Why are we having this workshop?
Actions in your realm of responsibility may have an impact on others’ work
Actions in others’ realms of responsibility may have an impact on your work
The purpose of this workshop is to help all parties involved understand their role in the VDI Project, the impact their efforts may have, and how the efforts of others may effect them as well. It includes best practices for various areas of the infrastructure, and outlines how these various areas come together to form up the Virtual Desktop Infrastructure
What is Desktop Virtualization?
Not everyone attending workshop session may know what VDI is. Give an overview of Desktop and Application Virtualization, with descriptions of how our solutions come in to play.
Traditionally Desktops are disparate systems
Multiple Os versions, end point configurations and application profiles cause significant administrative overhead
Desktop Virtualization allows Desktop elements to be consolidated
By virtualizing the Desktop and supporting applications, deployment, troubleshooting and administrative overhead are all greatly reduced.
Ideally, the Desktop becomes modular and agile
Ultimately, the OS, Applications and User Persona can all be compartmentalized, allowing for ease of backup, patching and redeployment.
How Does Desktop Virtualization Impact our:
People
Administrative groups that have previously had little or no interaction will now have to work together.
Processes
Processes that once ran in parallel will likely merge, becoming streamlined and more agile.
Technology
Various technologies that previously operated separately will now come together to form the Virtual Desktop Infrastructure
Our Desktop Virtualization Project
Give an overview of the customer’s desktop virtualization project, including project sponsors, key players from other realms of responsibility and targeted timeline.
How this may impact your responsibilities
Give an overview of what impact desktop virtualization will have on the audience’s realm of responsibility. This is particularly important when the workshop has been broken up to smaller groups of the target audiences (see Consultant’s Delivery Guide).
VMware Trained and Certified
Allowing relevant personnel to attend VMware based training can give a head start on understanding various aspects of View or ThinApp, both technological and process oriented.
Desktop Deployment Expertise
Many of the concepts that apply to a physical desktop deployment still apply when transitioning to a Virtual Desktop environment. By involving your current desktop team, you will bring important experience that can help accelerate the deployment cycle.
Application Deployment Expertise
Generally speaking, the skillsets required to deploy applications are not traditionally found in Data Center Management teams. A thorough understanding of how applications interact with the operating system and each other is vital when moving to virtualize applications.
Desktop Support
The Desktop Support team should be involved very early on in the process. This will ensure that they understand how the infrastructure works, are ready to support the new infrastructure, and understand what support tools may be necessary for the new environment.
Change Management
Virtualization has a tendency to cause the change management decision making process to change. While some elements may no longer be necessary in the virtual space, new items will arise that need to be added to the process.
Develop Standard Operating Procedures (SOPs)
During initial deployment and Piloting of the infrastructure, you will likely find that many tasks are easily repeatable. By recording the steps necessary and developing a library of Standard Operating Procedures, you can reduce the administrative overhead associated with ongoing management of the new environment. Examples include:
Deploy, Recompose, Refresh, Rebalance
Troubleshooting Run Books
User Migration to Virtual Desktop Infrastructure
Before the first Pilot user logs in, it is important to develop a migration strategy framework which can be built upon during Pilot. This can help ensure a smooth production rollout.
User Surveys
It is important to develop user surveys to collect information during the various phases of rollout.
User Education
Providing end users step by step instructions to access the new infrastructure, as well as a high level overview of the reasoning behind the move can go a long way to smooth the transition. Be sure to start developing end user educational materials before beginning a Pilot, allowing for fine tuning before the production deployment.
Executive Sponsorship
For any serious virtualization effort to succeed it is important to have an executive sponsor for the project. This top down support can help ensure that any potential road blocks will understand that this is an enterprise wide initiative.
Targeted Lines Of Business
Rather than take a shotgun approach to determining what to virtualize first, it may make sense to plan along business units. This would help streamline image design, process implementation and organizational changes that might be necessary.
VDI First
While the initial goal of a desktop virtualization initiative is not “Virtualization First For Desktop”, it is a good idea to start considering this approach early in adoption.
Easy Wins
Target lines of business (use cases) and combine VDI First concept to approach low hanging fruit to create early success and buy in for remaining groups. Socialize the successes with organization sponsors and then business area representatives.
Image Development and Tuning
Understand OS and VM settings that may impact functionality or performance. For instance there are a number of guides on the internet detailing how to provision a stripped down Windows XP image, however caution should be taken and extensive testing done before adopting these changes.
QuickPrep versus Sysprep
Understand the differences between these two VM identity tools, and how they relate to deployment choices.
