Published in: Technology, Health & Medicine
  1. 1. virtu l DATA CENTER 02 Introduction 04 Decoding the VMware Universe 15 Virtual Desktop Delivery and Management Options: Reducing Complexity, Increasing Flexibility v Volume 3 A field guide to two virtualization worlds. BY JAN STAFFORD VMware’s ecosystem of virtualization offerings is extensive, but the wealth of choice may be confusing rather than helpful. Here we sift through the various offerings. BY DAVID DAVIS Desktop virtualization has centralized management of far-flung machines, but the options remain dispersed and daunting. Kutz leads the way in defining which virtual desktop technology might suit your company’s needs. BY SCHLEY ANDREW KUTZ
  2. 2. Editor’s Letter tionality of third-party products. Speaking of mazes, Davis also demys- tifies how VMware’s management prod- ucts fit into the IT Infrastructure Library EDITOR’S ONSIDER this month’s (ITIL) framework. He maps the VMware LETTER Virtual Data Center e- ecosystem with ITIL service and support 7 zine as a virtualization categories in a way that is easily transfer- DECODING Who’s Who or, perhaps, able to many environments. THE VMWARE What’s What. In this issue, we act as And Andrew Kutz is just the right UNIVERSE docents to VMware, the elder statesman guide to usher us through the desktop 7 virtualization world (see page 15). He of server virtualization, and adventure ITIL AND guides for the wild world of a new fron- garnered admiration and raised ire in his THE VMWARE UNIVERSE tier: desktop virtualization. You’ll learn effort to fill gaps in VMware technolo- 7 more about the maze of products and gies with handy plug-ins. Kutz separates technologies that make up VMware’s the hype from reality, categorizing desk- VIRTUAL top virtualization platforms and then DESKTOP virtualization ecosystem. Then you’ll DELIVERY AND get what may be the most comprehen- dissecting current products in those MANAGEMENT sive guide to desktop virtualization categories. OPTIONS today, a technology that vendors have Kutz also explains how the short-term 7 pain—and there will be pain—of adopt- rushed into with new approaches and products. ing desktop virtualization is made bear- Currently, VMware is the only server able by long-term gain. Besides, he says, virtualization vendor with mature, the pain of migration is nothing com- production-ready products that have pared with the cumulative day-to-day exceeded a third release. Filling gaps in pain of managing desktops that are management and migration has brought sprawled throughout the enterprise. new tools, such as VMware Consoli- Why use Band-Aid point solutions when dated Backup and Storage VMotion, you can truly mend an ailing system? respectively. VMware has also ventured This issue’s two tours may not lead into desktop virtualization with Virtual to Nirvana, but they should put things Desktop Infrastructure. in perspective. Our piece on desktop In this issue, IT expert David Davis virtualization helps separate plum identifies the key VMware building approaches from the lemons. And a blocks for a dynamic, production-level tour of the VMware ecosystem provides virtualization environment (see page 4). a fresh look at a familiar world. Then Davis explains how these features fit together as well as what doesn’t and JAN STAFFORD, Editorial Director, when you’ll need the additional func- Data Center Media Group, TechTarget 2 VIRTUAL DATA CENTER E-ZINE JUNE 2008
  4. 4. Decoding the VMware Universe By David Davis EDITOR’S A LETTER 7 DECODING S VMWARE INC.’S virtu- THE VMWARE alization technologies UNIVERSE permeate data centers, 7 IF YOU’VE struggled IT professionals often find themselves lost ITIL AND THE VMWARE to get a handle on in a complex galaxy UNIVERSE 7 VMware’s myriad of technologies and services that they understand only vaguely. Data center VIRTUAL offerings, this guide is managers perplexed by VMware’s myr- DESKTOP iad virtualization options need to know DELIVERY AND MANAGEMENT designed to cut through about the pieces of the ecosystem, how OPTIONS vendor hype and they fit together and how to determine 7 which technologies best serve their provide an unfiltered needs. This article aims to separate the view of the technolo- wheat from the chaff and orient you in this new world of the VMware gies available for your ecosystem. next-generation data center. THE VMWARE ECOSYSTEM: THE BUILDING BLOCKS Just a few years ago, VMware Inc. offered little more than a basic platform. Now there’s depth and breadth in the company’s various technologies. Indeed, VMware provides almost everything needed to build a complex, dynamic, production-level virtualization environ- ment. VMware’s partner universe has also evolved from a handful to hundreds of third-party software and hardware companies offering products that may 4 VIRTUAL DATA CENTER E-ZINE JUNE 2008
  5. 5. replace, complement or fill a gap in (starter), Standard and Enterprise ver- the VMware arsenal. sions (see sidebar on 3i below). For an The VMware ecosystem isn’t a single enterprise network today, I recommend monolithic product, but rather a patch- that you have at least one copy (that work of different companies and is, one for each server) of the VMware providers that work together to provide Infrastructure Enterprise edition because VMware systems for myriad business you get all the Enterprise features. environments. Essentially, the VMware The VMware ESX Enterprise edition ecosystem includes VMware technolo- includes the following: EDITOR’S gies, third-party software providers, LETTER hardware providers, consulting services I VMware ESX Server 7 providers, education and certification I VirtualCenter Agent DECODING vendors, and end users. I VMware Consolidated Backup THE VMWARE Today, the most well-known VMware (VCB) UNIVERSE product is ESX Server: the completely I Distributed Resource Scheduler 7 redesigned big brother of GSX Server, (DRS) ITIL AND which is the predecessor to the now-free I VMware High Availability (HA) THE VMWARE UNIVERSE VMware Server. Over time, VMware I Virtual Machine File System 3 7 has developed ESX into a package of (VMFS 3) products that is known as VMware I Virtual SMP VIRTUAL Infrastructure (VI). I VMware Update Manager DESKTOP DELIVERY AND In terms of VMware Enterprise edition I VMotion and Storage VMotion MANAGEMENT virtualization, VMware ESX Server is OPTIONS at the center of that universe. None of Of course, VMware has several other 7 these other products are useful without offerings, including Capacity Planner, it. You can purchase ESX Server as a 3i VMmark for benchmarking and VMware standalone version as well as Foundation Stage Manager beta for staging of virtual Choosing Servers for VMware Environments WHEN PLANNING YOUR VMware ESX Server hardware, it is critical to ensure that it’s compatible with VMware ESX. Fortunately, that isn’t difficult if you consult VMware’s hardware compatibility lists. Server hardware vendors like Dell Inc., IBM Corp., and Hewlett-Packard Co. offer powerful multicore servers with a ton of RAM from one of them. With the introduction of VMware ESX Server 3i, these vendors will soon build ESX Server 3i into their servers. That means that there is no VMware Server to install or purchase separately; 3i is embedded. The release of the lower-cost and embedded ESX Server 3i will expand the use of virtualization. If it comes with your server, why not use it? —D.D. 5 VIRTUAL DATA CENTER E-ZINE JUNE 2008
