This chapter covers Virtual Desktop Infrastructure (VDI), a key virtualization technology where desktop operating systems run as virtual machines on a centralized server and are delivered to end-user devices over a network. VDI is part of CompTIA A+ 220-1101 Objective 4.1 (Cloud Computing and Virtualization) and appears in roughly 5-8% of exam questions. Understanding VDI is critical because it's a common enterprise deployment model that reduces hardware costs and simplifies management. This chapter will explain how VDI works, its components, deployment models, and exactly what the exam expects you to know.
Jump to a section
Imagine a company that owns a large office building with many identical cubicles. Each cubicle has a desk, computer, phone, and supplies. Instead of each employee bringing their own computer, the company keeps all computers in a secure server room. Employees can sit at any cubicle, log in with their badge, and instantly access their personal desktop environment—files, apps, settings—streamed from the server room. The cubicle's monitor, keyboard, and mouse are just thin clients; all the actual computing happens in the server room. If an employee works from home, they use their own device to connect via a secure VPN to the server room, and their desktop appears as if they're in the office. The IT team can update all desktops at once by patching the server room images, rather than touching each physical PC. This is exactly how VDI works: a hypervisor hosts multiple virtual desktops on centralized servers, and users connect from thin clients or remote devices to access their personalized desktop session. The virtual desktops are isolated from each other, but share the same underlying hardware resources. The connection broker directs users to their assigned desktop, ensuring each user gets the same experience regardless of their physical location.
What is Virtual Desktop Infrastructure (VDI)?
Virtual Desktop Infrastructure (VDI) is a technology that hosts desktop operating systems (e.g., Windows 10, Windows 11, Linux) as virtual machines (VMs) on a centralized server or cluster of servers, typically in a data center. End users connect to these virtual desktops from thin clients, laptops, tablets, or other devices using a remote display protocol. The user experiences a full desktop environment, but all processing, storage, and management occur on the server side.
Why VDI Exists
Traditional desktop computing requires managing each physical PC individually—installing software, applying patches, securing data. This is costly and inefficient. VDI centralizes desktop management, improves security (data stays in the data center, not on endpoints), enables remote work, and extends hardware lifecycles by using thin clients. The exam focuses on understanding these benefits and the underlying architecture.
How VDI Works Internally
Hypervisor Layer: A hypervisor (Type 1, like VMware ESXi, Microsoft Hyper-V, or KVM) runs directly on server hardware and creates multiple VMs. Each VM contains a guest operating system and applications.
2. Virtual Desktop Pool: A collection of identical VMs created from a master image (golden image). The master image is a template with the OS, applications, and settings pre-installed. When a user logs in, they are assigned a VM from the pool. Pools can be: - Static (Persistent): Each user gets the same VM every time. Changes are saved. - Dynamic (Non-Persistent): Users get a fresh VM from the pool each session. Changes are discarded on logout.
Connection Broker: Software that authenticates users and directs them to an available virtual desktop. Examples: VMware Horizon Connection Server, Citrix Delivery Controller, Microsoft Remote Desktop Services (RDS) Broker. The broker checks user credentials, applies policies, and selects the appropriate VM from the pool.
4. Remote Display Protocol: Encodes the desktop screen on the server and transmits it to the client. Common protocols: - PCoIP (PC-over-IP): VMware's protocol, uses UDP, optimized for LAN/WAN. - HDX: Citrix's protocol, uses ICA (Independent Computing Architecture), supports multimedia redirection. - RDP (Remote Desktop Protocol): Microsoft's protocol, uses TCP port 3389, supports basic remoting. - Blast Extreme: VMware's adaptive protocol, uses H.264 encoding.
5. Storage: Virtual desktops require storage for the OS, applications, and user data. Common storage solutions: - SAN (Storage Area Network): High-speed Fibre Channel or iSCSI. - NAS (Network Attached Storage): NFS or SMB shares. - Local storage: Direct-attached disks in the host. - VSAN (Virtual SAN): Hyper-converged storage from VMware.
