Audio transcript:

Understanding Virtual Desktops for the Remote Workforce

Published August 26, 2020

[Music]

John Dathan

Good afternoon, and welcome to Insight TechTalk.

My name is John Dathan,

and I have the privilege to lead insight Canada.

And joining me today is Darren Lloyd.

Darren came to us through the acquisition of PCM,

as vice president of our professional services organization.

Welcome Darren.

Darren Lloyd

Thanks John, glad to be here.

John Dathan

Yeah, I'm going to take a little bit of time today.

We've had so much energy in the marketplace

around Windows Virtual Desktop,

and Microsoft is asking us to help out clients.

We've done more of their work,

than any other partner in Canada,

but I actually believe

that people aren't as familiar with it.

They sort of nod and say,

"Oh yeah, WVD, Windows Virtual Desktop."

I want us to take some time today and really explore that.

So maybe just at a high level, what is WVB?

Darren Lloyd

Yeah, so Windows Virtual Desktop,

is really Microsoft's fully managed,

desktop virtualization solution in the cloud.

So it runs in Azure and really you can think of it

like the cloud evolution of remote desktop services

and without all of the

infrastructure management requirements.

And so it offers full featured native client support

for Windows, Mac, iOS, and Android.

And you can also access it pretty much from any browser

because it's got a HTML5 support built in.

And so it's sort of like the cloud evolution

of Microsoft's remote desktop services platform.

John Dathan

So why do people want to deploy VDI?

Is that more important now than ever, or?

I mean, it's been around for a while

and there's always been a use case for VDI.

Darren Lloyd

Primarily, organizations are attracted to VDI

because it enables them

to sort of centrally manage all of their desktops

in the data center.

So they're running a bunch of VMs on a server

or a server farm rather than managing a whole bunch

of disparate spread out in individual endpoints.

So that's one, benefit.

The other one is to keep the operating system,

the data and the apps separate from the end device.

So to create a bit of a security barrier,

to protect the data leakage and maybe corporate information

going on to a personal device.

And then the other big one honestly,

is when you have applications

that need to be close to the server backend

or the database or whatever,

and you wanna enable remote work for your users,

but they need to kind of be running those apps

right next to the server itself.

And so by running the desktops in the data center,

right in proximity to those services,

you can give a better end user experience.

John Dathan

Okay, so you mentioned being in the cloud

a couple of times and more traditional VDI,

we think of as being in your own data center.

So what are the challenges we're having

in that traditional way that this solves?

Darren Lloyd

Yeah, I mean, there's actually a number of challenges

with that architecture, because first of all,

you have to stand up a fairly complex infrastructure

of load balancers and gateway servers and brokers,

and then the whole VDI, VM farm,

you've got to have a way

for users to securely log into that infrastructure.

And so you have to have web services and portals,

and really those projects.

I've been a part of some of those projects in the past.

And they end up becoming very time consuming,

very costly, very complex.

And then the ongoing management

of maintaining and upgrading those environments

can be a huge burden for organizations.

John Dathan

So you’re really leveraging the full IIS

from the public cloud and not having to build it

specifically around one application, such as VDI.

Darren Lloyd

Well, actually even better than that.

So what Windows Virtual Desktop does,

is it takes all of that infrastructure that I mentioned

the brokers and the gateways and the load balancers

and the management portal.

And it packages it up into a platform as a service.

So PaaS, offering the (indistinct) fully manages for you.

So it's essentially giving you all of that scalability

and all of that management plane as a service.

And then you plug the VMs

and the applications on the desktops into that.

And so it's a huge benefit

in terms of lowering that upfront cost

and complexity of spinning up the environment

and the ongoing management overhead.

John Dathan

So are there other reasons why WVB specifically?

Darren Lloyd

Well, the big one, so there's a couple, first of all,

because it's running in the public cloud,

you have that hyper scale sort of unlimited capacity model.

You can scale up or scale down

and you're paying for only what you use.

And so, as you can imagine,

in a dynamic kind of macroeconomic environment

that we're in, where we're organizations

have had to scale down rapidly and enable remote work,

but at some point they're gonna probably

need to scale back up

and potentially still have all of their workforce remote.

How do you, if you're going all on premiere,

over provisioning for kind of the peak load,

rather than being able

to sort of elastically expand and contract.

