EUC Modernization Has a New Stack: How SUSE Virtualization + Kasm Workspaces Deliver the Browser-First, AI-Ready Digital Workplace

The end-user computing (EUC) world has changed—permanently. The average enterprise worker now spends the majority of their day in a browser. SaaS applications like Microsoft 365, Salesforce, Workday, and Slack have displaced the thick-client desktop as the center of productivity. Meanwhile, AI-powered tools, containerized development environments, and remote-first work have pushed the limits of what legacy virtual desktop infrastructure (VDI) was ever designed to handle.

Yet many organizations still manage their end-user infrastructure the same way they did a decade ago: persistent Windows virtual machines, expensive hypervisor licenses, complex management tooling, and a support model built around the assumption that users need a full OS delivered to them every day.

The desktop delivery model has not kept pace with how people actually work, how applications are actually built, or how AI is actually reshaping productivity.

This blog explores a modern alternative stack—one built on two complementary technologies:
SUSE Virtualization and Kasm Workspaces. Together, they form a lean, cloud-native, browser-first platform that is purpose-built for the SaaS era and AI-ready by design.

The EUC Problem Nobody Wants to Talk About

Traditional VDI was engineered to solve one problem: deliver a Windows desktop remotely. It does this reasonably well—but at a significant cost in complexity, licensing, infrastructure overhead, and operational burden. More critically, the premise of that problem has shifted.

Consider what has actually changed in the modern enterprise:

• More than 85% of mission-critical applications in most organizations require nothing more than a browser. Internal portals, SaaS platforms, and web-based tools have taken over the application landscape.
• AI workloads are not desktop workloads. Developers and data scientists need containerized, GPU-accelerated environments—not a VDI session.
• Users work from everywhere. BYOD, Chromebooks, kiosks, and mobile devices are now standard endpoints, not edge cases.
• Security perimeters have dissolved. Zero-trust architecture requires that no device or session be implicitly trusted—something traditional VDI was not designed around.

The result is an awkward compromise: organizations running expensive, complex legacy VDI platforms to deliver browser-based apps to endpoints that already have browsers. The infrastructure costs are high, the management overhead is heavy, and the security posture lags behind what modern zero-trust frameworks demand.

There is a better way—and it starts with rethinking the infrastructure layer.

SUSE Virtualization: The Cloud-Native Infrastructure Foundation

SUSE Virtualization is an open-source, cloud-native hyperconverged infrastructure (HCI) platform designed to run both virtual machines and containers from a single, unified platform.

Unlike legacy hypervisors that were built for a VM-centric world and later bolted on Kubernetes support, SUSE Virtualization was architected from the ground up on Kubernetes—using KubeVirt for VM management, Longhorn (CNCF) for distributed storage, and Rancher for unified multi-cluster management.

Why SUSE Virtualization Matters for EUC Modernization

For EUC teams, the infrastructure layer is typically an afterthought—VDI vendors decide what hypervisors they support, and IT organizations pay whatever it costs. SUSE Virtualization breaks this pattern by providing an enterprise-grade, production-ready infrastructure platform with no licensing fees and no hypervisor tax.

• 100% Open Source. No licensing costs. SUSE Virtualization uses KVM—one of the most battle-tested hypervisors in production—combined with enterprise SUSE Linux. Organizations that are navigating away from VMware by Broadcom have a mature, vendor-neutral alternative.
• Unified VM and Container Management. SUSE Virtualization lets IT run virtual machines and containerized workloads side by side on the same nodes. This is essential for EUC modernization: legacy Windows apps can live in VMs while new browser-delivered workspaces run in containers, all on the same platform.
• Kubernetes-Native by Design. Because SUSE Virtualization is built on Kubernetes (using RKE2 and KubeVirt), it integrates natively with container orchestration workflows. Helm-based deployments, GitOps-driven management, and Rancher Fleet for multi-cluster operations are all first-class citizens.
• NVIDIA vGPU Support. For AI workloads and GPU-intensive applications, SUSE Virtualization supports NVIDIA vGPU natively—enabling organizations to share GPU resources across virtual workloads without dedicated physical hardware per user.
• Edge and Remote Deployment Ready. SUSE Virtualization is optimized for frequent power cycles and remote environments, making it viable for edge office deployments and distributed workforce scenarios where traditional HCI solutions struggle.
• Rancher Integration. As the only HCI solution that fully integrates with Rancher, SUSE Virtualization allows VMs and containers to be managed from the same pane of glass—a critical advantage for teams trying to reduce operational complexity.

The BMW Proof Point

The case for SUSE Virtualization’s scale and reliability is not theoretical. BMW deployed SUSE Virtualization as part of its factory digitization initiative, creating a continuum between cloud and edge for enhanced data management and quality assurance. Their deployment involves creating and deleting 2.6 million VMs per month—driven by AI-powered quality inspection using high-definition cameras and machine learning. If SUSE Virtualization can handle that throughput at BMW’s manufacturing scale, it is more than capable of supporting an enterprise EUC environment.

