Post on 03-Apr-2018
7/28/2019 Volume3 UCS V
1/107
UCS and Virtualization: Vol 3
Lesson 1: Examining UCS and
Lesson 2: Ciscos Virtual Secu
Gateway
7/28/2019 Volume3 UCS V
2/107
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TOCHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL
ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS ORIMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTHIN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BYTHIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,
CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.The Cisco implementation of TCP header compression is an adaptation of a program developed by the University ofCalifornia, Berkeley (UCB) as part of UCBs public domain version of the UNIX operating system. All rights reserved.Copyright 1981, Regents of the University of California.NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESESUPPLIERS ARE PROVIDED AS IS WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERSDISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OFMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM
A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL,OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TODATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERSHAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Lumin, Cisco Nexus,Cisco Nurse Connect, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing
System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flip Video, Flip Video (Design), Flipshare(Design), Flip Ultra, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play,and Learn, Cisco Store, and Flip Gift Card are service marks; and Access Registrar, Aironet, AsyncOS, Bringing theMeeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco CertifiedInternetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo,Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing,FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo,LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking
Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet,Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and theWebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certainother countries.
All other trademarks mentioned in this document or website are the property of their respective owners. The use ofthe word partner does not imply a partnership relationship between Cisco and any other company. (0907R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual
addresses and phone numbers. Any examples, command display output, network topology diagrams, and otherfigures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phonenumbers in illustrative content is unintentional and coincidental.Cisco Technical Documentation Style Guide19922009 Cisco Systems, Inc. All rights reserved.
7/28/2019 Volume3 UCS V
3/107
Lesson 1
UCS and Virtual Desktop
SolutionsOverview
This lesson is designed to introduce you to virtual desktop solutions. Students will
examine the services, components, and infrastructures required to support a virtualdesktop infrastructure.
Objectives
The specific objectives of this lesson are to enable you to perform the following tasks:
Examine Virtual Desktop Infrastructure Business Case
Describe VDI Work Loads and Sizing Factors
Explain Components of a VDI Solution
Examine VDI design using UCS
7/28/2019 Volume3 UCS V
4/107
1-1 UCS-Virtualization Cisco Systems, Inc.
Contents
EXAMINE VIRTUAL DESKTOP INFRASTRUCTURE BUSINESS CASE........................................................... 1-3
DEFINE WHAT VDIIS ................................................................................................................................... 1-4
DESCRIBE WHAT IS DESKTOP VIRTUALIZATION................................................................................................... 1-5
DESCRIBE THE 5GOALS OF DESKTOP VIRTUALIZATION
USER EXPERIENCE ............................................................. 1-6DESCRIBE THE 5GOALS OF DESKTOP VIRTUALIZATIONNETWORK LATENCY TOLERANCE.......................................... 1-7
DESCRIBE THE 5GOALS OF DESKTOP VIRTUALIZATIONEFFECTIVE PROVISIONING................................................... 1-8
DESCRIBE THE 5GOALS OF DESKTOP VIRTUALIZATIONSCALABILITY..................................................................... 1-9
DESCRIBE THE 5GOALS OF DESKTOP VIRTUALIZATIONAGILITY AND AVAILABILITY................................................ 1-10
DESCRIBE WHAT MAKES UP A DESKTOP .......................................................................................................... 1-11
SUMMARIZE TYPICAL DESKTOP DEPLOYMENTS ................................................................................................ 1-12
DESCRIBE THE DESKTOP VIRTUALIZATION BUSINESS CASE .................................................................................. 1-13
EXPLAIN 5KEY CHALLENGES OF THE CURRENT DESKTOP MODEL......................................................................... 1-14
EXPLAIN HOW VDICAN SOLVE THE 5KEY CHALLENGES.................................................................................... 1-15
DESCRIBE WHY NOW IS A PRIME TIME FOR VDI .............................................................................................. 1-16
DESCRIBE VDI WORK LOADS AND SIZING FACTORS ............................................................................. 1-17
DESCRIBE VDIUSE CASES BY USER TYPE ........................................................................................................ 1-18EXPLAIN USER CATEGORIZATION FOR VDIWORK LOADS................................................................................... 1-19
SUMMARIZE DESKTOP DELIVERY METHODS .................................................................................................... 1-20