User Profile Management: User-specific settings and data are stored separately (e.g., using roaming profiles, User Experience Virtualization (UE-V), or Citrix Profile Management). In non-persistent VDI, user data is stored on a network share and mapped to the VM at login.
Key Components, Values, and Defaults
Connection Broker Ports: Typically HTTPS (TCP 443) for client-to-broker communication, plus proprietary ports for internal communication.
RDP Default Port: TCP 3389.
VM Resource Allocation: Common values: 2 vCPUs, 4 GB RAM, 40 GB disk for a standard desktop VM. Adjust based on workload.
Golden Image: A VM with OS and apps installed, then sysprepped (Windows) or prepared for cloning. Updates to the golden image are pushed to all VMs in the pool.
Thin Client: A low-power device that runs only a remote desktop client. No local storage of OS. Examples: Dell Wyse, HP ThinPro, Raspberry Pi with client.
Blast Extreme Adaptive Transport: Uses TCP or UDP depending on network conditions; defaults to TCP port 443 for WebSocket connections.
Configuration and Verification Commands
While the 220-1101 exam does not require deep command-line knowledge, understanding basic commands helps:
- Check RDP listener status (Windows Server):
netstat -an | findstr :3389- Test connectivity to a VDI broker:
Test-NetConnection broker.company.com -Port 443- Verify hypervisor version (PowerCLI for VMware):
Get-VMHost | Select Name, Version, Build- Check virtual desktop pool status (Horizon):
Get-DesktopPool -PoolName "Pool1" | flHow VDI Interacts with Related Technologies
Cloud Computing: VDI can be hosted on-premises (private cloud) or in the public cloud (e.g., VMware Horizon on AWS, Citrix on Azure, Windows 365, Amazon WorkSpaces). The exam tests understanding of different service models: IaaS (host VDI on cloud VMs), PaaS (not typical), SaaS (e.g., Windows 365 as a service).
Virtualization: VDI is a specific use case of server virtualization. The same hypervisor hosts multiple desktops, but with unique requirements: high user density, GPU support for graphics-intensive tasks, and low-latency network.
Remote Access: VDI often integrates with VPNs or gateways for secure remote access. The client connects to a gateway (e.g., VMware Unified Access Gateway, Citrix Gateway) which proxies the connection to the broker.
Storage: VDI relies on storage performance. IOPS (Input/Output Operations Per Second) are critical—boot storms (many VMs booting simultaneously) can overwhelm storage. Use of flash storage (SSD) is common.
Deployment Models
1. On-Premises VDI: All components (hypervisor, broker, storage) are in the organization's data center. Full control but higher capital expense. 2. Cloud-Hosted VDI: Desktops run on cloud provider infrastructure. Examples: - Amazon WorkSpaces: Managed DaaS (Desktop as a Service). - Windows 365: Microsoft's cloud PC service, subscription-based. - Azure Virtual Desktop: Windows 10/11 multi-session desktops on Azure. 3. Hybrid VDI: Some desktops on-prem, some in cloud, managed by a single broker.
Exam Relevance
The 220-1101 exam expects you to:
Define VDI and distinguish it from traditional desktop virtualization (e.g., VirtualBox, VMware Workstation).
Identify components: hypervisor, virtual desktop, connection broker, thin client.
Understand persistent vs. non-persistent VDI.
Know the benefits: central management, security, remote access, hardware consolidation.
Recognize use cases: call centers, healthcare, education, remote work.
Differentiate VDI from other cloud services (IaaS, PaaS, SaaS).
