Your SlideShare is downloading. ×
How to fail or succeed with desktop virtualization and workspace mobility
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

How to fail or succeed with desktop virtualization and workspace mobility

2,051
views

Published on

Published in: Technology

0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,051
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
3
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. How To Fail Or Succeed With Desktop Virtualization & Workplace Mobility Introduction Denis Gundarev @fdwl, Entisys Solutions
  • 2. Denis Gundarev C:>whoami /all USER INFORMATION ---------------User Name Twitter E-Mail ============== ============ ================== ENTISYSdenisg @fdwl DenisG@entisys.com GROUP INFORMATION ----------------Group Name Type SID ====================================== ================ ================= BUILTINGeeks Mandatory group COMMUNITYBay Area Citrix User Group Well-known group S-1-5-32-544 S-1-5-32-540 CITRIXTechnology Professional Well-known group S-1-5-32-548 COMPTIACloud Subject Matter Expert Well-known group S-1-5-32-344 TRAINERMicrosoft Certified Trainer Well-known group S-1-5-32-595 TRAINERCitrix Certified Instructor Well-known group S-1-5-32-145
  • 3. My Background Customer 19% Vendor 6% 56% Independent 19% Partner
  • 4. Who are you? • Consultant? Decision maker? Vendor? Developer? • How many years you are in Desktop Virtualization?
  • 5. Agenda 9:00 AM 9:15 AM 10:05 AM 10:30 AM 10:45 AM 11:10 AM 12:00 PM 1:00 PM 1:45 PM 2:20 PM 3:00 PM 3:15 PM 3:45 PM 4:15 PM 9:15 AM Introduction 10:05 AM Evolution of server-based computing. Where did VDI come from? 10:30 AM Desktop Virtualization & Workplace Mobility: state of the union. 10:45 AM Break 11:10 AM Desktop Virtualization & Workplace Mobility: state of the union. 12:00 PM Desktop virtualization internals: Protocols, layering and isolation 1:00 PM Lunch 1:45 PM Application virtualization and user profiles, how does it work? 2:20 PM What happens when techonology meets marketing? Technical and business barriers in adopting Desktop Virtualization & Workplace Mobility 3:00 PM solutions. 3:15 PM Break 3:45 PM Effects of underestimating or overcommitting hardware, storage and network resources. Samsung sponsored Q&A panel session on zero client technology with Samsung's Sr. 4:15 PM Product Manager Greg Spence and special panel guest David Unangst of Teradici 4:30 PM Conclusions and Recommendations
  • 6. This Workshop Is Not About… • Server virtualization • But we will cover this important topic • Managing your cell phone and iPad • You can be mobile even at your desk. • How to reduce Capex and/or Opex • Best way to save money is to stop spending them on useless stuff • Check “How to lie with cost models” article by Brian Madden http://bit.ly/TCOLie • How to deploy and manage specific products • RTFM • But expect to hear tips and tricks from the real life
  • 7. But At The End You Will Know… • • • • • • • What is Desktop Virtualization How stuff works Market landscape Technology vs. marketing slogans. Why projects are failing Which pieces are most important in a proper sizing How Desktop Virtualization can help you even if you don’t need it • How to fix your applications and finally get rid of Windows XP
  • 8. Disclaimer • • • • • I love Desktop Virtualization I will try to not scare you of DV Vendor neutral Not a DV propaganda My opinions are my own. I do not represent my company or anyone else in this presentation
  • 9. Basics • Desktop Virtualization • Separates the computing platform (OS) from the client device (with exceptions) • One of the enablers of Workspace Mobility • There is no universal solution, but many choices • May be complemented by other types of the virtualization
  • 10. STAY CONNECTED • • • • • • #Interop j.mp/DeskVirt @fdwl j.mp/fdwl denisg@entisys.com www.entisys.com
  • 11. How To Fail Or Succeed With Desktop Virtualization & Workplace Mobility Evolution of Server-Based Computing. Where Did VDI Come From? Denis Gundarev @fdwl, Entisys Solutions
  • 12. History of Desktop Virtualization
  • 13. 1975 • Microsoft was founded in Albuquerque • dnd, the first video game that includes a boss was released
  • 14. 1989 • Citrus Systems was founded by frustrated IBMers • Prince of Persia was released