  6. 6. guest systems. VIRTUAL DESKTOP INFRASTRUCTURE There are VMware products other AND CONNECTION BROKERS than those in the VMware Infrastructure VDI virtualizes your users’ desktop sys- suite. As the popularity of VMware tech- tems and thus has tremendous benefits nologies has grown, so have the number for disaster recovery, simplified manage- of VMware partners (both official and ment, cost savings, security and more. unofficial). The VMware Partner Cata- What really makes VDI work is its con- log, for example, lists more than 150 nection broker, which maps thin clients official companies. There are hundreds (which have replaced PCs) to the virtual EDITOR’S of unlisted companies that provide parts guest operating system needed by or LETTER of the ecosystem. assigned to that VDI user. Here are 7 In this article, however, we’ll limit our four leading VDI connection brokers: DECODING discussion to products that are central THE VMWARE to a successful, enterprise-level VMware 1. VMware’s Virtual Desktop Manager 2— UNIVERSE infrastructure. Let’s get a picture of that or VDM2, as it’s called—has recently 7 been released, and currently you can infrastructure’s components by putting ITIL AND the parts in functionality-centric cate- get a VDM starter kit for about $1,800. THE VMWARE While the jury is still out on the best UNIVERSE gories, which are listed below: 7 connection broker, you should try I Virtual desktop infrastructure VDM2 if you’re researching options. VIRTUAL (VDI) and connection brokers DESKTOP I Backup and recovery 2. Leostream’s Hosted Desktop Connection DELIVERY AND MANAGEMENT I Disaster recovery (DR) Broker (HDCB) has been around for OPTIONS I Virtualization and storage some time, and you can download a 7 I VI Client plug-ins free demo from the company’s website. I Virtualization security I Virtualization performance 3. With Citrix Systems Inc.’s purchase management and capacity of XenSource, Citrix now offers Citrix planning XenDesktop Server. The XenDesktop I Virtualization infrastructure Server (currently in beta) connection reporting broker works with VMware ESX Server. I Physical-to-virtual (P2V) and virtual-to-virtual (V2V) conversion 4. Provision Networks’ Virtual Access Suite is now owed by Quest Software, After we explore those functional and the product’s free demo is available areas of VMware virtualization, we’ll on the company’s website, along with a also look at how the ecosystem maps demonstration video. with areas of the IT Infrastructure Library (see “ITIL and the VMware You can also review the connection Universe” on page 9) and other compo- broker comparison, which offers a more nents of the VMware universe, such complete list. For more information on as training (see “VMware Consulting, VDI, you can also read “How Can Vir- Education and Networking” on page 7). tual Desktop Infrastructure Help You?” 6 VIRTUAL DATA CENTER E-ZINE JUNE 2008
  7. 7. BACKUP AND RECOVERY you to gain access to VMFS (i.e., the AND DISASTER RECOVERY ESX Server file system). VCB can likely While it is possible to run a traditional be used with your current backup pro- backup client inside each of your virtual gram (such as CA’s BrightStor, IBM’s guest operating systems, it isn’t the best Tivoli Storage Manager or EMC Corp.’s option because you are doing file-level NetWorker). backups and thus not getting many of But if you have a virtualization back- virtualization’s backup-and-restore up program that works with VCB or benefits. talks directly to the VMFS, you’ll be EDITOR’S Assuming you purchased VMware better off, because it’s much easier do LETTER Infrastructure Enterprise, you have image-level backups, differentials and 7 VMware Consolidated Backup. VCB is restores, and you will gain a graphical DECODING still a young product, and there is some user interface (GUI) with a scheduler. THE VMWARE confusion about it (for more informa- Here are some virtualization backup UNIVERSE tion, see my VCB FAQ article). VCB is technologies. And for how these backup 7 not a backup program. Rather, it allows tools stack up, see a comparison of ITIL AND THE VMWARE UNIVERSE 7 VIRTUAL DESKTOP VMware Consulting, DELIVERY AND MANAGEMENT Education and Networking OPTIONS MANY ENTERPRISE CUSTOMERS require consulting and implementation services. One 7 VMware virtualization consulting service is VMware Inc.’s consulting division, which the company acquired when it purchased Foedus. Another option is outsourcing your virtualized infrastructure to service providers such as BlueLock, which offers “infra- structure as a service” to handle your VMware hardware, software and management needs in its facility. VMware’s ecosystem includes education, certification and training, and, of course, some limitations. If you want to take the VMware Certified Professional (VCP) exam for VMware certification, you need to sign up for VMware’s own in-house training courses. Other self-training options exist, and I often recommend the following: I is a free VMware ESX Server reference chart that can be downloaded and printed. I Train Signal’s VMware ESX Server video training series includes 15 hours of training on VMware Infrastructure suite. And for some fun, check out the website, which geographically maps customers throughout the world that use VMotion and tells you how many VMotion migrations have taken place each day. If you want to participate, you can install the VI Client 2.5 37migrations plug-in that reports your migrations to the web- site. And finally, if you have the opportunity, you can learn a great deal by attending a VMworld conference. —D.D. 7 VIRTUAL DATA CENTER E-ZINE JUNE 2008