Kasm Workspaces: The Browser-First Delivery Layer

If SUSE Virtualization provides the infrastructure foundation, Kasm Workspaces provides the delivery intelligence. Kasm is a cloud-native, containerized workspace platform that delivers desktops, browsers, and applications through a web browser—with no client software required on the endpoint.

Kasm’s architecture is fundamentally different from traditional VDI. Rather than provisioning a persistent virtual machine per user, Kasm delivers ephemeral, containerized workspace sessions. Each session spins up in seconds, operates in complete isolation, and is destroyed when the user logs out—leaving no data on the endpoint and no persistent attack surface.

Web-Native by Design

Kasm’s most important architectural decision is also its simplest: everything runs in the browser. Users access their workspaces from any device—laptop, Chromebook, tablet, or kiosk—using a standard web browser. There is no VPN client to install, no agent to manage, no endpoint configuration to enforce.

This is not just a user experience improvement. It is a fundamental security and management simplification. When the workspace lives in a container that is isolated from the endpoint, the traditional endpoint management problem largely disappears. Data never touches the local device. Session isolation prevents lateral movement. And because sessions are ephemeral, there is no persistent state to patch or protect.

Container-Based Efficiency at Scale

The economics of containerized workspace delivery are compelling. Because containers are significantly more efficient than VMs in terms of compute overhead, organizations can load dramatically more concurrent users onto the same hardware. Real-world deployments have demonstrated up to 8x better CPU utilization compared to traditional VDI—meaning fewer servers, lower infrastructure costs, and more room to grow without adding hardware.

Auto-scaling is native to Kasm’s architecture. Workspaces spin up when users log in and shutdown when they log out. There is no idle capacity to pay for, no capacity planning exercise to run every quarter, and no risk of overprovisioning. The infrastructure costs track directly with actual usage.

From the Hamina case study: IT budget for end-user computing was reduced from 40% of total IT spend to 20%, while computing power doubled. Users moved from laptops to Chromebooks, malware exposure was eliminated, and remote work software agents were fully displaced.

Zero-Trust Security Architecture

Kasm was built for a zero-trust world. Browser-based access means the workspace is accessed through an authenticated, encrypted session—not a persistent VPN tunnel. Each containerized session operates in complete isolation; a compromised session cannot affect other users or reach internal systems beyond what is explicitly permitted.

With Kasm Workspaces, enterprise security is core to the platform’s design, not just add-on features. Enabling capabilities include, smart card passthrough for PKI-based authentication (a critical requirement for government and financial services), automatic security patch rolling, RBAC enforcement, and watermarking for data exfiltration prevention.

AI Workspaces and GPU Support

Perhaps the most significant differentiator is Kasm’s native support for AI workloads. As organizations deploy large language model tools, AI-assisted coding environments, and GPU-accelerated data science platforms, the traditional VDI model breaks down. VMs cannot efficiently share GPUs, and the orchestration overhead of managing GPU-accelerated persistent desktops is prohibitive.

Kasm’s containerized architecture maps naturally to GPU workloads. Using Kubernetes-native GPU operator support, organizations can deploy AI-enabled workspaces—containerized environments with GPU access for LLM inference, model development, or AI-assisted productivity tools—on the same cluster infrastructure serving browser-based SaaS users. One platform, one operational model, multiple workload types.

The Combined Stack: How SUSE Virtualization + Kasm Work Together

The power of pairing SUSE Virtualization and Kasm is not just additive—it is architectural. Together, they create a cohesive EUC modernization platform that addresses the full lifecycle of workspace delivery without the complexity of a multi-vendor stack.

Infrastructure Layer: SUSE Virtualization

• Provides Kubernetes-native HCI for running both VMs (for legacy workloads) and containers (for Kasm sessions) on the same nodes
• Eliminates hypervisor licensing costs through 100% open-source KVM foundation
• Delivers storage services via Longhorn with snapshots, backup, and restore
• Supports NVIDIA vGPU for AI and GPU-accelerated workspace scenarios
• Managed through Rancher for unified multi-cluster visibility and operations

Workspace Delivery Layer: Kasm

• Runs as a containerized application on top of Kubernetes—natively compatible with SUSE Virtualization’s RKE2 Kubernetes layer
• Delivers browser-based workspace sessions in seconds, with no endpoint agent required
• Provides ephemeral, zero-trust workspace isolation with automatic session cleanup
• Scales elastically with user demand through Kubernetes-native auto-scaling
• Supports Windows apps (via RDS integration) alongside Linux and browser workspaces from a single control plane
• Delivers AI-ready workspaces with GPU passthrough for LLM and developer AI tool access

What the Combined Platform Eliminates

This is where the modernization story becomes financially compelling. The SUSE Virtualization + Kasm stack replaces or reduces reliance on:

• Hypervisor licensing (VMware/Citrix tax): SUSE Virtualization provides enterprise-grade HCI with no per-socket or per-VM licensing.
• VDI broker complexity: Kasm’s containerized model removes the need for connection brokers, provisioning engines, and image management complexity.
• Endpoint management sprawl: Browser-native access eliminates the need for heavy endpoint management for SaaS-centric workers.
• Remote access tooling: Kasm’s built-in secure remote access displaces VPN clients and remote work software agents.
• Separate AI/GPU infrastructure: GPU workloads and workspace workloads can share the same Harvester cluster, reducing the need for dedicated AI infrastructure silos.