DESCRIBE VDITESTING WORKLOADS ............................................................................................................ 1-21
EXPLAIN COMPONENTS OF A VDI SOLUTION ...................................................................................... 1-22
DEFINE COMPONENTS OF A VDISOLUTION .................................................................................................... 1-23
DESCRIBE PLATFORM VIRTUALIZATION........................................................................................................... 1-24
COMPARE HYPERVISOR OFFERINGS ............................................................................................................... 1-25
DESCRIBE APPLICATION VIRTUALIZATION........................................................................................................ 1-26
DESCRIBE DATA AND PROFILE MANAGEMENT ................................................................................................. 1-27
DESCRIBE ACCESS PROTOCOLS ..................................................................................................................... 1-28
EXAMINE ICA VS.PCOIP ............................................................................................................................ 1-29DEFINE THE SESSIONS BROKER ..................................................................................................................... 1-30
DEFINE STATIC AND DYNAMIC ARCHITECTURES................................................................................................ 1-31
EXPLAIN SERVER INFRASTRUCTURE................................................................................................................ 1-32
SUMMARIZE UCS/SOFTWARE/STORAGE COMPATIBILITY .................................................................................. 1-33
EXAMINE VDI DESIGN USING UCS ....................................................................................................... 1-34
DESCRIBE SUGGESTED ARCHITECTURE FOR VDI ON UCS ................................................................................... 1-35
EXAMINE UCSSCALABLE ARCHITECTURE........................................................................................................ 1-36
SUMMARIZE LOGICAL CONFIGURATION.......................................................................................................... 1-37
COMPARE COMPETITOR SUGGESTED ARCHITECTURE ........................................................................................ 1-38
SUMMARIZE UCSVDICONFIGURATION ........................................................................................................ 1-39
DESCRIBE VDITEST SETUP .......................................................................................................................... 1-40
SUMMARIZE FACTORS INFLUENCING SCALABILITY............................................................................................. 1-42DESCRIBE SOFTWARE STACK DESCRIPTIONINFRASTRUCTURE HOSTS ................................................................. 1-44
DESCRIBE WINDOWS 7 DESKTOP CONFIGURATION ........................................................................................... 1-45
EXPLAIN SCALABILITY RESULTS OF VDI ON UCS ............................................................................................... 1-46
EXAMINE LOGINVSIRESPONSE TIME GRAPHS.................................................................................................. 1-47
EXAMINE MEMORY UTILIZATION FOR 1760 DESKTOP TEST ................................................................................ 1-48
EXAMINE NETWORK UTILIZATION GRAPH ....................................................................................................... 1-49
COMPARE CISCO UCSSOLUTION FOR DESKTOP VIRTUALIZATION........................................................................ 1-50
EXPLAIN WHY UCS AND NETWORKING IS BEST FOR VDI ................................................................................... 1-51
7/28/2019 Volume3 UCS V
5/107
Cisco Systems, Inc. UCS and Virtual Desktop Solutions 1-2
SUMMARIZE ADVANTAGES OF UCS FOR VDI .................................................................................................. 1-52
7/28/2019 Volume3 UCS V
6/107
1-3 UCS-Virtualization Cisco Systems, Inc.
Examine Virtual Desktop Infrastructure Business Case
Upon completion students will learn:
Define What is VDI Describe What is Desktop Virtualization
Describe the 5 Goals of desktop virtualization
Describe what makes up a desktop
Summarize typical desktop deployment
Describe the desktop virtualization business case
Explain 5 Key challenges of the current desktop model
Explain How VDI Can Solve the 5 Key Challenges Describe Why Now is a Prime Time for VDI
2008 Nuova, Inc. All rights reserved. ICNX5 v1.02
ExamineVirtualDesktopInfrastructureBusiness Case
Upon completion of this section you will:
Define What is VDI Describe the 5 Goals of desktop virtualization Describe what makes up a desktop Summarize typical desktop deployment
Describe the desktop virtualization business case Explain 5 Key challenges of the current desktop model Explain How VDI Can Solve the 5 Key Challenges
7/28/2019 Volume3 UCS V
7/107
Cisco Systems, Inc. UCS and Virtual Desktop Solutions 1-4
Define What VDI Is
The acronym VDI brings a lot of ideas of what it means or what it is. For starters, VDI
denotes architecture neither a single product nor even a single vendor. This means thatintegration and collaboration between the vendors who supply the hardware, software,
and network infrastructures, is expected and seen in the myriad of eco partner
relationships springing up around VDI.
