How to fail or succeed with desktop virtualization and workspace mobility

How To Fail Or Succeed With Desktop Virtualization &
Workplace Mobility

Introduction

Denis Gundarev @fdwl, Entisys Solutions

Denis Gundarev

C:>whoami /all
USER INFORMATION
---------------User Name

Twitter

E-Mail

============== ============ ==================
ENTISYSdenisg @fdwl

DenisG@entisys.com

GROUP INFORMATION
----------------Group Name

Type

SID

====================================== ================ =================
BUILTINGeeks

Mandatory group

COMMUNITYBay Area Citrix User Group

Well-known group S-1-5-32-544

S-1-5-32-540

CITRIXTechnology Professional


COMPTIACloud Subject Matter Expert


TRAINERMicrosoft Certified Trainer


TRAINERCitrix Certified Instructor


My Background

Customer

19%

Vendor

6%

56%

Independent

19%

Partner

Who are you?

• Consultant? Decision maker?
Vendor? Developer?
• How many years you are in
Desktop Virtualization?

Agenda
9:00 AM
9:15 AM
10:05 AM
10:30 AM
10:45 AM
11:10 AM
12:00 PM
1:00 PM
1:45 PM
2:20 PM
3:00 PM
3:15 PM
3:45 PM
4:15 PM

9:15 AM Introduction
10:05 AM Evolution of server-based computing. Where did VDI come from?
10:30 AM Desktop Virtualization & Workplace Mobility: state of the union.
10:45 AM Break
11:10 AM Desktop Virtualization & Workplace Mobility: state of the union.
12:00 PM Desktop virtualization internals: Protocols, layering and isolation
1:00 PM Lunch
1:45 PM Application virtualization and user profiles, how does it work?
2:20 PM What happens when techonology meets marketing?
Technical and business barriers in adopting Desktop Virtualization & Workplace Mobility
3:00 PM solutions.
3:15 PM Break
3:45 PM Effects of underestimating or overcommitting hardware, storage and network resources.
Samsung sponsored Q&A panel session on zero client technology with Samsung's Sr.
4:15 PM Product Manager Greg Spence and special panel guest David Unangst of Teradici
4:30 PM Conclusions and Recommendations

This Workshop Is Not About…

• Server virtualization
• But we will cover this important topic

• Managing your cell phone and iPad
• You can be mobile even at your desk.

• How to reduce Capex and/or Opex
• Best way to save money is to stop spending them on useless stuff
• Check “How to lie with cost models” article by Brian Madden
http://bit.ly/TCOLie

• How to deploy and manage specific products
• RTFM
• But expect to hear tips and tricks from the real life

But At The End You Will Know…

•
•
•
•
•
•
•

What is Desktop Virtualization
How stuff works
Market landscape
Technology vs. marketing slogans.
Why projects are failing
Which pieces are most important in a proper sizing
How Desktop Virtualization can help you even if you
don’t need it
• How to fix your applications and finally get rid of
Windows XP

Disclaimer

•
•
•
•
•

I love Desktop Virtualization
I will try to not scare you of DV
Vendor neutral
Not a DV propaganda
My opinions are my own. I do not represent
my company or anyone else in this
presentation

Basics
• Desktop Virtualization
• Separates the computing platform (OS) from the client device (with
exceptions)
• One of the enablers of Workspace Mobility
• There is no universal solution, but many choices
• May be complemented by other types of the virtualization

STAY CONNECTED

•
•
•
•
•
•

#Interop
j.mp/DeskVirt
@fdwl
j.mp/fdwl
denisg@entisys.com
www.entisys.com

How To Fail Or Succeed With Desktop
Virtualization & Workplace Mobility
Evolution of Server-Based Computing.
Where Did VDI Come From?

History of Desktop Virtualization

1975
• Microsoft was founded in Albuquerque
• dnd, the first video game that includes a boss was released

1989
• Citrus Systems was founded by frustrated IBMers
• Prince of Persia was released

90’s

1991 – Citrix ships MULTIUSER for OS/2
1992 – Microsoft releases Windows 3.1 and not
very interested in equipping its high-end operating
system with multiple-user features like UNIX.
1992 – Citrix signed licensing agreement with
Microsoft for Windows NT Server
1993 – WinView for Networks shipped
1994 – TCP/IP support was added to Citrix
WinView

90’s

1996 – Anatoliy Panasyuk of Datapac (Australia)
playing with Transparent Windows Interface Seamless Windows – Implemented in MetaFrame
3 years later
1997 – pcANYWHERE for Windows 3.1 was
released
1997 – First version of Virtual PC for Macintosh
platform was released by Connectix
1998 – Windows NT 4.0 Server, Terminal Server
Edition (code name ―Hydra‖)

1998
• VMware founded in Palo Alto, California
• Valve released Half-Life

2000’s

2000 – Windows 2000 (with terminal services
built-in)
2001 (June) – Virtual PC for Windows was
released
2001 (July) – VMware ESX 1.0 (Elastic Sky
X) and VMware GSX 1.0 (Ground Storm X)
released
2002 – NT 4 TSE Security Roll-Up Package is
available
2003 – First release of open-source Xen
2003 – Microsoft acquired Connectix
2003 – EMC acquired VMware

Acquisitions

2003 – Connectix,
PlaceWare
2006 – Softricity,
AssetMetrix, AlohaBob PC
relocator
2008 – Calista, Kidaro
2012 - PhoneFactor

2003 – Expertcity (GoTo)
2004 – Net6
2005 – NetScaler
2006 – Reflectant,
Ardence
2007 – XenSource,
2008 –
AuremasepagoProfile
2011 – Kaviza,
RingCube, ShareFile,
App-DNA, Virtual
Computer, Zenprise

2007 – Propero
Software
2008 – Tungsten
Graphics, Thinstall
2010 – RTO Software
2011 – NeoAccel
(SSLVPN Plus)
2012 – Nicira, Wanova
2013 – Virsto

VDI Timeline 2006-2009

June
May
October
Desktop Broker
for Citrix
Presentation
Server

2006

Microsoft general
manager for
virtualization
strategy "surprised"
that IT are so eager
to virtualize their
desktops
(http://bit.ly/MSSur
prised)

Windows
Server2008 R2 vith
live migration, RD
Virtualization
RemoteFX

May
XenDesktop
2.0

February
VDM 2.0

November

December
View 3.0

XenDesktop 4

2009

2008

2007

November

April

February

September

February

November

VMware
demoing VDI
connection
Broker
VMware VDI
Alliance

Desktop
Server
1.0

Windows 2008
with Hyper-V
and RemoteApp

XenDesktop
2.1

XenDesktop
3.0

View 4.0

No VDI

June
VDM
2.1

May
XenDesktop
3.0 FP 1

VDI Timeline 2010-2013

September
July

March

XenDeskto
p 4 SP1

March
XenDesktop
4 FP1

XenDesktop
5.6

December

September

XenDesktop
5

View 5.0

2010

June

September

Windows Server
2012/Windows 8
Major Hyper-V
updates, Client
Hyper-V, User
personalization

Windows Server
2012 R2/Windows
8.1
Hyper-V updates,
RemoteFX updates

XenDesktop 5.6
FP1
2013

2012

2011

February
August

View 4.6

August

March

June

XenDesktop
5.5

XenClient
became a part
of XenDesktop

View 5.2

XenDesktop 7

May
September
View 4.5

View
5.1

History in short

• Citrix turned Windows in to a multi-user operating
system and became a leader in Server Based
Computing in Windows world
• VMware became a leader in server virtualization
• In 2005-2006 term VDI was introduced, which may be
considered as a hybrid of SBC and server virtualization
• Both Citrix and VMWare was playing like kids in 1st
grade, but became older
• Microsoft is slow in adopting new ideas, in fact there is
no releases between operating system releases

Trends
•
•
•
•
•
•

Migrating old workstations to the datacenter
Using blade PCs
Moving to cheaper thin clients
VDI started as an alternative to terminal services
Users became mobile
Lack of technical benefits of VDI was compensated by a ―lower
TCO‖ speech
• VDI supposed to make OS migration easier

VDI Expectations

Source: Gartner’s Chris Wolf (http://bit.ly/VDITrends)

VDI Adoption

Source: Gartner’s Chris Wolf (http://bit.ly/VDITrends)

VDI Adoption

Source : Forrester (http://bit.ly/VDIForrester)

VDI Adoption
• According to Simon Bramfitt from Entelechy Associates, 55% of the
companies have VDI in test environments (http://bit.ly/VDIinTest)
• In report prepared by Jeroen van de Kamp and Ruben Spruijt from
Project Virtual Reality Check, The majority of people (31,91%) is
using VDI in pre-production, or early production (34,92%).
(http://bit.ly/VDI2013)
• By 2016 30% of large organizations will have deployed HVDs to
20% of their users (Gartner http://bit.ly/VDIvsPC )
• Many customers don’t realize that they actually use desktop
virtualization for years.

