Why DaaS (Desktops as a Service) is a pain in the aaS

We've all heard the pitch about centralized desktops are easier to secure and administer than conventional ones. Desktops as workflows have very unique requirements in order to be provisioned as a cloud-based service, the net of which makes most use cases untenable.

1. Virtual desktops have a very demanding IOPS requirement (Input/output operations per second) which is very expensive to maintain in both public and private clouds. In the private cloud each random IO is a spindle head movement. With an average of 20 IOPS per desktop, the total random IO required of a SAN is 20,000 IOPS. This translates to 300 spindle disks without accounting for RAID. With RAID 5 or 6, the number of disks required is 600-800 just to support steady state random IO coming from these 1,000 virtual desktops. While the hardware cost may be abstracted in the public cloud, the service cost could easily outweigh it: Consider the going rate of $6 per IOP per second per month, at 20 IOPS per desktop the cost of 1,000 desktops on a public cloud would be $120,000 per month! The presentation will dive deeper into how existing DaaS service providers skirt these costs today, but the net outcome of any cost savings is usually poor end user experience.

2. Enabling true multi-tenancy is close to impossible (read: ridiculously expensive and complicated). Multi-tenant management is the ability for a cloud tenant to have single-pane-of-glass visibility and control over the instances, data, and networks in their cloud-hosted solution. In terms of a DaaS solution this would mean the desktops, the master images, patching, user data, networks, access policies, etc. Essentially, the tenant’s management portal would need the ability to administer multiple isolated virtual desktop silos. In addition, the multi-tenant management solution would need to have the ability to securely provide this level of access to multiple tenants. None of this functionality exists in any of the desktop virtualization offerings available today (don’t blame the vendors, blame Microsoft – who puts the final nail in the DaaS coffin).

3. Microsoft Virtual Desktop Access (VDA) licenses are very expensive and are priced at per-device rather than concurrency. In short, Microsoft doesn’t have a Service Provider License Agreement (SPLA) for virtual desktops. That’s why the VDI vendors don’t allow multi-tenancy, and that’s why the whole thing is a non-starter.

4. Lastly: The security benefits of virtual desktops are vastly overhyped, especially in the private cloud scenario where virtual desktops could create greater security vulnerability than physical ones by allowing an attacker who has compromised a desktop direct access to the datacenter network.