Who Should Consider This Stack?

The SUSE Virtualization + Kasm combination is a strong fit for specific organizational profiles. It is not a universal replacement for every EUC scenario—but for the right use cases, it offers a compelling modernization path.

Strong Fit Scenarios

• Organizations migrating away from VMware. With Broadcom’s VMware restructuring creating significant licensing and support uncertainty, organizations looking for an open-source, production-grade alternative to vSphere for EUC workloads have a direct path in SUSE Virtualization + Kasm.
• Browser-first workforces. If the majority of your workforce spends their day in SaaS applications—Microsoft 365, Salesforce, ServiceNow, Workday, and the like—the overhead of maintaining full Windows VDI is difficult to justify. Kasm delivers secure browser access without the weight.
• BYOD and Chromebook deployments. Kasm’s browser-native model is purpose-built for organizations that want to reduce endpoint costs and shift to thin endpoints without sacrificing security or the application experience.
• Developer and AI workload integration. Organizations building AI capabilities need containerized, GPU-accelerated development environments. SUSE Virtualization’s NVIDIA vGPU support and Kasm’s container-native architecture make this possible on the same infrastructure stack that serves regular EUC workloads.
• Government and regulated industries. Kasm’s zero-trust architecture, smart card support, immutable session model, and air-gapped deployment capability make it a natural fit for federal, defense, and financial services organizations with strict security requirements.
• Cost-sensitive or IT-lean organizations. The combination of open-source infrastructure (SUSE Virtualization) and highly efficient containerized delivery (Kasm) reduces the infrastructure footprint and management overhead compared to equivalent traditional VDI.

The Modernization Roadmap: Getting There from Here

One of the most important aspects of this platform combination is that it supports a phased modernization approach. Organizations do not need to abandon their existing VDI investment overnight to start capturing value.

Phase 1: Infrastructure Consolidation

Deploy SUSE Virtualization as the infrastructure foundation, initially running existing VM-based workloads. This delivers immediate cost savings through hypervisor license elimination and consolidates management through Rancher. Existing Windows VMs continue to operate with full support.

Phase 2: Browser-First Workload Migration

Deploy Kasm Workspaces on Kubernetes within the SUSE Virtualization environment. Begin migrating SaaS-centric user populations to containerized browser sessions. Maintain Windows VMs for legacy applications that require full desktop delivery.

Phase 3: AI Workspace Enablement

Activate GPU scheduling and Kasm AI workspace capabilities. Enable developer and data science teams with containerized, GPU-accelerated environments. Integrate with enterprise AI tools and LLM platforms running on the same Harvester cluster.

Phase 4: Full Modernization

As legacy applications are rationalized or containerized, the persistent VM footprint shrinks. The majority of users are served by ephemeral, browser-based Kasm sessions. Infrastructure costs, management complexity, and security overhead are dramatically reduced.

The Bottom Line

End-user computing modernization is not a single product decision—it is an architectural transformation. The SUSE Virtualization + Kasm combination represents a thoughtful answer to the real challenges facing EUC teams in 2026: cost pressure from legacy hypervisor licensing, security demands from zero-trust mandates, application landscape shifts toward SaaS and browser-first delivery, and new requirements from AI workloads that traditional VDI was never designed to serve.

SUSE Virtualization provides the open, cloud-native infrastructure foundation. Kasm provides the browser-native, containerized workspace delivery layer. Together, they offer a path from the legacy desktop paradigm to a modern, efficient, and AI-ready digital workplace.

For organizations ready to stop bolting modern requirements onto legacy architecture and start building a genuinely modern EUC stack, the SUSE Virtualization + Kasm combination deserves serious evaluation.

About Kasm Workspaces

Kasm Technologies delivers cloud-native, containerized workspace solutions for enterprises, government agencies, and service providers. Kasm Workspaces is deployable on-premises, air-gapped, in private cloud, public cloud, or as SaaS. Learn more at kasmweb.com.

About SUSE Virtualization

SUSE Virtualization is a 100% open-source, cloud-native hyperconverged infrastructure platform built on Kubernetes, KVM, and Longhorn. Designed for modern datacenters and edge environments, SUSE Virtualization unifies VM and container management under a single operational model. Learn more at suse.com/harvester.