  • 15. 90’s 1991 – Citrix ships MULTIUSER for OS/2 1992 – Microsoft releases Windows 3.1 and not very interested in equipping its high-end operating system with multiple-user features like UNIX. 1992 – Citrix signed licensing agreement with Microsoft for Windows NT Server 1993 – WinView for Networks shipped 1994 – TCP/IP support was added to Citrix WinView
  • 16. 90’s 1996 – Anatoliy Panasyuk of Datapac (Australia) playing with Transparent Windows Interface Seamless Windows – Implemented in MetaFrame 3 years later 1997 – pcANYWHERE for Windows 3.1 was released 1997 – First version of Virtual PC for Macintosh platform was released by Connectix 1998 – Windows NT 4.0 Server, Terminal Server Edition (code name ―Hydra‖)
  • 17. 1998 • VMware founded in Palo Alto, California • Valve released Half-Life
  • 18. 2000’s 2000 – Windows 2000 (with terminal services built-in) 2001 (June) – Virtual PC for Windows was released 2001 (July) – VMware ESX 1.0 (Elastic Sky X) and VMware GSX 1.0 (Ground Storm X) released 2002 – NT 4 TSE Security Roll-Up Package is available 2003 – First release of open-source Xen 2003 – Microsoft acquired Connectix 2003 – EMC acquired VMware
  • 19. Acquisitions 2003 – Connectix, PlaceWare 2006 – Softricity, AssetMetrix, AlohaBob PC relocator 2008 – Calista, Kidaro 2012 - PhoneFactor 2003 – Expertcity (GoTo) 2004 – Net6 2005 – NetScaler 2006 – Reflectant, Ardence 2007 – XenSource, 2008 – AuremasepagoProfile 2011 – Kaviza, RingCube, ShareFile, App-DNA, Virtual Computer, Zenprise 2007 – Propero Software 2008 – Tungsten Graphics, Thinstall 2010 – RTO Software 2011 – NeoAccel (SSLVPN Plus) 2012 – Nicira, Wanova 2013 – Virsto
  • 20. VDI Timeline 2006-2009 June May October Desktop Broker for Citrix Presentation Server 2006 Microsoft general manager for virtualization strategy "surprised" that IT are so eager to virtualize their desktops (http://bit.ly/MSSur prised) Windows Server2008 R2 vith live migration, RD Virtualization RemoteFX May XenDesktop 2.0 February VDM 2.0 November December View 3.0 XenDesktop 4 2009 2008 2007 November April February September February November VMware demoing VDI connection Broker VMware VDI Alliance Desktop Server 1.0 Windows 2008 with Hyper-V and RemoteApp XenDesktop 2.1 XenDesktop 3.0 View 4.0 No VDI June VDM 2.1 May XenDesktop 3.0 FP 1
  • 21. VDI Timeline 2010-2013 September July March XenDeskto p 4 SP1 March XenDesktop 4 FP1 XenDesktop 5.6 December September XenDesktop 5 View 5.0 2010 June September Windows Server 2012/Windows 8 Major Hyper-V updates, Client Hyper-V, User personalization Windows Server 2012 R2/Windows 8.1 Hyper-V updates, RemoteFX updates XenDesktop 5.6 FP1 2013 2012 2011 February August View 4.6 August March June XenDesktop 5.5 XenClient became a part of XenDesktop View 5.2 XenDesktop 7 May September View 4.5 View 5.1
  • 22. History in short • Citrix turned Windows in to a multi-user operating system and became a leader in Server Based Computing in Windows world • VMware became a leader in server virtualization • In 2005-2006 term VDI was introduced, which may be considered as a hybrid of SBC and server virtualization • Both Citrix and VMWare was playing like kids in 1st grade, but became older • Microsoft is slow in adopting new ideas, in fact there is no releases between operating system releases
  • 23. Trends • • • • • • Migrating old workstations to the datacenter Using blade PCs Moving to cheaper thin clients VDI started as an alternative to terminal services Users became mobile Lack of technical benefits of VDI was compensated by a ―lower TCO‖ speech • VDI supposed to make OS migration easier
  • 24. VDI Expectations Source: Gartner’s Chris Wolf (http://bit.ly/VDITrends)
  • 25. VDI Adoption Source: Gartner’s Chris Wolf (http://bit.ly/VDITrends)
  • 26. VDI Adoption Source : Forrester (http://bit.ly/VDIForrester)
  • 27. VDI Adoption • According to Simon Bramfitt from Entelechy Associates, 55% of the companies have VDI in test environments (http://bit.ly/VDIinTest) • In report prepared by Jeroen van de Kamp and Ruben Spruijt from Project Virtual Reality Check, The majority of people (31,91%) is using VDI in pre-production, or early production (34,92%). (http://bit.ly/VDI2013) • By 2016 30% of large organizations will have deployed HVDs to 20% of their users (Gartner http://bit.ly/VDIvsPC ) • Many customers don’t realize that they actually use desktop virtualization for years.
