VDI for CHEAP!!!

Dashrender

@Hubtech said:

so quicker easier would be just VPN and RDS.

This is exactly what I do today.
But considering i have a LMI Central account I am going to setup my few (5 or 6) users with LMI accounts under my Central account and give them access to their desktops. This will be much simpler than the VPN solution, since they don't need any of the other features of the VPN portion (like direct access to the servers or files, etc)

Dashrender

@JaredBusch said:

@Hubtech said:

so quicker easier would be just VPN and RDS.
Pertino and RDS in my opinion. I really do not think VPN is ever easier.

Maybe not, but Pertino has a monthly reoccurring cost. If you already have VPN in place it costs nothing to use.

A Former User

yeah. i'm using asa's at all of my clients right now. though i'm thinking about switching to another solution.

scottalanmiller

@Dashrender said:

@Hubtech said:

so quicker easier would be just VPN and RDS.

This is exactly what I do today.
But considering i have a LMI Central account I am going to setup my few (5 or 6) users with LMI accounts under my Central account and give them access to their desktops. This will be much simpler than the VPN solution, since they don't need any of the other features of the VPN portion (like direct access to the servers or files, etc)

LMI plus desktops is a great VDI alternative. We've done this for years.

scottalanmiller

@Hubtech said:

so quicker easier would be just VPN and RDS.

LMI is easiest.

Then RDS

Then Pertino and desktops

Then Pertino and RDS

Then traditional VPN and desktops

Then traditional VPN and RDS

Dashrender

@scottalanmiller said:

@Hubtech said:

so quicker easier would be just VPN and RDS.

LMI is easiest.

Then RDS

Then Pertino and desktops

Then Pertino and RDS

Then traditional VPN and desktops

Then traditional VPN and RDS

What, what? RDS - alone? do you publish the 3389 directly (probably using some form of PAT in reality?)? this is safe?

scottalanmiller

@Dashrender said:

@scottalanmiller said:

@Hubtech said:

so quicker easier would be just VPN and RDS.

LMI is easiest.

Then RDS

Then Pertino and desktops

Then Pertino and RDS

Then traditional VPN and desktops

Then traditional VPN and RDS

What, what? RDS - alone? do you publish the 3389 directly (probably using some form of PAT in reality?)? this is safe?

RDS is published alone sometimes. Not the end of the world. Obfuscating ports has no value. That's security through obscurity which is negative security.

But RDS has a web gateway built in that secures via HTTPS

Dashrender

@scottalanmiller said:

RDS is published alone sometimes. Not the end of the world. Obfuscating ports has no value. That's security through obscurity which is negative security.

But RDS has a web gateway built in that secures via HTTPS

Obfuscation wasn't for security it was so you could reduce the number or IPs needed to publish multiple machines from behind the firewall.

As for the RDS web gateway - is that a free addin on Windows server? I recall SBS having something like this (you could log into the SBS web portal, and then RDS to your internal PCs) but I never implemented it, so I have no idea how it works.

scottalanmiller

@Dashrender said:

@scottalanmiller said:

RDS is published alone sometimes. Not the end of the world. Obfuscating ports has no value. That's security through obscurity which is negative security.

But RDS has a web gateway built in that secures via HTTPS

Obfuscation wasn't for security it was so you could reduce the number or IPs needed to publish multiple machines from behind the firewall.

As for the RDS web gateway - is that a free addin on Windows server? I recall SBS having something like this (you could log into the SBS web portal, and then RDS to your internal PCs) but I never implemented it, so I have no idea how it works.

Oh, I see. RDS only needs one port.

Yes the web gateway is just included with RDS.

Nara

Disclosure: Among a few hats, I'm a VDI architect. What I'm about to say may be slanted a bit, but should be useful to some folks:

VDI often does have a business need driving it. Sometimes, it's even financially motivated. Here's a few of instances where VDI really shines:

1. You have many people doing the same thing. Places like call centers have bunches of people running the same programs the same way all the time. This is even more applicable if it's shift work where employees don't have an assigned cube to work in and rather just grab any one that's available. Now, they can log into their VDI session and get a crisp, clean desktop image and have their profile connected to it as a separate disk. The desktop image has been refined and perfectly tweaked by IT to have everything they need the way they need it, with very little fluff added. The user's data and customizations are still there, and they can pick up just like they were at their very own desktop PC. When they're done for the day/shift, they logoff, the data disk is disassociated and stored for later, and the VM is deleted.

2. There's an important or very complex resource somewhere else. Companies are starting to realize that using colos and hosted facilities (or if they have the infrastructure, internal datacenters) leads to more solid uptime and consistent experiences. Naturally, they'll want to safeguard these systems, such as LOB applications, by putting them out there. Often times, these systems are more traffic-heavy than other applications and perform better when on the same network instead of trying to move data across the WAN. Placing VDI in the same environment not only increases the reliability and uptime of the desktop environment, but it also allows the client sessions to work with the servers at LAN speed.

From a financial standpoint, VDI becomes attractive when it's time for large hardware refreshes. With VMware Horizon View, for example, VDI clients pretty much can run on tin cans. Instead of getting a new batch of desktops, get a batch of solid-state thin clients, or even reload the desktops with Linux and a PCoIP client and replace them through attrition. That alone doesn't save much money. What does, however, is the drop in the desktop support headcount (or gains by freeing up desktop support to help with other roles). Almost all basic support issues can be resolved with 1 of 4 things:

1. Delete the session
2. Rebuild the profile
3. Replace the client.
4. Add change to base image.
   Managing computers is no longer needed, so systems like SCCM, LANDesk, and Altiris no longer need to have their annual support purchased. The system has built-in remote connectivity, so you aren't managing LogMeIn or the like on desktops, and antivirus is enforced at the host level. Once you factor things like this in, the true cost of deployment starts to look more like ROI.

Need to support BYOD? Users can access their corporate desktops from nearly any kind of device while keeping corporate data off of those devices.

Nara

For those considering XenApp, try RDS first. You'll get most of the same functionality, but without the extra cost and overhead. If you're going to set up an RDS gateway, also toss in Remote Desktop Web Access so that your users have a web portal to go to and connect via. It'll launch their session for them and configure the RDS gateway if needed. It's also where you can publish RemoteApp, for those that have company computers already, but only need RDS for a certain application.

scottalanmiller

I'm a big fan of RDS vis-a-vis XenApp.