  8. 8. VMware ESX Server backup tools: moves virtual guest machines to a DR VMware ESX server. I Vizioncore Inc.’s vRanger Pro I PHD Technologies Inc.’s esXpress PlateSpin Ltd.’s Forge replication appli- I Veeam Backup ance works on each side of your produc- tion and DR site to replicate your Technologies like Data Domain’s DDX VMware guest machines. deduplication appliance prevent dedu- plication in your virtualized backups. If VMware Site Recovery Manager automates EDITOR’S you are doing image-level backups every the recovery of a virtual data center after LETTER night, you’ll have substantial duplication a disaster. But it’s missing the data syn- 7 in your nightly backup data. A dedupli- chronization piece. Site Recovery Man- DECODING cation technology vastly reduces the size ager relies on your storage area network THE VMWARE of data on backup tapes. Additionally, (SAN) hardware to sync the data with UNIVERSE some deduplication appliances provide some kind of replication technology. 7 data replication for disaster recovery ITIL AND purposes. THE VMWARE VIRTUALIZATION AND STORAGE UNIVERSE 7 When you virtualize physical servers, DISASTER RECOVERY why not also virtualize storage? Virtual- VIRTUAL You can now purchase a better tech- izing storage means that your physical DESKTOP DELIVERY AND nology than one that just backs up and and virtual servers are not tied directly MANAGEMENT restores from tape. Because of how virtu- to any storage system. With DataCore’s OPTIONS alization works, it facilitates disaster SANmelody and SANsymphony, storage 7 recovery. If you can get an image of a can be located on any type of disk sys- virtual guest to your DR site, you can tem and can be moved dynamically start that virtual guest OS on any VM- without alerting servers. These solutions ware ESX server, despite the hardware can even assist in replicating data across differences. The following new DR tech- a WAN to another DataCore system for nologies replicate the VMware virtual disaster recovery. machine images to the DR site, but they Virtualizing storage is just one option do so intelligently—that is, with knowl- for a VMware environment. Just as criti- edge of how VMware works: cal as servers are to enterprise virtual- ization infrastructure is your storage Vizioncore’s vReplicator moves entire system. VMware needs either an iSCSI images of virtual guest machines. It can or Fibre Channel (FC) SAN. A SAN is move some or all guests to a single DR made up of the storage controller, the host. For physical machines that aren’t switch, and an adapter in the server. yet virtualized, if you use Vizioncore’s Most ESX Server Enterprise features vRanger, you should look at the Vizion- require a SAN to function. core P2V DR module. While Fibre Channel SAN solutions are available from many companies, Like vReplicator, Double-Take Software (Continued on page 10) 8 VIRTUAL DATA CENTER E-ZINE JUNE 2008
  10. 10. (Continued from page 8) Remote Desktop Protocol (RDP) allows most are bought from either EMC you to create an RDP connection to (which owns a large share of VMware your ESX Server without leaving the today), Dell (which resells EMC), HP, VI Client. IBM, and NetApp (which also sells many software solutions that are com- patible with VMware Infrastructure). VIRTUALIZATION SECURITY Again, these aren’t the only sources. Just this year, virtual machine security Any SAN hardware that is listed on became an increasing concern, espe- EDITOR’S the VMware Hardware Compatibility cially since a flaw in VMware’s virtual- LETTER List (HCL) technical resources page ization software was revealed in Febru- 7 will work with ESX Server. ary 2008. The code exploit potentially DECODING An alternative to an FC SAN is an allows hackers to gain access to VM- THE VMWARE iSCSI SAN, which has become faster, ware’s file-sharing feature. To combat UNIVERSE more reliable and more popular. The this vulnerability, VMware recently 7 VMware HCL lists numerous iSCSI announced VMsafe. For more, see ITIL AND SAN technologies. For a free, open “VMware Says It Can Eliminate THE VMWARE UNIVERSE source iSCSI SAN software technology, Malware with VMsafe.” 7 consider OpenFiler, which uses a modi- And numerous third-party products fied version of Linux and can even run have also emerged to address the grow- VIRTUAL ing concerns about virtual machine DESKTOP inside a virtual machine for testing. DELIVERY AND security. Products such as VirtualShield MANAGEMENT and Virtual Security Analyzer offer OPTIONS VI CLIENT PLUG-INS additional options. 7 With ESX Server 3.5 and VirtualCenter At the same time, hundreds of thou- 2.5, you can add plug-ins to your VI sands of users run mission-critical appli- Client to aid in the management of your cations in virtual environments with no VMware ESX servers. SearchVMware. reported security problems. So experts com contributor Andrew Kutz (whose recommend that you approach these article appears on page 15) has written tools with healthy skepticism. some useful plug-ins. Here are my favorites: VIRTUALIZATION PERFORMANCE Secure Shell (SSH) Console Access MANAGEMENT AND CAPACITY allows you access to your ESX 3.5 PLANNING servers via SSH, within the VI Client, VI Client/VirtualCenter have a per- without having to open another SSH formance-monitoring utility, but for Client. long-term performance reporting, capacity planning and chargeback for Storage VMotion allows you to perform virtualization resources, consider the Storage VMotion from a GUI client, applications shown in “Virtualization instead of from the VMware remote Applications for Long-Term Planning” command-line interface (RCLI). on page 12. 10 VIRTUAL DATA CENTER E-ZINE JUNE 2008
  12. 12. VIRTUALIZATION ably priced virtualization reporting tool. INFRASTRUCTURE REPORTING It analyzes your virtual servers and stor- Certainly VirtualCenter has some age, and then it can export the data to reporting capabilities, but in some cases Word, Excel or Visio. it just isn’t enough. Here are two virtual- ization reporting tools to consider: P2V AND V2V CONVERSION PlateSpin Ltd.’s PowerRecon offers so many Consolidating servers is what virtualiza- reporting capabilities, it’s difficult to list tion does best. You will likely need a EDITOR’S them all. PowerRecon reports and ana- physical-to-virtual and virtual-to-virtual LETTER lyzes not only server consolidation consolidation tool. For P2V and V2V 7 efforts and asset management but also conversions, here are the “standards” in DECODING power consumption. PowerRecon also terms of technologies: THE VMWARE does chargeback, so it fits into the capac- UNIVERSE ity planning and financial category. PlateSpin PowerConvert is one of the most 7 mature P2V and V2V products, and it’s ITIL AND Veeam Ltd.’s Veeam Reporter is a reason- helpful for more than just conversions. THE VMWARE UNIVERSE 7 VIRTUAL DESKTOP DELIVERY AND VIRTUALIZATION APPS FOR LONG-TERM PLANNING MANAGEMENT OPTIONS APPLICATION FUNCTIONALITY 7 vCharter Provides long-term virtual infrastructure performance reporting (Vizioncore) Chargeback Runs as an ESX Server guest OS and tracks who uses which Appliance virtual resources. Those reports can then be used to charge back (VKernel) a company’s users or departments. Capacity Bottle- Quickly identifies resource bottlenecks and tells you where to neck Analyzer increase or re-allocate resources (VKernel) Monitor Is a cost-effective technology for long-term capacity planning (Veeam) of virtualization environments Capacity A Web-based and agent-free performance monitoring that helps you Planner view server capacity and plan for the long term. It is sold through (VMware) VMware partners, and no immediate download or trial is available. NimBUS Monitors server IT virtual infrastructure for service-level agree- (Nimsoft) ments compliance and attempts to remedy any resource issues before these issues cause a problem for end users 12 VIRTUAL DATA CENTER E-ZINE JUNE 2008