  • 28. How Market Keep Desktop Virtualization On the Top Of the Hype? • Desktop-as-a-Service is here to help • • Hundreds of cloud service providers Special licensing from vendors • VDI vendors turn to virtual desktops • • • • Wanova Virtual Computer RTO Software Application virtualization vendors
  • 29. Competition “ VDI vendors are not competing against each other. They’re competing against the status quo. They’re competing against those pallets full of Dells that you’ve been buying for the past twenty years Brian Madden, ―The VDI Delusion‖ http://bit.ly/VDIDelusion ”
  • 30. Summary • VDI is not new • VDI started as an initiative of converting physical desktops into a VM • In the beginning of 2009, Gartner said that Hosted Virtual Desktop market will surpass $65 Billion in 2013 and have 49 million users (http://bit.ly/GartnerVDI) • All vendors made a lot of acquisitions to make their products look more competitive
  • 31. How To Fail Or Succeed With Desktop Virtualization & Workplace Mobility Desktop Virtualization & Workplace Mobility: State of the Union Denis Gundarev @fdwl, Entisys Solutions
  • 32. Desktop Virtualization Vendors
  • 33. Desktop Virtualization Vendors
  • 34. Desktop Virtualization Vendors
  • 35. Microsoft Remote Desktop Virtualization Host Server Manager Remote Desktop Web Access Remote Desktop Connection Broker SQL Database Virtual Desktop Collection Remote Desktop Session Host Remote Desktop Gateway Remote Desktop Licensing Session Collection
  • 36. Kahuna Burger Platinum Suite
  • 37. XenDesktop Platinum/Horizon Suite components Personal vDisk Universal Print Server Provisioning Services 7 AppDNA XenClient XenServer CloudBridge Merchandising Server Profile Management XenApp Single sign-on Smart Auditor Horizon Workspace VMware Workstation VMware ThinApp Horizon Mirage VMware Fusion Horizon View VMware ESXi VMware vCenter Server VMware vCloud Networking and Security VMware Persona Management VMware View Connection Server VMware View Composer
  • 38. Smaller desktop virtualization vendors • • • • • • • • HTML5 Remote protocol accelerators RDP Transcoding Consumer-focused solutions Competitive pricing SaaS & Cloud Linux Brokering
  • 39. Network optimization and management • • • • • • WAN optimization SSL VPN Network virtualization Isolation Storage replication Traffic parsing
  • 40. MDM/MAM • • • • • • • • New to the market Sandboxing Integration with cloud storage BYOD Providing APIs to third-party SaaS Expanding to laptops On-premises solutions
  • 41. Storage • • • • • • RAM/SSD cache Use of local storage Storage tiers Smart deduplication Software-only solutions Combining storage and server in one box
  • 42. Application deployment and virtualization • • • • Reducing IOPS Simplification Repackaging Consumerization
  • 43. Security • • • • Offload antivirus to a separate VM Micro-hypervisor Device-less two-factor authentication DLP
  • 44. Thin Clients • • • • • • • • ―Zero‖ clients One protocol only Hardware decoding Reducing cost Alternative brokers HDMI Sticks Tablets Android
  • 45. Print management • Cloud printing • Mobile device support
  • 46. User profile management • Profile conversion • Policy controls
  • 47. Monitoring And Analytics • • • • Analysis of VDI migration VDI-oriented reporting Pricing models and chargeback Monitoring from cloud
  • 48. Offline VDI • Type 2 has more chances • Security • Desktop Player for Mac
  • 49. Others • Virtual GPU and GPU sharing • nvidia GRID • Nested virtualization
  • 50. User Population • • • • • Task/Shift worker Knowledge worker Mobile worker High-performance worker Guest users
  • 51. Use cases • • • • • • • • • Remote Access Quick provisioning Off Shore development Security Consumerization/Bring Your Own Device (BYOD) Centralized Management Compliance Disaster Recovery Acquisitions
  • 52. Vendor’s positions 70 60 50 40 30 20 10 0 Hypervisor Broker Vmware Microsoft Citrix Other Source: Project Virtual Reality Check (http://bit.ly/VDI2013)
  • 53. State of the VDI and SBC union 2013, Whitepaper from Project Virtual Reality Check • • • • • • • • • • • • • • • • Hypervisor infrastructure used in VDI and SBC WAN optimization used in VDI and SBC Unified Communications used in VDI and SBC Performance testing executed in VDI and SBC VDI Stateless - stateful virtual desktop VDI and hypervisors VDI and connection brokers VDI and server configurations VDI and antivirus VDI and Remote Display Protocol, hardware encoding VDI and desktop image deployment VDI and User Environment Management VDI and client management VDI and guest OS configurations VDI and application virtualization VDI Applications, Windows and web-based • • • • • • • • • • • • • • • • • VDI and storage Server Based Computing (SBC) results SBC Phase, usage, regions SBC User types and goals SBC and connection brokers SBC and server configurations SBC and antivirus SBC and Operating System SBC and User Environment Management SBC Applications, Windows and web-based SBC and storage SBC and image deployment Comparing VDI and SBC results VDI versus SBC Hypervisor, server workload VDI versus SBC WAN optimization VDI versus SBC Unified Communications VDI versus SBC Performance testing • http://bit.ly/VDI2013
