Lewis Rae – System and Automation Manager – Solutions Architecture In today’s rapidly evolving business landscape, staying ahead of theRead article
Everything You Need To Know About Amazon WorkSpaces Vs. Microsoft Windows Virtual Desktop
Solution Architect, Andrew Rigg, explores everything you need to know about virtual desktops, plus how to choose between Amazon WorkSpaces and Microsoft Windows Virtual Desktop.
What are Remote Desktops and Why Do You Need Them?
In the past if you wanted staff to work remotely, they would need to use a VPN to get access to corporate data and applications. The risk is that when businesses open up their network to employees using VPNs, company files can be leaked from company file shares to personal desktops. That is a big GDPR problem. You don’t know exactly where your data is being saved and stored – it’s out of your control.
It is important to prevent data leakage to uncontrolled personal desktops that are not managed, or that don’t have the appropriate security in place such as anti-virus software, web filtering and encryption. Without the ability to manage the user’s endpoints, the risk increases of suffering a data breach or ransomware and virus threats. You need a way of keeping data within the secure confines of your corporate network.
Remote desktops replace the need for VPNs. They enable easy, secure remote working from any device. With remote desktops, you log in and authenticate with your corporate account to access business systems and data from anywhere, anytime – securely.
Common reasons why organisations start to use remote desktops are the following:
- Their resources are struggling to cope with higher demand due to rapid growth or acquisitions
- They want improved security and compliance
- They have specialised workloads they want secure, reliable access to from anywhere
- They want to improve business continuity and enable flexible working
How Do Remote Desktops Work?
If you’re working from home on your personal desktop, once you’ve logged into the remote desktop, all business data and applications become completely separate to your personal data. It’s a secure desktop. You’re not sharing anything between your personal and corporate environments.
Any corporate policies that have been rolled out still apply in the remote desktop. You still have access to your usual applications. It’s just like walking into the office, booting up your work PC, and away you go. Except you don’t need the hardware. We can add extra layers of security too, like multi-factor authentication (MFA) where a user is only granted access by presenting two or more evidence.
Because you’re in the cloud, you don’t need to sync all your documents with your laptop and pay for the storage in the application itself. If you choose Microsoft WVD, you’re using Microsoft 365 is in Microsoft Azure as well, and you have SharePoint and OneDrive there to save and store documents to the cloud. The way you set up the environment isn’t to sync up the documents, it’s to simply have them open on demand. That’s another cost efficiency exercise we can carry out.
What Can Remote Desktops offer you?
Secure remote access to the right applications that people need, from anywhere, at any time.
Instead of a company having to go out and buy laptops, business owners can tell staff they can use their own devices. They can very quickly and easily create a secure environment for users.
You also only pay for what you use. If you have users or a business process that requires advanced computing resources, for example dedicated graphics or high-performance compute, you can provision these in a separate host pool. That way, you only pay for the compute time that you consume. You no longer need to purchase expensive hardware because you’re essentially renting on demand.
Remote desktops are particularly useful for heavily regulated industries like financial services or public sector, because it’s a very controlled environment. You can apply a lot of policies and ensure you have the appropriate security in place like anti-virus software, web filtering and data encryption.
What is Amazon WorkSpaces (WS)?
Amazon WorkSpaces is one of the more mature cloud remote desktop solutions on the market. As Amazon states, Amazon WorkSpaces is a managed, secure Desktop-as-a-Service (DaaS) solution. You can use Amazon WorkSpaces to provision either Windows or Linux desktops in just a few minutes and quickly scale to provide thousands of desktops to workers across the globe. You can pay either monthly or hourly, just for the WorkSpaces you launch, which helps you save money when compared to traditional desktops and on-premises VDI solutions.
What is Microsoft Windows Virtual Desktop (WVD)?
