Does VDI Conquer the Dashrender Challenge?
-
@scottalanmiller said in Does VDI Conquer the Dashrender Challenge?:
@Dashrender said in Does VDI Conquer the Dashrender Challenge?:
Now you've lost me.
You put RDS (as in terminal services?) in front of VDI? why?
This is what "everyone" does, to the point that most vendors will even claim that it is "so common" that it is what "VDI really means", which is, of course, marketing crap. But when people say they have a "VDI system", this is part of what they mean.
I'm nearly the only person that ever talks about using VDI without it, in fact. Or without something that replaces it. All "VDI solutions" do something of this nature. Microsoft and Citrix use RDS specifically. Vmware and RHEL use alternatives that don't use RDP as the protocol.
All "VDI systems" are doing this. It's doing VDI on your own without some product to buy that is just about the only way to avoid that.
And as most IT views all implementations as "things you buy" rather than "things you do", VDI becomes reduced to RDS-like services since that is what you can "buy" with VDI in the name.
OK - now we are getting somewhere. I've never investigated the whole marketing thing behind VDI in the past - which is why I asked
@Dashrender said in Does VDI Conquer the Dashrender Challenge?:
I don't understand how to build a VDI infrastructure - something I've never done before. Will I have performance issues? how much RAM do I need? etc, etc, etc.
I've only seen/heard anyone talk about VDI in those marketing type setups.
So I have to ask - WTF? why would anyone want that? I mean of course, hundreds of users, etc WAN acceleration - I get those things... But why RDS in front of VDI? What's the gain?
I've also heard (I think) something about VDI solutions building and destroying VMs on the fly for users as they connect, to keep resource usage (mainly disk space I guess) down - is that a thing? I could see that being useful - but to the point of needing RDS in front of the VDI host to make it work?
It seems like the whole VDI thing is mainly a scam to get money for nothing?
Question - is it hard to get users to access their VDI assuming it's an always running VM? Do the users need some type of RDS gateway to make it easier to access? or to secure it?
We constantly see people saying 'never publish RDP to the internet' - but how much of that is just fud, and the real issue is poor passwords and no lockout policy?
-
@scottalanmiller said in Does VDI Conquer the Dashrender Challenge?:
@Dashrender said in Does VDI Conquer the Dashrender Challenge?:
@scottalanmiller said in Does VDI Conquer the Dashrender Challenge?:
Yeah, I found something from 2009.
So we agree that SA can be added to Full new or OEM licenses within 90 days?
Seems reasonable. So that saves another $160 there.
I'm not sure where that number comes from - it wasn't included any any of my figures. I only included the full license (I didn't show a set of figures where a machine included an OEM license), nor did I ever show a figure that included the VLSC upgrade license.
-
@Dashrender said in Does VDI Conquer the Dashrender Challenge?:
So I have to ask - WTF? why would anyone want that? I mean of course, hundreds of users, etc WAN acceleration - I get those things... But why RDS in front of VDI? What's the gain?
- Because many of the touted benefits of VDI require it. Aggregating bandwidth, added network security, less storage utilization, centralized management, automation, etc. Not the things that matter most, but often pretty nice benefits.
- Because most VDI deployments are "sold" to customers, not "chosen because VDI was needed."
- Because most IT seeks to "purchase" solutions rather than implementing them and no one is "selling" free DIY VDI.
-
@Dashrender said in Does VDI Conquer the Dashrender Challenge?:
@scottalanmiller said in Does VDI Conquer the Dashrender Challenge?:
@Dashrender said in Does VDI Conquer the Dashrender Challenge?:
@scottalanmiller said in Does VDI Conquer the Dashrender Challenge?:
Yeah, I found something from 2009.
So we agree that SA can be added to Full new or OEM licenses within 90 days?
Seems reasonable. So that saves another $160 there.
I'm not sure where that number comes from - it wasn't included any any of my figures. I only included the full license (I didn't show a set of figures where a machine included an OEM license), nor did I ever show a figure that included the VLSC upgrade license.
I know, but yours were ignoring that you don't buy the license separate. You were adding an unneeded full license cost of $300. Which I showed was only $160. That now we learn is $0.
-
@Dashrender said in Does VDI Conquer the Dashrender Challenge?:
I've also heard (I think) something about VDI solutions building and destroying VMs on the fly for users as they connect, to keep resource usage (mainly disk space I guess) down - is that a thing? I could see that being useful - but to the point of needing RDS in front of the VDI host to make it work?
Yes, that is VERY common and most of those solutions do that. Ephemeral VDI.
RDS isn't the only way to do it, you could use Ansible and build your own solution like that. But probably best to just buy a solution that already does it automatically.
-
@Dashrender said in Does VDI Conquer the Dashrender Challenge?:
It seems like the whole VDI thing is mainly a scam to get money for nothing?