VDI in general can be described as a replacement or augmentation of your existingdesktop as a service provided through the use of virtualization. It is also should be
characterized as being an excellent solution for some use cases, and not so good for
others. Careful assessment of the needs of your users or consumers of this service is
essential for designing and implementing VDI solutions.
2008 Cisco Systems Inc. All rights reserved. Course Title Module Name 3
Define What is VDI
VDI is an architecture
VDI is NOT a single producto Multiple Componentso Multiple Vendors
VDI is a replacement or augmentationof the desktop using virtualization
Best suited to specific use cases
7/28/2019 Volume3 UCS V
8/107
1-5 UCS-Virtualization Cisco Systems, Inc.
Descr ibe What is Deskto p Vir tual izat ion
Basically desktop virtualization is the providing of typical workers desktop to them
regardless of location or device. This means that the desktop they are using exists in the
host that is in the data center. End points then access these virtual desktops over thenetwork either internally or through a VPN as necessary. The desktop will continue as it
was precisely as it was left the last time. The user also has the expectation that all
functionality, data, and performance will be identical to their physical desktop computer.
2008 Cisco Systems Inc. All rights reserved. Course Title Module Name 4
Describe What is Desktop Virtualization
Separate the physical endpoint from the logical
desktop
Host the logical desktop in a data center
Allow endpoints to access the logical desktop over the
network
Endpoints may include a variety of device types;
end user continues where he/she last left off
Virtualizeddesktophosted inDC
7/28/2019 Volume3 UCS V
9/107
Cisco Systems, Inc. UCS and Virtual Desktop Solutions 1-6
Descr ibe the 5 Goals o f desk top Vir tual izat ion User Experience
When implementing a VDI solution there are 5 key goals that you will be attempting to
achieve. The first and likely the most important is the user experience. If the user
experience does not perform the same or better than their original desktop then they willlikely not want to use this new model of operation. Key factors important to users in a
VDI solution:
Faster boot times
Better Mobility
Same functionality
Use of traditional peripherals
Fast and better response from support.
2008 Cisco Systems Inc. All rights reserved. Course Title Module Name 5
Describe the 5 Goals of desktopVirtualization User Experience
Virtual Desktops
Virtual Desktop
Consumers
Keys to User Experience
Instant On Boot Faster
Mobility Desktop available
through any device
Functionality Full functioning
Desktop that is personalized
Peripherals USB, Network,Printing, Scanning, etc
Support Performance, service
level compliance, faster time toresolved problems
7/28/2019 Volume3 UCS V
10/107
1-7 UCS-Virtualization Cisco Systems, Inc.
Descr ibe the 5 Goals o f Desktop Vir tual izat ion Network
Latency Tolerance
Another of the goals is tolerance of network latencies. As indicated in the previous slide
users wish to use this from any device but also from anywhere. This means that they willlikely be connecting through any number of types of connectivity:
Hotel Internet
Satellite
Wireless and 3/4G
Intranet
Each of these types of connecting has different network bandwidths and latencies. VDI
solutions have to encompass this by using protocols that make the communications
between the virtual desktop and the connecting client's displays as efficient as possible.Factor in that your consumers will also want to run multimedia applications or data likeflash.
2008 Cisco Systems Inc. All rights reserved. Course Title Module Name 6
Describe the 5 Goals of DesktopVirtualization Network LatencyTolerance
Virtual Desktop
Consumers
Internet
7/28/2019 Volume3 UCS V
11/107
Cisco Systems, Inc. UCS and Virtual Desktop Solutions 1-8
Descr ibe the 5 Goals o f Desktop Vir tual izat ion Effective
Provis ioning
Provisioning in a traditional model (physical desktops) takes days to weeks. Factor into
this that for each type of device that is supported you have to have support procedure,trained support staff, and lots of storage for backups and images.
