With fibber internet increasingly becoming standard around the world and 5G it makes perfect sense people will use their computer as a terminal for a more powerful computer in the cloud than buying powerful computers
I wouldn't hold my breath on that one. Last mile ISPs are not optimizing for those traffic patterns. And there really is no incentive for them to do so.
For exampe, there's 70ms between my Verizon phone and the PC sitting in front of me on a very well connected network. The traffic goes from WNY > NYC > DC > NYC > CNY > WNY. Very much not optimal.
At the same time, AWS us-east1 is 9ms away from my desktop.
That would make sense indeed, if the prices for 365 weren't so damm high.
And if we had a computer that could be a dumb terminal - it would cost 10-20 dollars, have wifi, ethernet, an HDMI connection and support a mouse and a keyboard.
Looks like they tried to match Amazon Workspaces prices. That doesn't mean it isn't expensive though.
I'd call them both niche products that I'd be more interested in developing on if it wasn't so expensive to do so (at 16 GB of RAM). I'm not entirely sure I can describe what the normal deployment scenario looks like (e.g. traveling salesman doesn't work because you'd need too high of internet quality on the road, developer doesn't work as RAM pricing, and in a lot of scenarios you need on-prem hardware to connect to it anyway).
I was going to say that if they priced it per minute or hour, like some other IaaS offerings, this would have been competitive. I can imagine a developer or occasional user using this for 1-5 hours a day, and then putting it to sleep...
But nope, just checked, it's a flat rate per month, irrespective of use, so definitely looks cheaper to just buy a high-end machine and install Windows on it (or Mac + Parallels + Windows like others have noted.)
Not compared to Citrix/VMWare/Amazon Workspaces, which is that + Windows licensing. Those prices include licenses (and license management, their portal keeps track of who has Windows licenses and therefore can have a cloud desktop). It's competitive, especially if you can leave the VM turned on all the time.
> including one at the top end that includes eight vCPUs, 32GB of RAM, and 512GB of storage for $158 per month
Why is it so popular? I can't understand the economics of it. Can someone explain? Why would I pay ~$10k over 5 years for something that's similar to the laptop I'm typing on which costed me $700 used?
I know it's for businesses, but even then, does it come with tooling or something that makes management easier? What justifies an annual cost that is close to the lifetime cost of a physical machine?
You still need a physical machine to access "the cloud", so don't you still have all the expensive problems related to managing a fleet of PCs, but now you have to do it x2?
Is data security so important that some companies are willing to pay 5x hardware costs and 2x maintenance costs for it?
I really don't get it. When I looked at the cost of using Azure for failover on a single server, the conclusion I came to is that it only made sense to run something short term while new hardware was shipped in. Who the heck is buying these VMs that cost 5x real hardware?
> Is data security so important that some companies are willing to pay 5x hardware costs and 2x maintenance costs for it?
Yes. Also, maintaining a fleet of hardware is a resource suck. Being able to provision everyone with something like this lets them use their personal hardware without much compromised in the way of security. (It should also make onboarding much smoother.)
> lets them use their personal hardware without much compromised in the way of security
How do they protect against an attacker compromising this client, waiting until the employee is asleep or away for a few minutes, then using the employee's session to compromise the remote machine?
Even if session establishment requires 2FA, the attacker could keep the session alive after the user attempts to close it.
For a targeted attack with a hacker remotely or physically controlling the client, I agree.
However I think an automated attack would be difficult, especially if the VD sent its data to the client as a video stream, and only recieved keyboard and mouse inputs. Now maybe there's some fancy computer vision that could handle this (and all without the employee noticing)...
You don't need computer vision to send Win+R, cmd<enter>, and whatever the Windows equivalent of "curl | bash" is.
It's definitely going to keep a lot of the commodity malware out, but it's only going to stay secure until attackers start targeting it. And the risks from "inside" the machine (user downloads and runs something bad) don't go away, although the company gets a bit more control over the network (could also be done with an always-on VPN).
You turn the hardware client into a cheap fixed function device that doesn’t need a thousand vulnerable legacy components only runs signed and approved binaries with secure boot.
I purchased a large desktop monitor and had it shipped to my contract company address delivery dock -- wow, you should have seen the number of alarmed accountant types I had to talk to .. but six-figure Ora licenses ? many in operation
We should band together and start laundering AWS resources for physical goods. Similar to how mining Bitcoin can lead to eventually obtaining physical goods.
This sort of dynamic happens in smaller companies, too. And it isn't entirely on the company. I've been through similar sort of situations, for example consider some sort of SaaS service that costs $5k/year. I have to:
- Fill out some form to get one of their salespeople to contact me.
- Find a time to meet with them that works for both of us - may be a week or more out.
- Talk to the salesperson for half an hour.
- Get a quote emailed to me a day or two later.
- Talk it over with my boss. This is fairly low overhead, but he's a busy guy so it may take a few days. He'll want to know the basics, if I've considered any alternatives, what we'll use it for, etc.
- Sign the document - hopefully my boss/finance don't request any significant changes.
- Start using the service once they get the contract and provision stuff for us.
Usually we are looking at a few weeks lag time, and maybe half a day of my time taking care of all of this. If it is something available on AWS, here is what I have to do:
- Click a button, maybe fill out a form to configure it.
- Start using the service a few minutes later.
Even if it costs 2x the other service, it is unlikely that anyone is going to notice or care about the small increase in our AWS bill, and if they do saying "oh yeah, I added xyz service" is not going to raise any objections.
It is kind of funny to think about the difference, but it comes down to the fact that it is genuinely less friction in the AWS case, coupled with a bit of psychology on our end I guess.
At my last shop, we had similar problems. We got around it by including extra equipment we wanted in our server orders. Accounting never bothered asking why we needed nice keyboards and big monitors for rackmount servers. But god forbid you try to buy those directly. At one point management started to get wise, so we just had the vendor include the extra equipment in the same line item as the servers instead of broken out, just increasing the per-server cost to account for it.
Shenanigans like that shouldn't be necessary just to get the stuff you need, but big corporations are so dysfunctional sometimes.
Here's how that'd go in the last two companies I worked for: Purchase declined. Not valid under T&E policy. Please follow IT acquisition policy for computer equipment and real estate acquisition policy for furniture. Card payment is due by xx/xx to reimburse for invalid expense.
Who the heck is buying these VMs that cost 5x real hardware?
Right. This has already been tried in the "game streaming" business. There have been multiple services where you rent a PC in "the cloud" by the hour, or for some number of hours per month. Either they cost too much, and fail for lack of customers, or they are underpriced as a loss leader, and get shut down after losing money. Google Stadia and NVidia Cloud Gaming are currently live, but Stadia is likely to join Google's list of discontinued products, and NVidia's offering involves being kicked off if you stay connected too long.
You are talking about Microsoft and Google - two of the largest computing companies on the planet.