People are always worried about new technology. Microsoft Windows Virtual Desktop (WVD) isn’t new technology; it’s a new way of delivering an older technology, a managed remote desktop solution, but optimised for a multi session Windows 10 and Office ProPlus experience. WVD only went into general availability late last year. It’s been in development and private preview for a few years. The last three months, it’s been available for mainstream users has experienced rapid growth and adoption in 2020.
To access Microsoft WVD Windows 10 multisession, you require Windows virtualisation rights. This is now part of Microsoft 365 licensing. If a business already uses Microsoft 365, they may require a small uplift in licensing costs to be able to access WVD. A lot of businesses use Office 365 Business Premium, and while you have to use Microsoft 365 Business Premium to get access to WVD, the cost uplift might only be an extra £5pppm. You get a lot extra as part of that uplift, including access to WVD.
Considerations about Microsoft WVD
At this time, WVD may be seen as “version 1” because the management portal isn’t yet entirely self-service for business users; it’s still quite techie. There are third-party tools that make it cleaner, but that’s where Cybit comes in.
We can manage a customer’s desktops or their whole environment. Or, the IT department within a company might want to manage the desktops while we manage the infrastructure that they run on. Our services are flexible enough that we can meet a customer’s needs.
What are the differences between Amazon WS and Microsoft WVD?
Amazon WS offers one-to-one resources which means you get reliable, dedicated resources to use. That could be around £30-60 per user.
Microsoft WVD can offer a one-to-one but also offers one-to-many resources. That means Microsoft provides a host, but you could have 5 people, 10 people, 50 people, all using that same host. So instead of a cost of £50 per user, you spread that cost across all of those people. As the environment scales up, the cost per user comes down. With 500 users, the cost per user could be as little as £3.40pppm for the WVD infrastructure.
Are There Benefits of One-to-One vs. One-to-Many Resources?
With one-to-one resources, you get dedicated resources, just for you. With one-to-many, there’s a chance you may get a noisy neighbour, someone who monopolises the resources.
One-to-one is better for users needing higher levels of resources, like CAD users. Your typical end users could use shared resources with no problems. If another team needs ridiculously powerful resources once a month, that’s fine, you can grant them that for one day, or even one hour a day.
The point of this use case is that remote desktops are pay as you go, and you only pay for what you consume.
What are the Benefits of Amazon WS and Microsoft WVD?
Simplified desktop delivery
You can eliminate many administrative tasks associated with managing your desktop lifecycle including provisioning, deploying, maintaining, and recycling desktops. There is less hardware inventory to manage and no need for complex virtual desktop infrastructure (VDI) deployments that don’t scale.
Affordable, scalable pricing
You never have to over-buy desktop and laptop resources “just in case”. Provide on-demand access to fast and effective cloud desktops that include a range of compute, memory, and storage resources to meet your users’ performance needs. Select deployment options to match your needs, and only pay for what you use.
Boost your security
Provide every user with access to continuous, encrypted storage volumes in the cloud. No user data is stored on personal devices. This boosts security, protects user data, and makes you less vulnerable to data leaks or breaches.
Centrally manage users, devices and desktops
Gain access to high performance cloud desktops wherever your teams work. Manage a global deployment of many thousands of remote desktops from the management portal. Benefit from flexible options for rapidly provisioning and deactivating desktops based on the needs of your workforce.
Customer Example 1: Law Firm Replaces Costly Hardware with Scalable Cloud
We’ve recently set up a law firm with Microsoft WVD. They went through a hardware refresh, and their on-premise datacentre was at full capacity soon after. They had also just acquired a new business. They needed more resources, but they couldn’t build onto their current infrastructure without spending a lot more money on hardware upfront.
We set up WVD as an extension to their datacentre. We created connectivity between their on-premise data and the cloud, setting up security measures so they can securely access business data from anywhere. For the user, it’s a seamless experience that doesn’t require any hassle or for them to use VPNs. We spun up a new server for their key business applications within Azure then we set up WVD to enable employees to access those applications.
