How to safely enable remote work by improving the resilience of your company with Azure Virtual Desktop
The problems of companies when enabling remote work
The arrival of COVID-19 has implied significant challenges of all kinds for companies, including those that entail adapting to a culture of decentralized collaboration and remote working that is here to stay.
Organizations that already use cloud services such as Office 365, among many other advantages, have the possibility for their users to work from anywhere and from any device, but ... only with Office 365 applications. However, what about the security? What if users need to remotely access a corporate desktop application? (for example, a management application). What if they need to access files located on the company network from home?
Until now, having a solution for employees to work from anywhere using company applications and accessing corporate information also sought to reduce the workload for IT, although in reality ... it entailed great complexity and assuming risks. in terms of cybersecurity among many other problems.
Some of these complications that companies run into when implementing a "classic" solution (such as allowing users to remotely connect to physical office computers or enable a desktop infrastructure within their Datacenter), are:
- Complex maintenance : If you have opted for a classic remote desktop solution, IT ends up suffering tedious maintenance due to the complexity of the infrastructure to be managed.
- Insufficient infrastructures : The deployment gradually leads to discovering the physical limit of the organization's IT infrastructures, therefore having to acquire and deploy more assets (either personal computers or servers for the desktop service).
- Need to deploy and maintain VPNs : The headache of deploying and maintaining VPNs was necessary to offer users a way to connect to the corporate network and access their physical computer (or virtual desktop).
- Poor performance due to saturation of the corporate network : Not only because they receive more connection requests from outside the organization but because, once users are connected (either to the virtual desktop or to the computer they have in the company), they end up accessing data that is actually in the cloud (such as Microsoft 365), generating latencies and more saturation due to the comings and goings of traffic between the virtual desktop (datacenter), application data (cloud) and the computer since it is connecting the user (home or other locations).
- Significant security risks : Even assuming that the company has its IT infrastructures well protected with adequate security measures (not always the case), allowing users to access them through a VPN connection puts the entire organization at risk . This is because users usually connect from personal computers, which are neither protected nor managed by IT, which implies that if a cybercriminal managed to enter any of these computers (much easier), it would have consequences for the entire organization .
And then ... What do companies really need to telecommute?
Undoubtedly, companies need to enable teleworking, but they must do it safely and by solving all the problems mentioned above ( or avoiding them , if they have not yet implemented any classic solution).
The solution that we present in this article complies with the above and also allows you to obtain the following benefits :
- To the people of an organization : Working remotely in the most productive and safe way that we have seen so far, as if they were in the office.
- To IT departments : Simplify the complexity that existed at the IT level, also offering simple management of the solution, both of the infrastructure itself and of the deployed applications, also improving the performance and security of access to applications and data.
- To the company in general : Improve the productivity of the organization and the security of its assets, optimizing costs and guaranteeing the availability of the service.
The solution that we present is called Azure Virtual Desktop
To enable teleworking to meet the aforementioned needs, Microsoft offers a new approach through a series of cloud capabilities packaged in the “Azure Virtual Desktop” solution (previously called Windows Virtual Desktop), which improves the user experience , security and at the same time reduces complexity and costs .
Azure Virtual Desktop (hereinafter AVD), is Microsoft's virtual desktop infrastructure, in English Virtual Desktop Infrastructure (VDI), based on the Azure cloud, through which we can connect to a Windows 10 desktop remotely (or directly to one of the applications on that desktop), without having to use a VPN. In other words, the operating system, applications or corporate data runs on a remote server without having to reside on our personal device.
In this way, we allow users to use corporate applications and data from any place and device safely, always accessing their usual personalized work environment.
And all this, with relief for IT, since the solution is much simpler to manage and the applications much easier to deploy and maintain. For example, it is not necessary to acquire or maintain physical equipment, or VPN networks, or worry about performance problems, or from which device the user connects, or that the user leaves sensitive data on their personal devices or that ends up compromising the company-wide infrastructure in case your personal device is attacked by a cybercriminal.
An outstanding user experience
From a user perspective, the productivity experience is very similar to using Windows 10 on a physical computer, with the benefit that it is actually in the cloud. This implies that you can access it from anywhere and on any device, but also that the virtual machine is "close" to the apps and services that are also in the cloud.
Multi-device access (multi operating system)
And is that Microsoft has made it possible for us to connect to the virtual desktop from any operating system. Specifically, we can connect through the application created for iOS, Android, Windows or MacOS, and even from other operating systems through any modern web browser. And in any case, safely.
Optimized for Office Apps (formerly Office 365 ProPlus)
In traditional solutions, accessing information from applications such as Outlook, Teams, OneDrive, OneNote, File Explorer, requires a significant load time, because the data is not in the user's virtual machine / desktop.
However, now, with Azure Virtual Desktop (and FSLogic technology), the user when connecting to their virtual desktop immediately has all the information of their Office 365 session as if it were on their own local disk, even if the virtual machine that is assigned to you when you connect is different.
Windows 10 experience
With WVD, the usability of the remote desktop is the same as what we find when we use Windows 10 on our physical computer, highlighting that:
- We have our files, applications and sessions available.
- Optimize Microsoft Teams audio and video so that it reaches the user's device directly without going through their desktop (virtual machine).
- Any application designed for Windows 10 works perfectly.
- The user will only notice that he is on the virtual desktop (or using a virtual application), by the badge on the application icon of the device's taskbar from the moment he connects.
Security and comprehensive control of corporate information
In this new approach with AVD, the operating system, data and applications reside in virtual desktops in the cloud to which the policies and security settings defined by IT are applied (as to any physical machine in the company). In addition, the infrastructure offered by the desktops (a PaaS service) is transparently protected by the security capabilities of Azure.
In this way, it is possible to obtain levels of security in terms of identity, device, applications and data that in other scenarios would be impossible to achieve, reducing the risks of data leaks and cyberattacks (including ransomware and identity theft):
- Identity protection through Azure Active Directory and multi-factor authentication, so only the right people access the desktop.
- Greater control through conditional access, allowing you to define rules to automatically authorize or deny access.
- Prevent users who connect to the remote desktop through personal devices from downloading sensitive information to their device, with the consequent security risk. From which device users connect, IT will not care.
Cost savings in infrastructure and licenses
The simplification of infrastructure requirements coupled with Azure's elastic ability to add or shut down virtual machines in real time as needed and the potential leverage of access licenses offer huge savings for businesses. Let's see how:
Less infrastructure resources
Until now, to implement classic solutions and obtain good performance, companies had to invest in hardware, storage and bandwidth (more powerful routers and firewalls, additional servers and cabinets, greater bandwidths to the internet, VPNs, etc.) and later , the cost of maintaining them.
On the other hand, with a cloud solution such as AVD, the need to invest (and maintain) all these assets disappears to move to a more efficient model based on pay per use according to the capacity that each company requires, the number of hours the day you need the infrastructure and how we want to optimize it through these two features:
- Machine sharing : Classic remote desktop solutions, in order to offer native Windows 10, must associate a virtual machine with each user. However, having as many virtual machines as users and also even oversized (surely they will not use all their power for most of their time), makes this model inefficient and very expensive. Instead, Azure Virtual Desktop allows you to share a Windows 10 virtual machine for multiple users simultaneously, so that it is no longer necessary to have one for each person, thus reducing the number of virtual machines required (technically, this is called multisession capacity).
- Balance cost / performance : When a user connects to their desktop in the AVD infrastructure, it can be configured to maximize performance (randomly allocating users among a predetermined number of already operational machines), or to further optimize the cost (lifting new machines only when the capacity of the existing ones is already being fully used).
Use of licenses
Apart from the consumption of Azure resources that each company needs according to their needs, each user that connects requires a subscription that contains Windows 10. However, many organizations already have some type of subscription that includes it, so if so outside, they would not have any added licensing costs.
In addition, that users have their files in OneDrive, implies that they will not really take up space on their desktops / virtual machines, with all the savings that this entails (up to 1 TB per user).
These are the subscriptions that cover access to Azure Virtual Desktop:
- Microsoft 365 E3 / E5
- Microsoft 365 F3
- Microsoft 365 Business Premium
- Windows 10 Enterprise E3 / E5
Less hassle for IT
As mentioned at the beginning, before, to have a remote desktop service (VDI) a complex infrastructure was required. For example, apart from the machines to which users connect to access their information and applications, it was necessary to have many other servers to support the service (gateways to establish connections, broker for interactions between clients and some more to guarantee access, security, system performance and redundancy for high availability). All of this made deployment and maintenance arduous, complex and very expensive.
Now, with AVD, all that complexity is reduced to a minimum, as these services are hosted in Azure and are transparent to users and administrators. In this way, Microsoft offers all the management of the service (PaaS), with which IT is limited to managing the configuration centrally and from the same Azure portal along with the rest of the services. In addition, IT can very easily manage the applications that users use, in a totally centralized way (in fact, instead of using the typical templates, the applications can reside in a common repository and not in the virtual machine).
Therefore, with AVD, given that Microsoft takes over the management and maintenance of a part of the infrastructure, IT focuses only on the part of the users, applications and operating system, managing these in a very simple way.
Azure Virtual Desktop eliminates all the inconveniences, complexities and inefficiencies that classic solutions presented when working remotely. It offers a simplification to the maximum in IT management, cost savings by adjusting the system to suit the client in real time and a secure remote productivity environment, accessible from any device and always available (SLA 99.9%).
From Softeng, as specialists in Azure Virtual Desktop, we offer you our experience in this area, advising you and helping you get it up and running in a matter of days.
Do you want to know more about our service around Azure Virtual Desktop and how we can help you? Contact us!