With VDI the goal is to be able to stream line the provisioning by creating the desktop
virtually. By doing this a desktop can be provisioned from an image in a matter ofminutes. Mass deployment can be done using tools on your storage or even from the
hypervisor platform. Also this means that support for a desktop can be done centrally
including roll backs to snap shotted desktop VMs.
2008 Cisco Systems Inc. All rights reserved. Course Title Module Name 7
Describe the 5 Goals of DesktopVirtualization Effective Provisioning
Support StaffUsers Individual Desktops
Support Staff
Virtual Desktops
IndividualDesktop Support
Virtual DesktopSupport
7/28/2019 Volume3 UCS V
12/107
1-9 UCS-Virtualization Cisco Systems, Inc.
Descr ibe the 5 Goals o f Desktop Vir tual izat ion Scalabi l i ty
A VDI infrastructure needs to be scalable as well. What is meant by this is; what is the
impact on your design when you need to go from say 500 desktops to 2000? Keep in
mind this may require adding new physical equipment, modifying networks, andinstalling hosts. As you can imagine the more complex your setup the hard it is to scale.
Also an assessment of the current infrastructure would be needed as this may also impact
it as your solution grows.
2008 Cisco Systems Inc. All rights reserved. Course Title Module Name 8
Describe the 5 Goals of DesktopVirtualization Scalability
7/28/2019 Volume3 UCS V
13/107
Cisco Systems, Inc. UCS and Virtual Desktop Solutions 1-10
Descr ibe the 5 Goals o f Desktop Vir tual izat ion Ag i l i ty and
Avai labi l i ty
Finally VDI needs to offer both users and IT departments the ability to be agile and
flexible. This means different things to each of these groups. For users it is reflected inthe choice of device, mobility, and functionality. For IT departments is about flexibility
of software, hardware, and storage. You can also include integration into currentmanagement and DR systems.
2008 Cisco Systems Inc. All rights reserved. Course Title Module Name 9
Describe the 5 Goals of DesktopVirtualization Agility and Availability
User Flexibility IT Department
Same environment
regardless of device
Should be able to use any
Hypervisor
Same usage of peripherals
regardless of device
Multiple types of virtual
storage
Same personalization
regardless of device
Support every major OS
Same desktop regardless ofwhere they are Should be able to serve upsame applications as a
physical desktop
7/28/2019 Volume3 UCS V
14/107
1-11 UCS-Virtualization Cisco Systems, Inc.
Descr ibe what makes up a Desktop
In desktop virtualization what we are essentially doing is abstracting what we call the
"desktop" from the physical piece of hardware. That abstraction includes:
Operating System
Applications - Not required but can be abstracted
User Data - Can be local to their client device or on the network in a networkdrive
Personalization - Specific application, data resources, and persistent desktops
2008 Cisco Systems Inc. All rights reserved. Course Title Module Name 10
Describe What Makes up a Desktop
7/28/2019 Volume3 UCS V
15/107
Cisco Systems, Inc. UCS and Virtual Desktop Solutions 1-12
Summarize Typic al Desktop Deploym ents
To begin to build the business case for VDI, you need to have a basic understanding of
how desktops are deployed today. Traditional deployments go through a life cycle as seen
above. This process typically takes weeks to deploy. To add to this then this device has tosomehow be backed up, monitored, and updated all which requires a complex set of
processes and technology. Finally you also have to have a procedure and system for
retiring old desktops and implementing new. This represents a huge cost that is measuredin dollars per desktop. For example it likely costs us thousands of dollars currently per
user to use the model above. VDI can likely take this into the 10s to 100s of dollars.
2008 Cisco Systems Inc. All rights reserved. Course Title Module Name 11
Summarize Typical Desktop Deployments
Procure
Monitor
Image
Secure
DeployMaintain
Backup
Retire
Slow to DeployComplex to secureCostly to Maintain
7/28/2019 Volume3 UCS V
16/107
1-13 UCS-Virtualization Cisco Systems, Inc.
