Presentation on theme: "VMware VDI A Fresh Approach to Corporate Desktops"— Presentation transcript:
1VMware VDI A Fresh Approach to Corporate Desktops Ofir Zamir Senior Systems Engineer Israel & Turkey
2VMware - The Power of Virtualization Pioneers 1998FoundedTotal EmployeesNumber of UsersCustomer ProfileCertified EngineersMarket CapMarket ShareOperating Structure~ 4, %+ Engineers6+ Million % in Production100 of the Fortune 10015,000+ VCP’s$ 37+ Billion 300% + from IPO Day~ 80+ %Independent EMC Subsidiary
4VMware Desktop Product Line Individually Administered DesktopsManaged DesktopsFree Virtual MachineRun-TimeDesktopVirtualization for Mac UsersDesktopVirtualization for IT ProfessionalsSecure, Managed Desktop VirtualizationServer-Based DesktopVirtualizationPlayerFusionWorkstationACEVDI
5VMware Virtual Desktop Solutions Centralized Solution – VMware VDIVirtual desktops run securely in a corporate data centerRemote PCs connect from any client.Client-side Solution –VMware ACEUsers get a virtual desktop on portable media laptops.Locked down VM with virtual disk encryption, device management & network access controls.
6Agenda Challenges of Traditional PCs The VMware Desktop Solution VMware VDI Product UpdateNext Steps, Questions & AnswersInstead of jumping straight into products, features and functionality this presentation will start by looking at some of the problems that customers have with desktop computing; then how the VMware VDI solution maps to those problems. We will expand on the solution and then look at the VMware products, which compose the solution. Finally we will present some details about VMware VDM 2, as the newest product in the VMware desktop portfolio.
7Challenges of Traditional PCs User locked to device(inflexible)Data SecurityManagementHow does PC infrastructure typically work? Most organizations have centralized resources in the data centre (such as files, data, and policies around deploying applications and updates) and distributed PCs, which can download the data and run applications. There are lots of good things about this approach, such as managing policies and data centrally, the familiar experience of the desktop PC and isolation given by PCs (so if a user has a problem it doesn’t directly affect the rest of the business).But there are also challenges.[Click] Management of the distributed PCs can be difficult. This might include patching, deploying applications, providing support or provisioning PCs to new users (whether it is 1 new joiner or a group of new users, through an office move, outsourcing, acquisition or merger).[Click] Data security can be difficult because files tend to be downloaded, duplicated and stored on hard drives of PCs. This is made worse if laptops or multi-user PCs are common. As well as the actual security data it is difficult to have a good understanding of the risks associated with insecure data, which complicated regulatory compliance such as SOX, Basel II and HIPAA.[Click] The user is locked to the physical device. So often a user has to sit at the same physical PC to be able to access the applications and data required for the job. This can complicate organizational changes (MACs) and limit the user’s flexibility. In addition the corporate desktop image is often tied to the hardware; so changing either the build or the PC hardware involves a process of engineering and regression testing.[Click] All of these things contribute to the operating cost of the desktops. And this is possibly the biggest pain point with maintaining the desktop.Of course some of these might not be issues for a particular customer and any customer can probably add their own pain points.Expensive
8Challenges of Traditional PC Top 5 Desktop Pain PointsVMware VDI BenefitCostReduce TCO by up to 40%Lower administration and refresh costsSecurityNo distributed dataVDI encrypted access to data centreManagement(including patching)Centralised in data centreCompliant desktops, apps, patches & dataForrester Research, Inc:Virtualization On The Client, 21/11/07Flexible AccessAccess from any locationUsers connect to the same VDI desktopRather than VMware tell you what your desktop problems are, here what customers report as their top desktop pain points. These data are from a recent survey by one of the analysts, and there are lots of other data available with very similar results. This will slide will allow a discussion about how VMware VDI addresses these pain points.[Cost] VDI can reduce the cost of desktop computing by up to about 40%, later we will discuss this in more detail.[Security] VDI is all about centralising desktop computing; desktops run in the data centre and user see a display of the desktop. This means that data and files never actually leave the data centre; no data are stored on distributed PCs. This make auditing and securing data more simple, and access controls can be implemented so that only authorised users can access sensitive segments within the data centre. Reducing the distribution of data makes risk analysis and regulatory compliance more straight forward.[Management] Third pain point reported was management issues. Again by centralising the desktop in the data centre all operating systems, applications and data are managed centrally. VDI gives greater control of the desktop to the IT department and reduces the management requirements of the distributed infrastructure.[Flexible Access] Customers report that they would like to provide flexible access to users. This might include accommodating user logons form multiple locations (including home) or organizational changes, such as providing desktop IT to new users or to new locations. It is easier to scale VDI upwards to meet demand, because it involves a linear scaling of services in the data centre. VMware VDI can automate provisioning new desktops and access can be quickly provided to any network connected location.[Power] Power breaks down into three areas: cost savings, carbon savings and practicalities of providing more power and cooling into offices already at the limit. VDI enables a user to access a full desktop including all of the traditional applications and capabilities. Using VDI with thin clients transfers the power saving from the office to the data centre and gives an overall reduction. VDI can reduce power savings by up to 80%, which equates to a cost saving of about $120 / user / year, depending on circumstances. This is a carbon saving equal to covering 20% City of London in forest (= 66 football pitches = 15% Central Park, etc…).These are some headlines and we will explore how the VDI solution addresses these pain points, but first let’s look at what VMware customers describe as the key benefits of VDI…Reduced by up to 80%*$59 - $164 / user / year on power savingPower*(Butler Group, “Infrastructure Virtualization”, September 2007).
