Separating Applications from Virtual Desktops

As virtual desktop solutions have evolved and seen greater adoption across organizations, IT departments have seen a steady increase of the number of Golden Images they support. It’s typical to see a golden image per department, or use case, each with their own specific set of applications and security permissions. 

Many organizations are realizing the value virtual desktops bring, but are burdened with the management overhead and want to reduce the complexity and number of Golden Images. The OS and same application may have to be updated multiple times for each department that uses them. 

Today’s solutions allow for applications to be abstracted from the desktop which allows you to manage the virtual desktop independently from the applications. This is desirable as you manage application settings, make security changes and apply updates in one centralized place for everyone, regardless of department. This also keeps a smaller footprint by keeping “bloat” out of the desktop. You won’t have to deal with hard drives filling up as unnecessary applications that can hinder troubleshooting are not installed. This also helps control costs as you “right-size” the desktop, a small 40GB hard drive will be more than enough to house Windows and Windows patches.

There are two ways to abstract the application from the desktops, application virtualization and application layering.

Application Virtualization

Application virtualization takes the application off of the desktop (both virtual and physical) and completely isolates it from the user’s operating system. The application is running on an independent dedicated server, not the virtual desktop, and is delivered to a user virtually over a network. A desktop connects to this remotely running application and all of the application processing is offloaded to the server. This allows IT to deliver an application that will run on any operating system. Need to run Internet Explorer 9, but want to move to Windows 10? No problem. Legacy applications can now run on unsupported operating systems. You can even run Windows-only applications on a Mac. 

With all the advantages, IT decision makers should be aware of the drawbacks. It is important to correctly size the terminal servers that are running the virtualized application. Since there is one server session for every virtualized app user, this introduces the possibility of resource contention (noisy neighbor).

Another factor to consider is if you have applications that need to interact with other applications. Because the virtualized app is not running natively on the user’s desktop, it will not be able to effectively interact with applications that are installed on the desktop. For example, if you are using a virtualized browser and click on a link to submit a question or feedback, the user may expect their email application to open and populate with the correct email address. In this scenario, the virtualized browser would look for an email application running on the terminal server, not the user’s desktop. Remember that virtualized apps are running in isolation and are not aware of other applications.

Application Layering

Application layering offers a different approach. The layering concept starts with a single golden image. This simplifies management as every user gets the same Windows 10 base image. After the base image is available to the user, enterprise-wide core applications such as Microsoft Office applications are layered on for all users. Then, based on a user’s Active Directory Security Group, the next layer would include department specific applications. QuickBooks is layered on for users in the accounting department, Adobe Photoshop for graphic designers, and so on.

The last, optional, layer is the user’s profile data to preserve user preferences and desktop customization. For all the benefits of application layering, login times may increase slightly as you have to account for the time it takes to mount storage volumes to the virtual desktop. 

To make things easier, applications can be grouped by department as well. The layering process allows the desktop to be managed independently of the applications, and allows granular control over which users get access to what applications. These layers will follow users as you’d expect, ensuring they always have access to their applications and data. All of this can be managed remotely, with one easy to use interface or portal. 

When you are ready to start creating an application layer, you create a read-only storage volume (a virtual disk) that contains everything needed to run the application. This includes folders, executable files and Registry keys. The virtual desktop has access to the vDisk (VMDK or VHD), and contains a software agent that allows it to be mounted, or attached.

Even though the application is not installed on the user’s C: drive, Windows will see the application as locally installed. This means the application is not running in isolation, and the application uses the user’s desktop resources. Additionally, the application can talk to other desktop applications as well as the operating system, so the application will behave exactly as the user expects. Application layering is dependent on the desktop OS, and the two must be compatible which leads us to an important note; layering a legacy application may results in a complex, frustrating deployment.

Since multiple users connect to the same vDisk, it is very easy to manage applications at scale. Application configuration changes, upgrades, and patches are much easier to manage. Conversely, it requires a properly architected storage solution, since any performance degradation will impact all users.  To ensure the best end user experience, the storage solution must have the ability to consistently deliver a high number of IOPS and low latency, even under the unpredictable nature of end user behavior. Leveraging an experienced and specialized service provider allows you access to layering technology while easing your concerns on properly scaling your storage platform.

NOTE:
No tool today can offer 100% success in virtualizing every application so your specific environment might require a combination of solutions. Instead of tasking your team to learn multiple new technologies (app virtualization and layering), lean on a trusted VDI provider to help you in the journey. 

Virtual Desktop Technology Keeps Evolving

First we had persistent desktops. Then we had non-persistent desktops. Then we had non-persistent desktops with profile management so users could rearrange their icons and get a consistent, customized feel every time the logged in. This led us to a great spot, but two problems remained. There was a golden image for each department, and when we wanted to update an application, all of the desktops had to be recomposed.

As virtual desktop adoption increased, it became harder and harder for IT teams to recompose, or re-provision, the desktops every time an application security patch was released. Now, with mature application layering technologies, the missing piece to the virtual desktop solution is finally here. IT can deliver new application features the business needs, and apply security updates that Information Security teams demand. Take your virtual desktops and applications to the next level by enabling faster and more efficient delivery to your users.

You may also like:

• Solving End User Frustrations with VDI 
• Understanding Virtual Desktop Sizing
• App Streaming or Desktop Virtualization