  • 54. How To Fail Or Succeed With Desktop Virtualization & Workplace Mobility Desktop Virtualization Internals: Protocols, Layering and Isolation Denis Gundarev @fdwl, Entisys Solutions
  • 55. VMware
  • 56. Citrix
  • 57. Microsoft Remote Desktop Virtualization Host Server Manager Remote Desktop Web Access Remote Desktop Connection Broker SQL Database Virtual Desktop Collection Remote Desktop Session Host Remote Desktop Gateway Remote Desktop Licensing Session Collection
  • 58. Core Components Remote Access Protocol Remote Access Protocol
  • 59. Core Components - Protocols Remote Access Protocol
  • 60. Remote Protocols Microsoft RemoteFX •Formerly known as RDP •Adaptive Graphics (2012) •Multi-Touch •vGPU and GPU sharing •Windows clients only •Features tied to Windows version •No OpenGL Citrix HDX • Formerly known as ICA • Broad client support • HDX 3D Pro • Flash and Multimedia Redirection • OpenGL / DirectX support • Feature set is different for different clients Teradici PCoIP • UDP-only • Offload cards are available • vSGA (NVIDIA GRID) • Limited QoS support • Has a new competitor – HTML5 blast
  • 61. Protocol comparison Phase 1: RDP7 vs RemoteFX v1 vs HDX vs HDX 3D Pro vs PCoIP vs Quest EOP vs Ericom Blaze vs HP RGS (May 2011) Phase 2: HDX 5.0 vs HDX 5.5 vs PCoIP 4.6 vs PCoIP 5.0 (October 2011) Phase 3: Mobile Devices on 3G and 4G, and evaluating RemoteFX v2 Beta (May 2012) Phase 4: RDP 7.1 vs RDP 8 vs RemoteFX and Citrix XenDesktop 5.6 FP1 HDX (February 2013) Phase 5: NVIDIA GRID K2 accelerated 3D graphics HDX 3D Pro, VMware PCoIP vSGA and Microsoft RemoteFX vGPU (May 2013) Phase 6: NVIDIA GRID K2 + K5000, Citrix XenDesktop 7 HDX and HDX 3D Pro, Microsoft RDP 7.1 and RDP 8, and VMware View 5.2 vSGA (July/August 2013) http://bit.ly/VDIProtocols Shawn Bass @shawnbass shawnbass.com Benny Tritsch @drtritsch drtritsch.com
  • 62. WAN Emulation – The Test Setup Epiphan DVI2USB USB One-on-one connection DVI/ HDMI Apposite Linktropy Mini2 PC with Epiphan recording SW Client Shared environment Host
  • 63. Test Applications – 2D Graphics 1 2 GDI: Microsoft WordPad + RTF file (2.5 MB) GDI: Adobe Acrobat Reader 9.34 + PDF file (2.5 MB)
  • 64. Test Applications – Videos & Animation 3 5 Video: Media Player 12.0 + WMV file (Halo, 33 MB) 6 15 Video: Quicktime Player 7.68 + MOV file (Meat Balls, 33 MB) 7 Flash: Flash Player 10 + Intel VT Demo HD Flash: Flash Player 10 + Flash Video Factory HD Video: Media Player 12.0 + WMV file (Speed 720, 101 MB) 9 Silverlight: Silverlight Photo Gallery
  • 65. Test Applications – 3D Graphics 8 20 WPF: MeediOS 22 DirectX 9: Rollercoaster by Emil Persson, aka Humus 21 OpenGL (SW): eDrawings SolidWorks Seascooter 23 OpenGL (HW): Cloth by Emil Persson, aka Humus 24 DirectX 9: Google Earth DirectX 10: Custom Resolve by Emil Persson, aka Humus
  • 66. Test Applications – User Experience 10 11 Flash: Whack-A-Mole HTML5: Fishbowl
  • 67. Video Recordings Post-Processing Raw AVI video Full resolution, 60fps max. ffdshow MS MPEG4 v2 One pass - quality, 99% WMV Video 4-Up Split Screen 512 x 384 Silverlight Player VC-1 Advanced by J. Gorzas, Sense GmbH Fixed bitrate 1045 Kbps Microsoft Expression Encoder SPHtmlGenerator
  • 68. Network Emulation Settings Description Bandwidth Latency Packet Loss LAN 100Mb/s 0ms 0% Within continent, slow 500Kb/s 50ms 0.01% Within continent, medium 2Mb/s 50ms 0.01% Within continent, medium, Cl 2Mb/s oud 50ms 2% Within continent, fast 8Mb/s 50ms 0.01% Across continents, medium 2Mb/s 200ms 0.01% Across continents, fast 8Mb/s 200ms 0.01% Across continents, very fast, Cloud 12Mb/s 300ms 1%
  • 69. Core Components
  • 70. Core Components –Virtualization and Layers
  • 71. Core Components –Virtualization and Layers
  • 72. Core Components –Virtualization and Layers User Data Applications Operating System Hardware
  • 73. Operating System Layers User Data Applications Operating System Hardware
  • 74. Operating System Layers User Files User Settings User Apps Corporate Apps Applications Operating System Hardware
  • 75. What Is Layering? • Way to define a container that contains relevant registry keys and files • Not possible on a block level • Application deployment ≠ application layering • OS deployment ≠ OS layering
  • 76. Why Layering Is Good? • Manage each layer separately • User data stored separately, making backup easy • OS and App layers can be generalized and shared between instances • Rollback each layer independently • Great for non-persistent deployments
  • 77. Layers In A Real Life • • • • • • Difficult to separate User Data from User Settings Per-app user settings are merged in a user profile Layering adding a performance overhead Number of golden images grow Complexity Say good bye to your desktop management experience
  • 78. Pros of persistent desktops One-to-one Your helpdesk know what to do Performance Familiar management tools Users get what they expect SCCM, Altiri s, Ghost, La nDesk Users store their files in weird locations