  13. 13. It can also do virtualization workload THE BIG PICTURE: A SAMPLE VMWARE management. INFRASTRUCTURE ENVIRONMENT Now I’d like to demonstrate what a Vizioncore vConverter performs P2V and VMware Infrastructure environment V2V conversions at speeds that Vizion- might look like and how that environ- core claims are faster than those for any ment mixes VMware technologies and other product. third-party solutions (see Figure 1, “Suggested Technologies for Virtualized VMware Converter is what most use for Data Centers,” below). EDITOR’S P2V and V2V conversions. The Standard In the graphic, VMware Infrastruc- LETTER version is free, and the Enterprise ver- ture appears in the center. This product 7 sion is available when you purchase suite offers ESX Server, VMFS, VMware DECODING VMware Infrastructure Enterprise. HA, DRS, VCB, and VirtualCenter. In THE VMWARE UNIVERSE 7 ITIL AND THE VMWARE FIGURE 1: SUGGESTED TECHNOLOGIES FOR VIRTUALIZED DATA CENTERS UNIVERSE 7 VIRTUAL Veeam Backup, vReplicator, DESKTOP Double-Take and/or DELIVERY AND VMware Site Recovery Manager VMware Consolidated MANAGEMENT VirtualCenter plus Backup plus vRanger OPTIONS PowerRecon or Pro, esXpress, or 7 Veeam Reporter Replication Veeam Backup and disaster recovery Configuration Backup/ management recovery VMware Virtual Desktop VMware Manager, VMware Infrastructure VDI Leostream, Capacity connection Capacity Citrix, Planner planning and VMware broker ESX Server XenDesktop, or Provision Virtual Access Load High Suite balancing availability Bench- marking VMware Distributed VMware High Resource Scheduler Availability (DRS) VMware VMmark I VMWARE TECHNOLOGIES I THIRD-PARTY TECHNOLOGIES 13 VIRTUAL DATA CENTER E-ZINE JUNE 2008
  14. 14. addition, we have other VMware tech- The Top 10 Must-Have nologies, such as VMware Virtual Desk- Virtualization Tools top Manager, VMmark and Capacity Planner. Then we have third-party solu- tions that many data centers need to 1 Use VMware Infrastructure Enterprise for each server. complement VMware’s technologies. Examples of these technologies are PowerRecon, vReplicator, esXpress 2 Check the VMware HCL technical and XenDesktop. resources page to ensure that you Of course, your needs will vary have appropriate server hardware EDITOR’S LETTER based on your company’s needs. You (i.e., lots of CPU cores and RAM). 7 may need many of these tools, or you DECODING may not even need VMware Infrastruc- 3 You need either iSCSI or Fibre THE VMWARE ture Enterprise but a VMware starter Channel SAN hardware. UNIVERSE kit instead. 7 4 Even if you use iSCSI OpenFiler ITIL AND just for testing, it is an excellent THE VMWARE SAN option. THE MOST IMPORTANT UNIVERSE 7 VMWARE TOOLS VIRTUAL With so many pieces that make up the 5 For backup technology, you have VMware ecosystem, some readers will several options, but I choose either DESKTOP DELIVERY AND say, “I can’t afford to buy every tool, and vRanger or esXpress. MANAGEMENT I can’t use every piece of the VMware OPTIONS ecosystem. So which parts of the ecosys- 6 For long-term trending, you need 7 tem are essential?” The correct answer performance monitoring tools to is always “It depends on your needs.” evaluate your VMware server farm. You don’t need all these pieces to create a successful and efficient VMware ESX Server implementation. 7 You need a physical-to-virtual converter, even if it’s just the free Still, what if you had to choose just VMware Converter. a few tools? See my list of the 10 must- have virtualization tools at right. In the past, a complete enterprise 8 You need plug-ins, such as Secure Shell, SVMotion and Remote Desk- VMware solution comprised more than top Protocol. a single VMware product. It takes server hardware, SAN hardware and a variety of third-party software to create the ideal 9 You need staff training sources, VMware virtualization infrastructure such as VMware’s in-house course solution. In this article, we covered the and video training. gamut of the VMware universe and hope to have saved you the trouble of investi- 0 For the future, explore virtual gating every VMware technology in the desktop infrastructure and disaster ecosystem. I recovery/replication solutions. 14 VIRTUAL DATA CENTER E-ZINE JUNE 2008
  15. 15. Virtual Desktop Delivery and Management Options By Schley Andrew Kutz EDITOR’S T LETTER 7 DECODING ODAY deployed desktop systems have THE VMWARE sprawled to an unmanageable num- UNIVERSE ber. For at least a decade, IT man- 7 WITH desktop virtual- agers in corporate environments have managed an ever-increasing ITIL AND THE VMWARE ization, managing number of desktops. And for about UNIVERSE 7 desktops from afar has that long, some vendors have offered point solutions that are mere Band-Aids VIRTUAL become a reality. But and have addressed only part of the DESKTOP problem. Now widespread server consol- DELIVERY AND MANAGEMENT how can you intelligently idation projects—many of which are OPTIONS sift through the myriad based on virtualization—have naturally 7 led to a desire to corral desktop sprawl options and choose too. And as vendors have responded to the right technology? that desire, IT managers must sift through a fleet of desktop delivery and You need to determine management products to decide which have promise and which are lemons. your shop’s priorities. IT administrators have trouble man- aging distributed desktops for a simple reason: There’s no one tool or suite that allows them to administer desktops from a distance. This is where desktop deliv- ery comes in. And this is where desktop delivery systems have the opportunity to become the tool by which administra- tors deploy desktops and manage users, operating systems and applications. Even if a desktop delivery system doesn’t include all these tools, it should integrate with systems that do to provide 15 VIRTUAL DATA CENTER E-ZINE JUNE 2008