User Connects to Broker
The user opens a client application (e.g., VMware Horizon Client, Microsoft Remote Desktop) on their device. They enter the broker's URL or IP address. The client establishes an HTTPS connection (TCP 443) to the connection broker. The broker presents a login screen. The user enters their credentials (username/password, smart card, or multi-factor authentication). The broker authenticates against Active Directory or another identity provider. If authentication succeeds, the broker checks policies (e.g., allowed connection times, device compliance) and determines which desktop pool the user should access.
Broker Assigns Virtual Desktop
The broker queries the hypervisor or management server to find an available virtual desktop in the user's assigned pool. For a persistent pool, it looks up the user's previously assigned VM. For a non-persistent pool, it selects any available VM from the pool (often in a round-robin or load-balanced manner). If no VM is available, the broker may queue the request or power on a VM from a powered-off state (if configured). The broker then sends the VM's IP address or hostname and the session token to the client.
Client Establishes Remote Display Session
The client uses the received VM address and session token to initiate a remote display protocol connection directly to the virtual desktop. For example, with PCoIP, the client sends a UDP connection request to the VM's virtual network interface. The VM's agent software (e.g., VMware Tools, Citrix VDA) accepts the connection. The session is established. The client now sends keyboard and mouse input, and the VM sends compressed screen updates. Audio, USB, and printing may be redirected based on policies. The entire session is encrypted (e.g., TLS for RDP, AES for PCoIP).
User Logs into Virtual Desktop
The virtual desktop's operating system processes the user's login. For non-persistent desktops, the VM may join the domain and apply user-specific settings via Group Policy or profile management. The user sees their desktop, applications, and files. The VM's resources (CPU, RAM) are shared among all active sessions on the host. The hypervisor enforces resource limits to prevent one VM from starving others. The user works as if on a local PC, but all data remains in the data center.
Session Ends and Resources Released
When the user logs off or disconnects, the client closes the remote display session. The VM's agent notifies the broker that the session has ended. For non-persistent desktops, the VM is reset to its golden image state (e.g., using a snapshot revert or a refresh operation). The VM is returned to the pool for the next user. For persistent desktops, the user's changes are saved. The broker updates its database. The host resources are freed for other VMs. The user's profile data (if roaming) is saved to a network share.
Enterprise Scenario 1: Call Center with Non-Persistent VDI
A large call center with 500 agents uses non-persistent VDI. Each agent needs a standard Windows 10 desktop with a CRM application and softphone. The IT team creates a golden image with all required software, syspreps it, and deploys 550 VMs (500 active, 50 buffer) on a cluster of 10 ESXi hosts. Each VM is allocated 2 vCPUs, 4 GB RAM, and 40 GB thin-provisioned disk. Agents use Dell Wyse thin clients that boot directly into the Horizon Client. The connection broker (Horizon Connection Server) authenticates against Active Directory and assigns a random VM from the pool. After each shift, the VM is refreshed to the golden image. This ensures a clean, consistent environment and prevents data leakage. Performance is monitored: boot storms are mitigated by staggering VM power-on times and using flash storage (all-flash SAN). The call center saves 40% on hardware costs compared to traditional PCs.
Enterprise Scenario 2: Healthcare with Persistent VDI
A hospital with 200 doctors and nurses uses persistent VDI for electronic health records (EHR) access. Each user needs a customized desktop with specific shortcuts, printers, and drive mappings. Persistent VDs are assigned to each user and stored on a SAN with deduplication. Users connect from thin clients on carts or from their own laptops via VPN. The VDI broker (Citrix Delivery Controller) ensures each user gets their assigned VM. User profiles are stored on a separate file server using Citrix Profile Management, so even if a VM is rebuilt, settings are preserved. Security is critical: data never leaves the data center. If a thin client is stolen, no patient data is compromised. The hospital uses GPU pass-through for radiologists viewing medical images. Misconfiguration example: initially, the VMs were over-provisioned (4 vCPUs each), causing CPU contention. After right-sizing to 2 vCPUs, performance improved.