  • 79. Cons of persistent desktops One-to-one Familiar management tools Users get what they expect Best way to make your storage vendor happy Each instance managed individually Users can ruin your environment
  • 80. Pros of non-persistent desktops Less storage New ways to manage your images Locked-down desktops Share your golden image Ideally one golden image Just reboot for refresh
  • 81. Cons of non-persistent desktops Less storage New ways to manage your images Locked-down desktops Harder to manage IOPS Old management tools doesn’t work App virtualization is required No personalization
  • 82. Full clones Full Clones
  • 83. Thin clones Clones Linked to the master Master
  • 84. Non-persistent Thin clones Snapshot on start Clones Linked to the master Master
  • 85. Thin clones with identity disks Virtual Machine Identity Clones Linked to the master, deleted after reboot Master
  • 86. Thin clones with identity disks and per-user data disk Per-user virtual disk Virtual Machine Identity Clones Linked to the master, deleted after reboot Master
  • 87. Solutions Non-persistent: – Citrix Provisioning Services – Citrix Machine Creation Services – VMware Linked Clones Persistent – Full clones – Citrix Personal vDisk
  • 88. VMware Linked Clones The OS delta disk An optional disk for each user’s profile The base image The baseline for linkedclone desktops Full clone virtual machine linked clone OS disk Persistent disk Disposable disk parent virtual machine snapshot replica An optional disk for paging and temp files OS disk VMware View specific Persistent is more possible. Limited support for storage tiers linked clone desktop pool Persistent disk Disposable disk
  • 89. Citrix Machine Creation Services 1 2 3 4 5 hypervisor Base ID ID ID ID ID DIFF DIFF DIFF DIFF DIFF storage
  • 90. How To Fail Or Succeed With Desktop Virtualization & Workplace Mobility Application Virtualization and User Profiles, How Does it Work? Denis Gundarev @fdwl, Entisys Solutions
  • 91. What is Application Virtualization? • Application is executed inside the sandbox isolated from operating system • Improves security (isolates insecurity) • Eliminate application conflicts Package Deliver Execute
  • 92. Every time you disable UAC… Steve Ballmer kills a kitten Please, think of the kittens
  • 93. Every time you: • Modifying ACLs on Program Files or HKLM • Making user a local admin • Just give users SeBackup, SeRestore, SeCreateGlobal and SeLoadDriver privileges, but keep them as standard users
  • 94. Application Virtualization Example
  • 95. Application Isolation Environments Was introduced in MetaFrame Presentation Server 4.0 (2005) Virtualization layer that redirects system resources Virtualizes: – File system – Registry – Named objects (events, semaphores, etc) Transparent to the application Was a great compatibility aid for: – Applications which are not multi user friendly – Applications which have problems coexisting on the same server – Applications that cannot have multiple instances running simultaneously
  • 96. Isolation Environment Roots Specifies directories and registry locations User Profile Root – Changes made by the user reside here – Suitable for Multi-user incompatible applications Installation Root – Per Isolation environment location – Enables conflicting applications to coexist
  • 97. Isolation Environment Rules • Three types of Rules: • Ignore • Redirect • Isolate
  • 98. Isolation Environment: IGNORE Rule Used to create ―holes‖ in an isolation environment Virtual address is not modified by the virtualization system Used to allow access outside of the isolation environment
  • 99. Isolation Environment: REDIRECT Rule Redirects an application request for a file or registry key to a specified location – If an application creates the file, c:tempdata.txt, regardless of the user, then it might be sensible to redirect those files to c:aietemp%USERNAME% – This means, if UserA ran the application isolated, then c:tempdata.txt is created in c:aietempUserAdata.txt
  • 100. Isolation Environment: ISOLATE Rule Per User: – Ensure that each user gets his own copy of the requested resource Per Isolation Environment: – A single copy of the required system resource is created in the installation root location and shared by all users
  • 101. Application Streaming Introduced in Citrix Presentation Server 4.5 (2007) Added delivery mechanism to AIE Had 6 major releases before being deprecated in 2013 Still available with XenApp 6.5 and XenDesktop 5.6 Completely removed in XenDesktop 7
  • 102. Application Virtualization Internals
  • 103. How it works Two main components of Application Virtualization: – Isolation/Redirection – Delivery mechanism Optional features: – – – – File type associations and OS integration Rights Management and usage tracking Packaging Shareable sandboxes
  • 104. File I/O Redirection options API Hooking – at USER or Kernel Level • Hooking CreateFile, OpenFile, DeleteFile, NtCreateFile, NtOpenFile, NtDeleteFile etc • Hooking into System Service Descriptor Table (SSDT) File System Filter Driver or Mini-Filter – Write file system driver to redirect virtualized file requests.