QuickPrep is a functionality provided by VMware ViewTM Composer that creates and deletes Computer Accounts in a desired OU in Active Directory, allowing for rapid deployment of large numbers of VMs using Linked Clone Technology.
Microsoft’s Sysprep is used when deploying Desktop VMs from a Template. It does not automatically place VMs in any specific OU unless a script is created as part of the Sysprep process.
Frequency of Updates to Parent VM Image
It is important to understand the impact of your image update schedule. Items such as OS and Application patches, AV Patches and new application deployment can cause the delta files associated to a Linked Clone to grow significantly, causing unnecessary over utilization of storage. Processes previously associated with desktop maintenance should be examined to determine which will remain intact, and which should be incorporated in to image updating and Recomposition.
Minimizing Number of Parent VM Images Deployed
A key concept in developing Parent VM images is to try to cover as many end users as possible with a single image. If you have a handful of users who have very specific additional requirements, it may be beneficial to give them a manually provisioned VM rather than include them in a Pool.
Use Case Development
At least initially, you can use your use case scenarios as a foundation for developing your Parent Images.
Image Sizing
Initial testing will play an important role in determining the ideal size of your Parent VM Image. A key benefit of View and Linked Clone technology is the reduction of storage requirements. Coupled with ThinApp, desktop VM storage requirements should be significantly smaller than a traditional desktop system.
Recompose, Refresh, Rebalance Operations
It is important to understand the impacts and benefits associated with each of these operations. As previously mentioned these tools can help reduce the management overhead associated with patches and updates, as well as reduce storage used by temp files, downloads, etc.
Updating Images versus Updating Deployed Desktops
While ongoing updating of Parent VM Images is important for effective storage utilization, policies and procedures should be in place when it becomes necessary to deploy “emergency” patches to protect the enterprise.
Storage Utilization
As previously mentioned, understanding the impact of patch deployment on storage utilization is important to realizing storage savings.
Reconfiguring Automated Patching Solutions
Management personnel should examine their current patching solutions to see how they need to be reconfigured for VDI, as well as how they may effectively extend these tools in to the Virtual Desktop Infrastructure
Understand Impact on Infrastructure
Storage
Patching can have an impact on overall storage utilization, reducing storage savings over time. Focusing patch efforts on Parent VM images helps control this impact. In addition, schedule based automatic patching tools can cause a disk “storm” causing disk I/O to suffer.
Network
As with disk, schedule based patching tools can have a negative impact on network performance. In situations where these tools are still needed, it is important to implement a staggered schedule to reduce a network “storm”.
Etc.
Based on your environment, there may be other elements that could be impacted by an update “storm”. Plan accordingly and ensure that you try to stagger updates if necessary.
Timing
Antivirus solutions often have an even bigger impact on resources. While applications and operating systems generally only update once a week, AV systems often update daily or even multiple times a day. As it not really feasible to update Parent VM images this frequently, AV will need to be approached differently. Ensuring that patching and full system scans are staggered and if possible scheduled for off hours will help reduce impact.
Disk Impact
AV full system scans and patching can impact disk I/O. Patching can effect storage utilization.
Network
Full system scans and patching can impact network utilization.
Real-time versus Full Scan
While real time scanning is vital and has minimal disk impact, full system scans can be significant, as previously stated. Dependent on how developed your VDI environment is, it may be possible to reduce or even eliminate the need for full system scans at the desktop level. By offloading user data to File and Print servers and maintaining a Parent Image updating scheduling (including a full scan during the update), you can ensure that you provide the necessary level of protection while removing the full scans from the desktops.
VMsafeTM API
Another option to help reduce the impact of AV on resources is to take advantage of a product that uses the VMsafe API.
AV White-listing
A number of Anti-virus providers are also offering VDI oriented tools that use AV White-listing. This method uses a technique of comparing the deployed desktops to the parent image to check for deviation. Subsequent scans only check those files that are different.
Trending and Forecasting
By monitoring system utilization trends, there is potential to forecast future usage, allowing more time to budget, plan and implement the necessary infrastructure to meet needs in a timely fashion. Tools such as VMware Capacity IQTM can help automate this process.
Storage
While planning for template based VMs is relatively easy, Linked Clones will require initial testing to facilitate LUN sizing and storage planning. Storage associated with User Data Disks may require different tiers of disk, and BC/DR should be planned as well.
Network
Network contention can impact multiple aspects of a VDI deployment. In addition to display protocol impact, elements such as placement of File and Print servers that host profiles, applications etc. can affect end user experience.