How Market Keep Desktop Virtualization On the Top Of the
Hype?
• Desktop-as-a-Service is here to help
•
•

Hundreds of cloud service providers
Special licensing from vendors

• VDI vendors turn to virtual desktops
•
•
•
•

Wanova
Virtual Computer
RTO Software
Application virtualization vendors

Competition

“

VDI vendors are not competing against each other. They’re competing
against the status quo. They’re competing against those pallets full of
Dells that you’ve been buying for the past twenty years
Brian Madden, ―The VDI
Delusion‖ http://bit.ly/VDIDelusion

”

Summary
• VDI is not new
• VDI started as an initiative of converting physical desktops into a VM
• In the beginning of 2009, Gartner said that Hosted Virtual Desktop
market will surpass $65 Billion in 2013 and have 49 million users
(http://bit.ly/GartnerVDI)
• All vendors made a lot of acquisitions to make their products look
more competitive

Desktop Virtualization & Workplace Mobility:
State of the Union

Desktop Virtualization Vendors

Microsoft
Remote Desktop
Virtualization Host
Server
Manager

Remote Desktop
Web Access

Remote Desktop
Connection
Broker

SQL
Database

Virtual Desktop Collection

Remote Desktop
Session Host

Remote Desktop
Gateway
Remote
Desktop
Licensing

Session Collection

XenDesktop Platinum/Horizon Suite components
Personal vDisk
Universal Print Server
Provisioning Services 7
AppDNA
XenClient
XenServer
CloudBridge
Merchandising Server
Profile Management
XenApp
Single sign-on
Smart Auditor
Horizon Workspace

VMware Workstation
VMware ThinApp
Horizon Mirage
VMware Fusion
Horizon View
VMware ESXi
VMware vCenter Server
VMware vCloud Networking and
Security
VMware Persona Management
VMware View Connection Server
VMware View Composer

Smaller desktop virtualization vendors
•
•
•
•
•
•
•
•

HTML5
Remote protocol accelerators
RDP Transcoding
Consumer-focused solutions
Competitive pricing
SaaS & Cloud
Linux
Brokering

Network optimization and management
•
•
•
•
•
•

WAN optimization
SSL VPN
Network virtualization
Isolation
Storage replication
Traffic parsing

MDM/MAM
•
•
•
•
•
•
•
•

New to the market
Sandboxing
Integration with cloud storage
BYOD
Providing APIs to third-party
SaaS
Expanding to laptops
On-premises solutions

Storage
•
•
•
•
•
•

RAM/SSD cache
Use of local storage
Storage tiers
Smart deduplication
Software-only solutions
Combining storage and server in one box

Application deployment and virtualization
•
•
•
•

Reducing IOPS
Simplification
Repackaging
Consumerization

Security
•
•
•
•

Offload antivirus to a separate VM
Micro-hypervisor
Device-less two-factor authentication
DLP

Thin Clients
•
•
•
•
•
•
•
•

―Zero‖ clients
One protocol only
Hardware decoding
Reducing cost
Alternative brokers
HDMI Sticks
Tablets
Android

Print management
• Cloud printing
• Mobile device support

User profile management
• Profile conversion
• Policy controls

Monitoring And Analytics
•
•
•
•

Analysis of VDI migration
VDI-oriented reporting
Pricing models and chargeback
Monitoring from cloud

Offline VDI
• Type 2 has more chances
• Security
• Desktop Player for Mac

Others
• Virtual GPU and GPU sharing
•

nvidia GRID

• Nested virtualization

User Population
•
•
•
•
•

Task/Shift worker
Knowledge worker
Mobile worker
High-performance worker
Guest users

Use cases
•
•
•
•
•
•
•
•
•

Remote Access
Quick provisioning
Off Shore development
Security
Consumerization/Bring Your Own Device (BYOD)
Centralized Management
Compliance
Disaster Recovery
Acquisitions

Vendor’s positions
70
60
50
40
30
20
10
0
Hypervisor

Broker

Vmware

Microsoft

Citrix

Other

Source: Project Virtual Reality Check
(http://bit.ly/VDI2013)

State of the VDI and SBC union 2013, Whitepaper from
Project Virtual Reality Check
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•

Hypervisor infrastructure used in VDI and
SBC
WAN optimization used in VDI and SBC
Unified Communications used in VDI and
SBC
Performance testing executed in VDI and
SBC
VDI Stateless - stateful virtual desktop
VDI and hypervisors
VDI and connection brokers
VDI and server configurations
VDI and antivirus
VDI and Remote Display Protocol, hardware
encoding
VDI and desktop image deployment
VDI and User Environment Management
VDI and client management
VDI and guest OS configurations
VDI and application virtualization
VDI Applications, Windows and web-based

•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•

VDI and storage
Server Based Computing (SBC) results
SBC Phase, usage, regions
SBC User types and goals
SBC and connection brokers
SBC and server configurations
SBC and antivirus
SBC and Operating System
SBC and User Environment Management
SBC Applications, Windows and web-based
SBC and storage
SBC and image deployment
Comparing VDI and SBC results
VDI versus SBC Hypervisor, server workload
VDI versus SBC WAN optimization
VDI versus SBC Unified Communications
VDI versus SBC Performance testing

•

http://bit.ly/VDI2013

Desktop Virtualization Internals:
Protocols, Layering and Isolation

Core Components

Remote Access Protocol


Core Components - Protocols


Remote Protocols
Microsoft RemoteFX
•Formerly known as
RDP
•Adaptive Graphics
(2012)
•Multi-Touch
•vGPU and GPU
sharing
•Windows clients
only
•Features tied to
Windows version
•No OpenGL