Hence why it is sold by sales people and not requested by customers. If a solution was both useful and obvious, then it has no need to be sold. Lack either aspect, and you need sales people for it to happen.
Think about almost anything you buy in IT, you normally pay a lot and get very little. Especially things with lots of buzz around them. "Buzz" is a term for things where you pay a lot for very little, like Apple products.
VDI products are obvious, but rarely useful. Hence, the need for loads of sales people to push them.
-
@Dashrender said in Does VDI Conquer the Dashrender Challenge?:
Question - is it hard to get users to access their VDI assuming it's an always running VM? Do the users need some type of RDS gateway to make it easier to access? or to secure it?
No harder than any desktop. It's so easy, it's amazing that anyone thought that something more would be needed.
Whatever you need for a normal desktop, that's what you need for VDI. Because VDI is just a normal desktop that you can't sit at.
-
@Dashrender said in Does VDI Conquer the Dashrender Challenge?:
We constantly see people saying 'never publish RDP to the internet' - but how much of that is just fud, and the real issue is poor passwords and no lockout policy?
That's FUD. RDP is a fully secured protocol. It is wrapped in SSL, so already inside a VPN tunnel. It is as secure as anything else.
RDP has a tendency to be a high profile target, which is still not a big deal.
The biggest issues with RDP are that...
- Microsoft's implementation of an RDP server lacks common sense security to lock out brute force attacks. Like how fail2ban protects SSH.
- End users of RDP tend to be "Windows users" and that user group is notoriously incapable of doing things properly so tend to use weak passwords that never change on publicly exposed services.
If you treat RDP like you normally treat SSH (smart users, good security) they are equally secure.
-
@scottalanmiller said in Does VDI Conquer the Dashrender Challenge?:
like Apple products.
Upvote for that.
-
NTG runs NX as our VDI protocol. We use Deepin Linux desktops running on a Scale HC3 cluster. Scale storage does a dedupe and compression process so our VDI nodes use almost zero storage as almost every bite of each VM overlaps with the others. They are "always on", though, so using RAM and CPU all of the time.
-
@scottalanmiller said in Does VDI Conquer the Dashrender Challenge?:
NTG runs NX as our VDI protocol. We use Deepin Linux desktops running on a Scale HC3 cluster. Scale storage does a dedupe and compression process so our VDI nodes use almost zero storage as almost every bite of each VM overlaps with the others. They are "always on", though, so using RAM and CPU all of the time.
But what if I want to use my Windows only software? What then Scott, what then?!
-
@DustinB3403 said in Does VDI Conquer the Dashrender Challenge?:
@scottalanmiller said in Does VDI Conquer the Dashrender Challenge?:
NTG runs NX as our VDI protocol. We use Deepin Linux desktops running on a Scale HC3 cluster. Scale storage does a dedupe and compression process so our VDI nodes use almost zero storage as almost every bite of each VM overlaps with the others. They are "always on", though, so using RAM and CPU all of the time.
But what if I want to use my Windows only software? What then Scott, what then?!
What do you mean? We use Windows on that too, just not as often.
-
@scottalanmiller said in Does VDI Conquer the Dashrender Challenge?:
@DustinB3403 said in Does VDI Conquer the Dashrender Challenge?:
@scottalanmiller said in Does VDI Conquer the Dashrender Challenge?:
NTG runs NX as our VDI protocol. We use Deepin Linux desktops running on a Scale HC3 cluster. Scale storage does a dedupe and compression process so our VDI nodes use almost zero storage as almost every bite of each VM overlaps with the others. They are "always on", though, so using RAM and CPU all of the time.
But what if I want to use my Windows only software? What then Scott, what then?!
What do you mean? We use Windows on that too, just not as often.
It was tongue in cheek
-
@scottalanmiller said in Does VDI Conquer the Dashrender Challenge?:
@Dashrender said in Does VDI Conquer the Dashrender Challenge?:
We constantly see people saying 'never publish RDP to the internet' - but how much of that is just fud, and the real issue is poor passwords and no lockout policy?
That's FUD. RDP is a fully secured protocol. It is wrapped in SSL, so already inside a VPN tunnel. It is as secure as anything else.
RDP has a tendency to be a high profile target, which is still not a big deal.
The biggest issues with RDP are that...
- Microsoft's implementation of an RDP server lacks common sense security to lock out brute force attacks. Like how fail2ban protects SSH.
- End users of RDP tend to be "Windows users" and that user group is notoriously incapable of doing things properly so tend to use weak passwords that never change on publicly exposed services.
If you treat RDP like you normally treat SSH (smart users, good security) they are equally secure.
I've held this belief for many years.
-
@Dashrender said in Does VDI Conquer the Dashrender Challenge?:
@scottalanmiller said in Does VDI Conquer the Dashrender Challenge?:
@Dashrender said in Does VDI Conquer the Dashrender Challenge?:
We constantly see people saying 'never publish RDP to the internet' - but how much of that is just fud, and the real issue is poor passwords and no lockout policy?
