By Matt Willis on Nov 14, 2017

Remote Access: The difference between VPN, RDS and VDI

With the ever-changing world of business, working remotely has become a fact. Almost all organizations require remote access for various reasons, and it’s not always access to simple cloud apps such as email.

Many businesses need to provide remote access to Line of Business apps such as ERPs, CRMs, finance, healthcare, accounting systems – the list goes on, but there are many specialized applications that require reliable and secure remote access solutions.

But which type of remote access solution is best for your business? With so many different options out there, it’s easy to become lost in a sea of marketing.

Let's start out with some basic definitions of the three most well known remote access technologies:

Remote Access Solutions: VPN, RDS and VDI

What is a VPN?

VPN (Virtual Private Network) is a technology that allows user devices to securely connect to the corporate network from remote locations with an Internet connection. This technology is usually restricted to laptops (PC or Mac) and provides access to network resources (shared folders, printers) remotely via a secured connection. Users will need to install an application or have a connection setup on their device.

What is RDS?

RDS (Remote Desktop Services) is the latest evolution of Microsoft’s remote access solution, which was formally referred to as terminal services or a terminal server. It works by allowing users to log in from almost any device via the Internet to a centralized server, presenting the same virtual desktop to all users. The server resources are split amongst all the users who are actively logged into the server. RDS generally works best with PCs.

What is VDI?

VDI (Virtual Desktop Infrastructure) also provides remote access to a virtual desktop, but in this case each user has their own dedicated Windows-based system which can be configured to their liking. In this scenario, there are separate virtual machines being hosted on a single (or multiple) server with dedicated resources for each machine, which can improve both security and performance.

What are the key differences between VPN, RDS and VDI?

When using RDS, all users log into the same server interface. Although some settings are customizable, overall everyone will have the exact same user experience. As mentioned above, the resources are shared between all users logged into the system. Users will not experience the traditional Windows 10 or 7 interface that they may be used to, instead using a Windows server flavor of the desktop.

When using VDI, all users have their own dedicated station that they can customize, although the administrator can define policies to decide what can be modified and what is uniform between the different virtual systems. Users will get a more familiar Microsoft Windows 10 (or other) environment to connect to. As the resources are defined and completely dedicated to each machine, this means that each machine works independently of the others, which may be important to highly regulated or secured environments.

When using a VPN, the application on the client device (e.g. PC or Mac) establishes a secure connection and creates a tunnel between the device and the corporate network. The end user’s device then behaves as if it was in the office. All applications and services offered can send data securely over the encrypted tunnel. The processing is done on the client machine, unlike RDS and VDI.

Pros and Cons of VPN vs RDS vs VDI

There are pros and cons to each of these setups, but here are the main things to consider when making your choice:

Cost: A VPN is generally the lowest cost solution. Minimal hardware is required and users can usually keep their existing devices. A VDI system is usually the most expensive, as there is an extra layer of software required to host a VDI system, most commonly Citrix or VMware. RDS may fall somewhere in the middle.

Maintenance: Using a VDI setup requires many different virtual machines to support the user base, so it can be more challenging to run patches and updates. An RDS setup generally has fewer machines to patch and maintain. VPN setups can leverage existing hardware, however maintaining off-site resources can be difficult as they need to connect to be visible.

Performance: The user experience is generally quicker on a VDI solution than RDS because the resources are compartmentalized and adjustable to each user. This provides a faster experience when using the system. A VDI solution would typically be recommended for AutoCAD or similar graphic-dependent software, which requires more processing power. VPN connections rely on client hardware and connection speed, thus sending large amounts of data can be slow because of the encryption required.

User Hardware: Because all the processing is being done on the server side, the end-user hardware is not as important with VDI or RDS. VDI solutions provide access clients for Mac and Windows, and in some cases iPhone and Android devices. Windows RDS has clients for Windows and Mac, however using a Windows-based PC will generally give the most consistent user experience. For VPNs, user hardware is more important as the processing is done on these devices.

Security: VDI and RDS can be configured to restrict data from leaving the corporate network. VPN connections protect the data in transit, however data can still be moved to client devices and extra steps should be taken to protect against this.

Final Thoughts

Every business has different requirements that will need to be taken into consideration. For a small number of users with limited needs, VPN or RDS is simpler and more cost effective. For a larger workforce with mobile needs or graphic processing needs, a VDI solution might be better suited to deliver the user performance required.

If you’re considering any of these solutions, make sure that you do an upfront analysis of your business needs first. Your best bet is to reach out to an experienced IT consultant at a reputable IT support company who can guide you through the entire process, and assist with deployment, user training, and ongoing maintenance as required.

 

New Call-to-action