9Agenda Challenges of Desktop PC The VMware Desktop Solution VMware VDI Product UpdateNext Steps, Questions & AnswersSo we’ve talked at high level about some of the issues experienced with traditional desktops. Now we will explore how the VDI solution works.
10VMware VDI Overview Data Centre Management Data Security Virtual desktops centrally managed and securedData SecurityAll data remains in data centreUser access from any client AND get familiar desktopVirtualization LayerAt a high level VMware VDI is simple. Desktops run in the data centre and access is given to users over the network. This diagram shows a thin client connecting over the internet, but the clients could be PCs or laptops, running Windows, Linux or MAC and connecting from any location (internal or external). The desktops are secured and managed centrally.[Click] Because desktops and applications are executed in the data centre, they can be managed centrally. This applies to all patching, application deployment, back-ups, data retention, monitoring and the provisioning of new desktops.[Click] Data security is implicitly enhanced because files never leave the data centre. The centralised desktops can also be ring-fenced by firewalls. This means that clients have no direct access to data without secure authentication into the data centre.[Click] and because the user can access the same centralised desktop over the network, they are not tied to specific clients or locations.Virtualization is used to enable efficient running of the desktops within the data centre, which is represented by the blue virtualization layer in the diagram. The desktops are actually virtual desktops and the virtualization layer is VMware’s flagship product VI3 Enterprise.
11VMware Virtualization Platform Multiple operating systems on a single physical serverShared pools of resources optimise infrastructureI usually remove this slide for a high level desktop audience (they care about desktops, not VI). But if VI overview is required this level of details is often sufficient. Key point is VMware VI is the market lead for management and reliability.26%59%Customer Commitment to VMware PlatformVMware exclusivelyVMware favoured
12How to think about Virtual Desktops PartitioningMultiple desktops on fully utilised serverDynamically allocate resourcesAutomate and segment SLAIsolationIsolate faults within the virtual desktopNo application or user conflictsControlled data accessEncapsulationEntire desktop state captured as fileSave as a snapshot in timeBack-up, restore and provision desktop with simple file copyI also usually remove this slide for a high level desktop audience (they care about desktops, not VMs). But if VM overview is required this level of details is often sufficient. Key point is benefits of VMs for Desktops (not servers).Let me present the key properties of virtualization and virtual desktops.Explain partitioning.Explain IsolationExplain Encapsulation
13Technical Benefits of Virtual Desktops Distributed PCCentralized SBCVMware VDIUSERAppVirtualization LayerAppsUSER OSAppAppAppAppAppAppAppUSERUSERUSERUSER`USERUSERUSERFamiliar user experienceApplications work as designedUser, app, OS and resource problems isolatedCentralised managementServer-class hardwareSecure data and applicationsHow do virtual desktops benefit compared to alternative desktop approaches?[Click] Desktop PCs are good in many ways:- Familiar and little training required- Flexible in allowing user access to customise- Most end-user applications are designed for desktop operating systems (such as XP or Vista)- Isolated, in that any operations or failures on one PC do not typically affect other users.But there are disadvantages:- The PCs are difficult to manage and secure;- Users are tied to specific devices and locations;- Difficult to support remotely- Difficult to provision new desktops or upgrade[Click] Server based computing is also good – we like server based computing.In SBC the applications are centralised:- Centralized management- Server-class h/w- Data centre security.Disadvantages come from the architecture of legacy technologies for SBC. Traditionally a single server operating system is used to host multiple users and multiple applications.[Click] The terminal server must be locked-down to the point of be unfamiliar and difficult to use. Applications are not typically designed for multi-user operation: many conflict when multiple users try to run the same application and some will not work in this mode at all. If a user creates a problem such as overusing CPU or crashing the system, all users are affected. Because of these difficulties legacy SBC cannot usually be implemented for all users and all applications, which leaves a combination of distributed PCs and SBC – the worst of both worlds. If this animation gets too annoying a click will remove PC and SBC tiles.[Click] VMware VDI runs desktops in the data centre. This gives the management and security benefits of centralising and still provides each user with a unique isolated desktop, familiar to the end user and able to run applications and systems management tools – because it is still a desktop operating system.Slide animation shows that VMware VDI architecture is a much more stable platform for the user sessions and applications. If this animation gets too annoying a click will remove PC and SBC tiles.In addition there are benefits unique to virtual desktops, such as the ease and speed of provisioning new desktops.All of the PC and SBC benefitsFlexible provisioning and backup
