Part of:Common desktop as a service (DaaS) questions
What are the key differences between DaaS and VPN?
VPN and DaaS can both give remote access to corporate resources, but they differ in key ways. IT admins should consider these factors when making the decision of DaaS vs. VPN.
Remote access to corporate resources is essential to ensuring business continuity. There are a variety of ways to provide this access.
While both give remote users access to an organization's resources, DaaS and VPN differ in user-friendliness, performance, security and manageability. IT administrators should examine the similarities and differences between the two services to determine which one best suits their goals.
What is DaaS?
Desktop as a service (DaaS) gives end users access to a virtual desktop that is hosted in the cloud. With this option, IT admins can manage virtual desktops while the DaaS provider handles the hosting infrastructure setup and management. When end users connect to the virtual desktop, the DaaS provider streams the screen of the virtual desktop over a network to the endpoint devices. The display signal of the desktop is the only data that goes to end users' personal devices.
End users might need access to a corporate application that requires a SQL database connection on the corporate network. With DaaS, the virtual desktop already has the application installed. The network the DaaS desktop is on has access to the SQL database. The only thing the end user must do is log into the DaaS offering, start the virtual desktop and open the application. The end user then has fast access to the SQL database because it's on the same network as the virtual desktop.
DaaS technology is also centralized, which means that organizations can manage all aspects of deployment from a single administrative interface. If IT administrators need to apply an update to desktops or business applications, they can easily do so and the update will immediately be distributed. Because DaaS gives IT the power to decide when a new version of the application is available to end users, with DaaS image management and virtualization software, the IT admin can run the update only once.
Popular DaaS offerings include Microsoft Azure Virtual Desktop, Citrix Managed Desktops, VMware Horizon Cloud and Amazon Workspaces.
A VPN creates a tunnel, or agent, between two networks, allowing them to connect and transfer data. A business VPN enables end users to connect to corporate resources such as applications and data. A business VPN works via a client on end-user personal devices. The client can connect a private network over a public network -- such as the internet -- between that device and the corporate network. Users upload and download data over this connection. The virtual network is created with a secure sockets layer connection and is often end-to-end encrypted, enabling secure access between the networks.
Let's return to the example of an end user who needs access to a corporate application that requires a SQL database connection on the corporate network. The user signs into the VPN agent on the personal device, setting up the virtual network tunnel between the device and the corporate network. Because there is then a network connection through the VPN tunnel to the SQL database on the corporate network, the end user can start the corporate application locally from the device and it can reach this data. This makes VPN technology a decentralized approach.
Security is a significant consideration with VPNs. Users upload and download data when using a VPN, so data can end up on the end-user device.
With a VPN, every end-user device needs to have the corporate applications installed. The IT administrators must update every device when an application update is required as well. Because of this, VPN use is often combined with endpoint management tools such as Microsoft Endpoint Manager. With endpoint management software, IT organizations can distribute applications and updates to all devices, often through the internet. With its configuration, IT can also push the VPN agent updates with an endpoint management tool.
Security is a significant consideration with VPNs. Users upload and download data when using a VPN, so data can end up on the end-user device. In addition, a VPN gives end users direct access to a part of the corporate network. If the connection gets hacked, for example when using a weak or old digital certificate, the hacker has access to the company network. Network segmentation with VPNs is essential. Common examples of VPN software include OpenVPN, FirePass SSL VPN, NordLayer VPN and Cisco Systems VPN Client.
How are DaaS and VPN different?
Both DaaS and VPN give secure remote access to applications and data, but the two options are rather different. VPNs are easy to set up on both the end-user side and the administrative side. They allow IT to onboard end users quickly. A new user downloads the VPN client, signs in and accesses the corporate network. With DaaS, the IT organization must give each new user a desktop, profile, home drive folder and other specific items, which might require more setup work than a VPN.
A VPN goes into the company network and, in doing so, provides access to applications and data. With the corporate data and applications at stake, security considerations include network segmentation, endpoint management and decentralizing applications. VPNs also rely heavily on internet quality for both the speed and the stability of the application. If, for example, an end user loses connection while updating a database, the database can get out of sync, with destructive results. Of course, VPNs require stable internet access as well, but if there are any network issues, a desktop running a VPN can still access local applications, documents and other aspects that don't rely on a secure internet connection.
With DaaS, the virtual desktop is in the corporate network, so data and applications do not leave the network. Users only receive the display from the desktop, making DaaS more secure than a VPN connection. This also means it's less reliant on internet connection. Protocols such as Citrix HDX, VMware View and Microsoft RDP are optimized, sending the user only the part of the screen that is updated, and they can scale in quality.
A disconnect while updating a database is not a problem with DaaS. The virtual desktop in the data center is talking to the database. Any disruptions in connectivity between the virtual desktop server and endpoint device will not affect the database update on the server side. When users sign back in after an interruption, they will be back at the same point where they left their sessions. This also allows users to switch between personal devices. Users can start a session on a PC, then disconnect in the morning and pick the session back up in the afternoon on a laptop.
Deciding between DaaS and VPN
The most significant factors in deciding between DaaS or a VPN are scale and security. If an organization needs to make one application on the corporate network available for end users from the internet, for example, DaaS might be too complex, as it creates an entire virtual desktop for each user. But if security is an organization's main concern, then DaaS might be the best option, even for just one application.
Organizations should also keep in mind that DaaS and VPN are both technologies for legacy applications and data. For example, if an organization migrates all of its data to a cloud platform such as SharePoint in Microsoft 365, users can automatically access the data through the internet without DaaS or VPN. This is also the case with SaaS applications. Additionally, web applications on the corporate network can be made internet-facing with an authenticated application proxy.
