More Related Content Similar to Synergy 2015 Session Slides: SYN235 Cost-effective XenDesktop and XenApp Designs For Small To Midsize Deployments (20) Synergy 2015 Session Slides: SYN235 Cost-effective XenDesktop and XenApp Designs For Small To Midsize Deployments1. © 2015 Citrix
What topics you must consider to effectively design XenDesktop or XenApp for a small to
midsize deployments. Using the proven Citrix Consulting methodology and our experience from
working with customers of all sizes and verticals around the U.S. and aboard, Tips and tricks we
have effectively used to have a successful design and deployment
1
3. © 2015 Citrix
Before we can design anything we have to have a good understanding of the business and
technical requirements behind an SMB project.
I keep hearing the same requirements time and time again from small and medium sized
customers and I want to share some of them with you now because they are going to form the
foundation for the design decisions we’re about to discuss.
The first one is that SMBs need to provide secure remote access to business resources.
The second requirement is that the design should be scalable so that it doesn’t hold the
business back. We realize that many businesses start out really small and grow over time, often
very quickly. The last thing you want to do is completely re-architect your solution every time the
business adds more locations, employees or resources.
Lastly and most importantly, the design needs to be cost effective. SMBs don’t have the same
budget as an enterprise. So how do we keep costs down while meeting all of these
requirements? It really comes down to finding a good compromise and that’s the main message
of this session. You can have an amazing XenApp and XenDesktop design without breaking the
bank and we’re going to show you how.
3
4. © 2015 Citrix
Citrix Consulting use the 5-layer architecture model on every XenApp and XenDesktop design
project. We use it because it breaks the architecture up into manageable sections, which allows
us to properly focus each area areas and it ensures that we work through a design or a
deployment in the right order. For a design we work top down, starting with the users and ending
with the hardware but for a deployment we work bottom up, starting with the hardware and
ending with the users.
The user layer focuses on the primary requirements of each user group such as their network
connectivity to the datacenter and their endpoint device.
The access layer focuses on the method and process users follow in order to establish and
maintain a connection to their resources.
The resource layer supports the applications and desktops that the users need to interact with.
The control layer includes all infrastructure related components.
The hardware layer includes the physical devices required to support the entire solution which
includes physical virtualization hosts, hardware appliances and storage devices.
4
6. © 2015 Citrix
In the User Layer, the goal is to design an Endpoint solution that allows users to easily gain
access to the environment from devices that are deployed in a cost efficient manner. While
buying a new fleet of Thin Clients that are more power efficient and replace your aging set of
desktops is a good decision, it is a decision that includes a high upfront capex cost. If your
current desktops are still working great, why not extend their life even further by transforming
them into Thin Clients that provide all the benefits of desktop virtualization?
First, let’s discuss Citrix Desktop Lock, a free Citrix product that allows a conventional Windows
desktop to act as a thin client. Desktop Lock works by replacing the Windows Shell and
seamlessly passes though users to their Citrix session. Desktop Lock limits access to the
underlying local operating system to only Administrators so when a regular user logs on, instead
of seeing the local desktop, you’re presented with a virtual desktop. For everyone familiar with
Desktop Lock in the past, it has recently been updated to include support for Receiver 4.2 and
StoreFront.
It’s value is extremely important when the decision has been made to repurpose existing
hardware. Not only will repurposing existing hardware with Desktop Lock reduce costs, it will
improve the overall experience since end users are connecting from endpoints that more widely
support features such as multiple monitors, a must have in today’s office.
6
7. © 2015 Citrix
(Continued)
Another great option I’ve seen implemented at customers is Windows ThinPC. Windows ThinPC
is a barebones version of Windows that helps with the Windows licensing cost and provides
additional features that are best suited for locking down and repurposing existing hardware
ThinPC is available as a benefit of SA, and hence does not represent any additional cost for SA
customers.
One of the biggest selling points of ThinPC is the Enhanced Write Filter (EWF), a technology
that can prevent permanent changes from being made to the OS by the end user. This allows for
a locked down environment that the user can't mess up.
Let’s not forget other third party vendors that sell solutions to repurpose existing hardware.
7
8. © 2015 Citrix
A clearly defined strategy for deploying and upgrading Receiver on our endpoints is very
important to ensure a successful design.
The first step is getting Citrix Receiver, the application that provides access resources in the
hands of your users.
In SMBs, you need to do anything you can to reduce common issues that prevent users from
doing their work and calling the help desk unnecessarily.