Descr ibe the Desktop Vir tual ization B usin ess Case
Also keep in mind during the life of the deployed physical desktop you will have a
number of different challenges at the various layers. For example application updates can
be challenging for not only the network, but also for the automation. Operating systemchanges can break compatibility leaving IT departments scrambling to distribute fixes.
Finally the user device presents problems from security due to loss, to the ability to
support different worker types across different devices.
2008 Cisco Systems Inc. All rights reserved. Course Title Module Name 12
Describe the Desktop VirtualizationBusiness Case
Challenges
Managing Updates Licensing Compliance
Security and Policy
complianceNew Applications
Driver Compatibility
Integration
Patching Upgrading
New Installs
Performance
Life Cycle Management Security
Mobility
Supportability
7/28/2019 Volume3 UCS V
17/107
Cisco Systems, Inc. UCS and Virtual Desktop Solutions 1-14
Explain 5 Key Chal lenges of the Current Deskto p Model
So the 5 key challenges to VDI environments are:
Hardware Costs - Multiple devices to purchase, updates can break systems
Compliance and Data Security - Loss prevention for devices, enforcingcompliance to your security policies
IT Productivity - Different support model for each device, disparate managementsoftware needed to manage it all
Growth - Provisioning days to weeks
Resiliency - backing up users desktops and data, the time it takes to recover froma loss
2008 Cisco Systems Inc. All rights reserved. Course Title Module Name 13
Explain 5 Key Challenges of the CurrentDesktop Model
Challenges Description
Hardware Costs Updates may require changes in hardware
Updates can break a system because for
compatibility
Compliance and DataSecurity
Lost devices can contain sensitives/secure data
Compliance must be checked on each device
IT Productivity Each device type requires different support
models
Different tools to manage and orchestrate
Growth Provisioning new Desktops can take days
Refresh Cycles
Resilience Restoring lost desktops
Backing up data
7/28/2019 Volume3 UCS V
18/107
1-15 UCS-Virtualization Cisco Systems, Inc.
Explain How VDI Can Solve the 5 Key Chal lenges
VDI answers these challenges in the following ways:
Hardware - While you can have almost any type of device, the desktop support iscentralized in the datacenter.
Compliance\security - Desktops and user data can be contained in the networkstorage, lost devices contain only personal information
IT Productivity - Provision hundreds and thousands of desktops at a time, can alsobe done with applications
Growth - Desktops can be made ready in minutes
Resilience - Data and desktop centrally stored, snapshot can give complete rollback capability
2008 Cisco Systems Inc. All rights reserved. Course Title Module Name 14
Explain How VDI Can Solve the 5 KeyChallenges
Challenges Description
Hardware Costs Desktop is virtualized on a server / HW
compatibility is removed
Freedom of device to access desktop
Compliance and DataSecurity
vDesktops have no physical storage
Lost or stolen devices do not have desktop data
IT Productivity Desktop updates can be done to hundreds at a
time
Application updates can be done by the hundreds
at a time
Growth New Desktops can be ready in minutes New applications can be streamed
Resilience Centralized storage of desktops can easily be fit
into DR plan
Centralized backing up of data
7/28/2019 Volume3 UCS V
19/107
Cisco Systems, Inc. UCS and Virtual Desktop Solutions 1-16
Descr ibe Why Now is a Prime Time for VDI
You can see the full list on the slide but any of these can be a reason for this move.
Primary among these is the movement to ITaaS ( IT as a Service) to reduce costs, as well
as now that many companies need to migrate to Windows 7.
2008 Cisco Systems Inc. All rights reserved. Course Title Module Name 15
Describe Why Now is a Prime Time for VDI
1. Lower TCO by 50%
2. Migration to Windows 7
3. Technology is ripe, ready for prime time
4. User adaption is on the rise
5. Broad Partner ecosystem support
6. Top 10 initiatives planned by CIOs for 2010
7. Secure data access, increased security andcontrol
8. Desktops as Managed Service
9. Simplified and Automated Desktop Provisioning
10.SLA for Users
Desktop Virtualization is at tipping point
7/28/2019 Volume3 UCS V
20/107
1-17 UCS-Virtualization Cisco Systems, Inc.