Scenario 3: Remote Work with Cloud VDI
A software company with 100 remote employees uses Azure Virtual Desktop (AVD). Employees connect from personal devices (Windows, Mac, iOS, Android) using the Microsoft Remote Desktop client. The company uses a multi-session Windows 10 configuration (Windows 10 Enterprise multi-session), which allows multiple users to share a single VM, reducing costs. Each user gets a personal drive and profile. The broker (Azure Virtual Desktop service) handles load balancing across session hosts. The company uses Azure Active Directory for authentication and conditional access policies. Performance is good for office productivity but graphics-intensive tasks require GPU-enabled VMs (NV-series). Cost is managed by deallocating VMs during off-hours. A common issue: users forget to log off, leaving sessions running and incurring costs. The company sets idle session timeouts to 15 minutes.
What 220-1101 Tests on VDI
Objective 4.1 (Cloud Computing and Virtualization) specifically asks you to 'Compare and contrast cloud computing concepts' and 'Summarize the aspects of the client-side virtualization.' For VDI, the exam expects you to:
Define VDI and understand its purpose.
Identify components: hypervisor, virtual desktop, connection broker, thin client.
Differentiate between persistent and non-persistent VDI.
Recognize use cases and benefits.
Know how VDI differs from other virtualization types (e.g., server virtualization, application virtualization).
Common Wrong Answers and Why
'VDI is the same as Remote Desktop Services (RDS)': Wrong. RDS provides shared sessions on a single server (multi-session), while VDI gives each user a dedicated virtual machine. The exam tests this distinction.
'Thin clients run a full OS locally': Wrong. Thin clients typically run a lightweight embedded OS that only launches a remote desktop client. They do not run a full desktop OS.
'Persistent VDI discards changes after logout': Wrong. Non-persistent VDI discards changes; persistent VDI saves them. Candidates often mix them up.
'VDI requires a Type 2 hypervisor': Wrong. VDI uses Type 1 hypervisors (bare-metal) for performance and scalability. Type 2 (hosted) is for personal use, not enterprise VDI.
Specific Numbers and Terms on the Exam
RDP port: 3389 (TCP)
Connection broker: may be called 'broker' or 'connection server'
Thin client: also called 'zero client' or 'thin client'
Golden image: also 'master image'
Persistent vs. non-persistent: be able to identify which is used for call centers (non-persistent) vs. personalized desktops (persistent).
Edge Cases and Exceptions
VDI can be hosted on-prem or in the cloud. The exam may ask about 'Desktop as a Service (DaaS)' as a cloud-based VDI.
Some VDI solutions support 'blended' pools (both persistent and non-persistent).
Audio and USB redirection are features but not always supported by all protocols.
VDI can support 3D graphics with GPU virtualization (vGPU, GPU pass-through).
How to Eliminate Wrong Answers
If a question mentions 'each user gets a dedicated OS instance,' it's VDI, not RDS.
If it says 'users share a server OS,' it's RDS.
If it asks about 'centralized management of desktops,' it's VDI.
If it mentions 'client-side virtualization' (e.g., VirtualBox), that's not VDI; VDI is server-side.
Look for keywords: 'thin client,' 'broker,' 'pool,' 'golden image.'
VDI hosts desktop OS VMs on a centralized server; users connect via remote display protocols.
Key components: hypervisor, virtual desktop, connection broker, thin client, golden image.
Persistent VDI saves user changes; non-persistent VDI discards changes on logout.
Thin clients are low-power devices that only run a remote desktop client, not a full OS.
Connection broker authenticates users and assigns them to available virtual desktops.
Common remote display protocols: RDP (TCP 3389), PCoIP, HDX, Blast Extreme.
VDI reduces hardware costs, improves security, and enables remote work.
Cloud-based VDI is called Desktop as a Service (DaaS) e.g., Windows 365, Amazon WorkSpaces.
These come up on the exam all the time. Here's how to tell them apart.
Persistent VDI
Each user gets the same virtual desktop every time.