By the same logic, you could say that game streaming is like a search engine, because some of the companies that do the latter are also doing the former.
The idea of provisioning remote cloud VMs is far older than Stadia or Xbox Cloud anyway.
Right, but these are small companies that offer no other services. In both cases, they just offer VMs. Game streaming is a VM.
I am not talking about Microsoft and Google. I know a guy who runs one of these companies: they offer VMs for gaming, they offer VMs for offices, the machines are set up identically.
I play video games about 8 hours per month. At 40c per hour, it would cost me less than $40/year to rent a gaming computer in the cloud. Even $400/year seems pretty reasonable. It’s only not cost effective if you use it a lot (which is the case for most pay-per-use commodities).
> NVidia's offering involves being kicked off if you stay connected too long.
8 hours, which is a pretty decent gaming session. You can reconnect just afterwards anyways.
> but Stadia is likely to join Google's list of discontinued products
Highly unlikely, they're spending tens of millions to get EA and Ubisoft's catalogues on Stadia.
In any case, cloud gaming works, sells, and is very useful for some subset of users, even more so with the ongoing global chip shortage. I have both Geforce Now and Stadia and I'm very happy with them. Playing on my laptop and TV ( with a Chromecast) is great. Playing from my phone in a hotel room is a fun experience. Stadia even makes financial sense, because there's a free version ( at 1080p/30fps), you only need to buy the games ( which you would anyways regardless of the platform), saving you hundreds of (insert currency) in the process. The paid one is 10 eur/usd/month for better quality and some free games. And if you're the type of person that wants 4K 120Hz 60fps, this isn't for you and isn't the point.
You have an 8core laptop with 32gig RAM for $700? That's not super common though, I think usually you'd spend more like $2500-$3000k for it. Count in the reduced maintenance and hardware support + having your whole stuff in one place.. Might make sense if you are not super low on money
The idea is probably that employees / contractors use their own hardware to access this. Someone likely already figured out how to fill out the Excel spreadsheets to make this secure.
From what I understand it's still dual channel for the first 8Gb, no? Not ideal but if I ever feel the need I could get another 32Gb stick and make it dual channel.
That Azure VM only has 4 cores, not 8 cores. 1 vCPU = 1 hyper-thread (not a physical core). 4 cores * 2 threads = 8 vCPU. Yes it's easy to get a used quad core laptop with 32G for $700
When you use a lot of contractor developers, being able to provision out devices for temporary work is powerful. A lot of time is spent provisioning machines, white listing ips, setting up VPNs, and getting the contractor to the point where they can work. In some cases I've seen it take 2 or 3 weeks to get a contractor up and running on a 6 month contract.
Being able to give them credentials to a machine that's ready to go is pretty huge.
I still didn't get how bare Windows VM can speed up a new developer on-boarding. In all my jobs slowest part was always familiarization with a new build/deploy environment. OS/Laptop setup was always trivial and took 1-2 day max, even in orgs with 20k employees.
Only if you're a dev or something, general office workers don't need admin access. Though I'll add pretty much anything legit to our self service installs.
Nearly every compromised or bricked workstation I’ve seen in the last 20 years was a developer’s (or QA) machine with local root/admin.
Standard users don’t get local root/admin in a corporate environment since the Win2k days, and seem to have few issues in comparison.
Many devs seem perfectly willing to pull any random executable off the internet and run it without inspection or concern. Because they “know what they are doing”, right?
This offering makes perfect sense to replace those dumb dell machines equipped with 4gb ram and a core i3 with even dumber machine and slash the local it team.
Think of thin clients, all over again.
Think of call centers.
Think of receptionists, or bank clerks that all they do is use internal web-based software, and print a pdf file.
No more hardware maintenance, just throw away the whole thing (the dumb terminal) and replace it with a new one, we'll send it in for repair later.
I absolutely hate using VMs over VPNs, any slight interruption in my fragile home Wi-Fi (or whatever the hell the VPN is doing) causes my whole dev environment to freeze.
I had Ethernet installed in all rooms at home. For some 800 euros (5 Ethernet outlets including the router) you get sub millisecond latencies to your router and your computer works wonders again.
Installing an Ethernet LAN network is the best investment for anyone who works from home.
Wi-fi really sucks in urban areas and soon even in rural areas because of the IoT crap.
How do you know you could have done it for 2/3 of the price? All my internal walls are solid brick, so running a cable from one end to the other would involve drilling through at least one, but likely 3 brick walls, and either channeling through the wall or pulling up the hardwood floors above them. No way are you going to install 5 points for €500 in a job like that.
Also Ethernet is definitely useful for latency. Having sub 1ms latency on a wifi network is very very difficult, and definitely not going to happen with 5 routers.
That's not really true in noisy areas. The available radio spectrum is limited, and as more users inhabit an area you are basically time-sharing. The less time you have to send packets, the more latency some of those packets will experience. Empirically, wifi latency can be _extremely_ poor in busy areas.
I did development on a VM for 4 years because the corporate policy was to issue everyone the same spec machine. An i5 with 8GB of RAM and 120GB SSD is a lot more pain than a VM.
I work on a lot of systems with public and private facing endpoints and so I have a remote session running on a machine outside our network as well.
Okay, now I'm just laughing out loud. My org has an internal/external reputation for not exactly being fast moving and having convoluted IT processes, yet we can onboard people within a few days.
If it takes you 2-3 weeks to onboard ANYONE please realize that your IT processes are complete, unmitigated garbage. Paying Microsoft for some Windows VMs through the nose isn't going to change anything about that.
This it true but I've seen orgs in the past where a business unit would happily pay quite a lot of money to avoid going anywhere near central IT.
I think the most extreme example of slow process I saw was an organization where central IT wanted to charge $20k and take two months to quote for a project.
In that kind of environment things like this with opex pricing that can be assigned to a project's budget and fast spin up are a much better option :)
At my current company, my department would be able to find more experienced contractors for well below what another department here rents them out for.
So I can see internal pricing being an issue as well. Internal IT charges for quotes. MSFT just quotes.
This happened at a prior company as well. IBM was routinely hired over our internal team as they were cheaper.
I'm a security person. I often work with my customers' central IT. I'm not going to have an opinion or judge you, but consider:
You're giving people nightmares. I've seen it go very wrong (front-page news wrong). And then the threads commenting on "how incompetent can they be, blabla". I've worked with the people stressed, sad and disappointed that they got pwned because of shadow IT. It's a ticking time bomb.
The cloud wont save you from shadow IT's insecurities. In two years, when you switch to another SAAS provider, or the domain changes, and the enterprise app is left in your azure subscription, and the baddies notice... Then you'll call me or someone like me, and I can earn my paycheck :)
I'm too junior to make decisions, but a lot of it basically came down to the organizations I have worked with all either being government or running things on quarters.
In the former case there was high turnover (replace the team in 1.5 years) and in the latter cases there was high turnover coupled with a problem more than a month away not being considered a problem. So in the former knowledge poured out the door and in the latter knowledge poured out the door and nobody had an interest in anything beyond the quarter, so you do what gets you to the next review cycle.
Basically in both cases the bomb does not matter as you either probably won't be there when it goes off or it doesn't matter as you miss your quarterly goal instead.
A properly functioning IT department will say using the SaaS is fine as long as they conduct a security review of it and how it'll be used and integrated. (For example, if it's Dropbox and one of the proposed directories to be synced contains trade secrets, that's something they'll want to know about and deal with or prevent ahead of time.)
I've also see shadow IT be the only part of the IT operation which is safe because it was run by people with security expertise, the cloud provider has a stronger security foundation than on-premise (not uncommon), and central IT's security group was primarily a compliance shop which had lots of Word documents and not much in the way of technical skills.
The way I read shadow IT is as the requirements analysis central IT hasn't done. People aren't taking on all of that extra expense because they want two jobs, they're doing it because central IT is making it hard to do their jobs. When security policies conflict with productivity, it has a direct cost from inefficiency but often a greater one by training people to think of central IT as an obstacle to be bypassed rather than an ally. That inevitably causes other problems and takes a considerable amount of work to improve.
> You're giving people nightmares. I've seen it go very wrong (front-page news wrong). And then the threads commenting on "how incompetent can they be, blabla". I've worked with the people stressed, sad and disappointed that they got pwned because of shadow IT. It's a ticking time bomb.
Who cares about front-page news wrong lol. Equifax was front-page news wrong, and there were 0 actual consequences for people in it.
I've been in security in various roles for a while now and what I've found is, in companies where IT is treated as a cost centre and Security say no to stuff, Shadow IT will always be rampant.
If you put someone in business into the position of choosing between getting their job done/making money and adhering to a set of IT/Security rules, I can tell you which one they'll take :)
How do you avoid this? Well it's not easy and it's not cheap. The most important part is ensuring that IT isn't treated like an expense, but an enabler. then you work with your business teams to make sure they have the services they need to get the job done, as safely as possible.
Security teams shouldn't be blockers, but advisors. for this to work, it needs to be acknowledged that the business leaders own the risks ofc.
That's massively easier to write than do, but from what I've seen of various companies, it's pretty much the only way to have a chance of doing things without huge amounts of shadow IT.
I worked at one place where the running joke was if central IT pushed for a solution, it was time to seriously consider the competitors to that solution.
I've seen this arise from financial policies whereby the IT cost centre must be financially self supporting.
Hence IT department has to charge everything it does, swamping everyone involved - business and IT both - in bullshit paperwork, taking time from everyone. Like a finance version of fighting entropy, you can have everything perfectly neatly ordered but it takes effort.
Then someone in IT gets sick of hearing bullshit hopes and dreams ideas from business;
"Ok, but what if cereal box toys were spruced up with crypto? Go cost it up will ya?"
And so IT swings the financial ban hammer with $20000 quotes. Bullshit begets bullshit.
There will be a "who you know" club of people from business and IT who can skip the bullshit, not fill out the financial paperwork, meet over coffee or lunch and hash out ideas. If this club does not exist, woe betide the company.
Yes it does, because then you don't need to deal with IT but can just deal with accounting and your budget.
At a former workplace, we got our own internet connection to not have to deal with IT. We got our own computers for that connection. We hired outside contractors instead of using internal people because IT was a hassle to deal with.
We spent tons and tons of money to only have to deal with accounting and not coordinate with IT.
> At a former workplace, we got our own internet connection to not have to deal with IT. We got our own computers for that connection. We hired outside contractors instead of using internal people because IT was a hassle to deal with.
You built a better IT. Shouldn't they replace your existing legacy IT dept?
Yeah - the reality is that actually getting good IT is not so simple these days. The setups are complicated - you are doing WFH, so you have network, login (domain vs local), federated AD etc etc.
Now if they can simplify this a bit into the cloud, the key for business is to DOWNSKILL this so basically an office manager can do it, then you are golden. If they can even save ONE it salary - amazing. And if users can self service a bit more - also amazing.
I've got a friend who got a contracting position at the US Dept of Veterans Affairs and he said they hadn't given him the right access after 2+ months into a 6-month contract.
You definitely bill. You'd go out of business otherwise. 30%-80% of consulting is dead time waiting for the client to get their shit together. Time you get a good intuition for including in your Scope of Work from the beginning.
It can make it a little awkward when you finally work for a client who knows what they're doing and you do "8 weeks" of work in 5 days, but that's rare.
Not really any different than when you're an FTE and you're dependent on external factors to get your work done.
>If it takes you 2-3 weeks to onboard ANYONE please realize that your IT processes are complete, unmitigated garbage.
I want to redirect this to a certain authority in The Netherlands, but I might get shot. It takes more than month to onboard and even then, you still need to do something extra to get certain rights.
You have tens-of-thousands of profitable companies with such "unmitigated garbage" IT processes. Since they continue to remain profitable despite disaster-IT, they exist and hence will buy stuff like this.
Beyond the ease it also converts all of your technology capital expenses (typically with 3 year depreciation schedules) to operating expenses that can be deducted immediately.
That doesn't hold up. Unless your org is completely inept at device setup they should be able to do the same with a physical PC as well. You don't gain much from provisioning a completely virtual device.
> A lot of time is spent provisioning machines, white listing ips, setting up VPNs
That sounds as if the person dealing with it would be completely incapable of replacing a failing dev. system in a timely manner. Keep a few replacement systems ready and your IT has all the time in the world to deal with those issues without blocking anything important.
I can just imagine the people responsible for that mess dealing with cloud services: I am sorry but we used up all the cloud licenses management signed of on, we will push for more licenses on the next quarterly budget meeting until then have these leftover sheets of paper and this dried out pen from our office supplies.
I think the thing we are missing here is... What was the capacity to begin with? If they have capacity for 1000 machines... that's not particularly impressive, nor does it show that it's really popular. The fact that they're leaving the numbers out makes me think this is a hype piece to make everybody think it's more popular than it is... but I dunno.
They are bundling the IaaS hardware with the price of the MS software stack subscription. You need to net out the cost of standalone windows and office from the monthly price. At the lower hardware tiers, it's a bigger percentage of the price.
Where are you seeing that? Your link just goes to the Microsoft 365 (nee Office 365) pricing page. I couldn't find any mention of hardware on the Windows 365 pages.
Companies amortize capital expenditures, while monthly service costs are a separate line item (operating expenditures). I think there's also a perception that deploying and support physical hardware has higher labor cost associated. If it take one IT staffer per every X PCs, the presumption might be that X is higher when the "PCs" are virtual.
But mainly, companies aren't doing what you're doing: looking at the five-year cost. They don't care what it costs over five years, or often even over one year. This quarter, the cost for that beast is $474. Can you deliver an 8-CPU PC with 32GB of RAM for $474? Today? Then the MS offering is better.
