Slide 1

Transforming Desktop Management with Virtualization Monica Lam Professor, Stanford Founder and Chief Scientist, MokaFive Slide 2 Desktop Complexity Challenge: System rollouts/ updates/ upgrades Application management PC/Mac/ BYOC Mobility & Remote access Desktop disaster recovery Lost/Stolen Laptops | Copyright 2011 MokaFive, Inc.2 Slide 3 A Holistic Approach, with Virtualization | Copyright 2011 MokaFive, Inc.3 Any time Any where Any machine Slide 4 Separation of Concern Characteristic of all intelligent thinking Focus on one, knowing that we are only occupying ourselves with one aspect It is being one- and multiple-track minded simultaneously The only available technique for effective ordering of one's thoughts. On the Role of Scientific Thought, Edsger W. Dijkstra, 1974 | Copyright 2011 MokaFive, Inc.4 Slide 5 Each user has a personalized desktop Separating Concerns in Desktop Mgmt | Copyright 2011 MokaFive, Inc.5 C: drive iTunes, IM, viruses, rootkits Documents, music, pictures, preferences, User Data & Settings User Applications IT Manages consistent desktops XP / Win7, MS-Office, Anti-virus, Firefox, Viewer, Reader, VPN, etc.. Corporate Apps Corporate OS Operating Systems User Data & Settings Applications Bare-metal*USB BYOPC WindowsMac iTunes, IM Slide 6 Demo | Copyright 2011 MokaFive, Inc.6 Slide 7 5000 desktops per mgmt. server Streamlined Rollouts/Updates | Copyright 2011 MokaFive, Inc.7 Corporate Desktop Active Directory (multi-forest) MokaFive Live PC Corporate Desktop Image Store Slide 8 Teachers Students Open University Doctors Nurses Administrators Friendly Care Estate planners International law Tax lawyers Dewey, Cheetum, & Howe Executives Engineers Scientists Massive Dynamic Corporate Desktop Streamlined Rollouts/Updates | Copyright 2011 MokaFive, Inc.8 Internet Corporate Network Corporate Desktop Image Store 5000 desktops per mgmt. server Active Directory (multi-forest) Slide 9 Always in Control | Copyright 2011 MokaFive, Inc.9 User Data & Settings User Applications Corporate OS Corporate Apps OfflineOnline UN-REVOKEKILLREVOKE Multiple AD domain support Printing to host printers Copy protection Roll-up and drill- down reporting Automatic revoke upon un- targeting AES-128 & 256 encryption Customizable image updater Anti-virus scan of host PC PKI certificate support Automatic time- out of credentials Version rollback Image store assignment by IP RSA SecurID Two-factor authentication Adjustable image storage Virtual disk check and repair Network monitoring systems Independent version control Patch management Check out lease time Slide 10 Virtualization Centralized UpdatesDelta CompressionOne-Click SubscribeSystem/User SeparationPredictive FetchCopy Protection Encryption Platform: WindowsRun from USBPlatform: MacBypass VirtualizationSingle-Sign OnAD Domain Join InjectionUniversal Installer One-Click SubscribeSystem/User SeparationPredictive FetchEncryptionCopy ProtectionPlatform: Windows MokaFive 3.0 Dec 2010 MokaFive 1.0 May 2008 MokaFive 2.5 Nov 2009 Host Checker Scrambled IOUSB Unplug Protection FILO XP LayeringTDSK Format Alt VMM: VirtualBox Tamper-Resistance Multi-Tenant Server Printer Passthrough FILO 7 LayeringAVG Integration 64-Bit Host Support 64-Bit Guest SupportShadow Filesystem Trace-assisted Prefetch Trickle-Back BackupPlatform: BareMetal Run from USB Platform: MacBypass VirtualizationSingle-Sign OnAD Domain Join Injection Universal Installer Host Checker Scrambled IO USB Unplug Protection FILO XP Layering TDSK Format Alt VMM: VirtualBox Tamper-Resistance Multi-Tenant Server Printer PassthroughFILO 7 Layering AVG Integration 64-Bit Host Support64-Bit Guest SupportShadow FilesystemTrace-assisted Prefetch Trickle-back Backup Platform: BareMetal Centralized Updates MokaFive Technology | Copyright 2011 MokaFive, Inc.10 Delta Compression MokaFive 3.7 Today Slide 11 Technologies Behind the Scene | Copyright 2011 MokaFive, Inc.11 Slide 12 What is Layering? Layering composes file system and registry across different volumes into a unified view. | Copyright 2011 MokaFive, Inc.12 File systemRegistry Slide 13 How Does Layering Work? Uses a Windows kernel driver Loads at a very early point in boot Handles device drivers, etc. Layering Policy Engine Decides where each write should go, based on path match or file type Default policy: User wins conflicts Known user data to user layer, all else to app layer | Copyright 2011 MokaFive, Inc.13 Slide 14 Whiteouts What if user deletes something in the system layer? To record deletions, use whiteouts MS Bob MS Bob. WHITE DOUT 14| Copyright 2011 MokaFive, Inc. Slide 15 Benefit #1: Single-Image Management 15| Copyright 2011 MokaFive, Inc. Slide 16 Benefit #2: Rejuvenation 16| Copyright 2011 MokaFive, Inc. Slide 17 Benefit #3: Avoid Windows Rot 17| Copyright 2011 MokaFive, Inc. Slide 18 Other Uses of Layering Easy and efficient backup and recovery User data is in separate layer, making backup easy Deploy thousands of users in minutes No need for costly sysprep/QuickPrep steps Deploy updates in seconds, no matter how large Just flip disk pointer and reboot. SP1 in 2 seconds! Compatible with your existing tools/software No need to virtualize or repackage applications Can use standard software distribution tools | Copyright 2011 MokaFive, Inc.18 Slide 19 M5 BareMetal Advantages 1. Single image across all devices 2. Zero-touch update across entire stack 3. Rapid startboots in 15 seconds 4. 2 seconds to apply any update 5. TRIM support for consistent SSD performance 6. Simultaneous 3D acceleration across all LivePCs 7. Built-in layering for user customizations 8. Off-network automated AD domain join 9. Built-in remote desktop support for help desk 10. Dynamic driver detection at boot 11. Built-in compression and AES-256 encryption 12. Automatic security lock on suspend | Copyright 2011 MokaFive, Inc.19 Slide 20 VDI (Virtual Desktop Infrastructure) Virtual machines run in the data center Users remote login from desktop Comparison with LivePCs (Local execution on client machine) Share same management infrastructure Virtual machines closer to large databases where applicable Requires constant, high-bandwidth connectivity Poor interactivity (video conference) High total cost of ownership | Copyright 2011 MokaFive, Inc.20 Slide 21 Comparison with VDI (1000 Users) | Copyright 2011 MokaFive, Inc.21 Slide 22 Summary Self-healing desktops cut support costs in half At $45/hour, saves up to $540/year Point, click, and update thousands of desktops in seconds Typical savings of $360 per desktop per year ($480 vs. $120) Runs on minimal infrastructure with random bandwidth Eliminate remediation that require overnight shipments / truck-rolls Eliminate Costs: Revoke and/or Kill with time & event based policies 128/256 AES encryption & copy protection Virtual machine encapsulation (prevents copy/paste/etc) Active Directory / RSA secure ID / Two-factor authentication Keylogger, Screenscraper, Anti-virus scan of host PC Improve Security: | Copyright 2011 MokaFive, Inc.22