Welcome Virtual Desktop- DaaS & Workspace Overview

Background

This virtual desktop or DaaS comparison guide is designed for those who are looking into hosted virtual desktops or desktops as a service (DaaS). It also compares the technology to Evolve IP’s Workspaces solution. Evolve IP has been providing DaaS solutions for over 11 years and is the largest multi-tenant VMware DaaS provider in the United States. Our solution has been named in every Gartner DaaS Market Guide since inception. We also work with Citrix and have deployed virtual desktop infrastructure (VDI) for clients. Bottom line, we have a lot of experience to pull from for this comparison.

Why Implement DaaS?

Evolve IP has helped hundreds of enterprise and midmarket clients migrate their servers and

desktops to the cloud in almost every vertical market. Over the years, we have found that the

projects that get funded and are deployed successfully typically involve one or more of these four business outcomes.

1. Security – Quite simply, IT is looking to create a reliable, efficient and most of all secure

platform due to the issues caused by increased threats and the proliferation of remote

work and BYOD. They also want an easy way to ensure that the OS instances and varying

software applications are up-to-date and secure. By using DaaS, IT is able to protect and

secure resources in the cloud and not necessarily worry about the devices being used to

access the cloud. Whatever is happening locally isn’t being transmitted up to the cloud

instances.

2. Disaster Recovery / Business Continuity – With DaaS, users are no longer dependent on

physical devices to do their job. Therefore, if the office is no longer accessible due to fire,

flood, even inclement weather like a snowstorm, users can grab any device and do their

job.

3. Management – Picture trying to manage and maintain hundreds or thousands of

desktops across dozens of offices. What a nightmare. Yes, this is what one of our recent

customers was faced with! By implementing DaaS, IT is able to give thin client or zero

client devices to their users and they simply log in to the cloud to start working anywhere,

anytime. When updates and patches need to occur, and we all know that happens all of

the time, IT simply makes a few clicks and the whole environment is updated in one shot.

4. Enabling Remote Workers / Mobility – Businesses know that remote work is on the rise

and hiring talent that’s within driving distance is nearly impossible and very expensive.

For businesses that have a remote workforce, DaaS improves productivity instantly while

also allowing office-bound workers to become mobile and leverage BYOD. Businesses can

now expand their hiring reach and attract better talent. And as noted in the first section,

DaaS supports these needs securely!

DaaS Options

Major DaaS Solutions in the Marketplace

XenDesktop, now known as Citrix Virtual Apps and Desktop, and VMware Horizon DaaS – We

have grouped these two together as they are both very robust solutions and, for the most part,

their selection typically comes down to brand preference as opposed to having significant

differences in performance. 

One important note is that both can be architected in a multi-tenant environment. 

When we say multi-tenant, that’s not to say you are sharing the same space with other clients, it’s more like an apartment complex. To continue the analogy, typically each customer is living on their own floor (vlan) and the building supervisors (platform engineers), are caring for the entire building. This gives you a personal, secure, private space. To take it one step further, if Licenses and Inspections checks on the buildings, top providers, like Evolve IP, ensure their apartments are certified for major compliances like HIPAA / HITRUST, PCI-DSS, etc.

VMware Horizon View – This is the enterprise version of virtual desktop technology. We note it

here because there are providers building solutions on this technology. For service providers

with a low number of clients, this can work. However, as the providers’ customer counts grow,

you can think of this as more of a single-family home community. The maintenance crew now

has 100 homes to manage instead of 1 large building. Typically, at this point, the vendors

economies of scale dry up and there are more things that can go wrong; there are more ways to

break in, more management portals to maintain, etc. VMware Horizon View was not designed

to be multi-tenant.   

Azure Virtual Desktops – To be honest, there isn’t a significant track record for this solution since Azure Virtual Desktops just became Generally Available (GA) at the beginning of the year. It is, however, utilizing RDP as a protocol. While RDP has come a long way, it does not yet compare to the performance of ICA or PCoIP and still requires a double authentication potentially frustrating to users who want a simple and immediate experience.

Amazon Workspaces – Not to be confused with Evolve IP’s Workspaces product below. This is

similar to Azure in that it’s a public cloud offering. It seems to be a bit more tried and test and

is a decent solution. As with Azure, the consuming organization is let in a DIY state of mind

whereby the customer needs to figure out how to tie in all the ancillary pieces a desktop will

need like RMM, Anti-virus, etc.

Evolve IP Workspaces - We developed Workspaces because most of our clients no longer require every employee to have a full virtual desktop / DaaS seat. Why? Quite simply SaaS exploded. Research shows that typically over 50% of an organization’s applications are SaaS and 2020 brings with it an adoption rate that is more likely 75-80%.

 SaaS is great for flexibility and business continuity and allowing users to work the way they want, where they want, on the devices they want. But it’s creating 2 major issues.

1. How do you control access to SaaS applications and keep data secure?

2. How do you untether and deliver the 20-25% of applications that are based on legacy

technologies and residing on servers in the enterprise? How do you make this seamless

and easy for your employees to access and for IT to manage?

Workspaces from Evolve IP solves these issues by:

• All users start by logging into a Single Sign On (SSO) Web portal that includes Multi-factor

Authentication (MFA).

      o This portal gives IT a centralized point for enabling or disabling user access to SaaS

         and legacy applications.

• Once in their portal, users see their personal application files and simply click to be passed

   into the SaaS applications without needing to login again.

      o With self-service password resets for users, say ‘Goodbye’ to 50% of your helpdesk

         requests!

• If users need access to legacy applications e.g. Encompass, Fiserv, those applications also

appear as a file for the user to click and launch from the Evolve IP data center.

     o This makes those hosted, line-of-business applications look, act and feel like a SaaS

        app.

• If the user needs an entire virtual desktop experience, they simply click a file to launch

their desktop, all within their user Web browser.

Can these 2 issues above be solved with DaaS? Sure. But Workspaces is a much better solution.

Here’s why, Workspaces allows IT to define user types and deliver just the services and

applications they need.

    - The first user type just needs SaaS applications

    - The second user type needs SaaS and legacy, line-of-business hosted applications

    - The third user type would be a power user that needs a full desktop and OS

Evolve IP Workspaces breaks the “one size fits all” DaaS mold and gives users just the right

tools for their job while reducing overspending by the company.

Questions to Consider When Looking at DaaS and Workspaces

1. What end-user devices would you recommend?

This is perhaps the most common question we get as customers are looking to either justify a

project with a lower device price point, or possibly as a way of reducing the management

overhead of local devices. Essentially there are 2 options in this space. But before getting to that, we like to point out that the cheapest client is the one you already have. All desktops and laptops are compatible with DaaS and Workspaces so using the existing infrastructure until it dies is always an option and then replace them with one of the options below.

- Option 1 - A thin client which has a stripped-down OS and a browser of your choosing.

These devices are great for using either VMware’s DaaS, Citrix XenApp, XenDesktop or

Evolve IP’s Workspaces product.

- Option 2 – A zero client. Zero clients are slightly different in that there is no OS and the

devices boot directly to the login prompt of the virtual desktop provider. For a one size

fits all approach, where you’re looking to lock devices down to only a virtual desktop, this

is a great solution. It’s important to note that zero clients sometimes do not support

peripherals like check scanners, printers and other USB devices.

Note: Zero clients are not a solution for Evolve IP’s Workspaces product as it is built on the notion that users should start with a browser (due to having a majority of SaaS applications) instead of forcing them into a virtual desktop OS.

Finally, there are different flavors of these clients and it can be VERY confusing. Some are

VMware and Citrix certified; some aren’t. If you are going the DaaS route, make sure you know if the service supports PCoIP, ICA or RDP and buy the appropriate thin or zero client. Or, give us a ring and we’ll assist you with the selection.

2. How do you want to handle legacy applications on internal servers?

11 years ago, most, if not all, applications were hosted on internal servers. This architecture

meant a desktop was needed as the client to get to legacy applications housed in the business’s

data center. For a customer wanting to offload their infrastructure to the cloud, the obvious choice was to move their servers to a cloud service provider’s (CSP) data center. 

The CSP would host desktops back to the customer to solve for the latency that had just been created. Technically, a SaaS-like experience was created in that the customer was able to get to their virtual desktop from any device. But they still had to jump into that virtual desktop to get to their legacy applications. Due to the explosion of SaaS, most workforces are now only using one or two legacy applications. 

Unfortunately, the DaaS provider industry is still trying to solve these applications by giving everyone a virtual desktop. Simply put, that’s a waste of money and resources, but most importantly what an annoying way to do your job! Evolve IP is breaking the DaaS industry mold. With Workspaces, we are able to publish legacy applications to the user and provide them in a file based SSO fashion. This makes legacy applications look, act and feel like a SaaS application to the user on whichever device they are using. 

3. How does your business handle security?

Security is a huge concern these days. Every week it seems a new malware or ransomware attack

floods the chat rooms and airwaves. DaaS greatly reduces your threat cross-section and allows

IT to focus on protecting the DaaS instances in the cloud while client devices cannot transmit

infections into the environment. With the explosion of SaaS, one particular area of concern

however, is an increase in users that are not accessing legacy applications and simply logging

directly into SaaS applications. This does present security risks along with creating the arduous

process for IT of trying to figure out what applications a user needs or has gained access to over

their tenure and then disabling all those applications one by one during offboarding.

With Workspaces, you can still provide a virtual desktop to those users that need them. But you

can also provide a secure, centrally managed way for users that only need SaaS applications to

just go directly to those applications. But, in an offboarding event, all access to SaaS applications that have been integrated into the Clear login portal is immediately zapped. This provides a much more encompassing way of managing user access to legacy as well as SaaS applications and securing the Enterprise.

4. How dependent do you want to be on your provider for provisioning?

DaaS provisioning is very … let’s just say, manual. And that goes for Evolve IP and every other

competitor in the market. Whether it’s actual provisioning or billing adjustments it’s a manual

process. This is due to the fact that VMware and Citrix simply have not focused on orchestration in the multi-tenant space.

Luckily, in 2017 Evolve IP acquired a company that had perfected a backend provisioning system and that engine now drives the provisioning portal for Workspaces.

Here’s an illustration of adding 10 new desktops to DaaS (the industry-wide practice) vs. 10 new

Evolve IP Workspaces users

DaaS: The customer tells their Account Manager (AM) they need 10 more desktops. The AM

sends a quote for 10 more users. The customer signs the quote, and the AM passes this on to

provisioning and a couple days later, without escalations, the DaaS seats are there. Can it be

done in a couple hours in a pinch? Sure, and we have many times. But the default process noted here is typical.

Workspaces: IT logs into their portal and creates 10 users, along with their security permissions

and applications access, instantly. Resources for pushing out legacy applications or entire

desktops are provisioned in minutes. The portal then reaches out to Office-365 and provisions

their licenses ... on the fly. Charges are automatically added to their monthly billing. Oh, and

should you need to eliminate users, the same is true in reverse to deprovision. Net-net IT can

add users, on their own, in a matter of minutes not days. Larger changes may require account

management but for the most part, capacity planning can be done at your leisure instead of while under the gun to make a small change.

5. What is the Total Cost of Ownership (TCO)?

Of course, now that you’re seeing the value of Workspaces, we talk about price, right? Well in

this comparison paper, it’s the equivalent of a mic drop! Why? It might have been some twisted

joke from our Product team, but in this case better is significantly cheaper.

Looking at DaaS, for almost every provider the pricing model is the same. You buy a seat, then

you outfit the seat with the ancillary parts and pieces needed to actually make the desktop work. The typical seat itemization would include:

1. RMM (Remote Monitoring and Management) – this is a tool used to manage desktops. In

our case, we use N-Able. However, we also allow customers to bring their own solutions

to the table and re-use, them in our cloud.

2. Anti-Virus – In today’s environment you had better protect those devices. We utilize

Trend AV or allow our customers to bring their own solutions.

3. Operating System – Pretty straight forward. Again, if customers have their own Office

365 OS they can bring that along.

4. Patching – This is not a requirement, but more and more clients are asking us to apply

Windows, 3rd party and AV patches/updates. We think this is great move because there

is ZERO value to the business handling this exercise and you are paying an IT professional

WAY too much for such a mundane chore. Not to mention we’ve never found anyone in

IT that wakes up thinking, “I can’t wait to patch my desktops today.” (If this is you, put

down the whitepaper and call someone for help!)