• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
The Desktop as a Service

The Desktop as a Service






Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    The Desktop as a Service The Desktop as a Service Document Transcript

    • FEATURE | Citrix ONE TO MANY: The Desktop as a Service Desktops have been the bane of administrator’s existences ever since they first appeared on the market. Desktops are distributed points of access to system resources and as such must be standardized as much as possible to reduce potential issues. However, too many organizations do not lock down their desktops even if they do standardize them. Open desktops or desktops where the end user is a local administrator are impossible to manage since they have the potential to change from the very moment they are deployed. BY DANIELLE RUEST AND NELSON RUEST 1 January 2009 | Virtualization Review | VirtualizationReview.com
    • FEATURE | Citrix f desktops are not locked-down there can be no a lot of sense, just because they are so much easier to manage, I control and there always are a lot of issues. Yet it but there are a lot more reasons why desktop virtualization is possible to lock down systems and still make it makes more sense than managing physical desktops. work. One of our customers locked down their I First, you can provide centrally-managed desktops to desktops with Windows NT in 1996. The result: users on any endpoint device—desktops, thin clients, Web they reduced desktop-related help desk calls by clients and more. 800 percent! If it was possible for them to lock I Second, you can lock down virtual desktops because they down the desktop with an archaic operating system like are controlled centrally and therefore easier to provision— Windows NT, then it is possible for everyone else to do it with just create one single desktop image, lock it down and copy it either Windows XP or Windows Vista, both of which have as often as needed. massive built-in improvements for just this issue. Yet admin- I You spend less time on endpoints—the actual physical istrators still today don’t bother even trying because it is just PCs—because they no longer need to be managed as tightly. too much work. Users have become used to controlling every- After all, you only need these endpoints to provide an RDC to thing on their desktop and they just won’t give up this free- the virtual desktop. dom since they now consider it an acquired right. I You can provide service level agreements (SLA) only for the The problem has always stemmed from the very name we central desktop and not for the endpoint itself. Users can be use for desktops: personal computers (PC). Instead of person- administrators on the endpoints, but locked down on the virtu- al computer, organizations should make a point of calling al desktop. This lets them do what they want to the endpoints, their systems professional computers. Using the term PC in but remain controlled within the corporate PC environment. its original sense gives every user the impression that the I You can reduce costs and improve service stability computer is theirs in the first place. Well, that is not the case. because you know where the starting point for each PC is: The computer, like the desk it sits on, belongs to the organiza- from your golden virtual desktop image. tion, not the individual and because of this, it should be locked I You can create virtual desktop images that can be time- down and controlled centrally. The key to such a project is the controlled to meet timely requirements. For example, if you proper negotiation of who owns what on the PC. Where do the have a staff influx to meet a seasonal business need, then you user’s rights begin and where do they end? What belongs to can generate time-controlled PC images for the duration of the corporation and what belongs to IT? Defining each of the effort and wipe them out once the requirement is met. these property zones on the PC and making them very clear I Information can be secured by keeping the virtual desktop through massive communications with the user makes a inside the datacenter. This can give you more control over intel- locked-down project work. lectual property (IP); all you have to do is lock down the image you create so that it does not have access to external devices. In Comes Desktop Virtualization This makes it considerably easier to maintain compliance since But who has the time to do this today? Most organizations have the IP is stored centrally and does not leave the datacenter. just finished moving to a standard desktop running Windows XP I Complex or sensitive applications can be encapsulated and they certainly don’t want to start this kind of project again. and isolated into specific PC VMs to ensure proper operation. Distributing desktops, desktop operating systems and applica- This way the application does not need to interact or coexist tions is a pain. Deployment projects are just massive headaches with any others. that never seem to go away. No wonder Windows Vista isn’t I New operating system migrations can be easier to per- catching on. No one wants to start another distributed deploy- form since resources are only required centrally, not locally. ment project. But, what if you could centralize all your desktops There is considerably less impact on hardware refresh since and control them with just a few clicks? Users would access endpoints don’t need to be upgraded to provide the RDC link them from any connected location: LAN, WAN, even from home. to the central desktop. All your desktops would be completely locked down and you I Mergers and acquisitions