How to fail or succeed with desktop virtualization and workspace mobility

3,946 views

Published on

Published in: Technology

How to fail or succeed with desktop virtualization and workspace mobility

  1. 1. How To Fail Or Succeed With Desktop Virtualization & Workplace Mobility Introduction Denis Gundarev @fdwl, Entisys Solutions
  2. 2. Denis Gundarev C:>whoami /all USER INFORMATION ---------------User Name Twitter E-Mail ============== ============ ================== ENTISYSdenisg @fdwl DenisG@entisys.com GROUP INFORMATION ----------------Group Name Type SID ====================================== ================ ================= BUILTINGeeks Mandatory group COMMUNITYBay Area Citrix User Group Well-known group S-1-5-32-544 S-1-5-32-540 CITRIXTechnology Professional Well-known group S-1-5-32-548 COMPTIACloud Subject Matter Expert Well-known group S-1-5-32-344 TRAINERMicrosoft Certified Trainer Well-known group S-1-5-32-595 TRAINERCitrix Certified Instructor Well-known group S-1-5-32-145
  3. 3. My Background Customer 19% Vendor 6% 56% Independent 19% Partner
  4. 4. Who are you? • Consultant? Decision maker? Vendor? Developer? • How many years you are in Desktop Virtualization?
  5. 5. Agenda 9:00 AM 9:15 AM 10:05 AM 10:30 AM 10:45 AM 11:10 AM 12:00 PM 1:00 PM 1:45 PM 2:20 PM 3:00 PM 3:15 PM 3:45 PM 4:15 PM 9:15 AM Introduction 10:05 AM Evolution of server-based computing. Where did VDI come from? 10:30 AM Desktop Virtualization & Workplace Mobility: state of the union. 10:45 AM Break 11:10 AM Desktop Virtualization & Workplace Mobility: state of the union. 12:00 PM Desktop virtualization internals: Protocols, layering and isolation 1:00 PM Lunch 1:45 PM Application virtualization and user profiles, how does it work? 2:20 PM What happens when techonology meets marketing? Technical and business barriers in adopting Desktop Virtualization & Workplace Mobility 3:00 PM solutions. 3:15 PM Break 3:45 PM Effects of underestimating or overcommitting hardware, storage and network resources. Samsung sponsored Q&A panel session on zero client technology with Samsung's Sr. 4:15 PM Product Manager Greg Spence and special panel guest David Unangst of Teradici 4:30 PM Conclusions and Recommendations
  6. 6. This Workshop Is Not About… • Server virtualization • But we will cover this important topic • Managing your cell phone and iPad • You can be mobile even at your desk. • How to reduce Capex and/or Opex • Best way to save money is to stop spending them on useless stuff • Check “How to lie with cost models” article by Brian Madden http://bit.ly/TCOLie • How to deploy and manage specific products • RTFM • But expect to hear tips and tricks from the real life
  7. 7. But At The End You Will Know… • • • • • • • What is Desktop Virtualization How stuff works Market landscape Technology vs. marketing slogans. Why projects are failing Which pieces are most important in a proper sizing How Desktop Virtualization can help you even if you don’t need it • How to fix your applications and finally get rid of Windows XP
  8. 8. Disclaimer • • • • • I love Desktop Virtualization I will try to not scare you of DV Vendor neutral Not a DV propaganda My opinions are my own. I do not represent my company or anyone else in this presentation
  9. 9. Basics • Desktop Virtualization • Separates the computing platform (OS) from the client device (with exceptions) • One of the enablers of Workspace Mobility • There is no universal solution, but many choices • May be complemented by other types of the virtualization
  10. 10. STAY CONNECTED • • • • • • #Interop j.mp/DeskVirt @fdwl j.mp/fdwl denisg@entisys.com www.entisys.com
  11. 11. How To Fail Or Succeed With Desktop Virtualization & Workplace Mobility Evolution of Server-Based Computing. Where Did VDI Come From? Denis Gundarev @fdwl, Entisys Solutions
  12. 12. History of Desktop Virtualization
  13. 13. 1975 • Microsoft was founded in Albuquerque • dnd, the first video game that includes a boss was released
  14. 14. 1989 • Citrus Systems was founded by frustrated IBMers • Prince of Persia was released