Also, when you lay off an employee, you get to stop paying for their Windows license, instead of it being a sunk cost.
There's definitely a reason they're targeting companies first. The economics make so much more sense in that world.
> But mainly, companies aren't doing what you're doing: looking at the five-year cost. They don't care what it costs over five years, or often even over one year. This quarter, the cost for that beast is $474. Can you deliver an 8-CPU PC with 32GB of RAM for $474? Today? Then the MS offering is better.
If you're willing to pay $10k over 5 years for a $2k PC, wouldn't there be a ton of financing companies willing to convert the capital expenditure to an operating expenditure for that? Where else can you make 80% annual returns on a capital investment?
> The economics make so much more sense in that world.
Actually the economics still does not make any sense in that world, but some people in some companies count things (only) using such rituals that they think it does. Which is, obviously, all that matters.
You're assuming that a physical desktop or laptop is the alternative. Likely this is an alternative for people using vmware horizon or citrix for virtual desktops. In which case you'll be spending almost half that on just the software, not including any hardware at all.
I'd need more info on the service, but I'd imagine this is very cost competitive. As to "why?" - because for things like HIPPA data, I'd MUCH rather have my doctors/IT staff logging into a remote desktop session that I can lock down so if their laptop gets stolen from their car I don't have to worry about whether or not some day someone will be able to crack drive level encryption. Or worry that an employee didn't have drive level encryption for some reason. Same for financial institutions/etc.
Furthermore a doctor or insert staff can connect from home, and I don't have to worry about whether or not they properly secured their home desktop. Yes there is still some attack surface there, but far, far less than them storing files locally on their home PC.
The VDI angle makes the most sense out of all the answers I've seen. However, I can't imagine anyone concerned about security would do BYOD for laptops or desktops.
Every person I've ever seen using VDI has a company PC plus a virtual desktop, so there's no cost savings there. The main advantages I can see are easier backups and not having to worry about network bandwidth too much (just enough for RDP is good), but there are drawbacks too like dealing with remote printing, a lack of support for hardware security tokens, etc..
For example, try to get a YubiKey working [1] with WebAuthN or FIDO when using RDP / VDI. It's basically impossible and you're stuck with crappy 2FA like TOTP.
Is there an extension needed or is this a recent addition?
I've spent way too long reconfiguring yubikeys to act as an OTP device so that they work over RDP.
(edit: reconfiguration is needed to capture the device ID/secret and get them registered to our MFA provider as an OTP token, I realize they do OTP OOB :) )
Microsoft has been hacked twice this year already. They're a huge target. All you're doing is guaranteeing you're part of the inevitable next hack. If you're managing my data, I'm going to ask you how you plan to prevent being part of that attack.
I don’t need it, but I can understand why this gets traction. Enterprises can essentially give out a tightly controlled windows client to anybody that needs it, even if they are running a Mac.
Severely restrict Windows without taking away liberties of the computer that the employee has.
An employee can simply login to their Windows workspace and continue work regardless of their their thin client(s).
Update windows without annoying your employee…
Prevent employees from installing that random chat program that is almost definitely a spyware right alongside their work programs..
Oh and prep a golden image Windows workspace and onboard any employee within seconds..
I can see how this product makes its argument to enterprise IT.
But I don't get it. I've helped out with security at a bank, and one of our big problems was persistent and very advanced efforts by malicious actors to compromise endpoints.
I've seen Trojans that would detect keypresses that look like bank accounts, take a screenshot and put it on top, replace the bank account number and then, seriously, detect with ocr on the confirmation page where the replaced account was and replace it there too. And these were made to steal amounts like 2k euro, maximum. I mean I guess that's still 2k euro * 1000 or so victims, but still (they do it this way because of 2FA, the customer must confirm on a second device, the little irritating calculators, the transaction)
Everything depends critically on endpoint security. You cannot make this work securely. I mean a simple Trojan could simply fake a logout, then transmit the screen + keypress control to an attacker.
And I would add: your enterprise security is not just dependent on a device you don't control, this also represents a "get out of jail free" card for malicious insiders. If they just make sure to have 4-5 viruses installed on their home machine, whatever they did in the company machine is excused ...
I worked at a company built on hardware products that was compelled to add some SaaS offerings because many large enterprise accounts have much simpler processes for subscriptions and AWS spend vs. capital expenditures. Sometimes a $500 machine is more expensive than $2,500 worth of services, it seems.
After a recent Windows 10(Pro) update it tries to guide you through setting up a bunch of stuff and pretty much signs you up for the 365 trial. My guess is that's what happened.
Nearly all irrational pricing like this can be explained by corporate bureaucracy and dysfunction.
If you need to provision someone you can buy them a laptop, but that's CapEx and has to go through some equipment purchasing bureaucracy that's hell on wheels to deal with.
Cloud services are OpEx though and might be something you as an IT person or department head can just approve as long as the monthly cost is low enough. The cumulative cost difference over many months or years doesn't factor into it.
A whole lot of the cloud trend can be explained this way.
Of course other use cases include temporary employees, testing, external contractors, etc.
10k for five years isn't that bad when you factor in upgrade policy, support staff and scale it up to a company of 50-60k employees.
just reducing some of the policy enforecemnet requirements with machines being virtual is probably worth the cost of two or three laptops
no need to overthink VPNs with tricky clients vm's already on the right network/subnet/whatever, hell each machine can have nice software controller azure IAM roles it's a dream for cloud working
Externally managed cloud provisioning can be a win from a SOC2 / ISO compliance perspective. You've just changed from having to manage controls on local environments yourself (e.g. antivirus, MDM, logging etc ) to offloading the risk to a third-party vendor. Now, you may think that is more INSECURE because now someone else has control over your environments, and that may be true for any arbitrary cloud desktop provider. But when it is Microsoft themselves, it will be hard for an auditor to take issue; they already manage the risk of the OS security itself.
> You still need a physical machine to access "the cloud", so don't you still have all the expensive problems related to managing a fleet of PCs, but now you have to do it x2?
Microsoft Intune/Endpoint manager is actually pretty easy to setup/enroll laptops. Autopilot takes a bit of work, but it does get you to the point where IT doesn't have to do anything on a new laptop shipped to a user.
Ultimately if you don't want your users doing much on their laptops you can make it pretty simple to manage them.
> Is data security so important that some companies are willing to pay 5x hardware costs and 2x maintenance costs for it?
It really depends on the industry. Most folks aren't doing this because security isn't a priority.
Some firms may not survive a data breach, others might incur tens or hundreds of millions of dollars in costs (directly and indirectly) for one large breach. These folks do care and will spend whatever it takes because it's got a business justification.
"Who the heck is buying these Vms that cost 5x real hardware."