  • 105. Registry Redirection Options API Hooking at USER Level – Hooking advapi32.dll - RegCreateKeyEx, RegDeleteKeyEx etc – Hooking Ntdll.dll – NtCreateKey, NtDeleteKey etc API Hooking at Kernel Level – Hooking SSDT – NtCreateKey, NtDeleteKey etc
  • 106. Application Virtualization Vendors
  • 107. Application Virtualization Products Microsoft App-V VMware ThinApp CloudVolumes Symantec/Altiris SVS Spoon (Novell ZENworks) Numecent Jukebox FSLogix Sandboxie Microsoft Windows
  • 108. Microsoft App-V Version 2.0 was released in 2002 by Softricity ~8 major and ~50 minor releases before App-V 5.0 App-V 5.0 is completely rewritten and released in 2012 Available as a part of MDOP under SA
  • 109. App-V 5.0 Cons Requires SA User-level apps only Cannot virtualize drivers Cannot isolate applications that are a part of the OS
  • 110. App-V Pros Tons of information on Internet Huge user community Integration with System Center Integration with XenDesktop Managed by PowerShell
  • 111. VMware ThinApp Uses user-mode hooks Application packaging solution, just like PortableApps.com Emulates Windows COM and DCOM Supports Streaming Execution (SMB/CIFS) and Deployed Execution (i.e. USB) Does not support installed Apps No centralized management (for standalone product) End of availability (―EOA‖) of VMware ThinApp, effective on December 15, 2013. After that will be available only as a part of View or Horizon
  • 112. CloudVolumes AppStack – basically a VHD or VMDK attached to a VM Web-based management console that communicates with hypervisor Full support for server software Available Now: VMware ESX 5.0, 5.1, Coming soon… HyperV, Azure, Amazon EC2
  • 113. CloudVolumes
  • 114. CloudVolumes
  • 115. CloudVolumes pros Server software support No streaming or any other delivery mechanism Combination of file system minifilters and a service Text file-driven configuration Storage tiers on the hypervisor layer Per-machine or per-user assignments No packaging process
  • 116. CloudVolumes cons Works with virtual workloads only Came out of stealth mode in 2013 Text file-driven configuration
  • 117. Symantec/Altiris SVS Now called Symantec Workspace Virtualization Kernel-level hooks Umanaged computers support Application license management Best in class integration with OS
  • 118. Spoon Formerly Xenocode Web portal for app access Desktop integration Works over HTTP/HTTPS License management Available as SaaS offering Server software support Auditing Support for installed applications Application snapshots
  • 119. Numecent Jukebox HTTP-based streaming Encrypted cache Virtualized File System DRM and license control OPSWAT integration Kernel-level file system driver Web portal for user access Currently targeted for ISVs and MSP No publicly available demos or code
  • 120. Numecent Jukebox Patents: • Software streaming system and method • Intelligent Network Streaming and Execution System for Conventionally Coded Applications • Rule-based application access management • Opportunistic block transmission with time constraints • Deriving component statistics for a stream enabled application
  • 121. FSLogix AIE:Ressurection Came out of stealth mode about in July 2013 No streaming, no packaging Combination of file system minifilter and user-level hooks Support changes in a realtime Text-file based configs with a GUI editor
  • 122. FSLogix
  • 123. FSLogix
  • 124. FSLogix
  • 125. Sandboxie • Isolated sandboxes for applications • Virtualizes Files, Disk Devices, Registry Keys, Process and Thread objects, Driver objects, and objects used for Inter-process communication: Named Pipes and Mailbox Objects, Events, Mutexs (Mutants in NT speak), Semaphores, Sections and LPC Ports • Not designed for VDI • Not designed for Enterprise • Developed by one person
  • 126. Microsoft Windows • UAC Virtualization is available out of the box • Application compatibility toolkit can be used to manage folder and registry redirection • No additional software needed
  • 127. What Are Shims? Applied to specific apps – Configured with Compatibility Administrator in the App Compat Toolkit – Deployable to enterprise Changes what the app thinks it sees Does not change what app is allowed to do
  • 128. What Are Shims Good For? Great for many kinds of bugs: – – – – – – Bad Windows version checks Writing to HKCR at runtime Unnecessary checks for ―am I admin?‖ Writing to WRP-protected keys and files Windows thinks your app is an installer File/Registry redirections
  • 129. Version Lie Shims Win95VersionLie WinNT4SP5VersionLie Win98VersionLie Win2000VersionLie Win2000SP1VersionLie Win2000SP2VersionLie Win2000SP3VersionLie WinXPVersionLie WinXPSP1VersionLie WinXPSP2VersionLie Win2K3RTMVersionLie Win2K3SP1VersionLie VistaRTMVersionLie VistaSP1VersionLie VistaSP2VersionLie Win7RTMVersionLie
