You're now working remote forever... VDI or MDM?

erin-r-spiceworks · 2020-07-17T13:43:41.000Z

Howdy y’all!

On this episode of On The Air: On The Couch , we’ll be talking about what Remote-First work-from-home means in the new normal, and the infrastructure solutions can help your employees do their best work anywhere.
Let’s say your working-from-home is now… well… permanent. Would you rather have VDI or MDM?
Let us know, comment below and tune in as we discuss the results with our panelists next Wednesday, July 22nd at 10:00 a.m. CST!
Register here!

the-grinder01 · 2020-07-20T06:53:06.000Z

Both in my experience.

biscuitking · 2020-07-20T09:58:41.000Z

Since we don’t do wfh we don’t do either.

bengarbutt · 2020-07-20T10:40:43.000Z

What does MDM stand for in this regard? Mobile Device Management?

tim-smith · 2020-07-20T10:47:44.000Z

(It occurred to me that I assumed MDM also meant company provided devices. This was not a good assumption. Neither requires company provided devices, but both could have company provided devices.)

If its BYOD, then VDI hands down. BYOD means I just have to reassure people 50 times a day that the connection issues they’re having are because of their internet, not our servers. MDM means I still have to inform people 50 times a day that their internet sucks while also learning all the computers people buy.

If its company provided devices, I’d still say VDI for consistencies sake. It is a compelling argument that MDM gives me more control over the device (so I can see if that idiot in Sales is letting his kids play games on it at night), but I would rather issue the device and not have to deal with it until it comes back to me. Then I’ll wipe it and sanitize it and issue it to the next user.

John5152 · 2020-07-20T10:55:38.000Z

Azure WVD Host Pools

spiceuser-qvnxz · 2020-07-20T11:22:42.000Z

Tim_Myth:

BYOD means I just have to reassure people 50 times a day that the connection issues they’re having are because of their internet, not our servers.

I couldn’t of said it better myself.

jadrien · 2020-07-20T11:36:13.000Z

At my company we’re all still working from home and expect to remain doing so for the foreseeable future. We’re already making certain adjustments to what is in the office and the data center. The main difference is in the area of what is in place to know what is going on in the office. Since we don’t walk in every day, it takes more time to notice that something has gone amiss.
On another point, the mention of a quality Internet connection from home and support of it reminds me of the days I used to get a reimbursement for my phone bill because I had a dial-up connection to work for after hours support. I haven’t ever received the equivalent for my Internet connection, but I did for a few years around about 6-8 years ago put in and get paid for the 2nd Internet connection I had at home. The reasoning was that if the data center connection went away I’d (we’d) know whether it was the data center, an upstream provider or our rack when connectivity was lost. Precisely that happened when New York City got hit by Sandy and took out both vendor end-points from Boston to NYC. Eventually replaced that DSL with VPN over my cell phone as a backup.

florenciorodriguez · 2020-07-20T11:46:26.000Z

VDI. Has been working for us for years before this pandemic. Its paying off for our company big time with our entire company WFH. Years ago we aimed to have cloud-base VOIP, O365 mail, and VDI solution to address uptime and various other requirements for the business.
We have all 3 today and leveraging MS Teams has keep our company up and running.

spiceuser-hu4qp · 2020-07-20T11:50:39.000Z

Having used VDIs a little, it would depend strongly on how it’s set up. If it’s into a slow VM with a core or two and 8GB of RAM, no thanks. If it’s into a dedicated on-site workstation like mine is now, I’d rather do that over MDM.

mrmacit · 2020-07-20T12:28:29.000Z

We’re using HTML5\RDP SSLVPN sessions for personal devices connecting to domain, company devices are SSLVPN through Pulse Secure with split tunneling for internal and external traffic, plus MFA.

ndrfillmore · 2020-07-20T13:18:17.000Z

Little bit of both. But we have been doing that already for ages. The only really big change for my company has been the 0 in person meetings. Everything, and I mean everything, has switched to Teams.