Physical versus Virtual
Often security policies that make sense for physical desktops are no longer necessary for a virtual environment. Likewise, the virtual environment may necessitate new policies to fit the environment, such as USB redirection settings. In addition, a Desktop Virtualization project may offer an opportunity to implement policies that had previously been unpopular.
Understanding Reasons for Policies
An example of a new policy would be around USB lockdown.
It is important to maintain control of the Desktop lifecycle. This ensures that resources are not being utilized for unnecessary VMs or Pools. As with server Lifecycle Management, it is important to consider:
Add
Move
Change
Decommission
VMware ViewTM Global Settings and Policies
Understand the policies and hierarchical implementation available within View for administering Servers, Clients, MMR, USB, Offline desktop, etc.
Pool Settings
Understand the potential impact of various Desktop Pool settings, i.e. when PCoIP is appropriate versus RDP, when to used Linked Clones versus Template based or manual VMs, Persistent versus Non-persistent Pools, etc.
Pool Deployment
Consider elements such as distribution of VMs over storage, placement in HA/DRS Clusters, impact on storage during initial deployment, validation testing before initial deployment or Recompose operations.
Availability Planning
During Design and Implementation phases, it is important to consider redundancy of various components, including underlying VI (HA/DRS) and Security Servers/Connection brokers (Load Balancing).
In all but the smallest environments, it is advisable to have at least 2 Connection Brokers (or Security Servers). This will add the requirement of some form of Load Balancers to provide fault tolerance.
Scalability Considerations
Be sure to consider scalability of your infrastructure in relation to deployment phases. Check the View Reference Architecture that is relevant to the version of View you plan on deploying.
Feature to Pool Mapping
It is important to align View features with business needs. Not all settings are appropriate for every user.
VMware vCenterTM roles for Successful Implementation
Understand what roles are necessary for UserIDs within view to connect to vCenter server
Storage Planning
Storage planning is vital to a successful deployment while fully realizing the storage savings associated with View and Linked Clone technology. Elements such as Page Files, OS Patching, AV Patching and temp file settings can all have an impact on storage utilization.
Resource Distribution Planning
Understand the target consolidation ratios based on the underlying infrastructure configuration.
Scalability Considerations
Understand capabilities and limitations of the underlying infrastructure in relation to VDI planning. For instance View Composer, our Linked Clone technology, has a limitation of no more than 8 Nodes per HA/DRS Cluster.
Differences Between Server-oriented VI versus Desktop
Server workloads tend to have different resource usage profiles from desktop. For instance, Server VMs tend to be more RAM intensive, while Desktop loads tend to be more CPU intensive. Disk I/O characteristics also tend to be different. Plan your infrastructure accordingly.
Firewall Considerations
Understand the ports that need to be opened between View components for successful functioning of View
Database Considerations
Understand the sizing maintenance, management and backup of View database components (vCenter, ADAM, View Composer)
SSL Certificates
Understand the impact of SSL certificates, in particular the differences between the self-signed certificates generated by various infrastructure components versus importing certificates generated by an internal or other trusted certificate authority.
File and Print
Correct placement of File and Print servers is vital for performance in VDI. While offloading profiles and applications to File and Print servers improves agility, the benefit can quickly be negated if the network becomes congested, disk I/O is reduced, etc. Be sure to place File and Print systems as “close” (from a network perspective) as possible to the VDI and underlying VI.
Group Policy Objects (GPOs)
Active Directory GPOs are a vital part of success in VDI. From determining basic rights associated with View, to deploying applications dynamically using File and Print and ThinApp, to implementing folder redirection for user profiles, GPOs will need to be understood and effectively managed to ensure minimal impact on AD performance.
For Non-persistent Pools, consider using Machine Local GPOs in the Parent VM for universal Machine Policy GPOs. This helps reduce the I/O associated with the reading of Domain based GPOs during the initial startup of a VM.
Folder Redirection versus Roaming Profiles
It is important to differentiate between profile folder redirection and MS Roaming Profiles. When using Roaming Profiles, the user profiles is stored on a File and Print server, and is downloaded completely to the desktop when a user logs in. Using folder redirection, the files and profile information are kept on the File and Print server and only cross the network when needed. Roaming Profiles can cripple a desktop, particularly when a user has large amounts of data in their profile. Roaming Profiles do have an advantage in an environment with less stable network connectivity; however in VDI folder redirection is ideal. This is primarily due to the centralized nature of VDI.
