DaaS stems from several business drivers. Maintaining traditional desktops is costly. Desktop administration can be time-consuming, even with applications for remote monitoring, diagnosing and patching. Security is another consideration. In a virtualized environment, standardized images are deployed to each user. Security tasks like patches, antivirus updates and configuration changes can be applied to a single master image rather than to individual devices. And there is an additional business driver for DaaS: lower capital expenditures. VDI infrastructure requires that enterprises maintain desktop servers in-house, while DaaS makes use of a third-party data center or cloud provider.
If DaaS suits your requirements, consider how you will migrate from your existing desktop infrastructure to DaaS. A structured approach to migration can help reduce the risk associated with maintaining service levels, ensure security controls are in place, and help adapt to new system administration tools and practices.
Defining desktop groups and categories
A common practice with virtualized desktops is to define a set of master, or golden, machine images that form the foundation of a user’s virtualized desktop. The images are created to support the needs of a particular group of users, such as developers, analysts or executives. For example, the developer golden image might be configured with Microsoft Visual Studio, Eclipse, and several compilers and build tools, while the analyst desktop is configured with an ad hoc database query tool, a statistical analysis package and Microsoft Office. Early in the migration process, you should define the set of user groups you will support and the applications and configurations needed for those groups. One challenge is balancing the desire to have specialized desktops for users with the need to keep the number of distinct golden images to a manageable number. DaaS platforms support personalization, so end users can customize their desktops to some extent.
Your software licenses may influence how you configure golden images. Software used under site licenses can be deployed without concern for the number of users working with the application. Similarly, named licenses assigned to a particular user are readily managed. If you are supporting applications with concurrent user licensing, you should assess your ability to enforce the appropriate limits in a DaaS environment.
As part of defining user groups, you should specify authorizations for access to data and applications. If you use an LDAP or Active Directory server for this purpose, you should be able to employ that in your DaaS environment.
Prioritizing migration by groups
Once you have your user groups defined, the next step is to prioritize how those groups will be migrated to a DaaS environment. In general, start with users that are tolerant of potential disruptions and troubleshoot if needed. Software developers are good candidates (assuming you are not making them switch systems too close to a major deliverable).
Next choose user groups with low security risks. These groups have minimal need for confidential or proprietary data and are not using administrative functions in enterprise applications.
Groups comprising users with access to sensitive information and applications should be migrated late in the process. If there are errors in the authentication or authorization procedures, it is better to discover and correct those with more risk-tolerant groups.
Performing pilot tests
A small pilot migration can help identify problems with your DaaS migration plan or implementation and offer the opportunity to collect data on key metrics about your DaaS deployment.
The pilot test group can be a subset of one or more of the groups already identified in your list. Having users from multiple groups is a more realistic test and could provide more data on group-related tasks. In particular, you can collect data about the time required to configure groups, the time needed to deploy golden images, and the number of help desk calls per user. To get the most value from your pilot test, track details of all troubleshooting issues. They should be grouped into categories such as security, application function, performance and more.
The results of the pilot test can help you to evaluate and refine your plan. For example, during the pilot test you may find that some devices require a different remote desktop protocol than you anticipated or that the original group structure should be restructured to better accommodate unanticipated application requirements.
Testing deployment and user acceptance
The ultimate goal of a DaaS migration plan is to deploy a virtualized desktop service that meets the needs of users. This requires defining DaaS policies and procedures that specify how DaaS will be maintained. Virtual desktop golden images need to be created and tested before deploying to users and access controls will have to be implemented as well. In addition to these enterprise-level considerations, migrate user data to the new platform. Some data may be consolidated on shared file servers, but users may have files on their local desktops that will need to be copied to their new virtualized desktop.
The migration is not done when you’ve rolled out the new desktops. Users will almost certainly have feedback. Be prepared by creating a mechanism for structured feedback, such as an online form or survey. Even soliciting descriptions of problems along with a few categorical attributes (such as type of problem, configuration, security, performance, other) can allow you to collect and organize useful feedback.
If DaaS seems like a good fit for your desktop requirements, take the time to plan the migration to minimize problems and streamline deployment operations.
About the Author
Dan Sullivan, who holds a master’s degree in computer science, is an author, systems architect and consultant with more than 20 years of IT experience, with engagements in advanced analytics, systems architecture, database design, enterprise security and business intelligence.