are easier to manage since all would no longer have to worry about distributed endpoints desktops are centralized and can easily be provided as is to since all they need to have is a Remote Desktop Connection new users. (RDC). Wouldn’t that make life easier? I Alternative workspaces can be provided on an as-needed This is the promise of centralized virtual desktops or virtu- basis to employees when they need them. al desktop infrastructures (VDI). Desktops are run as virtual I You can use custom virtual desktops to provide contractors machines (VM) on host servers that are located in the data- with secured, encrypted machines to work in your environ- center and basically never have to leave the office. This makes ment. This way their own machines only need to connect onto 2 January 2009 | Virtualization Review | VirtualizationReview.com
    • FEATURE | Citrix your network for the RDC link. I Virtualized PCs can also support Testing and Development environments since they support the ability to undo changes made to the VM. But what is a virtual desktop and how do you make it operate? The Anatomy of a Desktop Desktop construction should be structured. In fact, Resolutions, the firm we work with, has been touting a system construction model for over ten years: the Point of Access to Secure Services (PASS) model (see Figure 1). This model builds a desktop in lay- ers, layers that address the needs of various classes of users, from basic to complex. As you can see, this model treats each layer of desktop construction. But, when it comes right down to it, a desktop should have three core components (see Figure 2): I The Core OS Layer which includes the OS itself as well as Figure 2: The Anatomy of a Desktop. any patches and utilities it requires. I The Application Layer which is designed to provide added These are the three key components of a desktop and if you functionality to the end user. This includes the productivity can abstract these layers from one another, then you can sig- application layer, role-based applications required by groups nificantly reduce desktop management overhead. This is of users with the same functions and any ad hoc applications where desktop virtualization products can help. Because the certain users may require on a one-by-one basis. desktop is contained within a virtual machine, you gain all of I The User Data Layer which contains all of the user’s data the advantages and few of the issues that come with machine including user-produced documents, presentations and management when a machine is transformed from the phys- more as well as application configuration settings and desk- ical to the virtual. You also greatly simplify how systems must top personalizations. be constructed and deployed, especially if you rely on central- ized desktop virtualization. Doing Centralized Desktop Virtualization Right There are two main centralized desktop virtualization mod- els. The first, stateful virtual desktops, focuses on virtual desktops that are tied to each specific user. In this model, each user connects to his or her own particular desktop virtu- al machine(s). The VMs are stored in a central shared storage container, much as they are when you virtualize server soft- ware. Host servers running production hypervisors manage all of the desktop virtual machines and make sure they are highly available. This model often tends to require a signifi- cant amount of storage since each VM can easily take up dozens of megabytes or more. Users rely on an RDC link to connect to their VM PCs (see Figure 3). The second model, stateless virtual desktops, focuses on the generation of virtual machines on an as needed basis. Machines can either be generated when the user connects or they can be pre-generated and linked to a user when a con- nection request occurs. The advantage of this model is that the machines are completely volatile and built on the fly. The core desktop image is generated and then, when the user is Figure 1: The PASS System Construction Model. identified during the connection, the applications they Virtualization Review.com | Virtualization Review | January 2009 | 3
    • FEATURE | Citrix In Comes the Citrix XenDesktop With this in mind, virtualization provider Citrix has developed XenDesktop, a tool that brings together all of Citrix’ virtualiza- tion and remote desktop products. Citrix XenDesktop is a solu- tion that provides virtual desktop provisioning on an as-needed basis to users. By default, XenDesktop relies on one single base image. All desktops are provisioned from a single image through the XenDesktop software engine. This core image is not dupli- cated at any time. This feature alone can save 40 percent or more of storage space, a considerable savings which often off- sets the original cost of the XenDesktop solution (see Figure 5). Figure 3: Stateful virtual desktops provide a direct correlation between a XenDesktop was formed by combining the features of the user and the VMs they rely on. XenServer server virtualization engine with those of Citrix’ require are applied to the desktop image (see Figure 4). The XenApp delivery mechanism as well as the feature set from user’s data and preferences are also applied at logon. While an acquisition, that of Ardence. Ardence provides the tech- you may think that this process is time-consuming and can nology required to generate differential files from the core cause user dissatisfaction, it is not actually the case. The desktop image. This technology allows the XenDesktop to rely ideal volatile desktop will also rely on Application on a database to automatically redirect registry