Active Directory Users and Groups
As with most any technology in a Windows environment, VDI entitlements are handled via AD Users and Groups. As always it is preferable to use Groups whenever possible.
DHCP – Scope Size, Lease Duration
As VDI greatly improves the agility of your desktop environment, it also increases the potential speed at which systems change. This includes DHCP scopes and leases. To help reduce the possibility of running out of IP addresses, consider either increasing the size of your scopes, or reducing the lease time (ensuring rapid release).
VLAN Segmentation
Network design, particularly around VLAN segments, will need extensive consideration. Remember that you will need to consider both VDI VMs AND the corresponding Client Endpoints when designing network for VDI.
Dynamic DNS Registration
Dynamic DNS registration is vital to VDI’s success. By ensuring that VMs dynamically register in DNS effectively, you ensure that communication flows between the brokers, VMs, View Agents and Client Endpoints.
Load Balancers
In all but the smallest environments, it is advisable to have at least 2 Connection Brokers (or Security Servers). This will add the requirement of some form of Load Balancers to provide fault tolerance.
ThinAppTM
ThinApp allows for applications to be packaged and then centrally distributed via File and Print servers. This greatly reduces the Parent VM footprint, and when used in conjunction with profile redirection dramatically improves the agility and dynamic nature of your virtual (and physical) desktop environment. This combination of offloading trivializes the underlying OS significantly, effectively reducing it to a commodity. Mobile users who still require traditional laptop solutions can still enjoy the benefits of ThinApp, as it reduces the possibility of library collision and eases application patching.
Image Installs versus Application Virtualization
Initially it may be more expedient to deploy applications natively in Parent VM Images. This can improve your speed your deployment cycle, and allow more time to thoroughly test virtualization of your applications. Once applications have been successfully packaged, you can take a “roll back” approach to removing the natively installed apps from the Parent VM Image and transition to a centrally distributed virtualized application model.
Network Shares versus Local
By offloading the user profile to a network share, you greatly reduce the need for anything to be “permanently” associated with a specific VM or even UDD. As previously mentioned, abstracting applications and their associated user data from the OS allows for commoditization and greater agility for the desktop.
Due to the network intensive nature of some applications, it may be prudent to test network impact to determine whether some ThinAppTM packages should reside on local disk.
Special %AppData% Considerations
Local Disk (Outlook requirement)
While a centrally located sandbox in a user’s profile allows for greater OS commoditization, there are some applications that will still require usage of a “local” (non SMB or shared) disk. One example is MS Outlook. If you plan to use OST or PST files, these must be stored “locally” to be supported.
Ensure you review all your applications requirements to determine if this will impact you elsewhere.
Due to the centralized nature of VDI in the Data Center, the need for OSTs or PSTs may effectively be eliminated. If this is the case, you can successfully package Outlook to use a sandbox stored in the user’s profile.
Existing Profile Management Solution
As previously mentioned, Profile Management is vital to success with VDI. If you already utilize a Profile Management solution, you should determine if it will extend easily in to the virtual desktop space, and whether it will improve overall agility.
Profile Size
As previously mentioned, the amount of data in a user profile greatly impacts how that profile will move in the VDI environment. While Roaming Profiles should probably be avoided in most situations, there are always use cases that will require them. In these cases close scrutiny of profile size should be employed.
Use of Folder Redirection or 3rd Party Profile Redirection
As previously stated, Folder Redirection can play an important role in improving the agility and dynamic nature of your VDI deployment. In addition, there are several 3rd party Profile Redirection tools that can also be used. If you plan to use one of these technologies, ensure that they utilize a streaming approach to presenting the profile; otherwise you will still face the same issues associated with Roaming Profiles .
Thin versus Thick
While Thin Clients allow for a much longer hardware refresh cycle, they can represent a significant upfront cost. To help reduce this cost, it is possible to repurpose old PCs to serve up VDI sessions in “Kiosk” mode, or even use some 3rd party offerings to turn them in to manageable Thin clients.
PCoIP Hardware Implementations
Understand the requirements for utilizing PCoIP within a View environment in conjunction with a hardware implementation of PCoIP
Endpoint Management
While greatly reducing management overhead, Thin and Thick client endpoints will still require management. Whether Linux or Windows based, ensure that endpoints are patched and secured to prevent malicious behavior.
Peripherals
Printers
ThinPrint is a vital part of effective printer management. Without it, you would have to ensure that the driver footprint of every printer in your environment was included in your Parent VM Images. By using ThinPrint, you abstract the driver install from the VMs out to the end points. This means that a user that moves from one endpoint to another will dynamically associate with the correct printers with no input required on their part.