Those with the ability to pay. The Microsoft sales force knows who they are and goes after them aggressively. There really isn't anyone like you in these targetted organisations who can question these decisions. Palms have been well-greased. Try to have an intelligent converstation with a Microsoft sales person. It is like you are talking to someone in a cult.
And as far as security goes, the now unmanaged BYOD client can still have keyloggers or screen recording malware that can extract company data. If your users can't be trusted with any sort of onboarding/MDM enrollment, it would still be cheaper to just send them a working laptop. If you don't want to do VPNs, you could still do Zero Trust style applications and have a cloud MDM for management.
>...or screen recording malware that can extract company data.
I have idly wondered how trivial it would be to exfiltrate data through HDMI. HDCP strippers exist and would let you record the output with perfect fidelity (1920x1080x3 is a lot of data). Simplistically, could compress data files, push through hexdump, paginate at chosen rate, and done.
> including one at the top end that includes eight vCPUs, 32GB of RAM, and 512GB of storage for $158 per month
> Why is it so popular? I can't understand the economics of it. Can someone explain? Why would I pay ~$10k over 5 years for something that's similar to the laptop I'm typing on which costed me $700 used?
It's probably not similar to the PC you're typing on in many ways, including the following:
- Probably significantly higher bandwidth to the internet
- Astonishingly high bandwidth to Azure resources (fiber)
- Multiple sources of power (usually more than one power
utility company connected, plus generators)
- Multiple network connections typically, for redundancy
- Backups managed for you
- Can push a button and make a clone of your PC that your friend can log in to for a couple days then delete it when you're done
- If someone wanted to steal your hard drive by breaking into your house, they totally could. But getting your cloud PC hard drive image is going to take more determination than breaking through a window.
For many users, none of the above things matter. But for a lot of users, having all those things taken care of is a big win. Have you ever had a fan or a hard drive die on your pc? Or deal with the pain of migrating data off a dead PC onto its new replacement? Maybe that sort of thing happens only once every few years to you. But if you're managing, say, 25 pc's, every month you're going to be dealing with 1-3 problems in your fleet.
You still need another device to connect to it right? The hardware reliability can only go down by adding more hardware to the system. Same goes for power, and to some extent network.
What you can do though is offer very generic, lightweight, long battery life laptops (chromebook maybe?) that are completely interchangeable. You could literally have a stack in every office building (like big companies have vending machines for power cords etc.) and if someone's laptop dies they just take another one, log in, done. You can also give everyone the same laptop and then configure the necessary hardware requirements virtually. I still think it's very expensive but I can see the appeal.
Also don't forget: Companies love OPEX and hate CAPEX. Does it make sense from a pure sticker price perspective? Maybe not. But it could from an accounting and tax perspective.
Windows 365's lowest tier, with only 2GB of RAM, works out to $288/year. If you're on a Mac, you can grab the Pro version of Parallels for $99USD/year and run it locally, and spin up an instance of any version of Windows you need, along with guaranteed uptime and availability.
I really don't see Windows 365 as a viable option for most developers, when there are so many better -- and cheaper -- alternatives readily available.
If I would have to pay $100-$200 for the software subscriptions for my Windows VM (windows license, office) it gets close? Especially if Microsoft is also throwing in some hardware so my local computer is taxed less? Of course streaming a cloud desktop introduces its own problems (latency, unreliability, etc) but also advantages (portability, reproducibility, etc)
Because Microsoft permits testing without a license? Or because you believe, in practice, Microsoft will not assert its intellectual property rights against someone who is only testing? (I am personally OK with the first, not the second.)
Functionally you can use it indefinitely without licensing and only have cosmetic issues in the form of a watermark and some inability to change appearance.
Not sure on Windows licensing, but their major enterprise software such as SQL Server and SharePoint are free for dev use cases. When installing you have to provide a license. You can select a "Dev license" option, which gives you access to all the Enterprise Edition (or whatever name they're calling the full-featured edition) features for free for dev.
Not disagreeing with you, but just a note that with the M1's being ARM based, the Windows 10 will also be ARM based and may not run the necessary software for you to test with. For example, I know currently Visual Studio will not run on that.
Or you can just use windows iso as is without activation on a VM and call it a day. Then, if you are adventurous, fire up that kms38 and you are off to the races
VirtualBox on the Mac is extremely slow. Also Parallels has much better integration with the Mac host (automatic shared folders, syncing program shortcuts between the host and the guest, etc.).
Can confirm that it’s slow. I tried so many different things, different GFX cards while trying to run Windows (xp, 7, 10) on my Mac Pro (2012, 2 x 6 core 3.4ghz, 128gb ram).
The only one that runs well in virtual box was XP. Everything else had extremely slow disk accès, graphics performance and cpu. It took like an hour to boot windows 10.
Parallels was what I would consider native speed with better features. That was really disappointing as I wanted to use OSS.
Running links in Vbox seems fine though and I run a few vms 24/7.
Is Windows usable with _anything_ on 2GB of RAM? I recall even back on Windows 7, that 2GB machines could barely manage a web browser and no multitasking with anything else.
For this use case, you might be better off using Windows VPS providers. For about $6/mo, you'll get a VM pre-installed with Windows 2019 server. Just google "Windows VPS" and you'll find tons of providers.
You’re not going to find that price at any reputable provider for 2019. There is BuyVM.net (very reputable), but they offer only up to 2012 I believe unfortunately.
Especially since MS provides a variety of testing-oriented virtual machine images.
I could see this if you needed better performance than that, I guess, or were developing on a machine that has trouble running x86 Windows very well under any circumstances (ARM).
Artificial scarcity isn’t really Microsoft’s thing. To your point, their clients are militaries, world governments, etc. They’d never risk their standing on meeting demand whenever/ wherever for a marketing ploy.
They have a wide berth of items, with varying levels of free-ness... and none of it to an extent that would cause a resource drain like this.
All of AWS free tier is either low impact resource wise (Couple thousand emails out per day, or metered to the lowest option, like a single t2.micro (Shared CPU, 1GB ram)
It is generous, but you still get above the limit fairly quickly. Difficult metric to begin with and hard to judge how much CPU time anything takes.
I think you need to supply payment information to use it and I believe this is pretty lucrative for Amazon. At this point you already caught half the fish.
197 comments
[ 3.1 ms ] story [ 240 ms ] threadAbsolutely not, the average connection speeds for 99% of the globe are nowhere near offering a solid desktop experience.
Plus, chips are plenty fast days. Rarely do typical uses need to upgrade because of new software.
For exampe, there's 70ms between my Verizon phone and the PC sitting in front of me on a very well connected network. The traffic goes from WNY > NYC > DC > NYC > CNY > WNY. Very much not optimal.
At the same time, AWS us-east1 is 9ms away from my desktop.
And if we had a computer that could be a dumb terminal - it would cost 10-20 dollars, have wifi, ethernet, an HDMI connection and support a mouse and a keyboard.
Windows as a service, if decently priced, would be pretty sweet.
I'd call them both niche products that I'd be more interested in developing on if it wasn't so expensive to do so (at 16 GB of RAM). I'm not entirely sure I can describe what the normal deployment scenario looks like (e.g. traveling salesman doesn't work because you'd need too high of internet quality on the road, developer doesn't work as RAM pricing, and in a lot of scenarios you need on-prem hardware to connect to it anyway).
But nope, just checked, it's a flat rate per month, irrespective of use, so definitely looks cheaper to just buy a high-end machine and install Windows on it (or Mac + Parallels + Windows like others have noted.)
Why is it so popular? I can't understand the economics of it. Can someone explain? Why would I pay ~$10k over 5 years for something that's similar to the laptop I'm typing on which costed me $700 used?
I know it's for businesses, but even then, does it come with tooling or something that makes management easier? What justifies an annual cost that is close to the lifetime cost of a physical machine?
You still need a physical machine to access "the cloud", so don't you still have all the expensive problems related to managing a fleet of PCs, but now you have to do it x2?
Is data security so important that some companies are willing to pay 5x hardware costs and 2x maintenance costs for it?
I really don't get it. When I looked at the cost of using Azure for failover on a single server, the conclusion I came to is that it only made sense to run something short term while new hardware was shipped in. Who the heck is buying these VMs that cost 5x real hardware?
On the books this can be a boon for the bean counters.
Yes. Also, maintaining a fleet of hardware is a resource suck. Being able to provision everyone with something like this lets them use their personal hardware without much compromised in the way of security. (It should also make onboarding much smoother.)
How do they protect against an attacker compromising this client, waiting until the employee is asleep or away for a few minutes, then using the employee's session to compromise the remote machine?
Even if session establishment requires 2FA, the attacker could keep the session alive after the user attempts to close it.
However I think an automated attack would be difficult, especially if the VD sent its data to the client as a video stream, and only recieved keyboard and mouse inputs. Now maybe there's some fancy computer vision that could handle this (and all without the employee noticing)...
It's definitely going to keep a lot of the commodity malware out, but it's only going to stay secure until attackers start targeting it. And the risks from "inside" the machine (user downloads and runs something bad) don't go away, although the company gets a bit more control over the network (could also be done with an always-on VPN).
Try to buy a keyboard though and forget it.
- Fill out some form to get one of their salespeople to contact me.
- Find a time to meet with them that works for both of us - may be a week or more out.
- Talk to the salesperson for half an hour.
- Get a quote emailed to me a day or two later.
- Talk it over with my boss. This is fairly low overhead, but he's a busy guy so it may take a few days. He'll want to know the basics, if I've considered any alternatives, what we'll use it for, etc.
- Sign the document - hopefully my boss/finance don't request any significant changes.
- Start using the service once they get the contract and provision stuff for us.
Usually we are looking at a few weeks lag time, and maybe half a day of my time taking care of all of this. If it is something available on AWS, here is what I have to do:
- Click a button, maybe fill out a form to configure it.
- Start using the service a few minutes later.
Even if it costs 2x the other service, it is unlikely that anyone is going to notice or care about the small increase in our AWS bill, and if they do saying "oh yeah, I added xyz service" is not going to raise any objections.
It is kind of funny to think about the difference, but it comes down to the fact that it is genuinely less friction in the AWS case, coupled with a bit of psychology on our end I guess.
Shenanigans like that shouldn't be necessary just to get the stuff you need, but big corporations are so dysfunctional sometimes.
Anyways, final approver should be somewhere between you and the CTO.
Right. This has already been tried in the "game streaming" business. There have been multiple services where you rent a PC in "the cloud" by the hour, or for some number of hours per month. Either they cost too much, and fail for lack of customers, or they are underpriced as a loss leader, and get shut down after losing money. Google Stadia and NVidia Cloud Gaming are currently live, but Stadia is likely to join Google's list of discontinued products, and NVidia's offering involves being kicked off if you stay connected too long.
By the same logic, you could say that game streaming is like a search engine, because some of the companies that do the latter are also doing the former.
The idea of provisioning remote cloud VMs is far older than Stadia or Xbox Cloud anyway.
Your point about game streaming being like a search engine is nonsensical.
They may be, or may not be, but your logic to say that they are similar isn’t right (otherwise other product lines must be similar by extension).
I am not talking about Microsoft and Google. I know a guy who runs one of these companies: they offer VMs for gaming, they offer VMs for offices, the machines are set up identically.
8 hours, which is a pretty decent gaming session. You can reconnect just afterwards anyways.
> but Stadia is likely to join Google's list of discontinued products
Highly unlikely, they're spending tens of millions to get EA and Ubisoft's catalogues on Stadia.
In any case, cloud gaming works, sells, and is very useful for some subset of users, even more so with the ongoing global chip shortage. I have both Geforce Now and Stadia and I'm very happy with them. Playing on my laptop and TV ( with a Chromecast) is great. Playing from my phone in a hotel room is a fun experience. Stadia even makes financial sense, because there's a free version ( at 1080p/30fps), you only need to buy the games ( which you would anyways regardless of the platform), saving you hundreds of (insert currency) in the process. The paid one is 10 eur/usd/month for better quality and some free games. And if you're the type of person that wants 4K 120Hz 60fps, this isn't for you and isn't the point.
Loon also cost tens of millions, made no sense, and was eventually canceled.
Like I said, it's used, so yes. I think the new cost is right in your $2500-$3000 range for a new version.
Being able to give them credentials to a machine that's ready to go is pretty huge.
Standard users don’t get local root/admin in a corporate environment since the Win2k days, and seem to have few issues in comparison.
Many devs seem perfectly willing to pull any random executable off the internet and run it without inspection or concern. Because they “know what they are doing”, right?
This offering makes perfect sense to replace those dumb dell machines equipped with 4gb ram and a core i3 with even dumber machine and slash the local it team.
Think of thin clients, all over again.
Think of call centers.
Think of receptionists, or bank clerks that all they do is use internal web-based software, and print a pdf file.
No more hardware maintenance, just throw away the whole thing (the dumb terminal) and replace it with a new one, we'll send it in for repair later.
Heck, you could even netboot the raspberry pi and save on SD cards too.
It's a security/usability trade off for me.
Installing an Ethernet LAN network is the best investment for anyone who works from home.
Wi-fi really sucks in urban areas and soon even in rural areas because of the IoT crap.
And I could've done the wiring for 2/3 of the price, btw.
Also, if GP had laid cat-6 cables maybe they might upgrade switch and clients to 10gbit/sec Ethernet.
Also Ethernet is definitely useful for latency. Having sub 1ms latency on a wifi network is very very difficult, and definitely not going to happen with 5 routers.
I work on a lot of systems with public and private facing endpoints and so I have a remote session running on a machine outside our network as well.
It works pretty well.
If it takes you 2-3 weeks to onboard ANYONE please realize that your IT processes are complete, unmitigated garbage. Paying Microsoft for some Windows VMs through the nose isn't going to change anything about that.