queries for Virtualization to profile applications only when the user critical PC items such as computer name, computer security actually requests them. And, because everything occurs on a ID (SID), Active Directory domain relative ID (RID) and so on. backend storage area network, applications and user profiles This method lets XenDesktop manage hundreds or even thou- are provided through high speed disk-to-disk exchanges sands of differential images based on one single core image. which are practically transparent to users, even multiple This is a critical feature because normally, you need to users. customize each PC image through the Windows System This last model is usually the most popular. Given that Preparation Tool (SysPrep.exe). SysPrep will automatically desktops are volatile and temporary, they only require stor- depersonalize a Windows PC image so that it may be repro- age space during use. Applications and user data are stored duced as many times as required. When the PC image is outside the desktop image and because of this, the organiza- opened, the SysPrep process automatically repersonalizes tion has no need to maintain single images for each user. the image, giving it the right SID, RID, computer name and Since each desktop is generated from a single image, you only so on. When you use the XenDesktop, you do not need to have one single target to update when patches are available. perform this task, however, you do need to create a refer- This greatly simplifies the virtual desktop management ence computer image and prepare it according to your orga- model and this is the model you should aim for since it also nizational standards. Then, instead of depersonalizing the greatly reduces storage requirements. image through SysPrep to generate a source image, you cre- ate a second, read-only copy of your golden image. This second copy becomes the core image used by XenDesktop. It is always maintained in read-only mode. User changes and customizations are captured in the dif- ferential file and either discarded when the user logs off (stateless PC image) or saved to a personal user file (stateful PC image). Differential files are block level files that capture only the changes made to the core image. This is perhaps the most impressive feature of the XenDesktop. However, because XenDesktop is from Citrix and Citrix has years of experience in remote Windows computing, XenDesktop also provides an edge in terms of remote Figure 4: Stateless virtual desktops are generated as needed when users connect. desktop delivery because it relies on 4 January 2009 | Virtualization Review | VirtualizationReview.com
    • FEATURE | Citrix Figure 5: By default, XenDesktop uses a single source image with differential files, saving tons of disk space. Citrix’ ICA protocol instead of Microsoft’s Remote Desktop Installing and Running XenDesktop Protocol (RDP). ICA provides a considerable improvement, Because it is a solution that relies on virtualization, testing especially in terms of graphics rendering over RDP, which XenDesktop isn’t quite as easy as testing other types of products makes the end user experience richer and more lifelike. This because you can’t do it in a virtual environment; you actually technology is called SpeedScreen in XenDesktop. Don’t need some hardware to do it. In fact, to test XenDesktop at the believe it, then check out the difference between the RDP and most basic level, you’ll need at least two physical machines. One the ICA experience on YouTube. will act as a host server and the other will act as the endpoint Traditionally, XenDesktop will require a XenServer back- device. If you want to test desktop VM failover, then you’ll need end, the XenDesktop which acts as the desktop delivery con- at least three machines, two host servers linked to shared stor- troller or the desktop image provisioning engine and the age and one endpoint device. XenApp delivery server to provide remote desktop connectiv- One of the pitfalls of centralized desktop virtualization is ity to the desktop images through the ICA protocol (see Figure the host server configuration. Servers by default do not sup- 6). However, because XenDesktop was formed from the port many of the features of desktops. For example, servers Ardence acquisition and Ardence supported VMware ESX will rarely include high quality graphics cards, yet these cards Server first, it also supports a full VMware backend. In addi- are required to run desktop VMs since end users constantly tion, because of its strong partnership with Microsoft, work with graphics. Consider this when you prepare your XenDesktop has been adapted to support a Windows Server host environment for VDI. 2008 Hyper-V backend. This means that you can use the But from then on the test will go fairly smoothly. You’ll have XenDesktop solution with any of the major server virtualiza- to set up your host server(s), then install the host server man- tion engines (see Figure 7). agement interface. Once this is done, you can move on to cre- This is a boon for most every organization because early ating the virtual machines you’ll need for the environment. adopters of server virtualization will often already have both You’ll need at least a few server VMs before you create the Citrix Presentation Server (now named XenApp but used for desktop VMs. Required server VMs include at least one domain Presentation Virtualization only) and technologies like VMware controller to create an Active Directory structure—AD is ESX Server or Microsoft Virtual Server (which they will no doubt required for any VDI solution—this server should also run the upgrade to Hyper-V) already in place. Since they already have a Domain Name Service (DNS) and the Dynamic Host server virtualization infrastructure and they already own Citrix Configuration Protocol (DHCP), one VM to run the Desktop products, adding XenDesktop is often a very low-cost solution Delivery Controller, and one to run the Provisioning Server— for the introduction of virtual desktop infrastructures. the server that generates desktop VMs from the central image. Figure 6: The components of the Citrix XenDesktop solution. VirtualizationReview.com | Virtualization Review | January 2009 | 5