  15. 15. 90’s 1991 – Citrix ships MULTIUSER for OS/2 1992 – Microsoft releases Windows 3.1 and not very interested in equipping its high-end operating system with multiple-user features like UNIX. 1992 – Citrix signed licensing agreement with Microsoft for Windows NT Server 1993 – WinView for Networks shipped 1994 – TCP/IP support was added to Citrix WinView
  16. 16. 90’s 1996 – Anatoliy Panasyuk of Datapac (Australia) playing with Transparent Windows Interface Seamless Windows – Implemented in MetaFrame 3 years later 1997 – pcANYWHERE for Windows 3.1 was released 1997 – First version of Virtual PC for Macintosh platform was released by Connectix 1998 – Windows NT 4.0 Server, Terminal Server Edition (code name ―Hydra‖)
  17. 17. 1998 • VMware founded in Palo Alto, California • Valve released Half-Life
  18. 18. 2000’s 2000 – Windows 2000 (with terminal services built-in) 2001 (June) – Virtual PC for Windows was released 2001 (July) – VMware ESX 1.0 (Elastic Sky X) and VMware GSX 1.0 (Ground Storm X) released 2002 – NT 4 TSE Security Roll-Up Package is available 2003 – First release of open-source Xen 2003 – Microsoft acquired Connectix 2003 – EMC acquired VMware
  19. 19. Acquisitions 2003 – Connectix, PlaceWare 2006 – Softricity, AssetMetrix, AlohaBob PC relocator 2008 – Calista, Kidaro 2012 - PhoneFactor 2003 – Expertcity (GoTo) 2004 – Net6 2005 – NetScaler 2006 – Reflectant, Ardence 2007 – XenSource, 2008 – AuremasepagoProfile 2011 – Kaviza, RingCube, ShareFile, App-DNA, Virtual Computer, Zenprise 2007 – Propero Software 2008 – Tungsten Graphics, Thinstall 2010 – RTO Software 2011 – NeoAccel (SSLVPN Plus) 2012 – Nicira, Wanova 2013 – Virsto
  20. 20. VDI Timeline 2006-2009 June May October Desktop Broker for Citrix Presentation Server 2006 Microsoft general manager for virtualization strategy "surprised" that IT are so eager to virtualize their desktops (http://bit.ly/MSSur prised) Windows Server2008 R2 vith live migration, RD Virtualization RemoteFX May XenDesktop 2.0 February VDM 2.0 November December View 3.0 XenDesktop 4 2009 2008 2007 November April February September February November VMware demoing VDI connection Broker VMware VDI Alliance Desktop Server 1.0 Windows 2008 with Hyper-V and RemoteApp XenDesktop 2.1 XenDesktop 3.0 View 4.0 No VDI June VDM 2.1 May XenDesktop 3.0 FP 1
  21. 21. VDI Timeline 2010-2013 September July March XenDeskto p 4 SP1 March XenDesktop 4 FP1 XenDesktop 5.6 December September XenDesktop 5 View 5.0 2010 June September Windows Server 2012/Windows 8 Major Hyper-V updates, Client Hyper-V, User personalization Windows Server 2012 R2/Windows 8.1 Hyper-V updates, RemoteFX updates XenDesktop 5.6 FP1 2013 2012 2011 February August View 4.6 August March June XenDesktop 5.5 XenClient became a part of XenDesktop View 5.2 XenDesktop 7 May September View 4.5 View 5.1
  22. 22. History in short • Citrix turned Windows in to a multi-user operating system and became a leader in Server Based Computing in Windows world • VMware became a leader in server virtualization • In 2005-2006 term VDI was introduced, which may be considered as a hybrid of SBC and server virtualization • Both Citrix and VMWare was playing like kids in 1st grade, but became older • Microsoft is slow in adopting new ideas, in fact there is no releases between operating system releases
  23. 23. Trends • • • • • • Migrating old workstations to the datacenter Using blade PCs Moving to cheaper thin clients VDI started as an alternative to terminal services Users became mobile Lack of technical benefits of VDI was compensated by a ―lower TCO‖ speech • VDI supposed to make OS migration easier
  24. 24. VDI Expectations Source: Gartner’s Chris Wolf (http://bit.ly/VDITrends)
  25. 25. VDI Adoption Source: Gartner’s Chris Wolf (http://bit.ly/VDITrends)
  26. 26. VDI Adoption Source : Forrester (http://bit.ly/VDIForrester)
  27. 27. VDI Adoption • According to Simon Bramfitt from Entelechy Associates, 55% of the companies have VDI in test environments (http://bit.ly/VDIinTest) • In report prepared by Jeroen van de Kamp and Ruben Spruijt from Project Virtual Reality Check, The majority of people (31,91%) is using VDI in pre-production, or early production (34,92%). (http://bit.ly/VDI2013) • By 2016 30% of large organizations will have deployed HVDs to 20% of their users (Gartner http://bit.ly/VDIvsPC ) • Many customers don’t realize that they actually use desktop virtualization for years.
