As the pandemic public health emergency declaration comes to an end, agencies continue to grapple with the question of whether employees should be in the office.
A 2022 Partnership for Public Service survey found that 54 percent of government workers do some form of hybrid work, 14 percent are fully remote and just 31 percent are in the office full time. Meanwhile, in the private sector, 42 percent of employees don’t have remote work options, according to a McKinsey report.
One key to supporting a hybrid workforce is virtual desktop infrastructure, which hosts the desktop on a centralized server and deploys it to end users on demand.
“The federal government has deeply embraced VDI for decades,” says Jeff McGrath, senior director of product marketing for end-user computing at VMware.
VDI lets end users access virtual desktops from any device or location, and it helps IT departments better protect data and devices. This infrastructure helped agencies support fully remote workers at the height of the pandemic, and it should suit them well as more workers return to the office — though some IT policies will need another look.
DISCOVER: How VMware can help your agency transition to a multicloud platform.
The Benefits of Virtual Desktop Infrastructure
Federal agencies have been longtime proponents of VDI for three reasons, McGrath says:
- End users. Through virtual desktops, end users get a visualization of an application, not the application itself. Users also can’t download data from an app to a physical device, a clear benefit for anyone handling sensitive information.
VDI also supports cutting-edge security practices such as zero trust and secure access service edge; centrally containing images of desktops lets security teams access risk in real time. This is harder with physical devices, McGrath says. “The device is off your network, and device data isn’t always up to date.”
- Device management. Configuring devices manually and repackaging them for end users is a cumbersome process, and it only gets more difficult when IT teams must rely on end users to make security updates.
READ MORE: How virtual desktops can support flexible work environments.
Because desktops are managed and updated centrally under VDI, McGrath says, “You reduce management costs on a per-system basis, and you’re not worrying about every PC once it goes out the door.”
- Support for legacy applications. Every industry has a mission-critical legacy application running 24/7 in an on-premises data center. Federal agencies are no strangers to aging IT systems, and VDI can help extend the life of these systems “almost indefinitely,” McGrath says.
“With VDI, it’s possible to take a snapshot of the application running on its native system, containerize it and run it in the cloud,” he says, noting that Microsoft Azure Virtual Desktop is a common option here. This also helps isolate old software from new vulnerabilities or exploits, which is especially important when software is running on operating systems that have sunset and no longer receive security patches.
The federal government has deeply embraced VDI for decades.”
Senior Director of Product Marketing for End-User Computing, VMware
Considerations for VDI Moving Forward
While VDI had federal agencies well positioned to support a remote workforce, McGrath says there are still some important considerations if workers will be splitting time between headquarters and their homes:
- During the pandemic, organizations invested heavily in on-premises data centers to support VDI. At the same time, federal agencies embracing the Cloud Smart strategy should think carefully about moving VDI architectures to the cloud, McGrath says.
“Agencies need a five-year plan,” he says. “Can some on-premises architecture support a hybrid cloud? Are workers accessing protected information? What is the cost of putting a full desktop in the cloud compared with hosting back-office applications in the cloud? All of these factors need to be considered.”
- Many organizations have deployed persistent VDI, which gives users the same desktops each time they log in and lets them create unique work environments. This makes sense for engineers, analysts and other types of knowledge workers. However, it may not be necessary for groups of workers logging in to shared terminals and using the same handful of applications every day.
Click the banner below to learn how federal agencies are implementing zero trust architecture.
In these situations, it may make sense to transition to a nonpersistent VDI, which connects users to generic desktops and doesn’t save changes. “It’s a clean instantiation of the operating system, and it pulls data to the cloud,” McGrath says. There’s a learning curve, but this setup “is close to persistent but at a lower cost model.”
- Just like other areas of IT management, VDI policy requires a balance between security and personalization. With a highly customized, persistent setup, the experience is little different than using one’s own device, McGrath says, but you also need robust governance to define what certain roles can and cannot do. A policy of nonpersistence provides tighter security, though users may dislike the restrictions.
Policies may shift as more workers divide time between headquarters and home, McGrath says. Hybrid workers may only be granted access to sensitive information while physically in the office. That, in turn, may give an agency the leeway to transition more of its VDI deployment to the cloud, since workers can no longer access sensitive data remotely.
“To grant additional levels of flexibility, you need to do the planning in advance,” McGrath says.
Brought to you by: