Thin Client or Desktop Appliances

Technorati Tags: VDI Planning,Thin Client,Desktop Appliances

An often under considered component in a VDI deployment project is the thin client device or “desktop appliance”. Reducing the total cost of ownership in a virtual desktop environment is often dependent on the removal of the thick client device and its replacement with a desktop appliance. While the operational requirements are reduced on a desktop appliance they still need to be considered and planned for as part of the deployment strategy. Desktop appliances come with an integrated operating system that may be Windows or Linux based. In addition they may have image management solutions that need to be deployed, although for proof of concept or limited scale environment imaging can usually be done by unlocking and shuttling the image through a USB device.

One of the common problems with desktop appliances is the integrated version of the desktop agent that is shipped is typically not current enough to provide all the features of the VDI solution. In addition the desktop agent supplied by companies such as VMware or Citrix may have additional requirements such as windows compatibility that need to be considered before selecting a specific embedded OS for the desktop appliance. Desktop agents may not have feature parity between Linux or Windows agents or may limit support to Windows derivatives only. Those desktop appliances that do provide feature parity and are Linux based often do so by using vendor developed software. As these agents and features are not directly supplied by the VDI software vendor they should be thoroughly tested. One thing that helps when selecting the desktop appliance is that if it has already been certified as working with the VDI vendor (i.e. XenDesktop or VMware View Certified). Enough time should be allowed in the deployment plan to understand how to manage the desktop appliance and also how to apply upgrades to the embedded image. It is useful to have surplus units available for ongoing operational support such as image testing or agent upgrades.

An interesting alternative developed for VDI is the no-software desktop appliance or thin client. These devices reduce the management overhead by running only firmware on the desktop appliance and moving the management to a centralized administration console (i.e. the PanoCube although others are appearing on the market). While reducing operational overhead these devices tend to be very vendor biased and restrict the customer to certain platforms only. The other potential drawback is the possible physical replacement of the device for any major revisions to the product line or feature set. These devices are designed for VDI only so if the environment requires a blend of server based computing and VDI a standard desktop appliance may be better suited. If matched to the right requirement these devices can substantially reduce the burden of management so are well worth considering.

Is VDI the right way to go?

Technorati Tags: VDI,Windows Server 2008,Windows 7,DirectAccess

I am going to combine a couple of thoughts here and add a little blue sky thinking.  One thing I have noticed from dealing with various organizations at different levels of virtual desktop maturity is that there still seems a few barriers to 100% adoption across the entire organization.   I am generalizing as things are not the same for every customer.   The real TCO for VDI is not substantially reduced until the PCs are replaced by Thin Clients (or desktop appliances); and there tends to be the sticking point for some.  Sometimes as much as IT would love to move users to a lower support cost desktop alternative the users or business is reluctant to go.  This can be for various reasons such as protectionism from the desktop support teams, peoples general reluctance to change or a misunderstanding of the technology being deployed to site a few.  In situations like this VDI tends to be used for 2nd desktop requirements and remote access. 

VDI provides the opportunity to manage the corporate image while at the same time providing very flexible options for delivering it to the user locally or remotely.  Although it is not exactly a consolidated environment (I am setting aside technologies like View Composer, Provisioning Server, Storage virtual cloning, for a moment) it is a centralized distributed environment of desktops.  I have had the opportunity to look at a slightly different option recently and wanted to share some thoughts.  I have been reviewing Microsoft’s DirectAccess Technology which is a new feature of Windows 7 and Windows Server 2008.  It goes along with my own thinking that technology should not change anything about the way the user works or plays, it should just do its job seamlessly. 