  16. 16. a single point of interface. The No. 1 way delivery servers are remote servers to reduce complexity in data centers or that stream applications to a client via on the desktop is to reduce the number streaming technology or some other of management interfaces with which an application distribution mechanism. administrator must contend. Moreover, Citrix Systems Inc.’s XenApp and that management has to be reduced Microsoft’s SoftGrid are both examples intelligently. The interface should not of application delivery servers. be so Spartan that nothing useful is left. Nor should an interface look like it was Remote virtual desktops. Virtual desk- EDITOR’S designed by committee. tops are similar to desktop blades and LETTER I would suggest that we stop referring shared desktop systems. They give users 7 to “desktop delivery systems” as such access to a fully functional desktop envi- DECODING and instead just call them “desktop man- ronment like a desktop blade; but the THE VMWARE agement platforms.” Indeed, that’s what desktop resides in a virtual machine UNIVERSE we are really talking about. From deliv- (VM), not on remote physical hardware. 7 ering desktop applications to the appro- A good example of this is VMware ITIL AND priate users to ensuring desktop security, Inc.’s Virtual Desktop Infrastructure THE VMWARE UNIVERSE all the way to ensuring that Microsoft (VDI). 7 Office has the latest patches installed, it’s all about management. Local virtual desktops. This is a fancy VIRTUAL phrase to describe the oldest x86 virtual- DESKTOP DELIVERY AND ization technology available: hosted MANAGEMENT CATEGORIZING DESKTOP desktop virtualization. The twist is that OPTIONS MANAGEMENT PLATFORMS the desktop virtualization software must 7 So let’s look at the current crop of plat- include the ability for a central authority forms with which you can manage desk- to manage it. tops. Luckily, some companies offer products that are true first-generation Connection brokers and managers. Soft- desktop management platforms. Unfor- ware packages that sit between an end tunately, other products masquerade as user and a remote desktop management desktop management platforms but lack system are called “connection brokers.” crucial components. When a user connects to a Web page in order to select a remote desktop, he Shared desktop systems. Harking back to makes use of the connection broker or the Unix era, a shared desktop system is manager. Two examples are Leostream’s the oldest kind of desktop management Hosted Desktop Connection Broker system. A modern example of such a and ClearCube Technology Inc.’s system is Microsoft Windows Terminal Sentral. Services, where a single system provides In addition to these software-only concurrent system and application approaches, any discussion of desktop access to multiple users. virtualization technologies warrants consideration of the following two kinds Application delivery servers. Application of devices: 16 VIRTUAL DATA CENTER E-ZINE JUNE 2008
  17. 17. Desktop blades. These specialized server DESKTOP MANAGEMENT blades deliver remote desktops to users. PRODUCT ROUNDUP Such systems are commonly available There are some well-established prod- from major independent hardware ven- ucts and a growing number of new desk- dors, such as Hewlett-Packard Co. and top management products. They come IBM Corp., and from smaller companies from the categories listed previously and that focus on desktop management sys- have a range of features, security and tems, such as ClearCube (for more, see management options as well as maturity sidebar “Hardware and Startup Software and a breadth of functionality. EDITOR’S Vendors” below). LETTER Citrix XenApp and XenDesktop. Citrix 7 Thin clients. A thin client is essentially Systems is the elder statesman of the DECODING a computer that is stripped down to United Nations of Desktop Management THE VMWARE nothing more than a network interface Suites. In 2005 the company began the UNIVERSE with a keyboard, video, mouse output game with WinFrame and is still a major 7 player with its recently renamed Xen- and, in some cases, enough onboard ITIL AND RAM to offer significant caching. Its App product. The following Citrix THE VMWARE products fit into these categories: UNIVERSE sole purpose is to deliver a desktop from 7 a central location to a user in a remote office. I XenApp for application servers VIRTUAL DESKTOP DELIVERY AND MANAGEMENT OPTIONS 7 Hardware and Startup Software Vendors MANY SYSTEMS VENDORS— most notably IBM Corp. and Wyse Technology Inc.—offer thin clients and desktop blades and couple some management software with them. Smaller players and startups also offer blades or thin clients paired with connection managers. In this category, there are some good offerings: q Verari Systems Inc.’s WS1160 desktop blades, Connexxus thin clients, and Connexxus broker connection manager offer a total hardware solution that’s enticing when coupled with a management and platform software from Citrix or VMware. q Devon IT is a relatively new company. The Devon IT TC10 desktop access device is a slick little box with solid performance features and multimedia support. The TC10 connects to the IBM HC10 desktop blades via the Devon Connection Manager. Devon IT’s drawback is that its portfolio consists of a single device that relies on another company’s desktop blades. —S.A.K 17 VIRTUAL DATA CENTER E-ZINE JUNE 2008
  18. 18. The killer combination is to use XenApp in conjunction with Xen- Desktop and to combine application streaming with virtualization to reduce the number of servers and desktops. I XenDesktop for virtual desktops and protocols of the guest OSes, such as the connection managers open source Virtual Network Computing or Microsoft’s Remote Desktop Protocol Citrix’s products have evolved to tar- (RDP). Citrix’s own Independent Com- get mostly application servers. Even puting Architecture protocol is obviously with its recent acquisition of XenSource, still used for XenApp. Citrix’s homepage still lists XenApp Management-wise, XenApp is a fully application server above Citrix’s virtual mature product that offers in-depth desktop solution, XenDesktop. This is a application management and is the EDITOR’S smart move, because XenApp is a fully premier technology when it comes to LETTER managed, end-to-end application deliv- application streaming management. 7 ery system. XenDesktop offers centralized monitor- DECODING The killer combination is to use ing and control of deployed desktop THE VMWARE XenApp in conjunction with XenDesk- appliances. UNIVERSE top and to combine application stream- If you can afford a premium-priced 7 application streaming product, Citrix ITIL AND could be your solution. In spite of sub- THE VMWARE UNIVERSE stantial competition, Citrix has main- 7 tained a leadership position for a reason: It is proven, reliable and well under- VIRTUAL stood. XenApp is a strong product. DESKTOP DELIVERY AND Additionally, XenDesktop is a stellar MANAGEMENT packaged solution for virtual desktop OPTIONS management. 