So there's that.

And you can really choose any size of VM.

So you may have some users that just need

to kind of bare-bones, the Office suite,

which incidentally is part of like Office 365

is just part of one of those built in images

that you can provision out of Azure,

but you may have some really high end

GPU intensive workloads that you need to run with.

You can just choose that as an option for them.

John Dathan

Yeah.

Darren Lloyd

And actually one of the big ones is in the past,

it was never possible to have a multi-session.

And when I say multi-session, I mean,

multiple users logging into the same Windows 10,

or Windows 7 or whatever windows desktop operating system,

at the same time, it's simply wasn't possible.

And so we sort of hacked our way around that

by provisioning a server and then kind of dressing it up

to look like a desktop with a few general view visual hacks,

and then giving that to the end user

as their virtual desktop.

Now only Windows virtual desktop offers the capability

to have a multisession Windows 10 VM.

So now you can spin up a huge VM, give it a ton of RAM,

a ton of compute and then have 10 or even 20 users

logging into that same VM at the same time.

And that will actually optimize,

because we're getting higher density

and maximizing the utilization of that resource.

So now you can actually lower your costs

and get more bang for your buck, so to speak,

while keeping the user experience totally seamless too.

'Cause they're actually on a Windows 10.

John Dathan

So I'm better understanding this from IT.

I'm better understanding this

from the business financial model, but as the end user,

now that if I'm doing everything across my home internet,

because I'm there, what's the end user experience?

Darren Lloyd

So I mean,

the first thing that's super interesting about this is,

as I mentioned earlier, you can run it on anything.

And so if you can imagine,

okay, your workforce is largely having to be remote

and now they're working from home.

Maybe they have Macs,

maybe they don't even have a PC at home.

Maybe they have just tablets and mobile devices.

Well, this gives you the ability

to actually give them

their full corporate desktop from any device.

So that's the first benefit

and that's actually a pretty strong use case.

But secondly, it really is a seamless experience.

And so if they are actually accessing

their corporate virtual desktop in WVD

off of a windows 10 device, it integrates seamlessly.

So the Start menu,

you can just publish apps directly.

With Start menu you can pin them to the task bar,

you can copy and paste between local and virtual apps.

It really just feels like you're working on your local PC.

John Dathan

And so I see a couple of advantages.

So AI can actually work on a more powerful device

than the one I have.

And because it's happening in the cloud,

the compute and all those sorts of things,

the bandwidth is less of an issue.

We're just actually sharing the screen across.

Darren Lloyd

Yeah, you're just sending most clicks and screen scrapes.

And then, I mean, for anyone that's listening,

that's actually ever been a part of kind of virtualization

and VDI environments, the big challenge,

or even just anyone that's ever tried

to use a roaming profile, it's a huge challenge.

And one of the things Microsoft has done,

is they've got technology

that virtualizes that entire user profile

onto its own VHD, virtual hard disk,

which seamlessly attaches at log-on.

So whether it's a shared pool of VMs

that you're logging into,

whether it's a single, multi-session,

a windows 10 VM or even one that maybe is dedicated to you.

Every user is gonna have

that persistent user profile experience.

So you make changes in your applications.

You might move your Start menu around and your icons.

Now you're not gonna lose that

every time you log into, a different session,

which sometimes has been challenged with VI.

So that's another huge advantage of WVD.

Interesting, interesting.

John Dathan

So to kind of round out this discussion,

we've got to think a little bit about the security, right?

I mean, if somebody can access as myself,

they've got access to everything I do.

So, talk a little bit about identity.

Darren Lloyd

Yeah, and it's all driven through Azure active directory.

And so identity is a cornerstone of the solution.

It's the way that we provision the VMs,

is the way we provision the apps.

It's the way we provision administrative backend access

to the IT administrators and analyst and technicians.

So it uses Azure active directory.

It's a consistent, single sign on experience for users

and it roams from device to device.

So really all the user needs to know

is their corporate credentials, they log in.

But from a security and hardening standpoint,

we can enable a multifactor authentication.

We can enable conditions.

So we can say, you can't even log in

unless certain conditions are met,

whether that's location or whatever.