  28. 28. How Market Keep Desktop Virtualization On the Top Of the Hype? • Desktop-as-a-Service is here to help • • Hundreds of cloud service providers Special licensing from vendors • VDI vendors turn to virtual desktops • • • • Wanova Virtual Computer RTO Software Application virtualization vendors
  29. 29. Competition “ VDI vendors are not competing against each other. They’re competing against the status quo. They’re competing against those pallets full of Dells that you’ve been buying for the past twenty years Brian Madden, ―The VDI Delusion‖ http://bit.ly/VDIDelusion ”
  30. 30. Summary • VDI is not new • VDI started as an initiative of converting physical desktops into a VM • In the beginning of 2009, Gartner said that Hosted Virtual Desktop market will surpass $65 Billion in 2013 and have 49 million users (http://bit.ly/GartnerVDI) • All vendors made a lot of acquisitions to make their products look more competitive
  31. 31. How To Fail Or Succeed With Desktop Virtualization & Workplace Mobility Desktop Virtualization & Workplace Mobility: State of the Union Denis Gundarev @fdwl, Entisys Solutions
  32. 32. Desktop Virtualization Vendors
  33. 33. Desktop Virtualization Vendors
  34. 34. Desktop Virtualization Vendors
  35. 35. Microsoft Remote Desktop Virtualization Host Server Manager Remote Desktop Web Access Remote Desktop Connection Broker SQL Database Virtual Desktop Collection Remote Desktop Session Host Remote Desktop Gateway Remote Desktop Licensing Session Collection
  36. 36. Kahuna Burger Platinum Suite
  37. 37. XenDesktop Platinum/Horizon Suite components Personal vDisk Universal Print Server Provisioning Services 7 AppDNA XenClient XenServer CloudBridge Merchandising Server Profile Management XenApp Single sign-on Smart Auditor Horizon Workspace VMware Workstation VMware ThinApp Horizon Mirage VMware Fusion Horizon View VMware ESXi VMware vCenter Server VMware vCloud Networking and Security VMware Persona Management VMware View Connection Server VMware View Composer
  38. 38. Smaller desktop virtualization vendors • • • • • • • • HTML5 Remote protocol accelerators RDP Transcoding Consumer-focused solutions Competitive pricing SaaS & Cloud Linux Brokering
  39. 39. Network optimization and management • • • • • • WAN optimization SSL VPN Network virtualization Isolation Storage replication Traffic parsing
  40. 40. MDM/MAM • • • • • • • • New to the market Sandboxing Integration with cloud storage BYOD Providing APIs to third-party SaaS Expanding to laptops On-premises solutions
  41. 41. Storage • • • • • • RAM/SSD cache Use of local storage Storage tiers Smart deduplication Software-only solutions Combining storage and server in one box
  42. 42. Application deployment and virtualization • • • • Reducing IOPS Simplification Repackaging Consumerization
  43. 43. Security • • • • Offload antivirus to a separate VM Micro-hypervisor Device-less two-factor authentication DLP
  44. 44. Thin Clients • • • • • • • • ―Zero‖ clients One protocol only Hardware decoding Reducing cost Alternative brokers HDMI Sticks Tablets Android
  45. 45. Print management • Cloud printing • Mobile device support
  46. 46. User profile management • Profile conversion • Policy controls
  47. 47. Monitoring And Analytics • • • • Analysis of VDI migration VDI-oriented reporting Pricing models and chargeback Monitoring from cloud
  48. 48. Offline VDI • Type 2 has more chances • Security • Desktop Player for Mac
  49. 49. Others • Virtual GPU and GPU sharing • nvidia GRID • Nested virtualization
  50. 50. User Population • • • • • Task/Shift worker Knowledge worker Mobile worker High-performance worker Guest users
  51. 51. Use cases • • • • • • • • • Remote Access Quick provisioning Off Shore development Security Consumerization/Bring Your Own Device (BYOD) Centralized Management Compliance Disaster Recovery Acquisitions
  52. 52. Vendor’s positions 70 60 50 40 30 20 10 0 Hypervisor Broker Vmware Microsoft Citrix Other Source: Project Virtual Reality Check (http://bit.ly/VDI2013)
  53. 53. State of the VDI and SBC union 2013, Whitepaper from Project Virtual Reality Check • • • • • • • • • • • • • • • • Hypervisor infrastructure used in VDI and SBC WAN optimization used in VDI and SBC Unified Communications used in VDI and SBC Performance testing executed in VDI and SBC VDI Stateless - stateful virtual desktop VDI and hypervisors VDI and connection brokers VDI and server configurations VDI and antivirus VDI and Remote Display Protocol, hardware encoding VDI and desktop image deployment VDI and User Environment Management VDI and client management VDI and guest OS configurations VDI and application virtualization VDI Applications, Windows and web-based • • • • • • • • • • • • • • • • • VDI and storage Server Based Computing (SBC) results SBC Phase, usage, regions SBC User types and goals SBC and connection brokers SBC and server configurations SBC and antivirus SBC and Operating System SBC and User Environment Management SBC Applications, Windows and web-based SBC and storage SBC and image deployment Comparing VDI and SBC results VDI versus SBC Hypervisor, server workload VDI versus SBC WAN optimization VDI versus SBC Unified Communications VDI versus SBC Performance testing • http://bit.ly/VDI2013