Citrix HDX
• Formerly known as
ICA
• Broad client
support
• HDX 3D Pro
• Flash and
Multimedia
Redirection
• OpenGL / DirectX
support
• Feature set is
different for
different clients

Teradici PCoIP
• UDP-only
• Offload cards are
available
• vSGA (NVIDIA
GRID)
• Limited QoS
support
• Has a new
competitor –
HTML5 blast

Protocol comparison
Phase 1: RDP7 vs RemoteFX v1 vs HDX vs HDX 3D Pro vs
PCoIP vs Quest EOP vs Ericom Blaze vs HP RGS (May
2011)
Phase 2: HDX 5.0 vs HDX 5.5 vs PCoIP 4.6 vs PCoIP 5.0
(October 2011)
Phase 3: Mobile Devices on 3G and 4G, and evaluating
RemoteFX v2 Beta (May 2012)
Phase 4: RDP 7.1 vs RDP 8 vs RemoteFX and Citrix
XenDesktop 5.6 FP1 HDX (February 2013)
Phase 5: NVIDIA GRID K2 accelerated 3D graphics HDX 3D
Pro, VMware PCoIP vSGA and Microsoft RemoteFX vGPU
(May 2013)
Phase 6: NVIDIA GRID K2 + K5000, Citrix XenDesktop 7
HDX and HDX 3D Pro, Microsoft RDP 7.1 and RDP 8, and
VMware View 5.2 vSGA (July/August 2013)

http://bit.ly/VDIProtocols

Shawn Bass
@shawnbass
shawnbass.com

Benny Tritsch
@drtritsch
drtritsch.com

WAN Emulation – The Test Setup
Epiphan
DVI2USB

USB

One-on-one connection

DVI/
HDMI

Apposite Linktropy Mini2

PC with Epiphan
recording SW
Client

Shared environment
Host

Test Applications – 2D Graphics

1

2

GDI: Microsoft WordPad
+ RTF file (2.5 MB)

GDI: Adobe Acrobat Reader 9.34
+ PDF file (2.5 MB)

Test Applications – Videos & Animation
3

5

Video: Media Player 12.0
+ WMV file (Halo, 33 MB)

6

15

Video: Quicktime Player 7.68
+ MOV file (Meat Balls, 33 MB)

7

Flash: Flash Player 10
+ Intel VT Demo

HD Flash: Flash Player 10
+ Flash Video Factory

HD Video: Media Player 12.0
+ WMV file (Speed 720, 101 MB)

9

Silverlight:
Silverlight Photo Gallery

Test Applications – 3D Graphics
8

20

WPF: MeediOS

22

DirectX 9: Rollercoaster
by Emil Persson, aka Humus

21

OpenGL (SW): eDrawings
SolidWorks Seascooter

23

OpenGL (HW): Cloth

24

DirectX 9: Google Earth

DirectX 10: Custom Resolve

Test Applications – User Experience
10

11

Flash: Whack-A-Mole

HTML5: Fishbowl

Video Recordings Post-Processing
Raw AVI video
Full resolution, 60fps max.
ffdshow MS MPEG4 v2
One pass - quality, 99%

WMV Video
4-Up Split Screen
512 x 384
Silverlight Player
VC-1 Advanced
by J. Gorzas, Sense GmbH
Fixed bitrate 1045 Kbps

Microsoft
Expression Encoder

SPHtmlGenerator

Network Emulation Settings
Description

Bandwidth

Latency

Packet Loss

LAN

100Mb/s

0ms

0%

Within continent, slow 500Kb/s

50ms

0.01%

Within
continent, medium

2Mb/s

50ms

0.01%

Within
continent, medium, Cl 2Mb/s
oud

50ms

2%

Within continent,
fast

8Mb/s

50ms

0.01%

Across continents,
medium

2Mb/s

200ms

0.01%

Across continents,
fast

8Mb/s

200ms

0.01%

Across continents,
very fast, Cloud

12Mb/s

300ms

1%

Core Components –Virtualization and Layers

Core Components –Virtualization and Layers

User Data
Applications
Operating System
Hardware

Operating System Layers

User Data
Applications
Operating System
Hardware

Operating System Layers

User Files

User Settings

User Apps

Corporate Apps

Applications

Operating System
Hardware

What Is Layering?
• Way to define a container that contains relevant registry keys and
files
• Not possible on a block level
• Application deployment ≠ application layering
• OS deployment ≠ OS layering

Why Layering Is Good?
• Manage each layer separately
• User data stored separately, making backup easy
• OS and App layers can be generalized and shared between
instances
• Rollback each layer independently
• Great for non-persistent deployments

Layers In A Real Life
•
•
•
•
•
•

Difficult to separate User Data from User Settings
Per-app user settings are merged in a user profile
Layering adding a performance overhead
Number of golden images grow
Complexity
Say good bye to your desktop management experience