7 Microsoft SoftGrid and Windows Terminal Server. Microsoft hasn’t strived to make desktop delivery an area of focus or competition. Its two main prod- ing with virtualization to reduce the ucts and categories are the following: number of servers in a data center as well as desktops in offices. In providing I SoftGrid for application servers both XenApp and XenDesktop in combi- I Windows Terminal Server for shared nation with XenServer, Citrix has cre- desktop systems ated a virtualization ecosystem that is large and diverse enough to offer an Windows Terminal Server has been alternative to Microsoft and VMware. around for a while, but the features of its As far as security concerns, Citrix earlier incarnation didn’t stack up to XenApp offers fine-grained control over what was then known as Citrix Presenta- the applications and data to which a user tion Server. On deck since 2004, Win- has access but doesn’t have full desktop dows Server 2008 Terminal Server has management capabilities. XenDesktop more advanced new features. In 2006, relies on the security of the remoting Microsoft’s acquisition of Softricity— 18 VIRTUAL DATA CENTER E-ZINE JUNE 2008
  20. 20. now SoftGrid—added application deliv- The bottom line: If you can live with ery, a must-have in anticipation of the the straight-and-narrow feature set that Hyper-V hypervisor, which is due for Microsoft provides, you’ll get great desk- release in August 2008. top delivery and application streaming As far as security, Microsoft has a poor products. But if you need capabilities track record. If its early attempts at a that you can get only in another product firewall are any indication, there is suite, keep looking. ample question whether Microsoft can be trusted to secure the security holes it VMware VDI and ACE. When it comes to EDITOR’S leaves open. On the other hand, version x86 desktop and server virtualization, LETTER 6 of RDP supports Secure Sockets Layer VMware is the market leader, so it is no 7 (SSL), and SoftGrid allows you to define surprise that it has tried to coordinate DECODING access restrictions, promising a new era the two in a harmonious fashion. THE VMWARE in Microsoft security standards. VMware’s desktop management prod- UNIVERSE In management, Microsoft has some ucts are the following: 7 excellent products, particularly Active ITIL AND Directory’s Group Policy and System I Virtual Desktop Infrastructure for THE VMWARE UNIVERSE Center. I love Macs. I love Linux. But virtual desktops and connection 7 if I have to roll out a thousand desktops managers and centrally manage them, I don’t want I Assured Computing Environment VIRTUAL to run anything other than Windows. (ACE) for locally managed virtual DESKTOP DELIVERY AND Simply put, combine Active Directory desktops MANAGEMENT with System Center—which replaces OPTIONS Windows Server Update Services in the VMware’s virtual desktop capabilities 7 new release—and Systems Management more than make up for a lack of produc- Server, and you’ll get fine-grained con- tion-level application streaming. In addi- trol over desktops. But there’s a hitch, tion, its Thinstall acquisition has already of course. This package of technologies delivered a beta product. Unlike Citrix and management tools works only with XenServer, which has the ability to host a Windows-based desktop. virtual desktop OSes, VDI provides a If one way to reduce complexity is to broker interface for virtual desktops, reduce vendors, then why not choose enabling users to choose the desktop Microsoft, which seems to deliver all that fits their needs when they need it. you need? After all, Microsoft now has VMware ACE also offers a way to dis- the Hyper-V virtualization technology tribute pre-packaged virtual machines for hosting virtual desktops, the SoftGrid (VMs) to a user’s laptop or desktop application streaming technology and when a user may not have network con- management tools like System Center. nectivity. But Microsoft’s suite of products does As for security, ACE allows tight con- not fill every niche, and sometimes you trol over distributed VMs, making it a need an alternative that can manage het- good choice for administrators who erogeneous environments with non- want to give executives’ VMs to access Microsoft desktops. sensitive data in remote locations. ACE 20 VIRTUAL DATA CENTER E-ZINE JUNE 2008
  21. 21. In an age of diversity, VMware is a purist. Unlike other OS vendors, VMware focuses on one thing—virtualization— and does so very well. even encrypts deployed VMs with Fed- level application streaming product. eral Information Processing Standard- In my view, however, if you can afford compliant encryption, an important fea- VMware, use it. It has a lot of polish. ture for organizations such as hospitals, insurance companies and other busi- Sun Ray, Secure Global Desktop, VDI Soft- nesses that maintain sensitive informa- ware. Sun Microsystems is the only com- pany of which I am aware that offers a total desktop delivery and management package that includes thin clients, con- EDITOR’S nection managers and virtual desktops. LETTER Here are Sun’s key products: 7 DECODING I Sun Secure Global Desktop Software THE VMWARE for connection managers UNIVERSE I Sun Ray 2, Sun Ray 2FS, Sun Ray 7 270, Sun Ray Software for thin ITIL AND clients THE VMWARE I Virtual desktops: Sun VDI Software UNIVERSE 7 tion. VDI’s security relies largely on the protocols used to access the VMs it hosts Sun’s Sun Ray thin clients have a sleek VIRTUAL as well as the security of the desktop appearance and fast connectivity. The DESKTOP DELIVERY AND OSes it hosts, although VMware made a Sun Ray 2 and Sun Ray 2FS are great MANAGEMENT step in the right direction with inclusion book-end products for companies with OPTIONS of RSA Security Inc.’s SecurID support an existing investment in monitors. 7 in the latest release of Virtual Desktop Sun Ray 2FS includes support for smart Manager (VDM). cards and fiber-optic network cabling to ACE’s management features allow enhance security by reducing magnetic administrators to fine-tune VMs prior transmissions. Sun Ray 270 fits busi- to distribution. VDI admins can choose nesses just beginning a foray into desk- the VMs to which a user will have access top deployment, offering an all-in-one based on group affiliation. VMware technology similar to Apple’s iMac. recently released VDM 2, which Sun’s Secure Global Desktop Software includes enhanced management capabil- is the second tier in Sun’s three-tier ities and integration with Microsoft desktop management solution, sitting Active Directory. between clients and servers in data cen- In an age of diversity, VMware is ters. Sun’s VDI software enables admin- a purist. Unlike OS vendors such as istrators to deploy a connection manager Microsoft or Sun Microsystems Inc., that not only supports Sun’s own xVM VMware focuses on one thing—virtual- virtualization technology but also acts ization—and does so very well, includ- as a broker for VMware VDI as well. ing the distribution and management For security, Sun supports RSA of virtualized desktops. But right now, SecurID and integrates with Microsoft VMware does not yet offer a production- Active Directory and other Lightweight 21 VIRTUAL DATA CENTER E-ZINE JUNE 2008