  54. 54. How To Fail Or Succeed With Desktop Virtualization & Workplace Mobility Desktop Virtualization Internals: Protocols, Layering and Isolation Denis Gundarev @fdwl, Entisys Solutions
  55. 55. VMware
  56. 56. Citrix
  57. 57. Microsoft Remote Desktop Virtualization Host Server Manager Remote Desktop Web Access Remote Desktop Connection Broker SQL Database Virtual Desktop Collection Remote Desktop Session Host Remote Desktop Gateway Remote Desktop Licensing Session Collection
  58. 58. Core Components Remote Access Protocol Remote Access Protocol
  59. 59. Core Components - Protocols Remote Access Protocol
  60. 60. Remote Protocols Microsoft RemoteFX •Formerly known as RDP •Adaptive Graphics (2012) •Multi-Touch •vGPU and GPU sharing •Windows clients only •Features tied to Windows version •No OpenGL Citrix HDX • Formerly known as ICA • Broad client support • HDX 3D Pro • Flash and Multimedia Redirection • OpenGL / DirectX support • Feature set is different for different clients Teradici PCoIP • UDP-only • Offload cards are available • vSGA (NVIDIA GRID) • Limited QoS support • Has a new competitor – HTML5 blast
  61. 61. Protocol comparison Phase 1: RDP7 vs RemoteFX v1 vs HDX vs HDX 3D Pro vs PCoIP vs Quest EOP vs Ericom Blaze vs HP RGS (May 2011) Phase 2: HDX 5.0 vs HDX 5.5 vs PCoIP 4.6 vs PCoIP 5.0 (October 2011) Phase 3: Mobile Devices on 3G and 4G, and evaluating RemoteFX v2 Beta (May 2012) Phase 4: RDP 7.1 vs RDP 8 vs RemoteFX and Citrix XenDesktop 5.6 FP1 HDX (February 2013) Phase 5: NVIDIA GRID K2 accelerated 3D graphics HDX 3D Pro, VMware PCoIP vSGA and Microsoft RemoteFX vGPU (May 2013) Phase 6: NVIDIA GRID K2 + K5000, Citrix XenDesktop 7 HDX and HDX 3D Pro, Microsoft RDP 7.1 and RDP 8, and VMware View 5.2 vSGA (July/August 2013) http://bit.ly/VDIProtocols Shawn Bass @shawnbass shawnbass.com Benny Tritsch @drtritsch drtritsch.com
  62. 62. WAN Emulation – The Test Setup Epiphan DVI2USB USB One-on-one connection DVI/ HDMI Apposite Linktropy Mini2 PC with Epiphan recording SW Client Shared environment Host
  63. 63. Test Applications – 2D Graphics 1 2 GDI: Microsoft WordPad + RTF file (2.5 MB) GDI: Adobe Acrobat Reader 9.34 + PDF file (2.5 MB)
  64. 64. Test Applications – Videos & Animation 3 5 Video: Media Player 12.0 + WMV file (Halo, 33 MB) 6 15 Video: Quicktime Player 7.68 + MOV file (Meat Balls, 33 MB) 7 Flash: Flash Player 10 + Intel VT Demo HD Flash: Flash Player 10 + Flash Video Factory HD Video: Media Player 12.0 + WMV file (Speed 720, 101 MB) 9 Silverlight: Silverlight Photo Gallery
  65. 65. Test Applications – 3D Graphics 8 20 WPF: MeediOS 22 DirectX 9: Rollercoaster by Emil Persson, aka Humus 21 OpenGL (SW): eDrawings SolidWorks Seascooter 23 OpenGL (HW): Cloth by Emil Persson, aka Humus 24 DirectX 9: Google Earth DirectX 10: Custom Resolve by Emil Persson, aka Humus
  66. 66. Test Applications – User Experience 10 11 Flash: Whack-A-Mole HTML5: Fishbowl
  67. 67. Video Recordings Post-Processing Raw AVI video Full resolution, 60fps max. ffdshow MS MPEG4 v2 One pass - quality, 99% WMV Video 4-Up Split Screen 512 x 384 Silverlight Player VC-1 Advanced by J. Gorzas, Sense GmbH Fixed bitrate 1045 Kbps Microsoft Expression Encoder SPHtmlGenerator
  68. 68. Network Emulation Settings Description Bandwidth Latency Packet Loss LAN 100Mb/s 0ms 0% Within continent, slow 500Kb/s 50ms 0.01% Within continent, medium 2Mb/s 50ms 0.01% Within continent, medium, Cl 2Mb/s oud 50ms 2% Within continent, fast 8Mb/s 50ms 0.01% Across continents, medium 2Mb/s 200ms 0.01% Across continents, fast 8Mb/s 200ms 0.01% Across continents, very fast, Cloud 12Mb/s 300ms 1%
  69. 69. Core Components
  70. 70. Core Components –Virtualization and Layers
  71. 71. Core Components –Virtualization and Layers
  72. 72. Core Components –Virtualization and Layers User Data Applications Operating System Hardware
  73. 73. Operating System Layers User Data Applications Operating System Hardware
  74. 74. Operating System Layers User Files User Settings User Apps Corporate Apps Applications Operating System Hardware
  75. 75. What Is Layering? • Way to define a container that contains relevant registry keys and files • Not possible on a block level • Application deployment ≠ application layering • OS deployment ≠ OS layering
  76. 76. Why Layering Is Good? • Manage each layer separately • User data stored separately, making backup easy • OS and App layers can be generalized and shared between instances • Rollback each layer independently • Great for non-persistent deployments
  77. 77. Layers In A Real Life • • • • • • Difficult to separate User Data from User Settings Per-app user settings are merged in a user profile Layering adding a performance overhead Number of golden images grow Complexity Say good bye to your desktop management experience
  78. 78. Pros of persistent desktops One-to-one Your helpdesk know what to do Performance Familiar management tools Users get what they expect SCCM, Altiri s, Ghost, La nDesk Users store their files in weird locations