    • FEATURE | Citrix experience in Presentation Virtualization, many of its PresentV features are included in each edition of XenDesktop. One edi- tion even includes Citrix EasyCall—a feature that integrates telephone communications with any application—a feature that stems from the original Presentation Server before Citrix’ acquisition of XenSource and Ardence. XenDesktops can either be persistent or pooled (see Figure 9). Persistent desktops retain the differential information generated by each user. The user is then connected to this particular differential file each time he or she reconnects. Pooled images are stateless images that are reset to a stan- dard state each time a user logs off. Obviously, pooled images take up less storage space since differential data is discarded at log off. Each image mode, persistent versus pooled, applies to a different user type. Persistent images would most likely apply to permanent users while pooled images are best for Figure 7: When you provision desktops with XenDesktop, you can choose temporary or task-based employees who do not need to any of the ‘Big Three’ as a host environment. retain customizations and preferences. Pooled or persistent images can either be x86 or x64 versions of the desktop OS Once the server images are ready, you move on to your since all of the supported virtualization engines—VMware desktop VM. Create a source desktop VM and for the purpose ESX Server, Citrix XenServer or Microsoft Hyper-V—support of expediency, install base applications within it. Then, gen- both 32 -bit and 64-bit VMs. erate the base desktop VM template from this original Since each image is based on a central core desktop and machine. This process basically creates a clone of your orig- is generated at logon, you might think that it takes some inal desktop VM. This leaves the original desktop VM as is so time for the image to build when a user first tries to acti- that you can easily update it when needed and use it to vate it by logging on. It will indeed take some time, espe- replace the clone used to generate the virtual desktops your cially if thousands of users log on at the same time, even users run. though the differential file is a very small file. However, Next prepare an endpoint. If the endpoint already has an Citrix solves this problem through image pre-provisioning. OS, then you only need to install the XenDesktop client and XenDesktop allows administrators to set image generation configure it to run in full screen mode. You are then ready to policies that will pre-populate images before users begin to generate multiple XenDesktop images and connect to them log on. For example, take the following scenario. (see Figure 8). Organization A has three main offices. Office A is in New While the process is relatively simple, it does take time and York City and contains 500 users. Office B is in Salt Lake City requires a comprehensive set of skills for domain administra- tion, DNS configuration, DHCP configuration, the installation of server and desktop OSes, the installation and configuration of the XenDesktop components and so on. Do not take these tasks lightly. Nevertheless, if you have the right experience level, you’ll find that test driving XenDesktop is very straightforward. When you decide to implement XenDesktop, however, you’ll probably want to bring together a team of experts from your internal staff including domain administrators, network administrators (for DNS, DHCP and WAN communications), desktop technicians, application packagers, end user subject matter experts and more to ensure you have all of the skill sets required to implement a centralized desktop virtualization solution that will provide the very best in return on investment. XenDesktop Editions XenDesktop comes in several editions, each including its own feature set. Table 1 outlines each of these editions and the fea- Figure 8: You can pre-provision desktops with XenDesktop, having them ture set it includes. As you can see, because Citrix has a lot of ready when needed. 6 January 2009 | Virtualization Review | VirtualizationReview.com
    • FEATURE | Citrix reducing the various issues you face when working with distributed desk- tops. Desktops are delivered quickly and reliably to any linked location. You control which devices are linked to the VM, therefore controlling the manage- ment of data and reducing the potential loss of intellectual property. You can significantly reduce the cost of each desktop, sometimes by as much as 40 percent. You can reduce the number of images to manage, especially when you work with volatile PC images. Machines are easier to patch and update since you only have one core image to update. However, using technologies such as XenDesktop and others does present a challenge in terms of PC image con- struction and management. Ideally, organizations will rely on a single PC image, unless of course, they need an x86 and an x64 image. Using one single Table 1: Citrix XenDesktop editions and feature sets. image to meet