Connecting Dots
  • Robb Henshaw

Evaluating VDI, DaaS, and VAD - What’s Right for Your Org?

In the past, IT teams have often turned to virtual desktop infrastructure (VDI) and desktop-as-a-service (DaaS) to support remote work or hybrid workplaces through virtualized desktop environments.

But for organizations that are new to VDI deployments or are trying to make a detailed argument for one digital workspace strategy over another, it’s not always clear what sets the two apart. For example, is DaaS just VDI in the cloud? Does one promise a better user experience than the other? Are virtual desktops necessary to provide end users with remote access to apps?

With those questions in mind, this post provides an overview of both DaaS and VDI. By highlighting some of the key differences between them, we’ll get a better fix on what each brings to the table. We’ll close by going one step further and considering alternative virtualization solutions like virtual app delivery (VAD), which might be a much better fit for most organizations when accounting for cost, complexity and security.

What Is Virtual Desktop Infrastructure (VDI)?



Virtual desktop infrastructure is a technology that abstracts the desktop computing environment from the end user’s physical endpoint device.

In your standard VDI configuration, there will be a centralized server—typically situated on-premises or in a data center—that is running one or more virtual machines. This server is called a hypervisor host. Each of these virtual machines is essentially its own desktop environment based on an operating system (e.g., Windows, Linux).

Using a remote desktop software client, end users connect to these desktop environments and interact with applications just as they would if the software were running locally on the machine in front of them. However, the local endpoint is basically just an interactive window onto the remotely hosted desktop session.

Depending on the VDI solution and the nature of their business needs, IT departments will be able to manage and configure various aspects of the virtual machines, the desktop environments and the user experience. One important aspect is whether the desktops are persistent or non-persistent—which is to say, whether they continue from one virtualization session to the next (persistent) or whether the session is erased along with any sensitive data when it ends (non-persistent).

Some of the top vendors of VDI technology are familiar names in IT circles. They include Citrix, VMware and Microsoft. Solutions like Citrix Virtual Apps and Desktops, Microsoft Remote Desktop Services and VMware Horizon View have been around for years and are used in many enterprise environments.

Potential Issues with VDI


VDI has existed in pretty much the same form for decades, but it’s still valued in use cases where IT teams need to enable remote work among pools of employees.

Unfortunately, one of the major drawbacks of virtual desktop infrastructure is right there in the name: infrastructure. There are significant CapEx costs associated with VDI, largely on account of the servers needed for hosting virtual images, data storage and connection brokering. And that’s just on the backend. On the frontend, VDI end users need to be equipped with dedicated devices like zero- or thin-client laptops. There are also licensing costs for the VDI solution itself as well as the operating systems.

On top of that, desktop virtualization solutions have to be managed and maintained. Enterprise-scale VDI deployments typically require dedicated IT teams to oversee them and ensure that desktop environments are being provisioned correctly to end users. That complexity naturally raises OpEx costs.

Finally, and perhaps most importantly, VDI carries several inherent security vulnerabilities. Accessing VDI sessions commonly takes place through virtual private networks (VPNs) and the Remote Desktop Protocol (RDP). However, both of these technologies create the potential for brute-force attackers or credential thieves to gain complete control of the corporate network behind the firewall. RDP in particular has played a major role in the rise in ransomware attacks during the pandemic, and is the primary attack vector for 50% of ransomware attacks globally.

What Is Desktop-as-a-Service (DaaS)?


Desktop-as-a-service, or DaaS for short, takes the VDI framework and adapts it to the cloud computing model. Instead of relying on an in-house server for data storage and hosting virtual machines, this infrastructure is shifted to a cloud provider. DaaS deployments therefore turn VDI into a fully or partially managed service, with the DaaS solution provider now handling most of the heavy lifting.

The advantages of DaaS follow on from this key difference. With little to no on-premises infrastructure required to get up and running, IT departments don’t have to allocate massive CapEx funds toward a desktop virtualization initiative. That makes DaaS quite a bit more cost-effective at the outset, especially for smaller organizations. Many also find it easier to budget for the subscription fees that DaaS providers charge relative to the open-ended expenses of traditional VDI.

By adopting the service provider paradigm, DaaS has more than pricing in its favor. Whereas VDI is mostly single tenant, DaaS solutions generally follow a multi-tenant model. This means that, for example, a large global enterprise could have a unique DaaS deployment for each of its daughter companies, sub-brands or regional locations, yet it would be able to manage each of those tenancies from a single console.

Furthermore, unlike VDI, DaaS upgrades tend to roll out regularly and automatically because they come bundled with the subscription pricing.

Most DaaS providers allow some choice of cloud service to pair with their desktop virtualization solution. Customers are generally able to select between cloud providers like Amazon Web Service (AWS), Microsoft Azure, Google Cloud or even their own private cloud to host their DaaS deployment.