User changes (installed apps, settings) are saved.
Requires more storage (dedicated disk per user).
Ideal for power users, developers, executives.
Easier to customize per user.
Non-Persistent VDI
Users get a fresh virtual desktop from a pool each session.
Changes are discarded on logout; desktop resets to golden image.
Uses less storage (shared base image with differencing disks).
Ideal for task workers, call centers, labs, kiosks.
Simpler management; patch once, update all.
Mistake
VDI and Remote Desktop Services (RDS) are the same thing.
Correct
VDI provides each user a dedicated virtual machine running a full desktop OS. RDS provides a shared session on a server OS, where multiple users share one OS instance. VDI offers more isolation and customization at higher cost.
Mistake
Thin clients have a full operating system installed locally.
Correct
Thin clients typically run a minimal embedded OS (e.g., Windows IoT, Linux) that only launches a remote desktop client. They do not run a full desktop OS like Windows 10. They rely entirely on the server for computing.
Mistake
Non-persistent VDI saves user changes between sessions.
Correct
Non-persistent VDI discards all changes when the user logs off. The virtual desktop reverts to the golden image. User data is saved separately (e.g., roaming profiles), but OS-level changes are lost.
Mistake
VDI requires a Type 2 hypervisor (e.g., VirtualBox).
Correct
Enterprise VDI uses Type 1 hypervisors (bare-metal) like VMware ESXi, Microsoft Hyper-V, or KVM for performance, scalability, and reliability. Type 2 hypervisors are for personal or lab use.
Mistake
VDI can only be deployed on-premises.
Correct
VDI can be deployed on-premises (private cloud) or in the public cloud as Desktop as a Service (DaaS) offerings like Amazon WorkSpaces, Windows 365, and Azure Virtual Desktop.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
VDI provides each user a dedicated virtual machine running a full desktop OS (e.g., Windows 10). RDS provides a shared session on a server OS (e.g., Windows Server) where multiple users share one OS instance. VDI offers more isolation and customization but requires more resources. On the exam, remember: VDI = dedicated VM per user; RDS = shared server sessions.
A thin client is a low-cost, low-power device that runs only a minimal embedded OS and a remote desktop client. It does not store data locally. It connects to the VDI broker and displays the virtual desktop. Examples: Dell Wyse, HP ThinPro. The exam tests that thin clients rely on the server for computing and have no local storage of the OS.
The connection broker authenticates users, checks policies, and directs them to an available virtual desktop. It acts as the intermediary between the client and the virtual desktops. It ensures load balancing and session persistence. In the exam, know that the broker is a key component that differentiates VDI from simple remote desktop.
Non-persistent VDI means users get a fresh virtual desktop from a pool each time they log in. Any changes they make (installing software, changing settings) are discarded when they log off. The desktop reverts to the golden image. This is used in environments like call centers where consistency is key. User data is stored separately via roaming profiles.
RDP (Remote Desktop Protocol) uses TCP port 3389 by default. This is a common exam question. Other protocols like PCoIP use UDP ports (e.g., 4172 for PCoIP), but RDP is the standard Microsoft protocol. Be aware that the port can be changed, but the default is 3389.
A golden image is a master template of a virtual desktop that includes the operating system, applications, and settings. It is used to create all virtual desktops in a pool. When updates are needed, the golden image is patched, and the VMs are refreshed from it. This ensures consistency and simplifies management.
Yes, VDI can be hosted in the cloud as Desktop as a Service (DaaS). Examples include Amazon WorkSpaces, Windows 365, and Azure Virtual Desktop. The exam may ask about DaaS as a cloud service model. Benefits include scalability, pay-as-you-go pricing, and reduced on-premises infrastructure.
You've just covered Virtual Desktop Infrastructure (VDI) — now see how well it sticks with free 220-1101 practice questions. Full explanations included, no account needed.
Done with this chapter?