  • 130. Most Used Shims VirtualRegistry – Fixes the problem with reading/writing registry value – AddRedirect ( HKLMKey ^ HKCUKey ^ HKLMKey2 ^ HKCUKey2) CorrectFilePaths – Fixes the problem with reading/writing a file – c:Program.ini= %AppData%Program.ini WRPRegDeleteKey – Lie when app tries to delete protected OS registry key ForceAdminAccess – Spoofs queries of administrator group membership VirtualizeDeleteFile – Spoofs deletion of global file LocalMappedObject – Forces global section objects into user’s namespace VirtualizeHKCRLite, VirtualizeRegisterTypeLib – Redirects global registration of COM objects
  • 131. Conclusion There are many vendors on the market If you care about App compatibility, take a look at simple solutions Consider using SaaS-based services Check the Application Virtualization Smackdown from Ruben Spruijt – http://www.pqr.com – 61 pages cover major vendors on the market
  • 132. Conclusion
  • 133. How To Fail Or Succeed With Desktop Virtualization & Workplace Mobility What Happens When Technology Meets Marketing? Denis Gundarev @fdwl, Entisys Solutions
  • 134. Security • • • • • Desktop Virtualization ≠ secure environment Non-persistent VM = disposable gloves for hacker Non-persistent VM ≠ Virus Protection SSL ≠ Secure connection Disabled clipboard+disabled drive mapping ≠ DLP
  • 135. ― Horizon View offers ease of management along with a secure, robust architecture, and the ability to offer end users the freedom and choice they need to be productive. In comparing VDI and sessions, VDI offers the following advantages over sessions: • Eliminates application-compatibility issues • User or OS resets do not impact other users (sessions require resetting entire server) • Provides better native-application compatibility • Eliminates application-to-application conflicts in a multi-session Environment • Applications do not have to be written with TS or RDSH in mind (i.e., desktop applications are supported) ‖ Source: VMware (http://bit.ly/ViewVsRDS2012
  • 136. Application compatibility • Most of the appcompat issues caused by migration to the new OS generation • Windows OS is stable • Windows Client is not much more stable than Windows Server • Applications that work on Windows 7 in 99% of cases will normally work on Windows Server • Virtualization is not a solution, it’s workaround
  • 137. The Last Argument In Favor Of RDSH
  • 138. The Last Argument In Favor Of VDI
  • 139. • Use any desktop, optimized thin client, or BYO device • High definition user experience with HDX technology • • • The best HD experience, even in low-bandwidth or high-latency environments Real-time voice and video collaboration 3D professional graphics support
  • 140. Source: http://support.citrix.com/article/CTX132038
  • 141. Microsoft Virtualization Products A comprehensive set of virtualization products, from the data center to the desktop Assets – both virtual and physical – are managed from a single platform
  • 142. • Monolithic hypervisor – Simpler than a modern kernel, but still complex – Contains its own drivers model VM 1 (“Admin”) VM 2 VM 3 • Microkernelized hypervisor – Simple partitioning functionality – Increase reliability and minimize TCB – No third-party code – Drivers run within guests VM 1 (“Parent”) Virt Stack Hypervisor Drivers Drivers Drivers VM 2 (“Child”) VM 3 (“Child”) Drivers Drivers Drivers Drivers Drivers Drivers Drivers Drivers Drivers Hypervisor Hardware Hardware VMware ESX Approach Hyper-V Approach Microkernelized Hypervisor has an inherently secure architecture with minimal attack surface 151
  • 143. Side-by-side Feature and Cost Comparison 5 Virtualized Hosts (US$) $61,400 ―We saw that Hyper-V did everything we needed and was far more cost-effective than VMware, which costs about $6,300 per server more than Hyper-V.‖ —Nicholas Merton, IT Support, Maxol $21.4K Included $9.4K
  • 144. Horizon Suite Versus The Competition Physical Desktop Management Virtual Desktops Multi-device Workspace Citrix 153 Confidential
  • 145. Horizon Suite Components Versus Citrix Piece-meal Approach Horizon Suite Citrix CloudGateway, ShareFile, XenDesktop, Access Gateway Extensible and flexible platform Citrix purchases piece parts with a long road to integration 100% on premise file sharing solution in addition to offering a cloud solution ShareFile only offers data on premise. Application is still hosted by sharefile.com Desktop Layering, Migration, and Desktop Backup and Recovery None Tight integration and similar management experience as vSphere No specific integration with vSphere Android-dual persona None And best of all – It’s a suite! Citrix requires purchase of CloudGateway, XenDesktop, ShareFile, and Netscaler Access Gateway Horizon Suite is an integrated mobile workforce platform built by the leader in virtualization and cloud computing; built for today and for the future. Citrix offers non integrated tools purchased from various vendors without the future needs of end user computing in mind. 154 Confidential