Pros of persistent desktops

One-to-one
Your
helpdesk
know what
to do
Performance

Familiar
management
tools

Users get what
they expect

SCCM, Altiri
s, Ghost, La
nDesk

Users store
their files in
weird
locations

Cons of persistent desktops

One-to-one

Familiar
management
tools

Users get what
they expect

Best way to
make your
storage
vendor
happy

Each
instance
managed
individually

Users can
ruin your
environment

Pros of non-persistent desktops

Less storage

New ways to
manage your
images

Locked-down
desktops

Share
your
golden
image

Ideally
one
golden
image

Just
reboot
for
refresh

Cons of non-persistent desktops

Less storage

New ways to
manage your
images

Locked-down
desktops

Harder to
manage IOPS

Old
management
tools doesn’t
work
App
virtualization is
required

No
personalization

Thin clones

Clones Linked to the master

Master

Non-persistent Thin clones

Snapshot on start

Clones Linked to the master

Master

Thin clones with identity disks
Virtual Machine Identity

Clones Linked to the master, deleted after reboot

Master

Thin clones with identity disks and per-user data disk
Per-user virtual disk

Virtual Machine Identity

Clones Linked to the master, deleted after reboot

Master

Solutions
Non-persistent:
– Citrix Provisioning Services
– Citrix Machine Creation Services
– VMware Linked Clones

Persistent
– Full clones
– Citrix Personal vDisk

VMware Linked Clones

The OS delta disk
An optional disk for
each user’s profile

The base image

The baseline for linkedclone desktops

Full clone
virtual machine

linked
clone

OS disk

Persistent disk

Disposable disk
parent
virtual
machine

snapshot

replica

An optional disk
for paging and
temp files

OS disk

VMware View specific
Persistent is more possible.
Limited support for storage tiers

linked
clone

desktop pool

Persistent disk

Disposable disk

Citrix Machine Creation Services

1

2

3

4

5
hypervisor

Base

ID

ID

ID

ID

ID

DIFF

DIFF

DIFF

DIFF

DIFF
storage

Application Virtualization and User Profiles,
How Does it Work?


What is Application Virtualization?
• Application is executed inside the sandbox
isolated from operating system
• Improves security (isolates insecurity)
• Eliminate application conflicts

Package

Deliver

Execute

Every time you disable UAC…

Steve Ballmer kills a kitten

Please, think of the kittens

Every time you:
• Modifying ACLs on Program Files
or HKLM
• Making user a local admin
• Just give users SeBackup,
SeRestore, SeCreateGlobal and
SeLoadDriver privileges, but
keep them as standard users

Application Virtualization
Example

Application Isolation Environments
Was introduced in MetaFrame Presentation Server 4.0
(2005)
Virtualization layer that redirects system resources
Virtualizes:
– File system
– Registry
– Named objects (events, semaphores, etc)

Transparent to the application
Was a great compatibility aid for:
– Applications which are not multi user friendly
– Applications which have problems coexisting on the same server
– Applications that cannot have multiple instances running
simultaneously

Isolation Environment Roots
Specifies directories and registry locations
User Profile Root
– Changes made by the user reside here
– Suitable for Multi-user
incompatible applications

Installation Root
– Per Isolation environment location
– Enables conflicting applications to coexist

Isolation Environment Rules

• Three types of Rules:
• Ignore
• Redirect
• Isolate

Isolation Environment: IGNORE Rule
Used to create ―holes‖ in an isolation environment
Virtual address is not modified by the virtualization
system
Used to allow access outside of the isolation
environment

Isolation Environment: REDIRECT Rule
Redirects an application request for a file or registry
key to a specified location
– If an application creates the file, c:tempdata.txt, regardless of the
user, then it might be sensible to redirect those files to
c:aietemp%USERNAME%
– This means, if UserA ran the application isolated, then
c:tempdata.txt is created in c:aietempUserAdata.txt

Isolation Environment: ISOLATE Rule
Per User:
– Ensure that each user gets his own copy of the requested resource

Per Isolation Environment:
– A single copy of the required system resource is created in the
installation root location and shared by all users

Application Streaming
Introduced in Citrix Presentation Server 4.5 (2007)
Added delivery mechanism to AIE
Had 6 major releases before being deprecated in
2013
Still available with XenApp 6.5 and XenDesktop 5.6
Completely removed in XenDesktop 7

Internals

How it works
Two main components of Application Virtualization:
– Isolation/Redirection
– Delivery mechanism

Optional features:
–
–
–
–

File type associations and OS integration
Rights Management and usage tracking
Packaging
Shareable sandboxes

File I/O Redirection options
API Hooking
– at USER or Kernel Level
• Hooking CreateFile, OpenFile, DeleteFile, NtCreateFile,
NtOpenFile, NtDeleteFile etc
• Hooking into System Service Descriptor Table (SSDT)

File System Filter Driver or Mini-Filter
– Write file system driver to redirect virtualized file requests.