  79. 79. Cons of persistent desktops One-to-one Familiar management tools Users get what they expect Best way to make your storage vendor happy Each instance managed individually Users can ruin your environment
  80. 80. Pros of non-persistent desktops Less storage New ways to manage your images Locked-down desktops Share your golden image Ideally one golden image Just reboot for refresh
  81. 81. Cons of non-persistent desktops Less storage New ways to manage your images Locked-down desktops Harder to manage IOPS Old management tools doesn’t work App virtualization is required No personalization
  82. 82. Full clones Full Clones
  83. 83. Thin clones Clones Linked to the master Master
  84. 84. Non-persistent Thin clones Snapshot on start Clones Linked to the master Master
  85. 85. Thin clones with identity disks Virtual Machine Identity Clones Linked to the master, deleted after reboot Master
  86. 86. Thin clones with identity disks and per-user data disk Per-user virtual disk Virtual Machine Identity Clones Linked to the master, deleted after reboot Master
  87. 87. Solutions Non-persistent: – Citrix Provisioning Services – Citrix Machine Creation Services – VMware Linked Clones Persistent – Full clones – Citrix Personal vDisk
  88. 88. VMware Linked Clones The OS delta disk An optional disk for each user’s profile The base image The baseline for linkedclone desktops Full clone virtual machine linked clone OS disk Persistent disk Disposable disk parent virtual machine snapshot replica An optional disk for paging and temp files OS disk VMware View specific Persistent is more possible. Limited support for storage tiers linked clone desktop pool Persistent disk Disposable disk
  89. 89. Citrix Machine Creation Services 1 2 3 4 5 hypervisor Base ID ID ID ID ID DIFF DIFF DIFF DIFF DIFF storage
  90. 90. How To Fail Or Succeed With Desktop Virtualization & Workplace Mobility Application Virtualization and User Profiles, How Does it Work? Denis Gundarev @fdwl, Entisys Solutions
  91. 91. What is Application Virtualization? • Application is executed inside the sandbox isolated from operating system • Improves security (isolates insecurity) • Eliminate application conflicts Package Deliver Execute
  92. 92. Every time you disable UAC… Steve Ballmer kills a kitten Please, think of the kittens
  93. 93. Every time you: • Modifying ACLs on Program Files or HKLM • Making user a local admin • Just give users SeBackup, SeRestore, SeCreateGlobal and SeLoadDriver privileges, but keep them as standard users
  94. 94. Application Virtualization Example
  95. 95. Application Isolation Environments Was introduced in MetaFrame Presentation Server 4.0 (2005) Virtualization layer that redirects system resources Virtualizes: – File system – Registry – Named objects (events, semaphores, etc) Transparent to the application Was a great compatibility aid for: – Applications which are not multi user friendly – Applications which have problems coexisting on the same server – Applications that cannot have multiple instances running simultaneously
  96. 96. Isolation Environment Roots Specifies directories and registry locations User Profile Root – Changes made by the user reside here – Suitable for Multi-user incompatible applications Installation Root – Per Isolation environment location – Enables conflicting applications to coexist
  97. 97. Isolation Environment Rules • Three types of Rules: • Ignore • Redirect • Isolate
  98. 98. Isolation Environment: IGNORE Rule Used to create ―holes‖ in an isolation environment Virtual address is not modified by the virtualization system Used to allow access outside of the isolation environment
  99. 99. Isolation Environment: REDIRECT Rule Redirects an application request for a file or registry key to a specified location – If an application creates the file, c:tempdata.txt, regardless of the user, then it might be sensible to redirect those files to c:aietemp%USERNAME% – This means, if UserA ran the application isolated, then c:tempdata.txt is created in c:aietempUserAdata.txt
  100. 100. Isolation Environment: ISOLATE Rule Per User: – Ensure that each user gets his own copy of the requested resource Per Isolation Environment: – A single copy of the required system resource is created in the installation root location and shared by all users
  101. 101. Application Streaming Introduced in Citrix Presentation Server 4.5 (2007) Added delivery mechanism to AIE Had 6 major releases before being deprecated in 2013 Still available with XenApp 6.5 and XenDesktop 5.6 Completely removed in XenDesktop 7
  102. 102. Application Virtualization Internals
  103. 103. How it works Two main components of Application Virtualization: – Isolation/Redirection – Delivery mechanism Optional features: – – – – File type associations and OS integration Rights Management and usage tracking Packaging Shareable sandboxes
  104. 104. File I/O Redirection options API Hooking – at USER or Kernel Level • Hooking CreateFile, OpenFile, DeleteFile, NtCreateFile, NtOpenFile, NtDeleteFile etc • Hooking into System Service Descriptor Table (SSDT) File System Filter Driver or Mini-Filter – Write file system driver to redirect virtualized file requests.