each and every user’s and contains 200 users. Office C is in San Francisco and needs means that you have to devise a system that will auto- contains 400 users. Each morning, the users log on matically provision the image with the required applications between 7:00 and 9:00 AM, however, because each office is and user data at log on. The best way to do this is to rely on in a different time zone, the load on the back end host application virtualization and user profile protection mecha- servers is somewhat attenuated. By using pre-population policies, the administrators at Organization A have XenDesktop generate images ahead of time before users begin to log on. The policy generates 500 machines in NYC at 6:30 AM Eastern time (see Figure 10), 200 machines at 6:30 AM Mountain time (two hours later) and 400 machines at 6:30 AM Pacific Time (one hour later). While this scenario is a bit unrealistic because no one starts work at 7:00 AM on the West Coast, it does illustrate the power of pre-provisioning with XenDesktop policies. And through XenDesktop’s wide area network (WAN) acceleration features, all of the desktops can reside in the NYC datacen- ter and yet all users can have a rich vir- tual desktop experience. Overall Assessment As you can see, virtual desktop infra- structures offer much in the way of simplifying desktop management and Figure 9: Determining whether to create persistent or pooled desktop VMs in XenDesktop. VirtualizationReview.com | Virtualization Review | January 2009 | 7
    • FEATURE | Citrix today, runs with any of the major three server virtualization technologies. This makes it a clear winner in our book. That and its ability to work with differ- ential images only, its use of the Citrix ICA protocol instead of Microsoft’s RDP, and its ability to pre-provision images, make it one of the best VDI options on the market. XenDesktop is off to a very good start and should definitely be part of the short list for any organization that wants to move to VDI and do it right. Product Information As seen in Table 1, the Citrix XenDesktop comes in several flavors. Express Edition is a free starter version of the product which supports 10 free desk- tops on one single host server. All other Figure 10: XenDesktops can be set to launch before work begins to make them available editions sell on a per concurrent user when users log on. basis. Standard Edition sells for $75 USD; Advanced sells for $195 USD; nisms. User profile data must absolutely be stored outside the Enterprise sells for $295 USD; and Platinum Edition sells for PC image if it is to be protected. XenDesktop does not offer $395 USD. While each edition includes the corresponding this feature at this time, but Citrix intends to provide it by the XenServer licenses to run a complete Citrix end to end solu- end of the year through its recent acquisition of tion, you can replace it with either VMware ESX Server using SepagoProfile. Windows, however, already offers a profile the VMware Virtual Infrastructure or Microsoft Windows protection mechanism through the combination of roaming Server 2008 Hyper-V which makes XenDesktop even more profiles and folder redirection. (For information on how to attractive since it can run on your existing server virtualiza- protect user data through these tools, look up Chapter 8: tion infrastructure if you already have it in place. However, Working with Personality Captures from the free Definitive there is no rebate if you choose not to use the enclosed Guide to Vista Migration by Ruest and Ruest). XenServer licenses. Currently, Citrix is offering a promotion Application provisioning is more complicated since it that enables customers to purchase XenDesktop Advanced requires the ability to provide the end user with the applica- for just $95 USD along with their XenApp Platinum licenses; tions they need when they need them. Using traditional appli- existing XenApp Platinum customers also have access to cation delivery methods will not work since they take time to this promotion. This promotion will run through the end of install and deploy. If this was the method you used, then your 2008. users would be completely dissatisfied with VDI as they wait- For more information on the XenDesktop, go to ed for long periods of time at login as the applications they http://www.citrix.com/XenDesktop. VR required were attached to the desktop image. This is why VDI does not work on its own. It must absolutely be tied to appli- About the Authors cation virtualization and therefore application streaming to Danielle Ruest and Nelson Ruest, both Microsoft MVPs, are IT make it work. Citrix does it right because it includes its appli- professionals focused on technologies futures. They are authors cation virtualization engine, XenApp, along with the of multiple books, including Windows Server 2008: The XenDesktop components. However, you must convert your Complete Reference from McGraw-Hill Osborne which is applications to the XenApp format to virtualize them and this focused on building virtual workloads with this powerful new can take time unless you use a tool such as InstallShield OS. They are currently writing Virtualization, A Beginner’s AdminStudio from Accresso Software which can generate Guide for McGraw-Hill Osborne. They are also performing a XenApp applications from existing Windows Installer pack- multi-city tour on Virtualization in the US. ages in a batch process. Feel free to contact them at infos@reso-net.com for any com- XenDesktop, unlike many other VDI tools on the market ments or suggestions. 8 January 2009 | Virtualization Review | VirtualizationReview.com