  • 146. Kahuna Burger Platinum Suite 155 Confidential
  • 147. Thin/Zero clients • Aren’t cheap • Don’t forget about servers • Not a virus protection • You still running Windows in a VM • Maintenance is still required • New firmware/clients • 10 years lifetime • What’s wrong with your original iPhone? • Always a compromise • Thinner = less functional
  • 148. Alternative to thin client • Windows Thin PC - based • • • For those who has SA, otherwise use your Windows Norscale Transformer ThinScale ThinKiosk • Linux-Based • • • Stratodesk NoTouch Desktop DevonIT VDI Blaster Thinstation
  • 149. Bring Your Own Device
  • 150. Users can work anywhere
  • 151. How To Fail Or Succeed With Desktop Virtualization & Workplace Mobility Technical and Business Barriers in Adopting Desktop Virtualization & Workplace Mobility Solutions Denis Gundarev @fdwl, Entisys Solutions
  • 152. Windows is not designed for your toys
  • 153. New skillset is required Managing non-persistent images Application packaging Storage requirements are different Server virtualization skills is not your happy ticket
  • 154. Microsoft Licensing Licensing Windows SA, VDA, and CSL Primary work device? No (regardless of ownership and location) Primary User of SA/VDA licensed device? Yes Corp owned? On Premises? No No Yes Yes No Yes x86/x64 PC (w/ Qualifying OS) Other (Thin Client, iOS, Windows RT) x86/x64 PC (w/ Qualifying OS) Windows RT (No License Required for VDI) Other (iOS, Android, etc) VDA CSL SA Any Device (Roaming Rights: No License Required)
  • 155. Security concerns
  • 156. Lack of proper testing 5 users from IT? 20 contractors? PoC kits
  • 157. Sizing Using vendor-provided numbers Guessing Buying hardware first
  • 158. Wrong Use Cases • • • • • • • Desktop virtualization is hot  Windows 7 migration Offline use Desktop refresh Security Reducing costs Access from iPad
  • 159. Internal issues Server admins vs. desktop admins CXO vs. CXO ―I tried this 10 years ago, it didn’t work‖ ―My dealer said that Honda is better than Ford, I trust him‖ Users don’t want changes
  • 160. Storage Files NTFS .VMDK/.VHD VMFS ZFS Disk
  • 161. Shared vs Persistent Shared Local Server Failure Server Failure • Couple of sessions lost • Couple of sessions lost Storage Failure Storage failure • All sessions lost • Couple of sessions lost
  • 162. Storage • • • • • Your file server will not work Use local storage Use specialized solutions Ignore ―maximum IOPS‖ from vendor Measure • • • IOmeter Remember about CIFS stores for profiles/apps Learn how it works • • • • ProjectVRC – www.projectvrc.com VDI + Storage = Deep Impact – http://bit.ly/fOUZ8i Jim Moyle Windows 7 IOPS - http://bit.ly/nvDLcr Shawn Bass XenApp IOPS - http://bit.ly/xFRw7d
  • 163. Servers • Choose right form factor • • • N+? Will you use local storage? GPU/PCoIP offload
  • 164. CPU/Memory • When moving user from 5-years old desktop to a VM, don’t make things even worse • • • 512Mb per VM is a wrong idea 10 VMs per core is a wrong idea Ballooning is a bad idea • Measure utilization first • Fix it before moving to VDI • Remember about antivirus
  • 165. Network Remote Desktop should be responsive Rich Graphics/Audio consume bandwidth Use ―Smart‖ load balacers Test WAN optimization Plan gateways
  • 166. Guide to Desktop Virtualization Phase 1 Buy Platinum edition Phase 2 Phase 3 ? Profit
  • 167. Plan • • • • • • Identify goals Identify use cases Separate desktop virtualization from OS migration Measure current utilization Categorize users Categorize applications
  • 168. Vendor selection • • • • • You should know what you need You should know what you don’t need now Check independent bloggers Understand the technology Check their blog, they may run out business already
  • 169. Analyze features • Don’t buy premium editions with features that you can’t use right now • • Vendors will always offer you an upgrade if needed Features might be removed or deprecated • Try to use what you already have • • Microsoft VDI Publish desktops on XenApp
  • 170. Security Don’t add security, remove insecurity Fix your security before moving to virtual desktops
  • 171. Rollout • Most of the problems caused by misconfiguration • If something doesn’t work: 1. RTFM 2. Call vendor/partner • Involve third party • Train IT staff • Talk to your users
  • 172. STAY CONNECTED #Interop j.mp/DeskVirt @fdwl j.mp/fdwl denisg@entisys.com www.entisys.com