Now this approach from Microsoft is designed for the IPv6 world although it will run with IPv4.  The fundamental opportunity that IPv6 promises is that everything is globally addressable.  What this means is that potentially all things have unique addresses unlike today were we use NAT to extend the lifespan of IPv4 networks.  Traditionally we use VPNs to connect devices remotely which often adds overhead and delays to the login process.  Additionally, they are often dependant on user interaction to start them up.  DirectAccess automatically establishes a bi-directional connection from client computers located remotely to the corporate network using IPsec and IPv6.  It uses certificates to establish a tunnel to the DirectAccess server where the traffic can be decrypted and forwarded to your internal network.  If you have deployed IPv6 and Windows 2008 internally the connection can be securely transported to all your application servers.  Access Control is used to allow or restrict access.  The promise of this technology is that it allows you to extend your corporate network without changing the user experience or sacrificing how the desktop is managed.  It also makes your corporate network perimeter much more dynamic.  Essentially it allows you to overlay your corporate network in a secure fashion over private and public networks. 

Now make no mistake this solution from Microsoft does presume that the end user device is a laptop and that it has been deployed and managed by IT services.  The reason I thought about the relationship between VDI and Windows DirectAccess is that often customers deploy VDI for remote access to avoid a full VPN solution.  With Microsoft DirectAccess and Windows 2008 and 7 integration Microsoft has provided another option that might be a good fit in certain situations.

Application Encapsulation or Application Virtualization

Technorati Tags: VMware ThinApp,Citrix Application Streaming

One of the problems in distributed desktop environments is application lifecycle management. Lifecycle management is the testing, deploying, upgrading and removing applications that are no longer needed. In addition installing applications into a standard desktop image increases the number of images that need to be maintained. With every unique application workload a separate image is developed so different users or business groups have the appropriate applications. This leads to desktops being segregated based on the types of applications; e.g. finance uses a finance image and marketing uses a marketing image and so on and so on. While manageable from a desktop perspective, it can lead to operational overhead in building, managing and maintaining the number of standard images.

In addition as application incompatibilities are discovered desktop images became locked to a specific build with static application and operating system versions.  In a terminal server environment this caused servers to be silo’d based on application compatibility; on desktops this leads to a long refresh cycle. Application encapsulation or application virtualization was originally developed to solve these problem on terminal server environments however it was ported to the desktop space to deal with the same issues.

Application encapsulation is a form of virtualization that isolates the application in a separate set of files that have read access to the underlying operating system but only limited or redirected writes. Citrix XenApp Application streaming leverages the Microsoft cab file format (Microsoft’s native compressed archive format) for its encapsulated packages. VMware acquired a company called ThinStall (VMware ThinApp) which encapsulates the application into a single exe or msi. Once applications are repackaged for application virtualization they can be removed from the desktop image and run from a file share as an exe (VMware) or streamed to the desktop using RTSP (Real Time Streaming Protocol) (Citrix) to run from a cached location. By abstracting the application from the images the number of images that need to be maintained in reduced. In addition, depending on the software the applications can be delivered to users based on file or AD (Active Directory) permissions. The big benefit to implementing application encapsulation is that applications can be tied to users vs. the more traditional approach of installing them into a desktop image. It is common for organizations to over license software by installing it on every desktop instead of just to the required users to simplify licensing compliance. Obstructing the applications on the desktop through virtualization allows the image to be truly universal as a single image can be applied to all users.

Unless you have the same application workload for every business unit you should consider application encapsulation or “application virtualization” to reduce the operational overhead of managing applications in a VDI environment. Encapsulation eliminates application interoperability problems and reduces the management of deploying new applications. Because the applications are pre-packaged, the application configurations are centrally managed lowering application support. While these technologies are available without desktop virtualization, they are more problematic to implement as it is difficult to maintain a consistent desktop OS baseline in a physical environment even if user changes are restricted. Because of the consistent representation of physical hardware within a virtual machine a standard desktop baseline is much easier to enforce in a VDI environment.

VDI presents the opportunity to effectively reduce the administrative burden of applications through the integration of application encapsulation. These solutions have been bundled by the vendors in a way that allows customers to easily incorporate this technology.  Keep in mind that when managing a VDI project you should allow ample time for the testing and integration of application virtualization technology.  The heavy lifting in deploying application virtualization is the repackaging of applications. 

2. Application encapsulation is a form of virtualization that isolates the application in a separate set of files