How VDI Works: Architecture & Protocols
- Four layers do the work: the hypervisor, the connection broker, the Golden Image, and profile management.
- Linked clones let thousands of desktops share one read-only base image, so updates are applied once.
- Non-persistent (pooled) desktops are wiped at logout — cheaper and more secure than persistent ones.
- The display protocol and network latency decide how good the experience feels; above ~150 ms RTT it degrades.
The Four Core Components
Every VDI deployment rests on four layers working in concert: the hypervisor supplies the raw compute, the connection broker routes each user to a desktop, the Golden Image defines what that desktop contains, and profile management keeps it personal.
The Connection Flow
These layers come together every time someone signs in. The diagram below traces a single login — from the user's device, through identity verification and desktop assignment, to the encrypted pixels that stream back:
Image Management: One Master, Many Desktops
Managing thousands of desktops individually would be impossible. Instead, administrators maintain a single Golden Image and clone it. To avoid storing thousands of full copies, modern platforms use linked clones, which split each desktop's storage into three parts:
- Base disk — a read-only snapshot of the Golden Image, shared by every VM in the pool.
- Identity disk — a tiny disk (typically ~16 MB) holding the VM's unique network identity and directory account.
- Differencing disk — a thin-provisioned disk capturing the temporary writes made during a session.
Updates are applied only to the Golden Image; on the next reboot, every clone inherits them — guaranteeing consistency and patch compliance across the fleet.
Persistent vs. Non-Persistent Desktops
- Persistent (dedicated): Each user keeps a specific VM where changes are saved permanently. It feels like a physical PC but consumes far more storage and requires individual patching.
- Non-persistent (pooled): Users get a generic, stateless desktop from a pool. On logout, the differencing disk is wiped and the VM returns to the pristine Golden Image state.
Pooled, stateless desktops are both cheaper and safer — malware cannot persist between sessions. Pair them with a well-maintained Golden Image and centralized profiles to get a personal experience without per-VM maintenance.
Making a Stateless Desktop Feel Personal
The challenge with non-persistent desktops is that users still expect their bookmarks, settings, and files to follow them. Profile-management tools such as FSLogix solve this by redirecting the user profile into a virtual disk (VHDX) on a network share and mounting it at login — at the block level — so the operating system treats it as local storage. This is what makes a stateless desktop feel persistent.
Display Protocols: Turning Compute Into Pixels
The quality of a VDI session lives or dies by its remote display protocol — the language used to transmit the screen image, audio, and input across the network. Modern protocols send only the pixels that change frame to frame and switch codecs dynamically to balance fidelity against bandwidth.
- PCoIP (PC-over-IP) — Originally from Teradici (now HP Anyware) and long associated with VMware. Known for "build-to-lossless" rendering, making it a favorite in healthcare imaging, design, and architecture where pixel-perfect accuracy matters.
- Blast Extreme — Omnissa's (formerly VMware) modern protocol, built on the H.264/H.265 codecs so endpoints can decode on the GPU. It adapts between TCP and UDP to stay fluid on lossy WAN connections — strong for mobile and remote users.
- RDP (Remote Desktop Protocol) — Microsoft's protocol, central to Azure Virtual Desktop. "RDP Shortpath" establishes direct UDP connections to cut latency past gateway bottlenecks.
- SPICE — An open-source protocol from the KVM/QEMU world. Excellent on a LAN, but very latency-sensitive over the WAN, so it is best for local Linux engineering labs rather than global deployments.
Latency and Bandwidth Drive the Experience
Because VDI streams visuals over a network, physics sets the ceiling. Round-trip time (RTT) is the hard constraint: above roughly 100 ms users notice lag, and above 150 ms the experience degrades into visible tearing and input delay. Bandwidth needs scale with how visually active the workload is.
| User Workload | Example Applications | Bandwidth per User | Target Latency (RTT) |
|---|---|---|---|
| Task Worker | Web browser, email, word processing | 0.5 – 1.5 Mbps | Under 150 ms |
| Knowledge Worker | Heavy spreadsheets, some multimedia | 1.5 – 4.0 Mbps | Under 100 ms |
| Power User | Large data sets, financial terminals | 4.0 – 10.0 Mbps | Under 75 ms |
| GPU / 3D Design | CAD, game engines, video editing | 10.0 – 50.0 Mbps | Under 50 ms |
The most demanding workloads — GPU-accelerated 3D and AI — need RTT under 50 ms. This is exactly why placement matters: the closer the host servers sit to the user, the more an edge cloud can keep the desktop feeling instant rather than sluggish.
The compute can be flawless, but if the pixels arrive late, the desktop feels broken. Distance is the enemy.
Next in the Series
Now that you know how VDI works, see where it pays off and how to deploy it well:
VDI in Practice: Use Cases & Best Practices →
Or return to the VDI Overview.
References
- Citrix Tech Zone. "Reference Architecture: Image Management." https://docs.citrix.com/en-us/tech-zone/design/reference-architectures/image-management.html
- Microsoft Learn. "Remote Desktop Protocol (RDP) Bandwidth Requirements." https://learn.microsoft.com/en-us/azure/virtual-desktop/rdp-bandwidth
- Microsoft Learn. "User Profile Management With FSLogix Profile Containers." https://learn.microsoft.com/en-us/azure/virtual-desktop/fslogix-profile-containers
- ClearCube. "PCoIP vs. Blast Extreme — What's the Best Protocol for You?" https://clearcube.com/posts/pcoip-vs-blast-extreme/