Registry Redirection Options
API Hooking at USER Level
– Hooking advapi32.dll - RegCreateKeyEx, RegDeleteKeyEx etc
– Hooking Ntdll.dll – NtCreateKey, NtDeleteKey etc

API Hooking at Kernel Level
– Hooking SSDT – NtCreateKey, NtDeleteKey etc

Vendors

Application Virtualization Products
Microsoft App-V
VMware ThinApp
CloudVolumes
Symantec/Altiris SVS
Spoon (Novell ZENworks)
Numecent Jukebox
FSLogix
Sandboxie
Microsoft Windows

Microsoft App-V
Version 2.0 was released in 2002 by Softricity
~8 major and ~50 minor releases before App-V 5.0
App-V 5.0 is completely rewritten and released in
2012
Available as a part of MDOP under SA

App-V 5.0 Cons
Requires SA
User-level apps only
Cannot virtualize drivers
Cannot isolate applications that are a part of the OS

App-V Pros
Tons of information on Internet
Huge user community
Integration with System Center
Integration with XenDesktop
Managed by PowerShell

VMware ThinApp
Uses user-mode hooks
Application packaging solution, just like
PortableApps.com
Emulates Windows COM and DCOM
Supports Streaming Execution (SMB/CIFS) and
Deployed Execution (i.e. USB)
Does not support installed Apps
No centralized management (for standalone product)
End of availability (―EOA‖) of VMware ThinApp, effective
on December 15, 2013. After that will be available only
as a part of View or Horizon

CloudVolumes
AppStack – basically a VHD or VMDK attached to a
VM
Web-based management console that communicates
with hypervisor
Full support for server software
Available Now: VMware ESX 5.0, 5.1, Coming
soon… HyperV, Azure, Amazon EC2

CloudVolumes pros
Server software support
No streaming or any other delivery mechanism
Combination of file system minifilters and a service
Text file-driven configuration
Storage tiers on the hypervisor layer
Per-machine or per-user assignments
No packaging process

CloudVolumes cons
Works with virtual workloads only
Came out of stealth mode in 2013
Text file-driven configuration

Symantec/Altiris SVS
Now called Symantec Workspace Virtualization
Kernel-level hooks
Umanaged computers support
Application license management
Best in class integration with OS

Spoon
Formerly Xenocode
Web portal for app access
Desktop integration
Works over HTTP/HTTPS
License management
Available as SaaS offering
Server software support
Auditing
Support for installed applications
Application snapshots

Numecent Jukebox
HTTP-based streaming
Encrypted cache
Virtualized File System
DRM and license control
OPSWAT integration
Kernel-level file system driver
Web portal for user access
Currently targeted for ISVs and MSP
No publicly available demos or code

Numecent Jukebox
Patents:
• Software streaming system and method
• Intelligent Network Streaming and Execution
System for Conventionally Coded Applications
• Rule-based application access management
• Opportunistic block transmission with time
constraints
• Deriving component statistics for a stream
enabled application

FSLogix
AIE:Ressurection
Came out of stealth mode about in July 2013
No streaming, no packaging
Combination of file system minifilter and user-level
hooks
Support changes in a realtime
Text-file based configs with a GUI editor

Sandboxie
• Isolated sandboxes for applications
• Virtualizes Files, Disk Devices, Registry Keys,
Process and Thread objects, Driver objects, and
objects used for Inter-process communication:
Named Pipes and Mailbox Objects, Events,
Mutexs (Mutants in NT speak), Semaphores,
Sections and LPC Ports
• Not designed for VDI
• Not designed for Enterprise
• Developed by one person

Microsoft Windows
• UAC Virtualization is available out of the box
• Application compatibility toolkit can be used to
manage folder and registry redirection
• No additional software needed

What Are Shims?
Applied to specific apps
– Configured with Compatibility Administrator in the App Compat
Toolkit
– Deployable to enterprise

Changes what the app thinks it sees
Does not change what app is allowed to do

What Are Shims Good For?
Great for many kinds of bugs:
–
–
–
–
–
–

Bad Windows version checks
Writing to HKCR at runtime
Unnecessary checks for ―am I admin?‖
Writing to WRP-protected keys and files
Windows thinks your app is an installer
File/Registry redirections

Version Lie Shims
Win95VersionLie
WinNT4SP5VersionLie
Win98VersionLie
Win2000VersionLie
Win2000SP1VersionLie
WinXPVersionLie

WinXPSP1VersionLie
WinXPSP2VersionLie
Win2K3RTMVersionLie
Win2K3SP1VersionLie
VistaRTMVersionLie
VistaSP1VersionLie
VistaSP2VersionLie
Win7RTMVersionLie