That's FUD. RDP is a fully secured protocol. It is wrapped in SSL, so already inside a VPN tunnel. It is as secure as anything else.
RDP has a tendency to be a high profile target, which is still not a big deal.
The biggest issues with RDP are that...
- Microsoft's implementation of an RDP server lacks common sense security to lock out brute force attacks. Like how fail2ban protects SSH.
- End users of RDP tend to be "Windows users" and that user group is notoriously incapable of doing things properly so tend to use weak passwords that never change on publicly exposed services.
If you treat RDP like you normally treat SSH (smart users, good security) they are equally secure.
I've head this belief for many years.
What?
-
@scottalanmiller said in Does VDI Conquer the Dashrender Challenge?:
@DustinB3403 said in Does VDI Conquer the Dashrender Challenge?:
@scottalanmiller said in Does VDI Conquer the Dashrender Challenge?:
NTG runs NX as our VDI protocol. We use Deepin Linux desktops running on a Scale HC3 cluster. Scale storage does a dedupe and compression process so our VDI nodes use almost zero storage as almost every bite of each VM overlaps with the others. They are "always on", though, so using RAM and CPU all of the time.
But what if I want to use my Windows only software? What then Scott, what then?!
What do you mean? We use Windows on that too, just not as often.
I'm assuming the Scale would do the same for the storage with Windows... because that's part of the Scale system.
-
@DustinB3403 said in Does VDI Conquer the Dashrender Challenge?:
@Dashrender said in Does VDI Conquer the Dashrender Challenge?:
@scottalanmiller said in Does VDI Conquer the Dashrender Challenge?:
@Dashrender said in Does VDI Conquer the Dashrender Challenge?:
We constantly see people saying 'never publish RDP to the internet' - but how much of that is just fud, and the real issue is poor passwords and no lockout policy?
That's FUD. RDP is a fully secured protocol. It is wrapped in SSL, so already inside a VPN tunnel. It is as secure as anything else.
RDP has a tendency to be a high profile target, which is still not a big deal.
The biggest issues with RDP are that...
- Microsoft's implementation of an RDP server lacks common sense security to lock out brute force attacks. Like how fail2ban protects SSH.
- End users of RDP tend to be "Windows users" and that user group is notoriously incapable of doing things properly so tend to use weak passwords that never change on publicly exposed services.
If you treat RDP like you normally treat SSH (smart users, good security) they are equally secure.
I've head this belief for many years.
What?
poor typing skills -
-
If you do RDP from Linux, and have Linux users, RDP is totally secure.
To address short coming of the Windows products and users, you can get add ons to RDS that add "fail2ban" style functionality, and add a secondary authentication mechanism to make it harder to brute force. But it is all silly that it is needed.
Also, like any protocol, you can lock it at the firewall. Some firewalls will have the needed functionality to increase RDP security.
-
@Dashrender said in Does VDI Conquer the Dashrender Challenge?:
@scottalanmiller said in Does VDI Conquer the Dashrender Challenge?:
@DustinB3403 said in Does VDI Conquer the Dashrender Challenge?:
@scottalanmiller said in Does VDI Conquer the Dashrender Challenge?:
NTG runs NX as our VDI protocol. We use Deepin Linux desktops running on a Scale HC3 cluster. Scale storage does a dedupe and compression process so our VDI nodes use almost zero storage as almost every bite of each VM overlaps with the others. They are "always on", though, so using RAM and CPU all of the time.
But what if I want to use my Windows only software? What then Scott, what then?!
What do you mean? We use Windows on that too, just not as often.
I'm assuming the Scale would do the same for the storage with Windows... because that's part of the Scale system.
Correct
-
@DustinB3403 said in Does VDI Conquer the Dashrender Challenge?:
@Dashrender said in Does VDI Conquer the Dashrender Challenge?:
@scottalanmiller said in Does VDI Conquer the Dashrender Challenge?:
@Dashrender said in Does VDI Conquer the Dashrender Challenge?:
We constantly see people saying 'never publish RDP to the internet' - but how much of that is just fud, and the real issue is poor passwords and no lockout policy?
That's FUD. RDP is a fully secured protocol. It is wrapped in SSL, so already inside a VPN tunnel. It is as secure as anything else.
RDP has a tendency to be a high profile target, which is still not a big deal.
The biggest issues with RDP are that...
- Microsoft's implementation of an RDP server lacks common sense security to lock out brute force attacks. Like how fail2ban protects SSH.
- End users of RDP tend to be "Windows users" and that user group is notoriously incapable of doing things properly so tend to use weak passwords that never change on publicly exposed services.
If you treat RDP like you normally treat SSH (smart users, good security) they are equally secure.
I've head this belief for many years.
What?
That RDP is secure and the concerns around the protocol are FUD.