And so for clients that are looking at this,

if you have already have an Azure workload or two,

or you've got Office 365,

you already have Azure active directory up and running,

and this will plug seamlessly into that.

John Dathan

Well, and just like we use it, right?

The multifactor,

you not only have to know everything about me,

you also have to have my phone and my face,

'cause it's face ID to activate itself.

Darren Lloyd

Exactly, very safe.

John Dathan

All right, so got a couple of questions.

So I also hear a lot about Intune and Autopilot,

just so that we all understand,

what's the difference between,

WVD, Windows Virtual Desktop, Intune and Autopilot?

Darren Lloyd

So windows virtual desktop is the VDI solution,

the cloud-hosted VDI platform.

So it's essentially a service that enables you

to either bring your own windows 10 corporate image

or use one from the gallery

and provide that either published app

or full desktop experience to your users

from any device, anywhere hosted in the cloud

and manage all that infrastructure managed by Microsoft.

Intune is actually the cloud-hosted

modern management platform,

for managing all of your desktops,

whether they're physical, virtual, on-prem in the cloud,

tablets or mobile devices.

And so, if you've ever heard of SCCM,

or System Center Configuration Manager,

Intune is really the cloud version

and the evolution of SCCM.

It integrates with SCCM,

but it's the device management platform.

So if you want to run reports on what apps are installed

or how many devices you have

and what version of the OS they're on.

You wanna patch them and all that other stuff,

that's what Intune is all about.

In addition to that, it provides really powerful

mobile device application management capabilities.

So that's Intune.

Now you mentioned Autopilot,

that's a feature of Intune and it's a really cool technology

because I mean, as a former SCCM guy, myself,

I spent a lot of time playing around with,

and actually architecting and implementing solutions

for customers, to help them manage their imaging

and OS deployment processes.

And I got to tell you that gets really complex,

especially when you start to introduce more and more devices

because you've got drivers, you've got firmware,

you've got all kinds of different applications

and you have to have these really complex task sequences

that are able to detect, "Okay, what hardware am I on now?

"I got to inject all the drivers."

Well, what if you could just take the device

as it ships from the manufacturer

with, their gold image on it,

that's perfectly tuned for that hardware.

It has all the right drivers and everything,

and then layer in your corporate policies,

your corporate applications, your certificates,

everything you need to turn that

from a off the shelf consumer device

into a fully managed, secure corporate device.

That's what Autopilot does.

And all you need is an internet connection

and your username and password for that to work.

John Dathan

Excellent.

Well, I think most clients

they're gonna want the result of this.

They don't actually want to do this,

so maybe we can close out.

Just talk a little bit about how Insight is helping clients.

I know we've actually done quite a large number

of these clients within Canada,

well, since COVID started in particular.

But how is it that we're helping clients?

Darren Lloyd

So we can essentially implement this from end to end.

We can do the architecture, we do the deployments.

We work with your team

to understand your application requirements and everything,

but what we've done and what I'm really proud of

is we've kind of positioned ourselves in Canada

as the go-to WVU partner for Microsoft.

one of the things you mentioned early on

in this conversation is, they came to the table saying,

"Hey, how can we help our clients."

In this global pandemic situation

where remote work is such a huge requirement

and companies are kind of scrambling

to figure out what to do.

And they came to the table with a bucket of funding

and they said to partners,

"Hey, if you guys have solutions that can help our customers

"with this use case, bring them forward

"and we'll go kind of call sell and position those."

And so we came forward with our WVB fast start

and we ended up doing over half of those deployments

that Microsoft funded in Canada.

And as part of doing that,

what we did was we really built up our best practices

on our own internal IP to automate this,

to make it really, seamless and have a really good handover

and transition operations for our clients.

So we can absolutely get that up and running.

We can manage it if that's of interest.

And then obviously with the Intune and Autopilot

and SCCM and windows 10, we've done dozens of those.

And we can easily, do the planning, architecture,

and deployment and management for those as well.

John Dathan

Oh, that's terrific.

Well, Darren, thanks for spending time with us today.

I think these technologies,

so many of our clients are looking for help in this area.

Particularly at the time were in,

clearly we're gonna be in this time

for a little bit while.

so thanks for your time today, Darren.

Thanks for joining us folks.

Darren Lloyd

Thank you.

[Music]