There are two hosts, so they have high availability, and we schedule the hours of those hosts. They need an environment that is running 24/7, so we power down all but one host during the night then as business increases during the day, power up the other hosts. That means they’re only using what they need, and that brings their costs down massively. They also don’t need to buy any hardware; the cloud just means they’re essentially renting it from Microsoft for as long as they need. It means they don’t need to manage and maintain hardware. They can easily scale resources up and down based on their business needs.
Customer Story 2: Dental Practice Moves from VPNs to Microsoft WVD
We’re currently setting up a dental practice with Microsoft WVD as part of a large Microsoft Azure cloud migration project. The customer had recently expanded from three to six practices. The challenge they faced was that all of their IT infrastructure was based in their main location with staff using VPNs to access data. As I’ve mentioned, allowing employees to use VPNs can pose a security risk, as business data can leak onto personal desktops. Their hardware was also old and due a refresh.
We’re currently moving all their infrastructure from on-premise to Azure cloud. They had Exchange Online for email and decided to upgrade their licences to Microsoft 365 Business Premium, to gain access to the full range of Office 365 apps. This will be beneficial for their staff who will have a larger set of productivity tools at their disposal.
We’re decentralising their data so it’s easier and more secure to access. We’ve redeveloped how they access their apps, enabling them to use WVD to access their environment securely online, via any device and from any of their offices or at home.
As part of this project we’ll be setting up multiple hosts, and at night shutting down all except one smaller resource (for those who may need it) to save them money. Once complete, the managers and partners will have 24/7, secure access from anywhere.
Boost Security with Published Apps
If you choose not to opt for the full desktop experience, you can provide users with a remote app experience. This could also be called “published apps”. If you open Microsoft Word, for example, it doesn’t open the full Word application, it just publishes the app to you within the remote session. It’s not running on your personal desktop; it’s using the resources of the remote server.
It’s great because even if you use a Mac, you can still run Microsoft/Windows applications. You can run remote desktops on a Mac, an Android, an iPhone, a tablet, and it’s all the same experience. This provides another level of security and control so you can be sure your business data is safe.
Users with a remote app experience still log in and authenticate just the same, but they’ll only have access to the suite of apps that you have permitted them. It’s easy to deploy to staff’s devices as you can set up different remote app groups within the management portal.
For example, finance would need access to different applications to marketing, to sales, to construction. You can sort staff into groups by function or seniority, for example, and grant them the access to the apps their role requires.
Get Started with Amazon WS or Microsoft WVD Today
For a company who isn’t in the cloud yet, we would advise them to start consuming Microsoft WVD, which has a much better price point. However, if you already have workloads running in AWS you might choose to use Amazon WS.
While I can’t say which offering is be better for you, as every business has their own unique IT infrastructure and requirements, in my opinion Microsoft has a more scalable and cost-effective offering. Using WVD provides more flexibility, it’s got new features and functionality.
WVD supports Windows 7 and Windows Server 2012 R2 with free extended security updates, and is the only platform that provides a multi-session Windows 10 experience. You can have users assigned to dedicated resources or have pooled resources available to groups of users.
WVD can be configured so it scales with your users. Automatically power down the unused hosts at night and have a scaling policy created so as users log in and demand increases, more hosts are added. Users’ profiles are assigned to the host when a user logs in, to provide the same experience and seamless access to all their applications and documents by using profile containers.
To get your business started with either Amazon WS or Microsoft WVD, Cybit would consult with you to identify where your applications are hosted, and whether they have latency between applications. We’ll also assess your applications and IT infrastructure to see which offering is right for your business. We’d discuss your requirements to understand what you’d like to achieve and help you to make an informed decision.
If you would like us to assess your current infrastructure, remote desktop readiness, and to discuss your ideal solution, get in touch with us today.
Have a question? Book a FREE consultation today
We understand there are many options to choose from and you want to make sure the tool you adopt is the right one for you.
"*" indicates required fields