Likewise, many global cloud providers have developed their own DaaS solutions: Azure Virtual Desktop and Amazon WorkSpaces are just two examples. Not surprisingly, classic VDI vendors also offer dedicated DaaS counterparts, such as VMware Horizon Cloud.

Potential Issues with DaaS


When comparing DaaS with VDI solutions, it might seem like desktop-as-a-service is the answer to all the pitfalls of virtual desktop infrastructure. But that’s not entirely accurate. DaaS still falls victim to a few of the same shortcomings as VDI plus some new ones.

For instance, DaaS is VDI at its heart, which entails the same degree of provisioning and management. And just because DaaS charges subscription fees doesn’t mean that it’s cost-effective. The costs of cloud computing infrastructure are included in that pricing, which can fluctuate based on market rates.

Another thing to be aware of is that the DaaS multi-tenant model also extends to the DaaS providers themselves. Therefore you could find that the performance of your desktop solution suffers because you’re sharing the same backend cloud services with dozens or even thousands of other organizations.

The security of DaaS is also worth bearing in mind. Even in the cloud, RDP can still be subject to the brute-force attacks that threaten traditional VDI. And if end users get lax about authentication mechanisms or the cloud provider fails to patch an underlying exploit, there’s every possibility that endpoints could be compromised.

That issue raises a related question: Which endpoints does each DaaS solution actually support? Can end users access their virtual desktops with bring-your-own-device (BYOD) tablets and Chromebooks, or will they have to be equipped with dedicated devices at the organization’s expense?

So, while DaaS might seem like a modern, scalable virtualization approach to enable remote work and solve for different workloads, it does come with a couple of important caveats.


Alternatives to VDI and DaaS


Even if VDI or DaaS were completely bulletproof, user-friendly and affordable, that wouldn’t stop them from being overkill in most use cases. Desktop virtualization by its very nature is designed to give end users remote access to full-fledged desktop environments. Yet, what most end users really need is intuitive, secure remote access to the apps that they need to do their job and be productive from anywhere.

According to the 2021 “VDI Like a Pro” survey, Virtual Application Delivery (VAD) is quickly becoming the solution of choice for organizations that want to maintain secure, cost-effective business continuity by giving their end users flexible access to the apps they need from any device. With VAD, there’s no need to invest resources in provisioning hosted desktops or maintaining a VDI solution for end users who don’t require all that extra functionality.

VAD solutions also have the ability to add multiple layers of security while enhancing the user experience for remote workers. To access their business-critical apps with VAD, all end users need is an HTML5-capable web browser, or they can access apps as Progressive Web Apps (PWAs). Whether they’re using a smartphone, tablet or BYOD laptop, they can then work securely and remotely and enjoy full productivity with the full desktop versions of those apps, running the browser or as PWAs. Meanwhile, IT departments get complete control over which users have access to which apps.

For many organizations, the cost and complexity of VDI and DaaS simply isn’t feasible. Take Community Hospital Corp. (CHC), for example:

“We realized there had to be a better way. Something better than physical desktops, but also something better than traditional VDI, which just moved the issues of physical Windows devices onto virtual desktops. So we did what most people probably do – we started evaluating all of the legacy VDI and DaaS vendors. But it became clear, time and time again, that none of those solutions were feasible from either a cost or complexity perspective,” said Brian Stopinski, Corporate IT Operations Director, CHC.

Similarly, Baldwinsville Central School District in upstate New York replaced its DaaS deployment with Virtual App Delivery to facilitate access to Windows apps on Chromebooks for their students. “Ultimately, we realized that a virtual desktop approach simply wasn’t a good fit for us. We knew there had to be a simpler, more cost-effective alternative—so it was time to make a switch to Virtual App Delivery,” said John Cerio, the district’s network administrator.

So, What’s Right for Your Org?

When determining whether VDI, DaaS, or VAD is best for your organization, it ultimately comes down to your primary use case and your priorities. Is it more important to you to deliver the full Windows OS desktop to any device (VDI or DaaS), or do you want to focus on providing your people with secure access to the apps & data they need to be productive from any device (VAD)? Do you have the time, expertise and budget to manage all of the infrastructure associated with VDI (and to an extent, DaaS)? Are you looking for a cloud-native solution (VAD)? Are you looking to reduce your attack surface by eliminating VPNs, RDP, and other problematic technologies (VAD)?

Another great resource when evaluating solutions is G2, the world’s largest review site for SaaS solutions, which lets you see what your peers are saying about these solutions. The site currently lumps VAD solutions into both the VDI and DaaS categories, so you can see what your peers are saying about those solutions here (VDI rankings) and here (DaaS rankings).