In the past, “work from anywhere” was a 5/100 scenario for IT decision makers:
- 100% of the workforce could work from anywhere 5% of the time
- 5% of the workforce could work from anywhere 100% of the time
In order to address these use cases, IT provisioned two different sets of technologies.
Old-School Work-From-Anywhere Solutions
- IPSec VPN: IT-provisioned IPSec VPN technologies. For the vast majority of the time, end users connect from the office. However, when they are traveling or need to work from home, end users can use their corporate-owned device to establish a secure network tunnel back through their VPN to the corporate data centers and then access the apps and data running on servers. However, the quality of this experience depends greatly on the latency and the bandwidth of the remote connection. In these infrequent scenarios, people are able to work, albeit with a compromised experience that may reduce productivity.
- VDI: IT provisioned Virtual Desktop Infrastructure (VDI). End users – contractors or remote employees – could use their personal- or corporate-owned devices to gain access to Windows desktops or to applications running in a data center.
Neither of these technologies was designed to address the widespread work-from-home scenarios companies are experiencing today – and the foreseeable future.
VPN and VDI Just Don’t Cut it
There are several significant challenges with both VPN and VDI when it comes to supporting remote work:
- Security: Patching and updating corporate-owned PCs with latest security updates is already a difficult problem, even when the PCs are on-premises. IT and security leaders are acutely aware that a single unpatched PC can put the entire company at risk. However, this risk increases by an order of magnitude when PCs are remote and connected to the data center via a VPN. The ability to patch PCs becomes more difficult because the PC may be offline, or it might not be connected to the corporate network. Plus updates can be interrupted mid-stream more frequently when they are remote.
- Agility & Scalability: Both VPNs and VDI were provisioned for the use case where 5% of people are working remotely. Both technologies suffer from significant scalability and agility limitations. Both technologies actually stymie enterprise growth compared with what’s possible today with alternative approaches. Plus, the amount of infrastructure that would be required to accommodate the scenario where 100% of people need to work remotely is just too expensive.
- Performance: To put it simply, users hate the performance of legacy VDI solutions. Our customers repeatedly tell us that legacy VDI negatively impacted productivity and made for some unhappy folks, and that doesn’t take into account the IT people who have to deal with the fallout. Often, people are compelled to use VDI for occasional access or because they have no other choice. If you’ve been a part of a VDI deployment or you’ve used VDI while remote from the data center, you know exactly what I’m saying: Imagine having to force 100% of the user population to adopt VDI – and then imagine the deluge of help desk tickets and complaints!
- SaaS: As more applications are delivered from the vendor directly via a Software-as-a-Service (SaaS) model and no longer run in the customer’s data center, funneling SaaS traffic through the VPN connection, back to the data center and then out to the SaaS vendor is sub-optimal in multiple ways. First, you need more VPN capacity to support all that traffic. Second, the performance of your SaaS app is going to be terrible.
Modern Work-From-Anywhere Solutions
The new reality for IT teams is that they need an end user computing solution that supports work from anywhere, with little or no intervention from IT. It should be a seamless transition that happens on a moment’s notice; people should be able to simply go home and pick up work where they left off. How should you plan for the dramatic increase in work-from-anywhere needs? What do modern work-from-anywhere solutions look like today? IT leaders should explore two new solution categories that replace VPN and VDI in the cloud era:
- ZTNA: Zero Trust Network Access solutions from vendors such as Zscaler, Netskope, Pulse Secure and others are optimized for the SaaS and cloud era. They use a combination of techniques to solve the problems mentioned above by sending SaaS traffic directly to the vendor and making zero trust end points possible.
- Desktop as a Service (DaaS): Desktop as a Service solutions (such as Amazon Workspaces, Workspot, Nutanix Frame) are a SaaS equivalent of VDI. They make it simple and elastic for IT to deliver virtual desktops to end users. By taking advantage of service availability in cloud regions all over the world – Amazon WorkSpaces (13 regions), Workspot (all 58+Azure regions), Nutanix Frame (all Azure and AWS regions) – IT can dramatically simplify their overhead and processes, plus reduce latency and deliver better end user performance.
Both ZTNA and DaaS are fundamentally changing IT’s ability to solve the work-from-anywhere problem.