  105. 105. Registry Redirection Options API Hooking at USER Level – Hooking advapi32.dll - RegCreateKeyEx, RegDeleteKeyEx etc – Hooking Ntdll.dll – NtCreateKey, NtDeleteKey etc API Hooking at Kernel Level – Hooking SSDT – NtCreateKey, NtDeleteKey etc
  106. 106. Application Virtualization Vendors
  107. 107. Application Virtualization Products Microsoft App-V VMware ThinApp CloudVolumes Symantec/Altiris SVS Spoon (Novell ZENworks) Numecent Jukebox FSLogix Sandboxie Microsoft Windows
  108. 108. Microsoft App-V Version 2.0 was released in 2002 by Softricity ~8 major and ~50 minor releases before App-V 5.0 App-V 5.0 is completely rewritten and released in 2012 Available as a part of MDOP under SA
  109. 109. App-V 5.0 Cons Requires SA User-level apps only Cannot virtualize drivers Cannot isolate applications that are a part of the OS
  110. 110. App-V Pros Tons of information on Internet Huge user community Integration with System Center Integration with XenDesktop Managed by PowerShell
  111. 111. VMware ThinApp Uses user-mode hooks Application packaging solution, just like PortableApps.com Emulates Windows COM and DCOM Supports Streaming Execution (SMB/CIFS) and Deployed Execution (i.e. USB) Does not support installed Apps No centralized management (for standalone product) End of availability (―EOA‖) of VMware ThinApp, effective on December 15, 2013. After that will be available only as a part of View or Horizon
  112. 112. CloudVolumes AppStack – basically a VHD or VMDK attached to a VM Web-based management console that communicates with hypervisor Full support for server software Available Now: VMware ESX 5.0, 5.1, Coming soon… HyperV, Azure, Amazon EC2
  113. 113. CloudVolumes
  114. 114. CloudVolumes
  115. 115. CloudVolumes pros Server software support No streaming or any other delivery mechanism Combination of file system minifilters and a service Text file-driven configuration Storage tiers on the hypervisor layer Per-machine or per-user assignments No packaging process
  116. 116. CloudVolumes cons Works with virtual workloads only Came out of stealth mode in 2013 Text file-driven configuration
  117. 117. Symantec/Altiris SVS Now called Symantec Workspace Virtualization Kernel-level hooks Umanaged computers support Application license management Best in class integration with OS
  118. 118. Spoon Formerly Xenocode Web portal for app access Desktop integration Works over HTTP/HTTPS License management Available as SaaS offering Server software support Auditing Support for installed applications Application snapshots
  119. 119. Numecent Jukebox HTTP-based streaming Encrypted cache Virtualized File System DRM and license control OPSWAT integration Kernel-level file system driver Web portal for user access Currently targeted for ISVs and MSP No publicly available demos or code
  120. 120. Numecent Jukebox Patents: • Software streaming system and method • Intelligent Network Streaming and Execution System for Conventionally Coded Applications • Rule-based application access management • Opportunistic block transmission with time constraints • Deriving component statistics for a stream enabled application
  121. 121. FSLogix AIE:Ressurection Came out of stealth mode about in July 2013 No streaming, no packaging Combination of file system minifilter and user-level hooks Support changes in a realtime Text-file based configs with a GUI editor
  122. 122. FSLogix
  123. 123. FSLogix
  124. 124. FSLogix
  125. 125. Sandboxie • Isolated sandboxes for applications • Virtualizes Files, Disk Devices, Registry Keys, Process and Thread objects, Driver objects, and objects used for Inter-process communication: Named Pipes and Mailbox Objects, Events, Mutexs (Mutants in NT speak), Semaphores, Sections and LPC Ports • Not designed for VDI • Not designed for Enterprise • Developed by one person
  126. 126. Microsoft Windows • UAC Virtualization is available out of the box • Application compatibility toolkit can be used to manage folder and registry redirection • No additional software needed
  127. 127. What Are Shims? Applied to specific apps – Configured with Compatibility Administrator in the App Compat Toolkit – Deployable to enterprise Changes what the app thinks it sees Does not change what app is allowed to do
  128. 128. What Are Shims Good For? Great for many kinds of bugs: – – – – – – Bad Windows version checks Writing to HKCR at runtime Unnecessary checks for ―am I admin?‖ Writing to WRP-protected keys and files Windows thinks your app is an installer File/Registry redirections
  129. 129. Version Lie Shims Win95VersionLie WinNT4SP5VersionLie Win98VersionLie Win2000VersionLie Win2000SP1VersionLie Win2000SP2VersionLie Win2000SP3VersionLie WinXPVersionLie WinXPSP1VersionLie WinXPSP2VersionLie Win2K3RTMVersionLie Win2K3SP1VersionLie VistaRTMVersionLie VistaSP1VersionLie VistaSP2VersionLie Win7RTMVersionLie
  130. 130. Most Used Shims VirtualRegistry – Fixes the problem with reading/writing registry value – AddRedirect ( HKLMKey ^ HKCUKey ^ HKLMKey2 ^ HKCUKey2) CorrectFilePaths – Fixes the problem with reading/writing a file – c:Program.ini= %AppData%Program.ini WRPRegDeleteKey – Lie when app tries to delete protected OS registry key ForceAdminAccess – Spoofs queries of administrator group membership VirtualizeDeleteFile – Spoofs deletion of global file LocalMappedObject – Forces global section objects into user’s namespace VirtualizeHKCRLite, VirtualizeRegisterTypeLib – Redirects global registration of COM objects
  131. 131. Conclusion There are many vendors on the market If you care about App compatibility, take a look at simple solutions Consider using SaaS-based services Check the Application Virtualization Smackdown from Ruben Spruijt – http://www.pqr.com – 61 pages cover major vendors on the market
  132. 132. Conclusion
  133. 133. How To Fail Or Succeed With Desktop Virtualization & Workplace Mobility What Happens When Technology Meets Marketing? Denis Gundarev @fdwl, Entisys Solutions
  134. 134. Security • • • • • Desktop Virtualization ≠ secure environment Non-persistent VM = disposable gloves for hacker Non-persistent VM ≠ Virus Protection SSL ≠ Secure connection Disabled clipboard+disabled drive mapping ≠ DLP
  135. 135. ― Horizon View offers ease of management along with a secure, robust architecture, and the ability to offer end users the freedom and choice they need to be productive. In comparing VDI and sessions, VDI offers the following advantages over sessions: • Eliminates application-compatibility issues • User or OS resets do not impact other users (sessions require resetting entire server) • Provides better native-application compatibility • Eliminates application-to-application conflicts in a multi-session Environment • Applications do not have to be written with TS or RDSH in mind (i.e., desktop applications are supported) ‖ Source: VMware (http://bit.ly/ViewVsRDS2012
  136. 136. Application compatibility • Most of the appcompat issues caused by migration to the new OS generation • Windows OS is stable • Windows Client is not much more stable than Windows Server • Applications that work on Windows 7 in 99% of cases will normally work on Windows Server • Virtualization is not a solution, it’s workaround
  137. 137. The Last Argument In Favor Of RDSH
  138. 138. The Last Argument In Favor Of VDI
  139. 139. • Use any desktop, optimized thin client, or BYO device • High definition user experience with HDX technology • • • The best HD experience, even in low-bandwidth or high-latency environments Real-time voice and video collaboration 3D professional graphics support
  140. 140. Source: http://support.citrix.com/article/CTX132038
  141. 141. Microsoft Virtualization Products A comprehensive set of virtualization products, from the data center to the desktop Assets – both virtual and physical – are managed from a single platform
  142. 142. • Monolithic hypervisor – Simpler than a modern kernel, but still complex – Contains its own drivers model VM 1 (“Admin”) VM 2 VM 3 • Microkernelized hypervisor – Simple partitioning functionality – Increase reliability and minimize TCB – No third-party code – Drivers run within guests VM 1 (“Parent”) Virt Stack Hypervisor Drivers Drivers Drivers VM 2 (“Child”) VM 3 (“Child”) Drivers Drivers Drivers Drivers Drivers Drivers Drivers Drivers Drivers Hypervisor Hardware Hardware VMware ESX Approach Hyper-V Approach Microkernelized Hypervisor has an inherently secure architecture with minimal attack surface 151
  143. 143. Side-by-side Feature and Cost Comparison 5 Virtualized Hosts (US$) $61,400 ―We saw that Hyper-V did everything we needed and was far more cost-effective than VMware, which costs about $6,300 per server more than Hyper-V.‖ —Nicholas Merton, IT Support, Maxol $21.4K Included $9.4K
  144. 144. Horizon Suite Versus The Competition Physical Desktop Management Virtual Desktops Multi-device Workspace Citrix 153 Confidential
  145. 145. Horizon Suite Components Versus Citrix Piece-meal Approach Horizon Suite Citrix CloudGateway, ShareFile, XenDesktop, Access Gateway Extensible and flexible platform Citrix purchases piece parts with a long road to integration 100% on premise file sharing solution in addition to offering a cloud solution ShareFile only offers data on premise. Application is still hosted by sharefile.com Desktop Layering, Migration, and Desktop Backup and Recovery None Tight integration and similar management experience as vSphere No specific integration with vSphere Android-dual persona None And best of all – It’s a suite! Citrix requires purchase of CloudGateway, XenDesktop, ShareFile, and Netscaler Access Gateway Horizon Suite is an integrated mobile workforce platform built by the leader in virtualization and cloud computing; built for today and for the future. Citrix offers non integrated tools purchased from various vendors without the future needs of end user computing in mind. 154 Confidential
