By Rich Carey, Senior Network Engineer at DP Solutions
What is VDI and what are the benefits?:
The concept of a Virtual Desktop Infrastructure (VDI) is to run desktop operating systems and applications from virtual machines located in a data center. Although the end user accesses their desktop environment via a thin client or an actual desktop, all of the data resides within a network operating center (NOC). This is not a new concept. In the early days of computing, all data was accessed via a “dumb terminal” that connected to a mainframe system, which was typically located in a data center or NOC. With VDI, the end user is presented with an environment that is very similar in experience and functionality to the traditional desktop PC. So, you’re probably thinking “Why would I want to implement VDI?”
Managing and supporting a company’s desktop environment has always been a challenge. Some of the most common issues facing IT departments include:
- Security risks on the client PC’s and the complexity of managing them centrally
- Standardization of the desktop environment and the applications that run on each client
- Patch and upgrade management
- Costly hardware refreshes that might also lead to additional support costs
- Desktop hardware failures that take a lot of time to repair, causing a loss of productivity for the end user
- Complexity, cost and inefficiencies of backing up and restoring a client desktop environment
- Difficulty of protecting desktop data in environments that adhere to compliance regulations such as Sarbanes-Oxley or HIPAA
- The trend of BYOD (Bring Your Own Device) in business, which requires IT departments to enable various consumer devices (i.e. tablets and Smartphones) to work within the company’s infrastructure
VDI is a compelling solution to all of these IT challenges. With VDI, desktop management can be achieved through a single management interface.
Depending on the configuration, refreshing an end user PC is as simple as associating the user account with another virtual desktop or desktop “pool”. Any major application deployments, upgrades, or service packs can be accomplished by modifying a single “golden” or “master” image and then propagating the changes out to the virtual desktops that are tied to the image.VMware View calls this “recomposing” and it can be set as a scheduled task.
VMware ThinApp provides additional flexibility and control through application virtualization. A specific application can be streamed to an end user’s virtual desktop and run in its own isolated space to avoid any compatibility issues that may occur under normal conditions. This type of control is not nearly as easy to accomplish with physical desktop clients. The fact that the environment is virtualized and centralized makes it much easier to back up and restore, as well as comply with any regulatory policies. In addition, VDI will extend the life of any existing hardware since all of the processing is done at the data center. The end user device is basically relegated to the role of “dumb” terminal. In a BYOD environment, the end user only needs to connect to the VDI environment with the VDI client to run their virtual desktop. Both VMware and Citrix have clients that can work with many popular consumer devices such as the iPad and Android phone.
Below are some considerations to address prior to implementing VDI:
- The up-front cost of the implementation (i.e. license, SAN, hosts).
- The learning curve involved with the introduction of new technology to the IT staff, as well as the end user population.
- With the potential of hundreds or even thousands of virtual desktop VM’s, the underlying storage will need to be scaled to support a large amount of random I/O; failure to provision the proper storage can lead to a poor user desktop experience.
- As with storage, the underlying network infrastructure will need to be evaluated so that network latency from client to the virtual desktop is sufficient for the end user desktop experience. There are many factors that go into the performance limits of VDI.
—VMware View has its own proprietary desktop connection protocol named PCOIP. It also provides an optimization guide.
- VDI may not be a fit for end users that run applications requiring high-performance graphics such as AutoCAD or Adobe DreamWeaver.
In short, a VDI implementation may not be a suitable solution for every user in an organization. In fact, many production VDI solutions are not deployed across the board, but to only a subset of users who fit the profile. It is very likely that, as the technology of VDI advances, it will trend towards becoming a solution for the entire organization’s user base. Currently, the top three players in the VDI space are VMware with VMware View, Citrix with XenDesktop, and Microsoft with Microsoft VDI. The remainder of this article will focus on VMware View.
VMware View Architecture, Components and Features:
A VMware View environment may contain some or all of the following components (please note that some components are required while others are optional and only necessary to enable certain types of functionality):
View Connection Server:
The View Connection Server is the central and most important component. As such, it is a required component, acting as a broker between the client and the virtual desktop, as well as handling authentication and authorization with the internal identity source (Active Directory). A connection between the client and the assigned virtual desktop is then created via the selected protocol (or forced via policy). Installation of an additional connection server as a replicated instance allows for high availability and load balancing as one configuration is replicated to multiple instances. Secure external access can be enabled by installing an additional type of connection server called a Security Server. This server typically sits in a Demilitarized Zone (DMZ) and acts as a secure proxy between the external View Clients and the internal Connection Server.