Describe VDI Work Loads and Sizing Factors
Upon completion students will learn the following:
Describe VDI Use Cases by User Type
Explain User Categorization for VDI Work Loads
Summarize Desktop Delivery Methods
Describe VDI Testing Workloads
2008 Nuova, Inc. All rights reserved. ICNX5 v1.016
Describe VDI WorkLoads and SizingFactors
Upon completion of this section you will:
Describe VDI Use Cases by User Type Explain User Categorization for VDI Work Loads Summarize Desktop Delivery Methods Describe VDI Testing Workloads
7/28/2019 Volume3 UCS V
21/107
Cisco Systems, Inc. UCS and Virtual Desktop Solutions 1-18
Descr ibe VDI Use Cases b y User Type
When designing a VDI solution you want to make sure you do an assessment of whattypes of users will be consuming it. This is critical for all sides of the design from the
number of network links to the type of storage you choose to use.
User can be broken down into the following categories:
Task Workers - Small number typically, they require a simple desktop with littlecustomization and a very limited set of applications
Knowledge Worker - This is typically the bulk of the work force, they expect afully customizable desktop and a media rich experience.
Power Users - For example and design engineer who may need a virtual desktopblade in order to run resource hungry applications like CAD. This is a smallsegment of users
Mobile users - The fastest growing group these days. They are like the knowledgeworker but are limited by their connectivity to what is provided in terms ofapplications.
2008 Cisco Systems Inc. All rights reserved. Course Title Module Name 17
Describe VDI Use Cases by User Type
Task Workers Power Users MobileUsers
Knowledge Workers
Pooled Desktops - PVS(Limited Customizable) Assigned Desktops
(Fully Customizable)
Ease of management (e.g.patch)
Lower storage requirement Limited user flexibility
More freedom for users More storage requirement Patch management more
difficult
7/28/2019 Volume3 UCS V
22/107
1-19 UCS-Virtualization Cisco Systems, Inc.
Explain User Categor izat ion fo r VDI Work L oads
When you break down the types of workers you can see how the knowledge worker can
encompass the largest numbers in terms of consumers of VDI. By designing to the
correct type of consumer, the solution should be able to achieve its ROI goals.This is also helpful in testing a solution. Software to test a solution performance and
robustness can simulate the type of activities any of these types of workers perform.
2008 Cisco Systems Inc. All rights reserved. Course Title Module Name 18
Explain User Categorization for VDI Work Loads
Guest Workers
rich PCexperience
instant resets standard app
set
universitycomputer lab
trainingcenter
Office Workers
rich PCexperience
personal diverse apps
and users
finance operations marketing administrati
on
Remote Workers
secured accessand control
location anddevice flexibility
diverse apps andusers
offshoreworkers
outsourcers,contractors
branch offices teleworkers
Mobile Workers
offline access secure diverse apps
and users
sales executives field
service
Task Workers
simple locked
down few apps
factoryworkerretail clerk
bank teller credit card
call center
Requirements:
Knowledge Worker
7/28/2019 Volume3 UCS V
23/107
Cisco Systems, Inc. UCS and Virtual Desktop Solutions 1-20
Summarize Desktop Del ivery Methods
Desktops can be delivered either in a hosted model similar to terminal services from
Microsoft. Most people are familiar with this form of delivery where in a single instance
of Windows server allows for multiple custom desktops. While this works well and hasbeen in use for quite some time, it does have some flaws in that it lacks the resiliency
provided to Virtual Machine based architecture by the hypervisor.
Desktops also can deliver application to the end user in a number of ways including
installing them on the virtual desktop itself, to streaming them from a server to the user'svirtual desktop or client device.
2008 Cisco Systems Inc. All rights reserved. Course Title Module Name 19
Summarize Desktop Delivery Methods
Terminal Services VDI
Office WorkersRemote Workers Mobile WorkersTask Workers Guest Workers
HostedVM-basedDesktops
HostedBlade PCDesktops
HostedShared
Desktops
LocalStreamedDesktops
LocalVM-basedDesktops
VirtualApps
InstalledDesktops
Server Side Compute Client Side Compute
7/28/2019 Volume3 UCS V
24/107
1-21 UCS-Virtualization Cisco Systems, Inc.