USB Devices
Traditional RDP allows for the pass through of USB connected Drives and Printers. With the full View Client, you have the ability to pass through many more devices, to include PDA cradles, scanners and other USB based technologies.
In addition, through the use of View provided ADM policy templates and traditional GPO items, you have a much greater ability to control who has USB access and with what devices.
If USB Dongles are in use, testing should be performed to determine whether View USB redirection a 3rd party USB over IP solution is the better option.
Proximity Cards/Smart Cards/Authentication tokens
If you intend to incorporate proximity cards, smart cards or some other authentication token in your environment, it is important to verify support as well as test extensively.
Load Balancers
In all but the smallest environments, it is advisable to have at least 2 Connection Brokers (or Security Servers). This will add the requirement of some form of Load Balancers to provide fault tolerance.
The ingress model chosen will help determine where to place the Load Balancers in relation to the overall infrastructure.
Static (LAN)
While a LAN environment provides the best potential for maximum bandwidth, you will still need to take other aspects of the infrastructure in to consideration, and what impact the Display Protocol traffic may have, i.e. File and Print servers.
ROBO (WAN)
While the access vector used is usually already determined (site-to-site VPN for instance), you will still need to carefully plan network infrastructure and protocol choice for anything traversing the WAN link. Data entry work for example should have a much smaller bandwidth profile from a user that needs to watch streaming videos.
Mobile Users (Broadband)
In addition to user bandwidth profiles, you will also need to determine the best access vector for your environment.
VPN
VPN is commonly used because the infrastructure already exists. In addition, many VPN vendors now offer View integration to help provide a more seamless end user experience.
Security Servers
VMware View provides Security Server functionality. This helps offload encryption/decryption from the connection brokers, and helps reduce VPN licensing costs in some situations. It is important to understand the abilities and limitations of Security Servers when planning your infrastructure.
Protocol Considerations
Use Case Based
While PCoIP offers significant performance benefits over RDP, there are situations where RDP may be a better choice. Understand the differences, capabilities and limitations between the two.
HP Remote Graphics Software (RGS)
Refer to the View Administration Guide for steps necessary to implement RGS. Understand View Client supports the use of HP RGS as the display protocol when connecting to HP Blade PCs, HP Workstations, and HP Blade Workstations.
Saturation Impact
Through extensive user testing, you can gain an understanding of network saturation on the available protocols, and how they will impact your end users.
Infrastructure Backup
vCenter DB, Composer DB, ADAM
Backup of Parent VMs/Master VMs
DR was traditionally very difficult to implement with traditional desktops. Because of the dynamic deployment nature of View, you can reduce the necessary elements for effective DR. By keeping good backups of your Parent VMs, you can ensure a rapid recover in the event of a significant BC/DR event.
Backup of User Data Disk/Profile Redirection Folders
In a fully developed View/ThinApp environment, very little user data will need to be stored in the UDDs. However until this threshold is achieved, you can use a combination of profile redirection and the UDDs to offload users’ data from the VM itself. Proper backup of the File and Print shares as well as UDDs will allow you to offer full BC/DR for the desktop with relatively minimal administrative overhead.
Individual Desktop VMs
Even individual Desktop VMs can potentially be backed up. Because of the Data Center location if the desktop infrastructure, backups may be performed without the negative impacts usually associated with desktop DR.
What Tools Are Used Now?
Is there any desktop performance, functionality or uptime monitoring currently in place? Does this solution extend well in to a virtual desktop environment?
Tools such as Stratusphere from Liquidware or SysTrack from Lakeside can be used in the Assessment. RAWC can be used in conjunction with those tools to establish performance baselines.
Determining Metrics and Performance Requirements
Performance requirements are often different for different lines of business, even varying dependent upon the user’s role inside the LOB.
Develop Baseline Metrics per Line Of Business (LOB) based on User Experience
Capture application, performance and unique requirements per LOB users/groups which will display a baseline in order to provide results towards project mandate.
Understanding the impact various technologies have on each other
Each team member should understand the impact their work may have on others, and how the work of others may impact them
Understanding the changes brought about by desktop virtualization
Team members should have a broad understanding of the changes that desktop virtualization brings about, and should be able to develop an effective plan to transition to the new technology
Understanding the impact on People, Processes and Technology
Team members should now see that they may be interacting with new technology groups, processes are likely to merge and should become more agile, and that previously disparate systems will now come together to form the VDI environment