I think the most extreme example of slow process I saw was an organization where central IT wanted to charge $20k and take two months to quote for a project.
In that kind of environment things like this with opex pricing that can be assigned to a project's budget and fast spin up are a much better option :)
So I can see internal pricing being an issue as well. Internal IT charges for quotes. MSFT just quotes.
This happened at a prior company as well. IBM was routinely hired over our internal team as they were cheaper.
At a prior company, one of the only reasons we adopted anything SaaS was that IT didn't have to know it existed.
I'm a security person. I often work with my customers' central IT. I'm not going to have an opinion or judge you, but consider:
You're giving people nightmares. I've seen it go very wrong (front-page news wrong). And then the threads commenting on "how incompetent can they be, blabla". I've worked with the people stressed, sad and disappointed that they got pwned because of shadow IT. It's a ticking time bomb.
The cloud wont save you from shadow IT's insecurities. In two years, when you switch to another SAAS provider, or the domain changes, and the enterprise app is left in your azure subscription, and the baddies notice... Then you'll call me or someone like me, and I can earn my paycheck :)
In the former case there was high turnover (replace the team in 1.5 years) and in the latter cases there was high turnover coupled with a problem more than a month away not being considered a problem. So in the former knowledge poured out the door and in the latter knowledge poured out the door and nobody had an interest in anything beyond the quarter, so you do what gets you to the next review cycle.
Basically in both cases the bomb does not matter as you either probably won't be there when it goes off or it doesn't matter as you miss your quarterly goal instead.
We need software to do X.
Call IT, they give you software that sort of does part of X, but it's some enterprise garbage where you quit your job if you have to use it.
Call IT and tell them that's not a good solution. We have this other realistic solution instead.
IT, not wanting to be bothered, laughs and hangs up the phone. Sometimes they'll throw in an excuse that everyone knows doesn't make any sense.
The workers that need to do their job pay for an actually working solution out of other funds (or use their personal software).
Things go wrong and they call you. It's the ineffectiveness of IT to help people get their work done that's the source of the problem.
The way I read shadow IT is as the requirements analysis central IT hasn't done. People aren't taking on all of that extra expense because they want two jobs, they're doing it because central IT is making it hard to do their jobs. When security policies conflict with productivity, it has a direct cost from inefficiency but often a greater one by training people to think of central IT as an obstacle to be bypassed rather than an ally. That inevitably causes other problems and takes a considerable amount of work to improve.
Who cares about front-page news wrong lol. Equifax was front-page news wrong, and there were 0 actual consequences for people in it.
I'm sure that breach was expensive to Equifax internally, but as you say 0 external consequences mean, what company will change their ways...?
If you put someone in business into the position of choosing between getting their job done/making money and adhering to a set of IT/Security rules, I can tell you which one they'll take :)
How do you avoid this? Well it's not easy and it's not cheap. The most important part is ensuring that IT isn't treated like an expense, but an enabler. then you work with your business teams to make sure they have the services they need to get the job done, as safely as possible.
Security teams shouldn't be blockers, but advisors. for this to work, it needs to be acknowledged that the business leaders own the risks ofc.
That's massively easier to write than do, but from what I've seen of various companies, it's pretty much the only way to have a chance of doing things without huge amounts of shadow IT.
Hence IT department has to charge everything it does, swamping everyone involved - business and IT both - in bullshit paperwork, taking time from everyone. Like a finance version of fighting entropy, you can have everything perfectly neatly ordered but it takes effort.
Then someone in IT gets sick of hearing bullshit hopes and dreams ideas from business; "Ok, but what if cereal box toys were spruced up with crypto? Go cost it up will ya?"
And so IT swings the financial ban hammer with $20000 quotes. Bullshit begets bullshit.
There will be a "who you know" club of people from business and IT who can skip the bullshit, not fill out the financial paperwork, meet over coffee or lunch and hash out ideas. If this club does not exist, woe betide the company.
At a former workplace, we got our own internet connection to not have to deal with IT. We got our own computers for that connection. We hired outside contractors instead of using internal people because IT was a hassle to deal with.
We spent tons and tons of money to only have to deal with accounting and not coordinate with IT.
You built a better IT. Shouldn't they replace your existing legacy IT dept?
Seriously, IT shouldn't impede dev teams.
Now if they can simplify this a bit into the cloud, the key for business is to DOWNSKILL this so basically an office manager can do it, then you are golden. If they can even save ONE it salary - amazing. And if users can self service a bit more - also amazing.
The rampant dysfunction in large organizations never ceases to amaze me.
It can make it a little awkward when you finally work for a client who knows what they're doing and you do "8 weeks" of work in 5 days, but that's rare.
Not really any different than when you're an FTE and you're dependent on external factors to get your work done.
I want to redirect this to a certain authority in The Netherlands, but I might get shot. It takes more than month to onboard and even then, you still need to do something extra to get certain rights.
That sounds as if the person dealing with it would be completely incapable of replacing a failing dev. system in a timely manner. Keep a few replacement systems ready and your IT has all the time in the world to deal with those issues without blocking anything important.
I can just imagine the people responsible for that mess dealing with cloud services: I am sorry but we used up all the cloud licenses management signed of on, we will push for more licenses on the next quarterly budget meeting until then have these leftover sheets of paper and this dried out pen from our office supplies.
https://www.microsoft.com/en-us/microsoft-365/business/compa...
But mainly, companies aren't doing what you're doing: looking at the five-year cost. They don't care what it costs over five years, or often even over one year. This quarter, the cost for that beast is $474. Can you deliver an 8-CPU PC with 32GB of RAM for $474? Today? Then the MS offering is better.
Also, when you lay off an employee, you get to stop paying for their Windows license, instead of it being a sunk cost.
There's definitely a reason they're targeting companies first. The economics make so much more sense in that world.
If you're willing to pay $10k over 5 years for a $2k PC, wouldn't there be a ton of financing companies willing to convert the capital expenditure to an operating expenditure for that? Where else can you make 80% annual returns on a capital investment?
Actually the economics still does not make any sense in that world, but some people in some companies count things (only) using such rituals that they think it does. Which is, obviously, all that matters.
I'd need more info on the service, but I'd imagine this is very cost competitive. As to "why?" - because for things like HIPPA data, I'd MUCH rather have my doctors/IT staff logging into a remote desktop session that I can lock down so if their laptop gets stolen from their car I don't have to worry about whether or not some day someone will be able to crack drive level encryption. Or worry that an employee didn't have drive level encryption for some reason. Same for financial institutions/etc.
Furthermore a doctor or insert staff can connect from home, and I don't have to worry about whether or not they properly secured their home desktop. Yes there is still some attack surface there, but far, far less than them storing files locally on their home PC.