E-Mail based discovery is an important feature that allows users to configure their devices
without having the memorize yet another URL. Users simply enter in their e-mail address and
Receiver will get the address of your StoreFront or NetScaler Gateway based on the DNS
configuration completed by administrators on the backend.
8
9. © 2015 Citrix
As we know, data is king when discussing any type of IT project. A major component of the data on virtual
desktops and application servers are a user’s settings which are stored in their Windows profile.
Traditionally a user’s profile sits on their local desktop, not allowing them to roam to other computers and
retain the same settings. In a virtualized environment, we must design with a modular approach,
decoupling applications, user settings, and data from the operating system. This allows us to provide a
consistent and reliable experience no matter what resource a user accesses.
To implement this modular design, there is Citrix Profile Management, a very robust Profile Solution, that
is bundled for free with XenApp & XenDesktop. Citrix Profile Management improves upon the standard
Windows Roaming profile solution from Microsoft that works great, but isn’t designed for the virtual world.
Using standard Roaming Profiles may lead to consistency issues when accessing resources on multiple
servers. For example, users may be simultaneously accessing Applications hosted on different XenApp
Servers. With conventional Roaming Profiles, the last write wins meaning that the XenApp session that
logs off last will have their data overwrite the profile data from the other XenApp session that logged off
just before.
Citrix Profile Management solves this last write wins issue in registry that occurs when using the same
profile on multiple servers. Rather than allowing the last write to win, Citrix Profile Management merges
the changes instead of copying back an entire registry DAT file over any previous registry DAT file at
each logoff. Thus different sessions being logged off will have their net changes written back to that
central registry DAT file.
Unlike third party solutions which require complex configurations and require additional infrastructure
components such as management servers and databases, Citrix Profile Management simply requires a
Windows fileshare. Citrix Profile management actually has an auto configuration feature that dynamically
detects what type of resource you are using such as a Pooled or Dedicated Desktop or an Application
server and adjusts its settings to the most optimized to that specific resource type. This greatly reduces
the learning curve, making it a great solution for SMBs that just want the product to work.
9
11. © 2015 Citrix
NetScaler Gateway is a hardened appliance that you locate in your DMZ so that you can secure
remote connections with SSL encryption. It comes in three different editions – VPX, MPX and
SDX. Now, the main difference between the models is the number of users that they can
support. For an SMB you only really need the VPX edition which is a virtual appliance available
for the three major hypervisors.
We even have a free version of NetScaler called VPX Express, which supports upto 5 Mbps of
SSL traffic. I think this is really generous; an average HDX user requires about 100 K so
NetSclaer Express will probably support 40 to 45 HDX users.
A really nice thing about NetScaler Gateway is that you don’t need to worry about VPN software
on the endpoint devices. Which is extremely difficult to do if you’re dealing with a lot of different
endpoints running things like iOS, Android, Mac OS and Windows.
11
12. © 2015 Citrix
Although Citrix products are secure by design, let’s face it, the main problem is weak passwords,
password phishing and password theft.
Dual-factor authentication is one solution to this problem. For those of you that don’t know, dual
factor authentication requires something that you know, a password, and something that you
have in your possession, typically a hardware or software token. Without both forms of
authentication you cannot logon.
Unfortunately, I’ve seen many SMBs not implement 2FA because they find it too expensive.
This is why I want to tell you about a third-party product called SMS2. It’s an open standards
product that enables two-factor authentication for any RADIUS compliant solution including Citrix
NetScaler Gateway. It supports software tokens, hardware tokens and SMS. And best of all, it’s
free of charge.
12
13. © 2015 Citrix13
It’s drilled into us very early on in our IT careers that there should never ever be single points of
failure. However, SMBs and Enterprises have very different priorities and there are many good
reasons why an SMB might not want high availability for every component including cost,
complexity and limited impact to the business from failure.
The important thing is that you are aware of the single points of failure and make an informed
decision on what to do about them. And you may choose to do nothing.
14. © 2015 Citrix14
Throughout this presentation we’ll take a look at the high availability and scalability requirements
for the key infrastructure roles. The first infrastructure component that we’ll take a look at is Citrix
NetScaler Gateway.
If you need the NetScaler Gateway to be highly available you should deploy a high availability
pair. One NetScaler will be active and one will be passive, waiting to accept connections if the
active NetScaler fails for any reason.
