Post on 12-May-2015
Centralizing Desktop Management
VISION 2008November 13, 2008
Bill OylerSystems Engineer
St. Croix Solutions, Inc.boyler@scsmn.com
The Desktop Dilemma
IT Requirements:Manage desktop images easilyManage different types of devices Provide secure, continuous accessManage legacy and modern appsLow management costs
User Requirements:Personalized desktopsAccess from anywhere/any deviceApplications all work with each otherRich application interface
The Nature of the Desktop is Changing
Cost & Security Are Driving PC Alternatives
“Which aspects of the traditional client PC environment aredriving your interest in alternatives to traditional PCs?”
3%
19%
20%
37%
46%
49%
52%
0 10 20 30 40 50 60
CostsSecurity
Management/PatchingRemote Access
Electricity Usage
Energy ConsumptionOther
Base: 565 PC decision-makers at North American and European enterprises (multiple responses accepted)
Source: Enterprise and SMB Hardware Survey, North America and Europe, Q3 2007. Forrester Research, Inc.
Virtualization is the Solution
Virtualization enables Isolation, Encapsulation, and Mobility.Run different operating systems side by side.Run legacy applications alongside modern applications.Move OS, apps, desktops to different devices.Separate user data and applications from hardware.
Application Virtualization
Machine Virtualization
User / Data
VDI = Virtual Desktop Infrastructure
Keep user experience familiar!
The Rise of Virtual Desktops
—Brian Gammage and George Shiffler IIIAugust 8, 2007
“By the end of 2010, all new PC deployments will be virtualized.”
Meeting the Challenges of the Desktop
Challenges
Operating Costs
Fewer field engineersShorter help desk callsSmaller hardware refresh
Lower Costs
Challenges
User data in data centerSessions SSL encryptedDesktops are isolated
Security
Operating Costs
Security and Compliance
Meeting the Challenges of the Desktop
Challenges
No software conflictsAutomated patchingRapid deployment
Management
Operating Costs
Security and Compliance
Management
Meeting the Challenges of the Desktop
Challenges
Access from any locationFamiliar user interface
Flexibility
Operating Costs
Security and Compliance
Management
Flexible Access
Meeting the Challenges of the Desktop
Challenges
Reduce power consumption by switching to thin clients/laptops
Power
Operating Costs
Security and Compliance
Management
Flexible Access
Power
*Butler Group, “Infrastructure Virtualization”, September 2007
Meeting the Challenges of the Desktop
How Customers Use VDI
Centralize, Replace, Upgrade PCsReplace traditional PCs with centralized virtual desktops for better control and easier upgrades (i.e. XP > Vista > Windows 7).
Disaster Recovery & Business ContinuityProvide continuous availability of desktops to users no matter where they are located.
Simplify Call Centers, Training Centers, SchoolsDynamically allocate and de-allocate desktops for large groups of mobile users. Easily and securely accommodate temporary users and visitors.
Current VDI Marketplace
VMware Infrastructure + VMware View + VMware ThinApp
Citrix Access Gateway + XenServer + XenDesktop + XenApp
Microsoft Windows 2008 + Hyper-V + Terminal Services
Microsoft Enterprise Desktop Virtualization (Kidaro) - 2009
Parallels Virtuozzo Containers + Quest Provision Networks Virtual
Access
VMware Infrastructure + Sun Solaris + Sun Ray Software + Sun Secure
Global Desktop + Sun Virtual Desktop Connector
VMware Infrastructure / Xen / Microsoft + VDIworks
VDI Example in the Real World
NEC
12,000 desktops virtualized
TCO cut by 46%
Software deployment time reduced from 3 months to a
few hours
Only 3 support staff
20,000 desktops to be virtualized by end of 2008
Typical Physical Desktop Build
App App App
UserData
Profile
IssuesHardware +
OS + apps are intertwined
New desktop = new hardware
Desktop image for each unique hardware combo
Applications don’t always interact well with each other
User data often ends up on local disks
Management is Difficult on the Edge
App App App
Fixing a Broken Desktop =
Gain Physical Access + Salvage Usable Data +
Reimage + Patch + Customize + Return to User
Theft and Accidental
Loss
XX
Out of Date Virus Defs &
Missing Patches
Unique Hardware
Configurations
UserData
Profile
X
Patching at the Edge
Average success rate for patching desktops = 60-80%Even worse over WAN to remote usersHow about powered off/sleeping devices?
Windows Vista SP1 1 GB+
Windows XP SP3 316 MB
Office 2007SP1 218 MB
Store User Data & Profiles on File Server
App App App
Profile
File Server
UserData
Profile
Easy to backup & secureRequires fast network connection to server
Store Applications on File Server
Profile
File Server
UserData
Profile
File Server
App
App
App
Application virtualization (i.e. ThinApp) enables applications to run directly from file server
Desktop = Hardware + OS
Virtualize the Desktop!