Every person I've ever seen using VDI has a company PC plus a virtual desktop, so there's no cost savings there. The main advantages I can see are easier backups and not having to worry about network bandwidth too much (just enough for RDP is good), but there are drawbacks too like dealing with remote printing, a lack of support for hardware security tokens, etc..
For example, try to get a YubiKey working [1] with WebAuthN or FIDO when using RDP / VDI. It's basically impossible and you're stuck with crappy 2FA like TOTP.
1. https://demo.yubico.com/webauthn-technical/registration
I've spent way too long reconfiguring yubikeys to act as an OTP device so that they work over RDP.
(edit: reconfiguration is needed to capture the device ID/secret and get them registered to our MFA provider as an OTP token, I realize they do OTP OOB :) )
Severely restrict Windows without taking away liberties of the computer that the employee has.
An employee can simply login to their Windows workspace and continue work regardless of their their thin client(s).
Update windows without annoying your employee…
Prevent employees from installing that random chat program that is almost definitely a spyware right alongside their work programs..
Oh and prep a golden image Windows workspace and onboard any employee within seconds..
I can see how this product makes its argument to enterprise IT.
I've seen Trojans that would detect keypresses that look like bank accounts, take a screenshot and put it on top, replace the bank account number and then, seriously, detect with ocr on the confirmation page where the replaced account was and replace it there too. And these were made to steal amounts like 2k euro, maximum. I mean I guess that's still 2k euro * 1000 or so victims, but still (they do it this way because of 2FA, the customer must confirm on a second device, the little irritating calculators, the transaction)
Everything depends critically on endpoint security. You cannot make this work securely. I mean a simple Trojan could simply fake a logout, then transmit the screen + keypress control to an attacker.
And I would add: your enterprise security is not just dependent on a device you don't control, this also represents a "get out of jail free" card for malicious insiders. If they just make sure to have 4-5 viruses installed on their home machine, whatever they did in the company machine is excused ...
CapEx vs OpEx.
Also, your iPad is now a Windows machine with eight vCPUs, 32GB of RAM, and 512GB of storage for $158 per month.
Until Apple decides they're not comfortable with that and bans it.
If you need to provision someone you can buy them a laptop, but that's CapEx and has to go through some equipment purchasing bureaucracy that's hell on wheels to deal with.
Cloud services are OpEx though and might be something you as an IT person or department head can just approve as long as the monthly cost is low enough. The cumulative cost difference over many months or years doesn't factor into it.
A whole lot of the cloud trend can be explained this way.
Of course other use cases include temporary employees, testing, external contractors, etc.
My guess is that this kind of financial inanity is being driven by accounting rules: CapX vs OpX, revenue recognition rules, etc...
just reducing some of the policy enforecemnet requirements with machines being virtual is probably worth the cost of two or three laptops
no need to overthink VPNs with tricky clients vm's already on the right network/subnet/whatever, hell each machine can have nice software controller azure IAM roles it's a dream for cloud working
Microsoft Intune/Endpoint manager is actually pretty easy to setup/enroll laptops. Autopilot takes a bit of work, but it does get you to the point where IT doesn't have to do anything on a new laptop shipped to a user.
Ultimately if you don't want your users doing much on their laptops you can make it pretty simple to manage them.
> Is data security so important that some companies are willing to pay 5x hardware costs and 2x maintenance costs for it?
It really depends on the industry. Most folks aren't doing this because security isn't a priority.
Some firms may not survive a data breach, others might incur tens or hundreds of millions of dollars in costs (directly and indirectly) for one large breach. These folks do care and will spend whatever it takes because it's got a business justification.
For the same reasons people pay for the was clouf offerings or the Google cloud equivalent.
Less hassle, less stuff to manage, faster provisioning, hassle-free decommissioning.
Those with the ability to pay. The Microsoft sales force knows who they are and goes after them aggressively. There really isn't anyone like you in these targetted organisations who can question these decisions. Palms have been well-greased. Try to have an intelligent converstation with a Microsoft sales person. It is like you are talking to someone in a cult.
I have idly wondered how trivial it would be to exfiltrate data through HDMI. HDCP strippers exist and would let you record the output with perfect fidelity (1920x1080x3 is a lot of data). Simplistically, could compress data files, push through hexdump, paginate at chosen rate, and done.
It's probably not similar to the PC you're typing on in many ways, including the following:
- Probably significantly higher bandwidth to the internet
- Astonishingly high bandwidth to Azure resources (fiber)
- Outstanding security: cameras, carefully controlled access, 24x7 physical security
- Hardware reliability automatically serviced
- Multiple sources of power (usually more than one power utility company connected, plus generators)
- Multiple network connections typically, for redundancy
- Backups managed for you
- Can push a button and make a clone of your PC that your friend can log in to for a couple days then delete it when you're done
- If someone wanted to steal your hard drive by breaking into your house, they totally could. But getting your cloud PC hard drive image is going to take more determination than breaking through a window.
For many users, none of the above things matter. But for a lot of users, having all those things taken care of is a big win. Have you ever had a fan or a hard drive die on your pc? Or deal with the pain of migrating data off a dead PC onto its new replacement? Maybe that sort of thing happens only once every few years to you. But if you're managing, say, 25 pc's, every month you're going to be dealing with 1-3 problems in your fleet.
Also don't forget: Companies love OPEX and hate CAPEX. Does it make sense from a pure sticker price perspective? Maybe not. But it could from an accounting and tax perspective.
I really don't see Windows 365 as a viable option for most developers, when there are so many better -- and cheaper -- alternatives readily available.
Whether this breaks their tos is a bit gray....
Yes
https://developer.microsoft.com/en-us/windows/downloads/virt...
https://developer.microsoft.com/en-us/microsoft-edge/tools/v...
Parallels is magic and runs both ARM and x86 windows apps
I’d pay extra for Windows 365 to avoid ads.
The only one that runs well in virtual box was XP. Everything else had extremely slow disk accès, graphics performance and cpu. It took like an hour to boot windows 10.
Parallels was what I would consider native speed with better features. That was really disappointing as I wanted to use OSS.
Running links in Vbox seems fine though and I run a few vms 24/7.
I could see this if you needed better performance than that, I guess, or were developing on a machine that has trouble running x86 Windows very well under any circumstances (ARM).
Considering this is microsoft and theverge, this "news" story is just paid PR/ad like so much of these type of stories are.
Microsoft has still problems with scaling ;)
Those are looong lasting projects with years of planing prior rollout...your example is the opposite to scaling NOW.
I can't imagine this happening with AWS, what a horrible PR
All of AWS free tier is either low impact resource wise (Couple thousand emails out per day, or metered to the lowest option, like a single t2.micro (Shared CPU, 1GB ram)
I think you need to supply payment information to use it and I believe this is pretty lucrative for Amazon. At this point you already caught half the fish.
>for something that's similar to the laptop I'm typing on which costed me $700 used?
lol? I'd want to see benchmark difference because I don't believe it