TJ Vatsa is a Principal Architect and a CTO Ambassador at VMware representing Professional Services organization. He has worked at VMware for the past 4 years with over 20 years of experience in the IT industry. During this time he has focused on enterprise architecture and applied his extensive experience in professional services and R&D to Cloud Computing, VDI infrastructure, SOA architecture planning and implementation, functional/solution architecture, enterprise data services and technical project management.
TJ holds a four years Bachelor of Engineering (BE) degree in Electronics and Communications from Delhi University, India and has attained industry and professional certifications in enterprise architecture and technology platforms. He has also been a speaker and a panelist at industry conferences such as VMworld, VMware’s PEX (Partner Exchange) and BEAworld. He is an avid blogger who likes to write on real-life application of technology that drives successful business outcomes.
Over the last few months I have had the privilege to interact with some of the IT industry trend setters who happen to be either, our customers, our partners and some of my very own colleagues at VMware. More often than not, the topic of End User Computing (EUC) comes up not only because of the fact that our industry considers it to be a dynamic domain for tremendous innovation now and in the future, but also because VMware, our partners and our competitors are heavily investing in the space. In the next few paragraphs, I’ll attempt to assimilate the vast EUC landscape into digestible, tidbits that focus on the infrastructure, mobility & BYOD, applications & image management, and more importantly a typical EUC project scenario and methodology. With this introductory background, let’s dive right in!
As soon as someone mentions EUC, the first subject that comes to mind is Virtual Desktops Infrastructure (VDI). The fact that VDI infrastructure is deployed in the datacenter, away from individual desktops, begs a systematic and a thorough planning of the underlying infrastructure. At a minimum this requires appropriate planning and sizing of key infrastructure resources namely, compute, storage, network and security. It is imperative that some sort of infrastructure resource assessment tools be deployed to establish a baseline for each of these infrastructure components.
Assuming that a baseline has been established for the compute resources in terms of CPU, clock speed and memory requirements per desktop, it is important to choose a server configuration that has the right processor, clock speed and the physical memory. This drives the correct consolidation ratio of virtual desktops per core and ultimately for the entire server.
Careful attention needs to be given to different use cases wherein specific workloads require different combinations of CPU, clock speed and memory. You must ensure that you also plan for growth and seasonal/occasional bursts seen in those workloads historically.
For a typical Horizon View deployment there are two categories of VMs recommended for deployment inside the datacenter, one for management purposes and another for desktop purposes. Management VMs are mainly servers (connection brokers, databases, et cetera) whereas the desktop VMs are the actual virtual desktops. For a production deployment, VMware recommends creating two separate clusters types: Management Cluster(s) and Desktop Cluster(s) to avoid any race conditions that might arise as a result of competing workloads and operational maintenance to name a few.
Having worked with many customers across different industry verticals namely- Healthcare, Financial, Entertainment Services, Manufacturing and others, I’ve noticed that one key aspect of VDI is the most crucial element resulting in either a successful or a challenging VDI deployment – Storage.
The following two blogs on VDI storage provide a detailed insight into what is important for a successful VDI deployment and how to accomplish it.
Network and Security-
Other key infrastructure components that affect user experience and how users interact with the VDI infrastructure are network and security. The bandwidth and latency/ jitter of the network need to be effectively monitored to ensure acceptable VDI user experience. As stated above, appropriate network assessment and monitoring tools need to be deployed to first establish a baseline and then monitor the network resources against those baselines.
On any network, high latency has the potential to negatively affect performance but some components are more sensitive to high latency than others. While deploying Horizon View desktops using the PC-over-IP (PCoIP) remote display protocol in a WAN environment, it is important to consider the Quality of Service (QOS) aspect. Ensure that the round-trip network latency is less than 250 ms. PCoIP is a real-time protocol, it operates just like VoIP, IPTV, and other UDP-based streaming protocols. To make sure that PCoIP is properly delivered, it needs to be tagged in QoS so that it can compete fairly across the network with other real-time protocols. To achieve this objective it must be prioritized above other non-critical and latency tolerant protocols (for example, file transfers and print jobs). Failure to tag PCoIP properly in a congested network environment leads to PCoIP packet loss and a poor user experience, as PCoIP adapts down in response. For instance, tag and classify PCoIP as interactive real-time traffic. Classify PCoIP just below VoIP, but above all other TCP-based traffic.
For optimizing network bandwidth, ensure that a full-duplex end-to-end network link is used. Consider segmenting PCoIP traffic via IP Quality of Service (QoS) Differentiated Services Code Point (DSCP) or a layer 2 Class of Service (CoS) or virtual LAN (VLAN). While using VPN, ensure that UDP traffic is supported.
Enterprise Security for corporate virtual desktops is of paramount importance for the successful rollout of VDI infrastructure. It is highly recommended that an enterprise scale, policy-based management security solution be used to define and enforce security policies within the enterprise. Based on typical customer requirements, secure access to the VDI infrastructure is provisioned via the following user access modes:
- LAN Users: VDI users accessing virtual desktop infrastructure via corporate LAN network.
- VPN Users: VDI users accessing corporate virtual desktop infrastructure via the VPN tunnel.
- Public Network Users: VDI users accessing virtual desktop infrastructure via the public network.