Profile
File Server
UserData
Profile
File Server
App
App
App
Desktop VM has fast LAN/SAN access to file serversDecouple desktop OS from users & physical hardware
Create “Golden Image” Desktop Template
Profile
File Server
UserData
Profile
File Server
App
App
App
VM Template
Minimal OS can be converted to a “golden image” templateNew VMs can be built rapidly
Automatic Provisioning
Profile
File Server
UserData
Profile
File Server
App
App
App
VM Template
Spin up virtual desktops on demandSingle template for all users
Connection Brokering (View Manager)
Profile
File Server
UserData
Profile
File Server
App
App
App
VM Template
Securely authenticate with Active DirectoryAccess desktop from any device
Also supports 2-factor authentication with RSA SecurID
Thin Clients
Profile
File Server
UserData
Profile
File Server
App
App
App
VM Template
No need for “fat” PCsThin clients are finally feasible!
External Users
Profile
File Server
UserData
Profile
File Server
App
App
App
VM Template
No need for VPN hardware/softwareView Manager in DMZ encrypts sessions using SSL
Backing Up
BEFORE:
???
?
Profile
File Server
UserData
Profiles
File Server
App
App
App
VMTemplate
AFTER:
1. Backup file servers
2. Backup VM template(s)
Disaster Scenarios
Desktop VMs are highly available in data centerMaybe even replicated to off-site data center
Users can access their desktops from any deviceHome Mac/PC, laptop, remote company site, etc.
VMware View = Complete Freedom
Profile
File Server
UserData
Profile
File Server
App
App
App
VM Template
Work from anywhereNo dependencies
Inherently scalableEasy backup, DR, BC
Virtual Desktop Types
Individual Desktop:User manually assigned to dedicated, customized desktopIdeal for power users or specific configurations
Persistent Pool:Common template used to provision all new desktopsIndividual desktop assigned to user at first logon & subsequentlyIdeal for new deployments, new employees, and user customization
Non-Persistent Pool:Common template used to provision all new desktopsDesktops returned to pool after each useIdeal for kiosks, shift workers, visitors, students, standardization
Client Access Methods
Windows ClientWindows application used to establish desktop connectionCan run on “stripped down” or “hardened” Windows OSSupports USB device redirectionCan run on:
Windows 2000Windows XP*Windows XPe* Thin ClientsWindows Vista* Supports Multimedia Redirection (MMR)
Client Access Methods
Thin ClientsWindows Embedded-based
Windows CE
Windows XPe
Linux-based
Sun Solaris-based
Sun Ray
WYSE ThinOS-based
Supports USB & Multimedia Redirection
A few of the VMware VDI Alliance Thin Client partners:
Client Access Methods
Web AccessWeb browser & Java used to establish desktop connection
WindowsWindows XPWindows Vista
Mac OS X
LinuxRed Hat Enterprise LinuxSuSE LinuxUbuntu
View Manager
RDP Connection
SSL Tunnel
Builds SSL encrypted tunnel between user device and virtual desktop
Uses HTTPS (no firewall changes needed)
Directs users to appropriate virtual desktop using RDPHandles authentication with Active DirectoryMultiple View Managers can be deployed for load balancing and failover
Network outage does not cause data loss (users are reconnected)
View Composer: Linked Clones
Cloned VMs “link” back to master VM rather than creating full copy
Speed deployment from minutes to seconds
Reduce disk usage
Patch master VM = all linked clones are patched
Conceptually like a point-in-time copy of master VM but with a separate identity
Can be powered on, suspended, snapshot, reconfigured independent of master VM
Virtual Printing
No installation of printer drivers on desktop
All necessary printers automatically available
Printer traffic over network is highly compressed & optimized
Uses regular client printer driver rather than complicated server driver
Supports Windows 2000, XP, Vista (32-bit and 64-bit)
View Client
RDP
View Client
RDP
ThinApp: Application Virtualization
Isolate application, DLLs, registry changes, unique data from OS
Agent-lessEntire application
environment becomes double-clickable file
Run application from a file share, USB stick, CD
Each user has own sandboxWide application support
• Windows NT, 2000, XP, 2003, Vista• 32-bit and 64-bit OS
Reduce storage costsReduce unique desktop imagesRun multiple versions of apps
Offline Desktop (Experimental)
Clients View Manager VMware Infrastructure Don’t need
constant network connectivity
Check your virtual desktop in and out
VM stored encrypted
VM requires authentication & only runs on authorized computer When offline, virtual desktop runs natively on user’s computerWhen online, virtual desktop runs from VMware server as usual
Reliability of Virtualization Platform is Critical
VMware Infrastructure is unprecedented for Reliability and Scalability
Questions?
VISION 2008November 13, 2008
Bill OylerSystems Engineer
St. Croix Solutions, Inc.boyler@scsmn.com