The limiting factor on the NetScaler is going to be SSL throughput. The VPX comes in three
different models that range from 10Mbps to 3000 Mbps. The VPX 3000 should support around
1500 concurrent users depending on what they are doing and that should be more than enough
for a SMB. Remember, you only need to size for the concurrent number of remote users and not
the total.
15. © 2015 Citrix15
Citrix StoreFront is a web application that authenticates users and shows them the resources
they can access. Without a StoreFront Server users will be unable to access any new resources.
To make StoreFront highly available, deploy two servers and load balance incoming web traffic
across both.
If you don’t have an existing load balancer I recommend that you use NetScaler VPX Express. It
has enough capacity to load balance StoreFront traffic for an SMB and it’s free.
StoreFront has fantastic scalability and a low spec StoreFront Server can support up to 20K user
connections within 15 minutes.
17. © 2015 Citrix
As we move into the Resource Layer for the solution, we are looking at the differences between
desktop and session virtualization.
It’s been a constant debate which option, Desktop or Session virtualization is the most efficient
and cost effective solution. I could just say “It Depends” as I normally do being a Consultant, but
that is truly the case here.
With Desktop Virtualization each resource (desktop) is assigned to 1 user. Session Virtualization
allows many users going to a access single resource. These users share the same operating
system, same application, same instance. The difference is that the boundary between users is
within the CPU and within memory. Users only see their own session.
As you can imagine, this type of a solution is much more scalable. When working with SMBs,
Session Virtualization is the most common deployment option because of the scalability it
provides.
While this is the case, it may a harder transition for administrators used to the conventional
desktop model. Not all applications work properly with Session Virtualization.
Let’s take a closer look at the differences of each of the Resource options.
17
18. © 2015 Citrix
As you can see from all the options available, virtualizing resources with Citrix is a strategic decision.
On the lower end of the cost spectrum, there is RemotePC which allows existing PCs to be accessed
securely using the more efficient Citrix HDX protocol. RemotePC really is a great introduction to
As we go up the scale in terms of cost and flexibility, there are Hosted Apps and Hosted Shared
Desktops that use Windows Server to allow many users shared a single server instance.
In the middle there is Pooled VDI which provides a desktop OS that gets reset to a pristine state for each
session.
On the upper end, there are the most flexible and also the most expensive resources: Dedicated and
Pooled VDI. Personal VDI delivers a pooled desktop image, but allows the user’s changes persist
between sessions. This allows for the best of world worlds.
Dedicated VDI is a dedicated desktop VM for each user that is managed much like a conventional
desktop, although all the data is stored security in the datacenter.
So, remember that choosing the right type of resource should be a people-driven, use-case centric
decision. It begins with looking at your users and their requirements to determine which type of resource
meets their needs. The most important thing to remember is that One-size does not fit all.
18
19. © 2015 Citrix
(Continued)
As a consultant that has worked with many customers throughout the world, I’ve rarely do we see a
customer just implement a pure VDI model. It’s almost always a mix of VDI and Hosted Apps. This
mixture allows for even greater flexibility since the VDI images deployed don’t have to include the
applications for every department. Rather, the desktop images they just include the essential applications
that are used by everyone while the core applications for each business unit and delivered via XenApp.
In Citrix Consulting, we often use the 80/20 rule when discussing the average Citrix deployment where 80
perfect of the resources are XenApp Hosted Shared Desktops or Apps and the rest are a flavor of VDI.
It’s pretty common occurrence for the wrong Resource Type to be chosen . I've been to customer that are
dead set on deployment Pooled Desktops so that they can virtualize a single application. That doesn’t
really hold up right since they didn’t have plans to migrate to a fully virtualized,. Rather XenApp was
really their fit.
On the other hand, I’ve also worked with customers that wanted the scalability that XenApp provides, but
they were when they really were best suited for Dedicated or Personal VDI due to the nature of their
applications.
The key message is that you have to understand your use case, which usually means applications To get
your user community to embrace this solution, they have got to have the right kind of virtual desktop to
meet their needs.
You need at the type of desktops as they relate to user flexibility and well as IT costs and management.
19
21. © 2015 Citrix
Although bandwidth is far more abundant than it was even a few years ago, WAN connections
continue to be expensive and applications continue to become more graphically intense and
more animated.
Based on testing from Citrix Consulting, we are able to provide recommendations for
XenDesktop that will significantly reduce your bandwidth requirements.
Bandwidth can be reduced by removing Windows Visual Effects and optimizing Citrix policies for
the WAN.