Most Used Shims
VirtualRegistry
– Fixes the problem with
reading/writing registry value
– AddRedirect ( HKLMKey ^
HKCUKey ^ HKLMKey2 ^
HKCUKey2)

CorrectFilePaths
– Fixes the problem with
reading/writing a file
– c:Program.ini=
%AppData%Program.ini

WRPRegDeleteKey
– Lie when app tries to delete
protected OS registry key

ForceAdminAccess
– Spoofs queries of administrator
group membership

VirtualizeDeleteFile
– Spoofs deletion of global file

LocalMappedObject
– Forces global section objects
into user’s namespace

VirtualizeHKCRLite,
VirtualizeRegisterTypeLib
– Redirects global registration of
COM objects

Conclusion
There are many vendors on the market
If you care about App compatibility, take a look at
simple solutions
Consider using SaaS-based services
Check the Application Virtualization Smackdown from
Ruben Spruijt
– http://www.pqr.com
– 61 pages cover major vendors on the market


What Happens When Technology Meets Marketing?

Security
•
•
•
•
•

Desktop Virtualization ≠ secure environment
Non-persistent VM = disposable gloves for hacker
Non-persistent VM ≠ Virus Protection
SSL ≠ Secure connection
Disabled clipboard+disabled drive mapping ≠ DLP

―

Horizon View offers ease of management along with a secure,
robust architecture, and the ability to offer end users the freedom
and choice they need to be productive. In comparing VDI and
sessions, VDI offers the following advantages over sessions:
• Eliminates application-compatibility issues
• User or OS resets do not impact other users (sessions require
resetting entire server)
• Provides better native-application compatibility
• Eliminates application-to-application conflicts in a multi-session
Environment
• Applications do not have to be written with TS or RDSH in mind
(i.e., desktop applications are supported)

‖

Source: VMware (http://bit.ly/ViewVsRDS2012

Application compatibility
• Most of the appcompat issues caused by
migration to the new OS generation
• Windows OS is stable
• Windows Client is not much more stable than
Windows Server
• Applications that work on Windows 7 in 99% of
cases will normally work on Windows Server
• Virtualization is not a solution, it’s workaround

The Last Argument
In Favor Of RDSH

The Last Argument
In Favor Of VDI

• Use any desktop, optimized thin client, or BYO
device
• High definition user experience with HDX
technology
•
•
•

The best HD experience, even in low-bandwidth or high-latency
environments
Real-time voice and video collaboration
3D professional graphics support

Source: http://support.citrix.com/article/CTX132038

Microsoft Virtualization Products
A comprehensive set of virtualization products, from the data center to the desktop
Assets – both virtual and physical – are managed from a single platform

• Monolithic hypervisor
– Simpler than a modern kernel, but
still complex
– Contains its own drivers model

VM 1
(“Admin”)

VM 2

VM 3

• Microkernelized
hypervisor
– Simple partitioning functionality
– Increase reliability and minimize
TCB
– No third-party code
– Drivers run within guests

VM 1
(“Parent”)
Virt
Stack

Hypervisor

Drivers
Drivers
Drivers

VM 2
(“Child”)

VM 3
(“Child”)

Drivers
Drivers
Drivers

Drivers
Drivers
Drivers

Drivers
Drivers
Drivers
Hypervisor
Hardware

Hardware

VMware ESX Approach

Hyper-V Approach

Microkernelized Hypervisor has an inherently secure architecture with
minimal attack surface

151

Side-by-side Feature and Cost Comparison
5 Virtualized Hosts (US$)

$61,400
―We saw that Hyper-V did
everything we needed and was far
more cost-effective than VMware,
which costs about $6,300 per
server more than Hyper-V.‖
—Nicholas Merton,
IT Support, Maxol

$21.4K
Included

$9.4K

Horizon Suite Versus The Competition
Physical
Desktop
Management

Virtual
Desktops

Multi-device
Workspace

Citrix

153

Confidential

Horizon Suite Components Versus Citrix Piece-meal Approach
Horizon Suite

Citrix CloudGateway, ShareFile,
XenDesktop, Access Gateway

Extensible and flexible platform

Citrix purchases piece parts with a long road
to integration

100% on premise file sharing solution in
addition to offering a cloud solution

ShareFile only offers data on premise.
Application is still hosted by sharefile.com

Desktop Layering, Migration, and Desktop
Backup and Recovery

None

Tight integration and similar management
experience as vSphere

No specific integration with vSphere

Android-dual persona

None

And best of all – It’s a suite!

Citrix requires purchase of CloudGateway,
XenDesktop, ShareFile, and Netscaler
Access Gateway

Horizon Suite is an integrated mobile workforce platform built by the leader
in virtualization and cloud computing; built for today and for the future.
Citrix offers non integrated tools purchased from various vendors without
the future needs of end user computing in mind.
154

Confidential

Kahuna Burger Platinum Suite

155

Confidential

Thin/Zero clients
• Aren’t cheap
•

Don’t forget about servers

• Not a virus protection
•

You still running Windows in a VM

• Maintenance is still required
•

New firmware/clients

• 10 years lifetime
•

What’s wrong with your original iPhone?