The View Administrator is a web application that allows configuration of the View Connection Server and is also the central component to define desktop pools. All management can be performed via View Administrator although some of the functionality can be done via PowerCLI as well when, for instance, there is a repetitive task that you would like to schedule and automate. Event logging and component health status can also be viewed. This component is required.
The View Composer allows you to create linked-clone virtual desktops. Linked-clone virtual desktops rely on a base image clone and every subsequent virtual desktop deployed from this base clone will use this base image and only save the differences in its own virtual hard disk. This allows for deployment of new virtual desktops a lot faster and saves considerable storage space (if the differences are minimal). Although View Composer is not a required component, it is necessary if you wish to have a dynamic and flexible VDI deployment where virtual desktops can be created “on the fly”. Multiple desktop pools could be created and assigned to end users via security group membership. For example, if the Accounting department users require a Windows XP SP3 desktop due to the fact that they use a legacy application, a pool of desktops could be created and assigned to members of the security group named WinXP while the rest of the company could use Windows 7 virtual desktops by being added to the Win7 security group. In addition, the amount of available desktops can be controlled, as well as the number of deployments. If the minimum is set to 50 and the maximum to 200, for example, there will always be 50 desktops available for assignment and more would be created on demand (within seconds) until the limit of 200 is reached (at which point a decision would need to be made as to whether to increase the setting or un-assign some desktops). When a feature called View Persona is included (explained below), an extremely flexible VDI environment is created that can change dynamically with little user interruption.
View Persona Management preserves user profiles and dynamically synchronizes them with a remote profile repository. View Persona Management does not require the configuration of Windows roaming profiles, and can bypass Windows Active Directory in the management of View user profiles. If roaming profiles are already used, Persona Management enhances their functionality.
Persona Management downloads only the files that Windows requires at login, such as user registry files. When the user or application opens other files from the desktop profile folder, these files are copied from the stored user persona to the View desktop. This algorithm provides performance beyond that achieved with Windows roaming profiles. In addition, View copies recent user profile changes to the desktop profile up to the remote repository every few minutes. The default is every ten minutes, but this time period is configurable. View Persona effectively separates all user data from the assigned desktop VM and makes that VM entirely disposable without fear of user profile loss or corruption.
View Transfer Server:
The View Transfer server is a good solution in scenarios where end users are not always connected to the Internet, but wish to access their desktop. The Transfer Server handles the check-out and check-in of such virtual desktops. When the View Client is offline, it is considered to be running in “local mode” where the end user is making changes to the local View client. The next time the client is online it will communicate with the transfer server and synchronize the changes to its associated VM. Desktops that run in local mode cannot be linked clones and must be full VM’s. This is an optional component and you need it only if you have such virtual desktops.
In linked-clone deployments, major software installations or upgrades are made much easier to deploy through a process called Recomposing. The master image of the VM used for the desktop pool is changed accordingly, a snapshot is created, and that snapshot is then used to change the linked clones. The change can be scheduled or made immediate in which case all connected users would receive a notification that they would be logged out of the VM in 5 minutes (or whatever time is set) in order for the modification to occur. For example, if you were upgrading Office 2007 to Office 2010 you would simply need to upgrade the version on the master image, create a snapshot, and schedule the recompose process. Then, the next time the end user logs into their VM, they would have Office 2010 installed.
Is VDI for you?
As you can see, VDI technology offers many advantages that could not be achieved in a traditional desktop environment, most notably management, flexibility and resiliency. From the standpoint of VMware View, an environment running a fleet of linked-clone desktop VM’s has the ability to adapt to change in a manner not previously imagined with physical laptops and desktops. If your organization is nearing a crossroad where big decisions need to be made concerning desktop refreshes and expenditures, VDI should be at the very least in the conversation.
To learn more about VDI for your business, contact DP Solutions at email@example.com or 410-720-3300.
RICH CAREY has been a Senior Network Engineer with DP Solutions since 2011. In addition to several CompTIA certifications, Rich holds multiple accreditations with VMware, Citrix, IBM, Microsoft and Juniper Networks.