Server scalability can be increased by disabling services and scheduled tasks on Windows
Server and Desktop operating systems.
All the recommended optimized configurations can be found in the Citrix Optimization Guide at
CTX140375.
21
23. © 2015 Citrix23
Delivery Controllers are responsible for brokering employees with their resources based on
authorization and availability. If there are no Controllers available users will be unable to access
any new resources.
For HA, simply add a second Delivery Controller to the site. Don’t use Citrix NetScaler to load
balance the VDAs across Delivery Controllers – it won’t work because the VDAs use Service
Principal Names and Kerberos. The Virtual Desktop Agents will be automatically load balanced
between Controllers.
The XML service on the Controllers is used by StoreFront for enumeration. Use your NetScaler
to load balance the XML service on the brokers because it has more advanced health checks
that the load balancing built into StoreFront.
A Controller with 2vCPUs and 4GB of RAM can support about 3K XenApp launches and 5K
XenDesktop launches every 15 minutes.
24. © 2015 Citrix24
XenApp and XenDesktop use the database server to store configuration settings, auditing logs,
monitoring data and dynamic runtime information.
Following the move from IMA to FMA architecture we used to recommend that every customer
had a highly available SQL Server, but now we have Connection Leasing that recommendation
has changed.
If the database server fails, Connection Leasing kicks in. Details of user connections within the
last two weeks are stored in XML files on the Controllers. Without access to the database the
Controllers will query the XML files and allow users to connect to resources they accessed within
the last two weeks.
The problem with Connection Leasing is that it doesn’t work with Pooled VDI desktops. Most
SMBs will use Hosted Shared Desktops rather than Pooled VDI but if you do end up with Pooled
VDI Desktops you should implement a SQL HA solution such as Mirroring or AlwaysOn
A SQL Server with 2vCPUs and 4GB of RAM can support approximately 15K user launches
within a 15-minute period.
25. © 2015 Citrix25
The Citrix License Server tracks the number of Citrix licenses in use.
If the Citrix License Server fails there is a 30-day grace period. That’s more that enough time to
bring a replacement online. There really isn’t a need to implement a high availability license
server, especially for the SMB.
The License Server is really scalable and can support a combination of about 153K checkins
and checkouts every 15 minutes.
26. © 2015 Citrix
When deploying XenApp or XenDesktop we have a great opportunity to implement an image
management solution to improve consistency across the business, simplify image updates and
even improve performance.
The basic principal is that we create a master image, which is used by many machines. If you
make a change to the master image it’s automatically made to all the machines that are based
on it. Citrix provide two image management solutions – Machine Creation Services and
Provisioning Services.
26
27. © 2015 Citrix27
So the old debate, should we use MCS or PVS. Lets compare them.
They both scale to many thousands of VMs. More than we will ever need for a SMB
PVS can be used to manage physical machines while MCS can’t. That’s pretty cool but the vast
majority of businesses now virtualize XenApp and XenDesktop resources.
MCS is a lot simpler than PVS because you don’t need to learn about TFTP, BOOTP, DHCP
options 66 and 67, PXE and BDM.
Another main difference is that PVS needs two or more additional servers while MCS doesn’t
need any.
Where does this leave us?
28. © 2015 Citrix28
I typically recommend MCS for small businesses because it’s simple, fast to setup and doesn’t
require any additional infrastructure.
If you have a couple of thousand VMs, or you have a lot of VDI machines I typically recommend
PVS. That’s when the advanced IOPS caching and image management functionality in PVS
really pay off.
There is really no right or wrong answer though. They are both great technologies.
29. © 2015 Citrix
There is quite a lot to think about with the Control Layer and I want to spend some time talking
about Citrix Workspace Cloud and how it is a complete game changer.
CWC takes the traditional deployment model that we have been discussing and completely
transforms it by moving the Control Layer and some of the Access Layer to the Cloud.
29
30. © 2015 Citrix
The infrastructure components that we’ve been discussing – StoreFront Servers, Delivery
Controllers, Database Servers and License Server are all moved to the Citrix Workspace Cloud
Platform. Citrix is now responsible for the high availability, scalability and security of these
components and not the business. This makes it faster and a whole lot easier to design XenApp
and XenDesktop deployments.
30
32. © 2015 Citrix
One of the most important decisions in a design is choosing the Hypervisor that will host all our
your resources. Unlike other vendors that lock you into a closed platform, Citrix supports all
major hypervisors, vSphere, Hyper-V, and of course XenServer.
