The desktop infrastructure problem that Kubernetes finally solves



presented by Kasm Technologies


Enterprise infrastructure teams have spent the better part of a decade pushing their workloads to Kubernetes. Applications, APIs, batch jobs, data pipelines — if they run in a container, they belong in a cluster. Operational advantages are well established: declarative configuration, horizontal scaling, self-healing, native integration with CI/CD pipelines, and monitoring tools. Kubernetes has become the standard operating model for production workloads.

Except desktop computers.

Secure desktops and software — the kind that enterprises depend on for remote access, privileged access, and regulated industrial workflows — have been stubbornly left out of the Kubernetes model. Legacy virtual desktop infrastructure was built in a different era, for different assumptions: pre-allocated VM pools, bespoke management planes, proprietary appliances, and operational tools that have nothing to do with how modern platform teams work. The result is a split infrastructure reality: a modern, cloud-native application layer on one side, and a manual, operationally isolated desktop layer on the other.

This division is expensive. This means different tools, different scaling behaviors, different observable approaches, and different playbooks. Platform engineers experienced in Kubernetes still need to shift from context to a completely different mental model when a desktop infrastructure problem arises.

More importantly, this fragmentation is unnecessary. Delivering a secure, containerized workspace is a workload that Kubernetes is architecturally well-suited to handle. Sessions are containers. Measurement depends on demand. Configuration must be declarative. All that was missing was a platform built to take advantage of this adaptation.

Why the time is right

Appetite for local workspace delivery of Kubernetes has grown significantly as organizations mature their container platform investments. Having spent years standardizing on Helm, GitOps workflows, and Kubernetes’ native observability, platform teams increasingly don’t want to make exceptions for desktop infrastructure. The question has shifted "can we run this on Kubernetes?" for "why doesn’t this work in Kubernetes anymore?"

At the same time, security for containerized workspace delivery has become more relevant. Browser-delivered, containerized desktops provide session isolation that VM-based desktops can’t match—each session is ephemeral, isolated at the container boundary, and ends cleanly with no persistent state. For organizations managing sensitive data, insider risk, or third-party access scenarios, this isolation model is not just a convenience of deployment, but a meaningful security control.

The convergence of these two trends—Kubernetes’ native infrastructure expectations and containerized session security—creates a clear opportunity for platforms that can address both simultaneously.

What an on-premises deployment of Kubernetes looks like

On-premise deployments of Kubernetes use Kubernetes as the management plane for the workspace infrastructure — orchestrating, scaling, and lifecycle management through the same declarative model used in the rest of the platform. Instead of relying on dedicated management appliances or pre-provisioned desktop pools, the infrastructure is managed through the same CI/CD, GitOps, observability and security workflows that the platform team already operates. This gives platform teams a consistent operating model instead of maintaining a separate toolkit for their desktop infrastructure.

Kasm Workspaces, a browser-delivered workspace platformdesigned to use Kubernetes as a control plane for workspace orchestration and delivery. Its deployment model is designed for real enterprise environments, not simplified demos, with production-grade Helm charts that follow Kubernetes conventions, tested upgrade paths between versions, and a standardized back-end architecture validated in production deployments. The RDP Gateway component designed for Kubernetes topology provides access to Windows and Linux virtual machines through the same platform.

Key features include:

  • Horizontal session scaling based on actual demand orchestrated by Kubernetes — no need for pre-warmed VM pools.

  • Declarative configuration via Helm values ​​enabling GitOps and CI/CD integration for workspace infrastructure.

  • Isolation at the namespace level and compatibility with existing RBAC policies, access controllers, and hidden management integrations.

  • Export metrics for integration with Prometheus and existing observation stacks.

  • Rolling builds by default reduces maintenance windows and provides more predictable version control.

Real world applications

Adjustable industrial remote access. A financial services organization running a Kubernetes-based software platform can deploy Kasm on the same cluster using the same operational tools to deliver isolated browser and application sessions to analysts and advisors. Sessions are ephemeral, network access is controlled, and all deployments are handled by the same GitOps pipeline as their application workloads.

Contractor and third party access. Organizations that routinely onboard contractors or external vendors—with the associated risk of privileged access—can provision Kasm sessions in Kubernetes that scale up during task cycles and scale down during low-demand windows. No continuous access. No VPN extension to external parties. Containerized isolation at each session boundary.

AI/ML development environments. Teams building and running AI models need GPU-supported development environments with security controls that general-purpose cloud desktops rarely provide. Deploying Kasm on Kubernetes with NVIDIA MiG Multi-Sample GPU support enables platform teams to deliver fractional GPU resources to isolated workspace sessions – giving data scientists the compute they need without exposing the security of shared infrastructure.

Operation queue

A practical consequence of Kubernetes’ native workspace platform is that platform teams can stop treating workspace infrastructure as a special case. The same engineers who deploy applications can deploy the workspace platform. The same pipelines that handle application configuration can handle workspace configuration. The same dashboards that monitor application health can monitor workspace health.

This operational consolidation reduces overhead, improves consistency, and eliminates the context-switching costs that make desktop infrastructure in the cloud a persistent pain point for on-premise organizations.

For organizations still running legacy VDI alongside modern cloud infrastructure, the question is whether there is an on-premises alternative to Kubernetes. does. The question is when to make the switch.

Organizations interested in evaluating an on-premise workspace delivery of Kubernetes can explore the platform here kasm.com and try community publication for yourself.

Daniel Ben-Chitrit is the company’s Chief Product Officer Kasm Technologies.


Sponsored articles are content produced by a company that paid for the post or has a business relationship with VentureBeat and is always clearly marked. Contact for more information sales@venturebeat.com.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *