In my feel , PAM/PIM solutions which are dedicated and independent security solutions, like CYBERARK or ObserveIT are limited in action when it comes to secure infrastructure management and manage the whole life-cycle , instead it focuses on just "just in time" use or part of the cycle. For example, solution who offered jump-server like arch, in my opinion scooping out functions from a VDI in terms of publishing, invocation and access to resources. Agents based solutions like ObserveIT control application use and misuse.
Should a properly fitted VDI allows , ubiquitous concept in resource management, allowing BYOD controls to put in place. I think after VDI, as residual risk control PAM/PIM should come. For example installing a PAM agent on connection server.
Also from business point of view linked clones provides better business uptime and productivity.
I appreciate if someone can open this discussion for me.