14Technical Benefits of Virtual Desktops VMware VDIVMware VDIIsolation & PartitioningApplications work as designedFaults are isolated to the VMFamiliar PC experienceCentralized HostingSecure data, applications and operating systemsGrant and revoke access over the networkVirtualizedSimple clone, backup and restore of VMsSuspend/Resume and power optionsUSERAppVirtualization LayerAppsUSER OSAll of the PC and SBC benefitsFlexible provisioning and backup
15VMware VDI Infrastructure Overview ClientsData centreVMware VI3 PlatformHosted virtual desktopsVMware VDM 2Manages connection from client to hosted desktop.Internet AccessDMZVMware VDI is built on virtual desktops running on the VMware VI3 platform. This can include the many advanced features of VI3, such as VMHA, DRS and VMotion.[Click]VMware VDM is a component of VMware VDI which is installed on servers (or virtual servers) in the data centre.VMware VDM connects clients to the virtual desktops. This process is generically known as connection brokering. The logic controlling which virtual desktop a client should connect to is handled by VMware VDM. This makes the process of connecting to VMware VDI simple for the end user and tightly controlled for the IT administrator.VMware VDM is integrated with Active Directory. Users are able to authenticate to VMware VDM using the same credentials used to logon to a physical PC in the corporate domain. There is no complex configuration to setup this integration and all user accounts remain in the Active Directory. This means that there is no need to change standard procedures for creating passwords, setting permissions or resetting passwords (i.e. no need to re-train the helpdesk). When the user has authenticated they will be seamlessly logged on to the virtual desktop, this is called single sign-on (SSO).VMware VDM is tightly integrated with VMware VirtualCenter. VDM is able to interact with VirtualCenter to control the VI3 platform. For example VDM can suspend a virtual desktop if a user logs off and resume the desktop when the user reconnects. VMware VDM is able to create new virtual desktops from template on-demand and then delete the virtual desktop when it is no longer required.VMware VDM 2 can be configured across a DMZ to provide secure access from un-trusted networks (such as the Internet). The VDM Security Server can be installed in the DMZ, isolated from the internal network, and proxy connections to the VDM Connection Server. The VDM Security Server also encrypts the data stream between the virtual desktops and the clients so that users can securely access sensitive data. The data itself never leaves the data centre.VMware VDI includes VMware VDM 2, VMware VI3 and VMware VirtualCenter.VMware VirtualCenterVDM manages the VI3 platformActive Directory
16Agenda Challenges of Desktop PC The VMware Desktop Solution VMware VDI Product UpdateNext Steps, Questions & AnswersA presentation of key features of VDM will follow.
17VMware VDM Individual Desktops Individual UsersIndividual DesktopsUnique Virtual MachinesUser gets a dedicated desktopVM is only ever assigned to single user‘Power user’ use caseUnique VM configurationUnique resource allocationsOften admin privilegesThere are three types of desktop assignment in VMware VDM 2.Individual Desktops:This is a static relationship between a user and a specific virtual desktop. This can be a good configuration for power users, where the desktop is specifically configured for a particular user. This can include specific applications, data access and resource (e.g. RAM) allocations. Individual Desktops give a high degree of customization for the user.
18VMware VDM Non-Persistent Pools Non-Persistent DesktopIdentical Virtual MachinesGroup of UsersSimple entitlement schemeCloned from same templateDesktop allocation to any desktop in poolDesktop returned to pool for re-allocation‘Standardised user’ use caseCommon VM configurationCommon resource allocationsCould be locked downEfficient use of VMsNon-Persistent Pools:The non-persistent pool also contains multiple hosted virtual desktops, which are initially identical and cloned from the same template. The VDM Connection Server will allocate entitled users to a virtual desktop from the non-persistent pool, on request. This allocation is not retained when the user logs off the desktop and the virtual desktop is placed back into the non-persistent pool for re-allocation to other entitled users. When the user logs on to the non-persistent pool on subsequent occasions, the VDM Connection Server will connect the user to any virtual desktop in the non-persistent pool [Click].Non-Persistent Pools provide the most efficient many-2-many configuration. Simple automated mechanisms for cloning and deploying the virtual desktops reduce initial effort and the virtual desktops are re-used by many different users. Non-Persistent Pools are a good solution for hoteling shift workers.