  146. 146. Kahuna Burger Platinum Suite 155 Confidential
  147. 147. Thin/Zero clients • Aren’t cheap • Don’t forget about servers • Not a virus protection • You still running Windows in a VM • Maintenance is still required • New firmware/clients • 10 years lifetime • What’s wrong with your original iPhone? • Always a compromise • Thinner = less functional
  148. 148. Alternative to thin client • Windows Thin PC - based • • • For those who has SA, otherwise use your Windows Norscale Transformer ThinScale ThinKiosk • Linux-Based • • • Stratodesk NoTouch Desktop DevonIT VDI Blaster Thinstation
  149. 149. Bring Your Own Device
  150. 150. Users can work anywhere
  151. 151. How To Fail Or Succeed With Desktop Virtualization & Workplace Mobility Technical and Business Barriers in Adopting Desktop Virtualization & Workplace Mobility Solutions Denis Gundarev @fdwl, Entisys Solutions
  152. 152. Windows is not designed for your toys
  153. 153. New skillset is required Managing non-persistent images Application packaging Storage requirements are different Server virtualization skills is not your happy ticket
  154. 154. Microsoft Licensing Licensing Windows SA, VDA, and CSL Primary work device? No (regardless of ownership and location) Primary User of SA/VDA licensed device? Yes Corp owned? On Premises? No No Yes Yes No Yes x86/x64 PC (w/ Qualifying OS) Other (Thin Client, iOS, Windows RT) x86/x64 PC (w/ Qualifying OS) Windows RT (No License Required for VDI) Other (iOS, Android, etc) VDA CSL SA Any Device (Roaming Rights: No License Required)
  155. 155. Security concerns
  156. 156. Lack of proper testing 5 users from IT? 20 contractors? PoC kits
  157. 157. Sizing Using vendor-provided numbers Guessing Buying hardware first
  158. 158. Wrong Use Cases • • • • • • • Desktop virtualization is hot  Windows 7 migration Offline use Desktop refresh Security Reducing costs Access from iPad
  159. 159. Internal issues Server admins vs. desktop admins CXO vs. CXO ―I tried this 10 years ago, it didn’t work‖ ―My dealer said that Honda is better than Ford, I trust him‖ Users don’t want changes
  160. 160. Storage Files NTFS .VMDK/.VHD VMFS ZFS Disk
  161. 161. Shared vs Persistent Shared Local Server Failure Server Failure • Couple of sessions lost • Couple of sessions lost Storage Failure Storage failure • All sessions lost • Couple of sessions lost
  162. 162. Storage • • • • • Your file server will not work Use local storage Use specialized solutions Ignore ―maximum IOPS‖ from vendor Measure • • • IOmeter Remember about CIFS stores for profiles/apps Learn how it works • • • • ProjectVRC – www.projectvrc.com VDI + Storage = Deep Impact – http://bit.ly/fOUZ8i Jim Moyle Windows 7 IOPS - http://bit.ly/nvDLcr Shawn Bass XenApp IOPS - http://bit.ly/xFRw7d
  163. 163. Servers • Choose right form factor • • • N+? Will you use local storage? GPU/PCoIP offload
  164. 164. CPU/Memory • When moving user from 5-years old desktop to a VM, don’t make things even worse • • • 512Mb per VM is a wrong idea 10 VMs per core is a wrong idea Ballooning is a bad idea • Measure utilization first • Fix it before moving to VDI • Remember about antivirus
  165. 165. Network Remote Desktop should be responsive Rich Graphics/Audio consume bandwidth Use ―Smart‖ load balacers Test WAN optimization Plan gateways
  166. 166. Guide to Desktop Virtualization Phase 1 Buy Platinum edition Phase 2 Phase 3 ? Profit
  167. 167. Plan • • • • • • Identify goals Identify use cases Separate desktop virtualization from OS migration Measure current utilization Categorize users Categorize applications
  168. 168. Vendor selection • • • • • You should know what you need You should know what you don’t need now Check independent bloggers Understand the technology Check their blog, they may run out business already
  169. 169. Analyze features • Don’t buy premium editions with features that you can’t use right now • • Vendors will always offer you an upgrade if needed Features might be removed or deprecated • Try to use what you already have • • Microsoft VDI Publish desktops on XenApp
  170. 170. Security Don’t add security, remove insecurity Fix your security before moving to virtual desktops
  171. 171. Rollout • Most of the problems caused by misconfiguration • If something doesn’t work: 1. RTFM 2. Call vendor/partner • Involve third party • Train IT staff • Talk to your users
  172. 172. STAY CONNECTED #Interop j.mp/DeskVirt @fdwl j.mp/fdwl denisg@entisys.com www.entisys.com

×