The driver behind server virtualization is clearly cost savings, while agility and flexibility also have value. This well-known return on investment is achievable because servers have fairly predictable workloads, tend to be rather static in their workloads (an Exchange server tends to stay an Exchange server).
Also, the number of servers that can be run on each CPU across a datacenter tends to be low because, generally speaking, they need more horsepower than an end-user system.
Virtualized desktops are quite different. The number of desktops per-CPU across a Virtual Desktop Infrastructure (VDI) is much higher than with servers. The environments tend to be highly dynamic, with instance being instantiated and destroyed at a high rate.
Naturally, trying to lead with cost savings as a primary goal of a VDI deployment is problematic. Instead, agility and flexibility are key.
In-fact, David K. Johson points-out (full blog post here) that employee flexibility is a major driver, with the consumerization of end-user hardware bolstering this trend. This resembles the current understanding behind public cloud adoption – it is flexibility and agility, both in IT and time-to-market, that are primary drivers, not cost (Gartner, “Predicts 2014: Cloud Computing Affects All Aspects of IT”).
VDI and the cost of agility
However, there is no getting away from costs. Even if one is making the appropriate internal business case for the costs of setting-up VDI, if hardware costs are wildly inaccurate, if won’t bode well for the success of the project.
Hardware costs are naturally inversely related to performance; the more VDI instances that can be run per-CPU (the higher the performance), the lower the hardware costs for a project with a given number of VDI instances.
Greatly enhancing agility and flexibility simply won’t matter if the hardware costs need to be doubled, or if the management burden is far higher than expected.
Where does endpoint security fit in this model?
This is where endpoint security can really hurt. If, when estimating hardware costs, the resources required for each VDI instance don’t include antimalware, there’s a good chance that when deploying production VDI instances that use traditional antimalware, the performance will be highly degraded.
On the other hand, if including traditional antivirus in estimate, the hardware costs may put the project out of reach.
Since VDI is a far more dynamic environment than virtualized servers, management burden of the security of instances can become troublesome. Traditional antivirus management systems simply aren’t built to manage endpoints that appear and disappear by the hundreds, thousands, or more on a daily basis.
These factors can easily be overlooked by a team that has had great success in virtualizing servers. If overlooked, they can certainly put a VDI project in peril. Administrators should not have to choose between deploying with endpoint security, readjusting expectations of cost upward significantly, or abandoning VDI projects altogether.
For a deep look at these issues, be sure to read this solution paper: