skip to main content

Expert opinion: Are VPNs and VDIs overkill for work from home software delivery?

Date published
Posted on
Author of the Resource

Rory Monaghan

About

Founder of rorymon.com and host of 5 bytes podcast. Has worked on various iterations of App Virtualization Smackdown and is recognized as an industry expert by Microsoft, Citrix, VMware and Unidesk.

Rory's website

This great meme has been doing the rounds online. It’s one of those jokes that is both funny and true. While some organizations had been considering a shift to work from home for cost savings prior to the pandemic and some organizations (usually smaller) already had remote employees for many years when it hit, the vast majority of organizations were caught on the hop when the pandemic wave swept in. 

 

This was clear to see with Citrix’s stock price climbing as the Work from Home surge grew. Last August the stock price had taken quite a hit which re-ignited the long-running rumors that Citrix was about to sell. Fast forward to July of this year and the stock price hit a new high of over $167 a share. Citrix was in all the right places at the right time for their customers…when they needed them most!

Citrix share prices

There are of course other players in this space but I focus on Citrix for this example as they have seniority and maturity. If you have ever been to a meeting with Citrix marketing you’ll already know that 98% of the Forbes 500 use Citrix. My wife is one of the least technical people I know, yet she knows Citrix from her time in college and from using it at her job. If Citrix were already so widely used, why would the stock price climb now? The obvious reason would be because they gained new customers who needed to get some published apps and desktops for their workforce ASAP BUT also what ended up happening was that existing customers needed to quickly scale up their existing Citrix farms and needed to buy more licenses.

Citrix Virtual Apps and Desktops, VMware Horizon, and Parallels RAS customers in the past tended to use the products for specific use cases and not necessarily for supporting all consumption needs of the entire organization on a day in and day out basis. Even most of those who provided a remote access option to all employees before COVID did not have the scale to support everyone in the company working remotely at the same time as each other every single day.


Any port in a storm

Not everyone who needed to quickly send workers home had Citrix or bought it in a hurry. Not everyone had Horizon or RAS either. For those organizations, some turned to sending employees home with their work laptops and a VPN. This works but I’d bet if you are one of those currently supporting a VPN or working using one, you probably have some gripes! Security can be a nightmare with VPNs.

Side Note: For the love of all that is good, DO NOT LET YOUR EMPLOYEES USE VPN ON THEIR OWN DEVICES! It would be like inviting a group of Gremlins to a later night pool party!

I have talked to people who worked for companies who did not have enough laptops, so they were sent home with a full-fat client which was challenging for some who didn’t have anywhere to set it up to ensure it could be hardwired for its network connection. Some were sent home with Thin Clients and had the same challenges. During the first few months of Europe’s first wave, there were reports of long delays in sourcing Laptops, Thin Client, SSDs and other hardware due to manufacturing delays in China in the weeks leading up the European wave, which again meant scaling up for that type of WFH strategy with sending people home with company hardware challenging.

For years now, the talk of EUC has been 'Bring Your Own Device'. We have been told over and over that millennials and gen Z don’t want to use some tired old Windows PC. They want to use their own personal device that they are familiar with. Supporting BYOD for those remote workers has presented IT teams with a real challenge. Do you go with Mobile Device Management and\or Mobile Application Management? A lot of people have a real problem with enrolling their device for MDM. I have a friend who worked for an actual MDM vendor and he opted to carry two phones rather than enroll his personal device. MAM has morphed to include a huge array of different types of products but to keep it short, I will say that MAM solutions that don’t require a device enrolment can vary in their usability, flexibility, and control. Those that do require enrolment will not be used on my phone!


Apps vs desktops

Virtual apps vs virtual desktops

Virtual desktops are a bit of a buzz right now. VDI has been the next big thing for about 10 years! Microsoft’s Windows Virtual Desktop that runs in Azure has been getting a lot of attention as a way to get users running on a Windows 10 desktop with Office 365 quickly and it launched right on time to be a life raft for some who didn’t have their own Data Center and didn’t have any remote work solution in place. While virtual desktops and VDI do have their purpose based on what I have experienced during this crazy time, I believe the majority of workers do not need a full desktop and actually prefer to just use published applications.

If I’m using my own device for work by choice, it’s because I like it! I like my apps, I like my desktop the way I have set it up and personalized it. If I can just have the applications I need launch on my own desktop rather than remoting into a virtual desktop, I’m all for it! This of course is not everyone’s preference some do prefer a full desktop and it’s not always a possible option for everyone to use only published apps. Some workers need file-level access to many different shares and directories that make using published apps less viable BUT what I have found is that the majority of workers only really need a handful of applications and don’t need a full desktop and with cloud storage solutions and a change in workflows, things like file-level access and mapped network drives are becoming less of a sticking point for many.

If I’m using my own device for work by choice, it’s because I like it! I like my apps, I like my desktop the way I have set it up and personalized it. If I can just have the applications I need launch on my own desktop rather than remoting into a virtual desktop, I’m all for it!

With vendors moving towards cloud-based Software as a Service for their applications e.g. Microsoft’s Office 365 & Teams, Cisco’s Jabber etc. it could actually benefit you to have your users consume those applications directly on their own device rather than through a published app or virtual desktop session. When it’s on their device, there’s no risk of protocol inception or concerns of ridiculous resource consumption on a shared session host hurting performance for multiple users. Also, with the software running on the same machine that has the headset and webcam connected to it, the audio quality is the best it can possibly be. No messing about with installing optimization packs on hosts or client-side components on people’s personal devices just to get a clear but inferior VOIP call and they get the best experience. WIN!

Picture this! You’ve got your e-mail, you’ve got your productivity tools and your IM and video calling all accessible on your own device thanks to the cloud and everything else is available right alongside them as hosted published applications. What more could you ask for!?


Context is Important

With the marketing of Workspace products over the last couple of years, there has been a lot of talk about contextual application delivery but when you peal beyond the surface the context they are talking about is really conditional access to the applications. A facet of MAM that is very useful BUT to me, it’s not the full context-based app delivery I am looking for.

What I want from contextual based app delivery is not just that ONLY the users I want to serve, get served with my apps and desktops BUT also that they get the best form of that application for the device that they are using, be it a touch screen friendly version based on their device or even the localized version of the app based on their location. I want the best experience for them not just the most security for my organization.

Watch: A live demo of AppsAnywhere

With AppsAnywhere that’s exactly what I get. Like I said, my BYOD workers can use Cisco Jabber and Teams on their own devices for the best experience and with AppsAnywhere I can make it very easy for them to get set up and access those tools on their device. No need to send them a long document with links to download and install the apps, I can put what they need in the portal. I can also publish icons to their Office apps right there too. I can publish Citrix icons, VMware Horizon Apps icons, Desktops, and whatever else I want to them all in a single portal. One portal for all of the apps they need no matter if they are locally installed on their device, run as a web app, hosted as a published application, available in JAMF, SCCM, or running as a session embedded in the browser. For those who do need access to a virtual desktop, I can also give them a desktop icon too.

And guess what! If my co-worker decides they want to leave their PC upstairs and go work on an iPad outside, I can give them the best experience possible for each device. While maybe on their PC when they launched Teams from the AppsAnywhere portal they got that funky full Windows Electron app version of Teams, this time on their iPad when they select the Teams icon, it will launch the Teams iOS app. OR if they don’t have it installed, it can provide them the app to install so it can be used and launched subsequently from the portal as needed. On their PC when they launched a pure Windows-only app let’s say for example RightFax it may have streamed down as a Cloudpaging application but on their iPad, it may run in an embedded browser app to let them fax their PDFs.

In the end, you get a single portal with the same look, feel, and apps on every device but always running the best version of the apps for the device being used AND with conditional access to ensure people can only run the apps if they meet the criteria you set forth.

Keep your desktop, give me my apps!

Learn more about the features of AppsAnywhere

Click the button below to read more about the features of AppsAnywhere and how they can help universities deliver software to students studying from home. Check out our Resource Centre for all there is to know on application virtualization, VDI and BYOD.

AppsAnywhere features