We do virutal machines for old applications. Yes believe it or not we still have 32bit Access Databases that cannot be opened in a 64 bit version of Office or they will completely destroy the database. Fun fun!

We are of course now also looking at moving most of our services to the cloud, where location management doesn’t mean a whole lot.

davidkenney · 2020-07-20T13:45:07.000Z

I would prefer VDI with company provided laptop as the primary device to connect to it with. If they have problems with the provided device, most have their own computers as backup until they can get the other one to us for repair/replacement. It also keeps the data on our network and not stored on devices that won’t be backed up or that are easily lost or stolen.

Keeping the laptop’s application load to a minimum makes keeping it updated with patches easier, the big application patches happen in the VDI image quick and easy.

Something to keep in mind speaking of patches, you won’t be able to send that 1GB patch or application installation to the end-points during an overnight maintenance window like you could when most of the computers are on site. This means patches will have to be delivered during the work day, eating up bandwidth and processing power on both ends while your end users are trying to get their jobs done.

It does mean some pretty heafty infrastructure to support it, especially so if you have some intesive CPU/GPU loads like CAD and video editing. It may balance out though if you start looking at how many (and the price) laptops that can handle it for your staff.

adeleskie · 2020-07-20T14:15:28.000Z

We are providing laptops for most wfh staff. We don’t allow personal devices on our network as a general rule.

VDI is a compelling option now but we aren’t ready for that.

tiffany-for-malwarebytes · 2020-07-20T15:21:27.000Z

Personally only had experience with MDM so far - Interested to see the differences though and how VDI could potentially compare.

scott696d · 2020-07-20T15:57:51.000Z

I think it depends on what you’re looking to do. For some users, we had to spin up VDIs since their spreadsheets are such crap (and response over the VPN as a result was also crap). For those folks, we didn’t have a choice (and since they’re finance and bring in the money we can’t force them to fix their spreadsheets). We use VPN here, but that’s definitely not needed for all of our applications as most of the cloud-based stuff works fine without being on ‘our’ network. Depending on where the data is that you’re working with will determine what you need. I have VDIs in multiple locations as my work needs that level of access in those data centers (we’re global, so each domain needs a different VDI due to software licensing). It’s not a simple this or that, but rather what will work best for the end user and what politics are involved that will get in the way of your being able to deliver that to them.

shanemeendering2 · 2020-07-20T16:45:28.000Z

MDM is typically less expensive, but very scalable. VDI is typically easier to secure and maintenance. Both have their pros and cons, and what’s right largely depends on many factors and requirements of an organization. Not all implementations are equal.

Budgets aside, a good VDI implementation would be my preference.

carlostech · 2020-07-21T06:12:31.000Z

we have a couple of permenant VDI users - they’re overseas and its just easier.

however during this lockdown, we partially invoked our continuity plan… in my mind the office wasn’t offline so no need to go all out defcon 5. instead i allowed our users to remote desktop on to their machines through an RDP server which seems to be holding up well. we have a handful of select users who are laptop based, company devices with MDM and VPN with 2FA.

i make a point of using the RDP to assure users that it’s not our servers… i also have the ability to use the VPN to assure VPN users and quick flick from one to the other to prove our systems are ok.

if we went permenant forever… which won’t happen, it would depend on the user… i would prefer VDI… but some users ssimply don’t have decent machines and expect a work provided laptop BYOD is non existant because people don’t want to pay for a device that they use for work! For those machines its fully managed on our domain, MDM and no local admin access!

blacksinfo73 · 2020-07-21T06:15:02.000Z

How is that a question? VDI all the way!

mountainbiker · 2020-07-21T06:31:19.000Z

Last gig had a mix: VDI (Citrix and AWS workspaces) and cloud access security broker (CASB) with other 3rd party components/tools in a “not all Microsoft application” environment. We found MAM/MDM solutions to be quite unwieldy with a mix of applications including Bitbucket/Jira/Confluence, Cisco Teams/WebEx among others.

Custom internal applications required VDI and that is likely to continue for some number of years so Citrix will be there for a long time LOL