• Always a compromise
•

Thinner = less functional

Alternative to thin client
• Windows Thin PC - based
•
•
•

For those who has SA, otherwise use your Windows
Norscale Transformer
ThinScale ThinKiosk

• Linux-Based
•
•
•

Stratodesk NoTouch Desktop
DevonIT VDI Blaster
Thinstation

Technical and Business Barriers in Adopting Desktop
Virtualization & Workplace Mobility Solutions


Windows is not designed for your toys

New skillset is required
Managing non-persistent images
Application packaging
Storage requirements are different
Server virtualization skills is not your happy ticket

Microsoft Licensing
Licensing Windows SA, VDA, and CSL
Primary work device?

No

(regardless of ownership
and location)

Primary User of
SA/VDA licensed device?

Yes

Corp owned?

On Premises?

No

No

Yes
Yes

No

Yes

x86/x64 PC
(w/ Qualifying OS)

Other
(Thin Client, iOS,
Windows RT)

x86/x64 PC
(w/ Qualifying OS)

Windows RT
(No License Required
for VDI)

Other
(iOS, Android, etc)

VDA
CSL
SA

Any Device
(Roaming Rights: No
License Required)

Lack of proper testing
5 users from IT?
20 contractors?
PoC kits

Sizing
Using vendor-provided numbers
Guessing
Buying hardware first

Wrong Use Cases
•
•
•
•
•
•
•

Desktop virtualization is hot 
Windows 7 migration
Offline use
Desktop refresh
Security
Reducing costs
Access from iPad

Internal issues
Server admins vs. desktop admins
CXO vs. CXO
―I tried this 10 years ago, it didn’t work‖
―My dealer said that Honda is better than Ford, I trust
him‖
Users don’t want changes

Storage
Files

NTFS
.VMDK/.VHD
VMFS
ZFS

Disk

Shared vs Persistent

Shared

Local

Server Failure

Server Failure

• Couple of sessions
lost

lost

Storage Failure

Storage failure

• All sessions lost

lost

Storage
•
•
•
•
•

Your file server will not work
Use local storage
Use specialized solutions
Ignore ―maximum IOPS‖ from vendor
Measure
•

•
•

IOmeter

Remember about CIFS stores for profiles/apps
Learn how it works
•
•
•
•

ProjectVRC – www.projectvrc.com
VDI + Storage = Deep Impact – http://bit.ly/fOUZ8i
Jim Moyle Windows 7 IOPS - http://bit.ly/nvDLcr
Shawn Bass XenApp IOPS - http://bit.ly/xFRw7d

Servers
• Choose right form factor
•
•

• N+?

Will you use local storage?
GPU/PCoIP offload

CPU/Memory
• When moving user from 5-years old desktop to a
VM, don’t make things even worse
•
•
•

512Mb per VM is a wrong idea
10 VMs per core is a wrong idea
Ballooning is a bad idea

• Measure utilization first
•

Fix it before moving to VDI

• Remember about antivirus

Network
Remote Desktop should be responsive
Rich Graphics/Audio consume bandwidth
Use ―Smart‖ load balacers
Test WAN optimization
Plan gateways

Guide to Desktop Virtualization

Phase 1

Buy
Platinum
edition

Phase 2

Phase 3

?

Profit

Plan
•
•
•
•
•
•

Identify goals
Identify use cases
Separate desktop virtualization from OS migration
Measure current utilization
Categorize users
Categorize applications

Vendor selection
•
•
•
•
•

You should know what you need
You should know what you don’t need now
Check independent bloggers
Understand the technology
Check their blog, they may run out business
already

Analyze features
• Don’t buy premium editions with features that you
can’t use right now
•
•

Vendors will always offer you an upgrade if needed
Features might be removed or deprecated

• Try to use what you already have
•
•

Microsoft VDI
Publish desktops on XenApp

Security
Don’t add security, remove insecurity
Fix your security before moving to virtual desktops

Rollout
• Most of the problems caused by misconfiguration
• If something doesn’t work:
1. RTFM
2. Call vendor/partner

• Involve third party
• Train IT staff
• Talk to your users

STAY CONNECTED

#Interop
j.mp/DeskVirt
@fdwl
j.mp/fdwl
denisg@entisys.com
www.entisys.com

How to fail or succeed with desktop virtualization and workspace mobility

Recommandé

Recommandé

Contenu connexe

Similaire à How to fail or succeed with desktop virtualization and workspace mobility

Similaire à How to fail or succeed with desktop virtualization and workspace mobility (20)

Plus de Denis Gundarev

Plus de Denis Gundarev (20)

Dernier

Dernier (20)

How to fail or succeed with desktop virtualization and workspace mobility