19VMware VDM Non-Persistent Pools Non-Persistent DesktopIdentical Virtual MachinesGroup of UsersSimple entitlement schemeCloned from same templateDesktop allocation to any desktop in poolDesktop returned to pool for re-allocation‘Standardised user’ use caseCommon VM configurationCommon resource allocationsCould be locked downEfficient use of VMsNon-Persistent Pools:The non-persistent pool also contains multiple hosted virtual desktops, which are initially identical and cloned from the same template. The VDM Connection Server will allocate entitled users to a virtual desktop from the non-persistent pool, on request. This allocation is not retained when the user logs off the desktop and the virtual desktop is placed back into the non-persistent pool for re-allocation to other entitled users. When the user logs on to the non-persistent pool on subsequent occasions, the VDM Connection Server will connect the user to any virtual desktop in the non-persistent pool [Click].Non-Persistent Pools provide the most efficient many-2-many configuration. Simple automated mechanisms for cloning and deploying the virtual desktops reduce initial effort and the virtual desktops are re-used by many different users. Non-Persistent Pools are a good solution for hoteling shift workers.
20VMware VDM Persistent Pools Configurable Virtual MachinesGroup of UsersPersistent DesktopSimple entitlement schemeCloned from same templateDesktop allocation to any desktop in poolDedicated desktop for subsequent connections‘Knowledge user’ use caseSimple to configure, provision and maintainRich user experienceUser can personalizePersistent Pools:The persistent pool contains multiple hosted virtual desktops, which are initially identical and cloned from the same template. This is typically a many-2-many relationship. When a group of users is entitled to the persistent pool, every user in the group is entitled to any of the virtual desktops in the pool. The VDM Connection Server will allocate users to a virtual desktop, as requested. This allocation is retained for subsequent connections. When the user connects to the persistent pool on subsequent occasions, the VDM Connection Server will connect the user to the same virtual desktop that they were initially allocated.Persistent Pools provide a simple automated mechanism for initial cloning and deployment of the virtual desktops but allows the users to customize their desktop in a personal way. The initial administration effort is less than with Individual Desktops, because only a single template and entitlement is required to provision a virtual desktop for every user in a large group.
21VMware VDM Provisioning and Management Pool of VMs based on single template“We could provide a workstation to any client, in any seat, at any office in the world… in just 8 minutes.”Frank Sabatelli Director of Virtual Technology InfrastructureVMware VDMAutomated provisioning from clonesSuspend, power down, reboot or delete on logoffTemplateVMware VirtualCenterResume, power on or clone from template on re-connectVDM and VirtualCenter are integrated and can automate many management task of the virtual desktop infrastructure.For example, [Click] VDM can recognise when there are no desktops available for users and dynamically create new desktops in a pool by cloning templates. This functionality is configured in advance.When the green user logs of from the system [click] VDM can suspend the desktop to conserve system resources. [Click] and when the user reconnects, VDM is able to resume the desktop on demand. This gives a true concurrency model, which means hard ware and some software licensing can be scaled to concurrent usage.
22VMware VDM Feature Overview Automated provisioning and desktop managementSSL encryption of connectionsUSB redirectionActive Directory and SecurID integrationHigh availability and scalableDMZ supportWindows, MAC, Linux, Thin Client supportIntegrated with VMware VI3Here is a summery of some key features of VDM 2.
23VMware VDI Summary VMware VDI Solution VMware VDI Benefits Centralise Desktop ManagementProvide Access over the NetworkFamiliar PC ExperienceVMware VDI BenefitsReduce Desktop CostsIncrease Desktop SecurityIncreased Desktop ManagementIncreased User Flexibility
24Market View of VMware VDI “Virtualization is the most important technology to hit the corporate PC space since the thin client.”Forrester “Desktop Virtualization is the Future of the Corporate PC”, January 5, 2006“It's [VDI] really become our new model for doing desktop deployment. If a user doesn‘t demand they need a desktop, we're giving them a hosted desktop, and the users love it.”David Siles Chief Technology Officer Kane County GovernmentSome testimonials.“From which vendors do you plan to purchase thin client/desktop virtualization technology from over the next 6-12 months? (please indicate all that apply) “Answer: VMware 58%, Citrix 16%, HP 7%, Microsoft 6%, Not applicable / Unsure 14%Source: Merrill Lynch CIO Survey, April 2007