Enforcing authentication and authorization policies is a domain by itself that is influenced by industry verticals. For instance, lot of hospitals these days prefer to tap-n-go solutions to authenticate and authorize their clinical staff to access devices and Electronic Medical Record (EMR) applications. The regulatory compliance perspective should not be ignored either when it comes to industry verticals, such as HIPAA for Healthcare industry and PCI for Financial industry.
Note: The scenario depicted below is that of a typical public network user.
Horizon View infrastructure can be easily optimized to support any combination of secure VDI user access modes.
Based on security policies and regulatory compliance standards prevalent within the enterprise, it is highly recommended to do a thorough end user devices/ endpoints assessment. It is important to categorize your users based on desktop communities that support one or more types of endpoints. VMware’s Horizon View client supports a variety of endpoints. These endpoints can be desktops, laptops, thin clients, zero clients, mobile devices and tablets that support iOS, Android, Mac OS X, Linux, Windows, HTML Access to name a few.
From EUC infrastructure perspective, it is also prudent to evaluate available converged appliance solutions available for your business scenarios. The converged appliances industry is rapidly and effectively maturing. More and more customers these days prefer converged appliances because they enable faster infrastructure deployment times. Vendors are and will be providing customized and optimized solutions for EUC, Business Continuity and Disaster Recovery (BCDR), x-in-a-box, wherein the required infrastructure components, hardware and software have been validated and optimized to cater to specific business scenarios.
Desktop as a Service (DaaS)-
EUC datacenter planning, infrastructure procurement and deployment can be worrisome to some customers. Customers with EUC use cases that can be hosted on the cloud should seriously consider the DaaS option. More and more customers are looking forward to hosted desktop services such as Horizon DaaS to address business requirements and use cases that revolve around development, testing, seasonal bursts and even BCDR. DaaS can even provide a more economical alternative to traditional datacenter deployment. For instance, DaaS reduces your upfront costs and lower your desktop TCO with predictable cloud economics that enable you to move from CapEx to OpEx in a predictable way. Users get Windows desktops and applications from the cloud on any device, including tablets, smartphones, laptops, PCs, thin clients, and zero clients. DaaS solutions such as Horizon DaaS desktops can be tailored to meet the simplest or most demanding workloads, from call center software to CAD and 3D Graphics packages.
Mobility & BYOD
Now let’s look at the mobility and Bring-Your-Own-Device (BYOD) space. Rolling out Mobility and BYOD policy and the infrastructure to handle the influx of personal devices can be a harrowing journey if it’s not well planned. With users today demanding anytime access to business productivity applications, mobile devices, and data on personal devices, not having a policy in place can be even more detrimental.
The following blog provides design considerations for establishing a secure, manageable and scalable enterprise Mobility & BYOD policy. How to Set Up a BYOD/Mobility Policy
Applications & Image Management
Customers need anytime and anywhere access to their applications and the associated data. While this may sound like a business and mobility use case, IT Directors/Manager need to analyze this requirement from the perspective of a Unified Application Launchpad a.k.a. a Virtual Workspace. These applications can either be- virtualized applications, Software-as-a-Service (SaaS) applications, application publishing, or web pages, to name a few.
Further analysis of this requirement brings out the fact that from the perspective of applications/data entitlement and policy management, there needs to be a single source of truth, a repository for enterprise policy. This repository should not only facilitate one-stop-shopping for policy definition, entitlement, and management but also for operational excellence and auditing. VMware’s Workspace Portal provides these capabilities and a lot more.
VMware’s Horizon View enables desktop operational excellence in terms of swift provisioning, efficient management and centralized security. While these sound very attractive, losing sight of efficient desktop image management can lead to applications and desktops image sprawl.
It is imperative for the enterprises to deploy a platform that provides capabilities such as centralized image management, image recovery, integrated PC break-fix and troubleshooting and automated OS migration to name a few. VMware’s Horizon Mirage enables desktop image management not only for physical, but also for virtual desktops as well.
Weaving it together: EUC Project Methodology
VMware’s Professional Services (PS) organization and our approved partner network follow an agile methodology that takes into consideration our customers business and IT initiatives and turn them into successful business outcomes. This approach is composed of multiple iterative sequences.
Each iteration- focuses on requirements/vision, analysis, design, inventory details of implementations and operational excellence. This approach enables early feedback, risk mitigation, effective progress management, enables effective scope management and the perpetual enforcement of IT governance. This iterative process begins with an analysis and assessment initiative that helps define the baseline by categorizing and prioritizing business and technical requirements. These requirements are then elaborated into detailed use cases that may also have business specific pre and post execution contingencies. The use cases are then abstracted into a logical enterprise architecture design which is mapped to the available physical infrastructure. Once the physical design is ready, the pilot/blue-print implementation is initiated to ensure compliance with business outcomes as defined by business sponsors. Upon successful User Acceptance Testing (UAT), the tested blueprint is then rolled into the production environment with accompanying Knowledge Transfer (KT) sessions and role based user training provided by VMware’s PS organization and its partners.
To recap, we discussed EUC infrastructure considerations, mobility & BYOD, applications & image management, and a typical EUC project scenario that follows VMware’s iterative architecture methodology. I hope you find this enterprise perspective useful and will effectively use it to transform EUC and mobility initiatives within your organizations.
Until next time, go VMware!