  22. 22. Access Directory Protocol (LDAP) to the Digital Fiber C/Port that is servers for authentication. Sun says designed to reduce magnetic transmis- that its support of fiber-optic network sions in data centers. ClearCube desktop cabling improves security, but does it blades are called PC blades and, like their matter? Most shops have made a heavy matching user ports, also range in func- investment in Ethernet networking tech- tionality, from the R1300 to the A1410. nology. For them, running fiber to desk- The combination of desktop hardware tops would be expensive. And to realize and Sentral presents a complete product fiber’s security benefit requires replacing suite, and ClearCube’s biggest challenge EDITOR’S existing Ethernet, at least in publicly is Sun, which offers equivalent hardware LETTER accessible areas. Besides, at this point and software and a virtualization solu- 7 I’d be more concerned about the security tion as well. DECODING of wireless LANs. THE VMWARE Sun Secure Global Desktop Software HP Systems Insight Manager and Open- UNIVERSE centralizes desktop management by View. HP’s desktop blades, combined 7 moving OSes off the desktop and into with its management software suites— ITIL AND data centers. With Sun Ray Software, Systems Insight Manager and Open- THE VMWARE UNIVERSE it’s possible to deploy and manage thou- View—are a good option for minimizing 7 sands of Sun Ray clients with only a desktop sprawl. Systems Insight Man- few administrators. It’s slick. ager and OpenView are multifeatured VIRTUAL If I had to build a desktop manage- suites and don’t fit my basic categories. DESKTOP DELIVERY AND ment solution from the ground up, On the hardware side, HP desktop MANAGEMENT you might find me giving Sun a call. blades are standard blades but include OPTIONS HP’s Remote Graphics Software to 7 ClearCube Sentral VDI Management enhance the graphical experience of System. ClearCube focuses on virtual remote clients. HP entered the thin- desktops and offers desktop manage- client business by acquiring Neoware ment software in this category: Inc., which was a good move. The HP Neoware thin clients are one of the I Sentral VDI Management System few thin clients to include wireless for connection managers capabilities. Coupled with HP’s legendary hard- ClearCube’s Sentral VDI Management ware management software, HP has a system does it all. Sentral manages strong offering for a company investing blades and user ports—or thin clients— in thin clients in conjunction with desk- as well as integrates with existing VDI top blades. solutions from VMware and others. ClearCube’s thin clients and desktop Pano Desktop Service and Management (PC) blades are innovative. Referred to Server. Hands down, Pano Logic Inc. as “user ports,” these devices are treated makes the sexiest desktop device on the as ports to desktops in data centers. planet. The Pano device is elegant, and These user ports range from the simple its supporting management products do I/Port, which provides basic connectivity their jobs well. Its technologies are the 22 VIRTUAL DATA CENTER E-ZINE JUNE 2008
  23. 23. following: products has branched out. Leostream now offers a connection broker for proxy I Pano Desktop Service access to data center desktop solutions. for virtual desktops Its connection broker is the following: I Pano Management Server for connection managers I Leostream Hosted Desktop Connection (HDC) Broker Pano Logic’s architecture includes Pano Desktop Service, Pano Device and Leostream’s HDC Broker provides EDITOR’S Pano Management Server. The desktop managed access to hosted desktops. LETTER service and management server and typ- It allows access via the Web, clients fat 7 ical middleware connection manager and thin, and even allows users to be DECODING applications cover the functionality assigned to virtual or physical desktops. THE VMWARE bases. The true draw is the Pano Device, HDC has some nice enterprise features, UNIVERSE a thin client that consumes only 5 watts including global DNS integration and 7 of power and enables a user with a desk- clustering, making it one of the most ITIL AND top problem simply to hit the single but- solid connection brokers. THE VMWARE UNIVERSE ton vice and roll back the desktop to an HDC security comes in hardware- 7 earlier version. based SSL virtual private network For security, Pano transmits data using (VPN) support by integrating with VIRTUAL the 128-bit Advanced Encryption Stan- Cisco, F5 and Juniper SSL VPNs. HDC DESKTOP DELIVERY AND dard, and local storage can be disabled also enables external authentication MANAGEMENT to prevent users from copying data to via Microsoft Active Directory, Novell OPTIONS USB keys. Inc’s eDirectory and other OpenLDAP 7 The Pano Management Server enables servers. administration of security and access HDC allows for central management control, including use of USB ports. of clients via dynamic and policy-based With it, IT managers can configure configurations but does not allow for virtual machines for user groups or indi- management of guest OSes. viduals; roll out updates, upgrades and HDC is a great connection broker for patches seamlessly; and perform back- businesses that don’t already have some ups of all PCs on their own schedule. type of partnership with an OS vendor The Pano Device is innovative, or virtualization solution. Then again, reliable and ranks high on my chart. most major original software vendors If you are going to use thin clients, and virtualization providers offer con- Pano Logic’s device is just genius. If you nection managers for their products, want a more trusted and proven name, which marginalizes companies like check out Wyse Technology Inc.’s thin Leostream. If you build infrastructure clients. piece by piece with best-of-breed prod- ucts, then HDC is a good choice. But Leostream Hosted Desktop Connection most administrators will trade the extra Broker. The company best known for its 5% in performance and features for a physical-to-virtual (P2V) migration completely integrated solution. 23 VIRTUAL DATA CENTER E-ZINE JUNE 2008