With one of the major points of this presentation being efficiently and cost, XenServer really is
the perfect solution since it’s included for free with XenApp & XenDesktop Enterprise & Platinum
Editions.
Now just being packaged together with XenApp & XenDesktop shouldn’t be the sole reason you
should implement XenServer. The improvements in XenServer 6.5 SP1, the latest release are
pretty amazing. Through enhancements in the storage subsystem, XenServer 6.5 delivers a
40% increase in Login VSImax in tests conducted by Citrix. This is a huge gain in scalability
along with the overall increase in the performance of virtual machines.
Another great reason to choose XenServer is Read-Caching for desktops or application servers
deployed with MCS. This feature included in the Platinum Edition of XA/XD means is that rather
than hitting the disk to read data for Pooled Desktops or Application servers, the images are
cached into extremely fast memory. This provides a huge performance boost and best of all, it
just works seamlessly.
I don’t know about everyone here, but while other vendors Hypervisor management servers are
powerful, they can be complex to implement and manage, One of the things I always loved
about XenServer is that it doesn’t require a complex infrastructure and is seamless to manage
using the XenCenter console. If you want workload balancing, there is a Virtual Appliance you
have to run, but it’s pretty simple and self contained.
32
33. © 2015 Citrix33
It’s a common myth that Shared Storage is required to fast, scalable, and highly available
solution.
34. © 2015 Citrix
When designing a Citrix solution, the type of storage chosen has a big impact to the overall architecture
and cost of the solution.
First, let’s talk about Local Storage…
There are pros and cons to both Local & Shared storage, but if you are deploying pooled desktops or
application servers, using Local Storage is the best option for a low-cost efficient design.
Since pooled instances of desktops or application servers store no persistent data, the loss of data is
inconsequential.
Redundancy with local storage is achieved by using RAID and allocating enough capacity so that if a
single server fails, there will be enough servers to take over the load burden. The complexity of
configuring a Shared Storage solution is much higher than configuring a RAID controller on each server.
When using Local Storage, each physical server is a self contained unit allowing for the load to be
distributed between all the servers in the deployment. This allows us for scale horizontally by adding
additional servers to increase capacity.
Shared Storage definitely still has its place in XenDesktop deployments where dedicated desktops are
involved.
We also want to use shared storage to host user data and profiles.
If you can’t afford to have users reconnect to a different application server if one were to fail, we’d want to
use shared storage to allow a seamless failover to another server.
Shared Storage is more of a monolithic design rather the distributed model of local storage. Sure, Shared
Storage breaks drives into LUNs, but the local storage model does the same and allows the drives to sit
closer to the server at a far lower cost.
34
35. © 2015 Citrix
Now that we’ve gone through many of the different design options, lets sum it all up in a high-
level reference design that meets the needs of around 80% of our SMB customers. This
reference design provides some level of high availability at a reduced cost while still providing
the ability to scale in the future.
First, we start off with having Host 1 & 2 that comprise both the Control and Resource Layers.
We provide high availability by locating an instance of each Citrix infrastructure component such
as the Delivery Controller & StoreFront on Hosts 1+2. Since hosting just the Citrix Control Layer
components on a physical server would be inefficient, we also host the part of Resource Layer
on the same server. Our Resource Layer is comprised of Application Servers that are deployed
using Machine Creation Services for single image management.
While we have redundant virtual machines for the Citrix Control Layer components, we opted to
use SQL Express and forgo SQL High availability due to the cost and complexity involved with
having a highly available SQL server. Thanks to the addition of Connection Leasing, the modern
day equivalent of the Local host Cache, we are able to have a fairly functioning environment
until access to SQL can be restored.
35
36. © 2015 Citrix
For those of you who want to take all the guess work out of the design and want a prepackaged
solution, you’re in luck.
Citrix has worked with some of our most popular partner such as Dell and Cisco to develop
offerings that are specifically targeted to the SMB. These solutions are meant to be easy, self
contained, and most importantly cost effective.
The Dell solution for example has a price of less than 600/user. That includes the cost of
everything though. infrastructure, Citrix SW licenses, Msft Licensing (SQL, SCCM, Hyper-V) and
3yr Support and Maintenance
36
37. © 2015 Citrix
So we’ve presented a lot of information, but here are the five key points should you take away
when beginning to design and implement your Citrix Solution.
37