  24. 24. Provision Networks Virtual Access Suite agement tools include the following: for Desktops. Provision Networks Inc. also provides a connection manager I Virtual Desktop Server (VDS) for VMware’s VDI. Provision Networks for virtual desktops offers the following feature-rich desktop I Virtual Desktop Controller (VDC) management technology: for connection managers I VAS, Desktop Services Edition The most interesting thing about (DSE) for connection managers Solid ICE is neither VDS nor VDC. EDITOR’S Qumranet’s claim to fame is its Simple LETTER VAS DSE is one of the best connection Protocol for Independent Computing 7 managers on the market. In addition to Environments, or SPICE, which allows DECODING providing access to VMware’s VMs, it virtual desktops to stream rich, multi- THE VMWARE supports physical machine access. A fea- media content over a LAN link to UNIVERSE ture of DSE is that it automatically dis- remote clients. 7 covers desktops and VMs to manage by Solid ICE is an interesting product, ITIL AND enumerating the objects in Microsoft’s but it’s also quite new and I haven’t THE VMWARE UNIVERSE Active Directory and VMware’s Virtual- reviewed it yet. Virtualization evangelist 7 Center. Alessandro Perilli has said that, with In security, DSE supports RDP over KVM, Qumranet could pose strong cost VIRTUAL SSL as well as pass-through Kerberos competition to VMware’s and Micro- DESKTOP DELIVERY AND authentication and smart-card logons. soft’s virtual desktop technologies. MANAGEMENT Another cool management feature is OPTIONS the ability to create VM pools so that AppStream. AppStream is one of the few 7 virtual desktops are pre-created and remaining application-streaming tech- ready to use. nologies that hasn’t been purchased by The VAS Desktop Suite Edition is a a major virtualization or OS vendor and single-purpose connection manager. offers the following technology: And much like Leostream’s Hosted Desk- top Connection Broker, it does its job I AppStream application delivery well. But much more feature-rich, all- server in-one solutions are available in lieu of a single-purpose app. The latest version of AppStream is pretty nice. It includes support for Vista, Qumranet Virtual Desktop Server and LDAP integration, a Firefox plug-in, and Virtual Desktop Controller. Qumranet is even the ability to email users when a an Israel-based company charged with license limit has been reached. managing the development of the Linux Like standalone connection manager kernel-based virtual machine, and it has programs, AppStream is a standalone developed a full virtual desktop manage- application delivery server and, as such, ment suite. Qumranet’s core product, encounters stiff competition from major Solid ICE, is a fully integrated desktop OS and virtualization vendors that offer virtualization product. Its desktop man- application servers. Although Appstream 24 VIRTUAL DATA CENTER E-ZINE JUNE 2008
  25. 25. has nice features, the product isn’t genius. If you want a more trusted and compelling enough to stand out from proven name, consider Wyse Technol- the competition. ogy’s thin clients. Virtual desktop managers. Until VMware THE RIGHT DESKTOP gets its application streaming technology DELIVERY SOLUTION? up and running, Citrix offers the most When VMware announced VDI, there comprehensive technology available. was confusion was about why virtual EDITOR’S desktops are so special. The question Total solution. Sun is the only company LETTER that I heard most was “How is this dif- that provides the total package, from 7 ferent from terminal services or thin hardware to software. If you’re partial DECODING clients?” The answer is that VDI was just to dealing with just one vendor, Sun THE VMWARE one more way to accomplish the task of sells thin clients, connection managers UNIVERSE delivering desktops to users in a man- and a virtual desktop platform. 7 aged fashion. All product reviews, of ITIL AND course, have their pros and cons, so ulti- This article provides only a brief THE VMWARE UNIVERSE mately you have to choose technologies overview of the remote desktop land- 7 based on what’s right for your situation. scape. Summarizing the entire scope of Barb Goldworm of Focus Consulting the field in a single article would be to VIRTUAL echoes this notion: assert that such a task is possible when DESKTOP DELIVERY AND “The key to success will be to under- there is clearly too much content to do MANAGEMENT stand all of the user requirements and all of it justice. For a complete guide to OPTIONS use cases, determine which technology desktop management systems and appli- 7 best fits each need, and then evaluate cation streaming packages, check out the available solutions in that area to see the Focus Research Series “Desktop which product best fits your particular and Application Delivery Alternatives.” environment and needs.” But if you’re ready to get started, the Still, with the caveat that your particu- most important step is to identify your lar situation may dictate a certain set of priorities. Do you want a best-of-breed technologies, here are my recommenda- solution? Do you want to minimize com- tions for each of the major technology plexity by interacting with the least options: number of vendors as possible? Is cost your central concern? Are you willing to Desktop blades. HP and ClearCube offer take a chance on a new and unproven an equally diverse number of desktop technology for the sake of performance? blades, but I select HP as the top pick You have to ask these questions to know because it can integrate its blades with where to begin. Once you know the road an already vast product base, such as HP you plan to take, this article can act as a Systems Insight Manager. series of street signs to guide you on your path. If you get lost on the way, you Thin clients. If you are going to use thin can always contact me at akutz@lostcre- clients, Pano Logic’s device is sheer And enjoy the trip. I 25 VIRTUAL DATA CENTER E-ZINE JUNE 2008
  26. 26. ABOUT THE AUTHORS David Davis—a Schley Andrew Certified Informa- Kutz has more than tion Systems Secu- 10 years of profes- rity Professional, sional experience a VMware Certified in computer systems EDITOR’S LETTER Professional and Microsoft design, security, programming, 7 Certified Systems Engineer—has implementation and manage- DECODING THE VMWARE worked in the IT industry for 15 ment. Kutz is a site expert for UNIVERSE 7 years. Currently, he manages a ITIL AND group of systems and network and the author of Sudo for Win- THE VMWARE UNIVERSE administrators for a privately dows. He is a Microsoft Certified 7 owned retail company. He has Solutions Developer, a SANS/ VIRTUAL written hundreds of articles GIAC Gold Certified Windows DESKTOP DELIVERY AND and six video training courses, Security Administrator and a MANAGEMENT OPTIONS including the Train Signal VMware Certified Professional 7 VMware ESX Server video in VMware Infrastructure 3. training series. His websites are Happy and 26 VIRTUAL DATA CENTER E-ZINE JUNE 2008