Descr ibe VDI Test ing Wo rkloads
When testing your VDI deployment typically you will perform the tasks seen above to
scale. This means that they will slowly ratchet up the number of desktops performing
theses task to see how many are supported before we begin to see a loss in performance.The expectation is that applications used on the virtual desktop will respond in 1 to less
than 2 seconds. Seems short doesn't it, however this is indeed the users expectation.
2008 Cisco Systems Inc. All rights reserved. Course Title Module Name 20
Describe VDI Testing Workloads
Knowledge Worker simultaneous use ofMS Office
IE
Typical Work Load Tasks:Browse and compose Outlook messages
Open and interact with multiple instances of InternetExplorer
Open and interact with multiple instances of Word
Open, Review, Print PDF
Open, and interact with multiple large Excel sheet.
Open, and interact with multiple PowerPointpresentations
Perform zipping (file compression) operations using 7-Zip
7/28/2019 Volume3 UCS V
25/107
Cisco Systems, Inc. UCS and Virtual Desktop Solutions 1-22
Explain Components of a VDI Solution
In this final section students will learn:
Define Components of a VDI Solution
Describe Platform Virtualization
Summarize Application Virtualization
Define Data and Profile Management
Describe Access Protocols
Define the Sessions Broker
Describe Static vs. Dynamic
Explain Server Infrastructure
2008 Nuova, Inc. All rights reserved. ICNX5 v1.021
Explain Components
of a VDI Solution
Upon completion of this section you will:
Explain Components of a VDI Solution Describe Platform Virtualization Summarize Application Virtualization Define Data and Profile Management
Describe Access Protocols Define the Sessions Broker Describe Static vs. Dynamic Explain Server Infrastructure
7/28/2019 Volume3 UCS V
26/107
1-23 UCS-Virtualization Cisco Systems, Inc.
Define Compon ents of a VDI Solut ion
Here is a general diagram depicting the components of a VDI deployment. A VDI
deployment consists of:
Clients
Session Broker
Virtualization hosts (ESX, XenServer, Hyper-V)
Desktop VMs
Infrastructure VMs
Back end network storage
2008 Cisco Systems Inc. All rights reserved. Course Title Module Name 22
Define Components of a VDI Solution
7/28/2019 Volume3 UCS V
27/107
Cisco Systems, Inc. UCS and Virtual Desktop Solutions 1-24
Descr ibe Platform Virtual izat ion
At the heart of VDI is the virtualization platform. This is used to host both the desktop
VMs and infrastructure VMs. These hosts can be clustered to provide a highly available
platform. When choosing a hypervisor, the choice of VDI software determines which youwill use. Some work with all hypervisors some only with the specific one from the same
company providing the hypervisor. You will want to examine what features a hypervisor
provides as well, like business continuity features.
2008 Cisco Systems Inc. All rights reserved. Course Title Module Name 23
Describe Platform Virtualization
Host both infrastructureVMs and Desktop VMs test
Physical hosts can beclustered to take advantageof HA and other features
When choosing thehypervisor consider:
Management
HA features
OS support
VM requirements
7/28/2019 Volume3 UCS V
28/107
1-25 UCS-Virtualization Cisco Systems, Inc.
Compare Hyperviso r Offer ing s
In comparing Hypervisors there are a number of categories you need to examine:
Business Continuity
Storage Integration
Back-up
Networking support
Platform support (Cores)
Virtual Machine limitations
Operating system support
For example if you wish to provide desktop using Solaris then your only option is
vmware.
2008 Cisco Systems Inc. All rights reserved. Course Title Module Name 26
Compare Hypervisor Offerings - Cont
Feature vSphere 4 Hyper - V XenServer 5
OS System Support
Windows NT
Windows 2000 1 CPU (No x64)
Windows 2003 2CPU
Windows 2008 4CPU
RedHat Linux
SuSE Linux SLES10 SP1/2,
1CPU
Mandrake Linux
Umbuntu Linux
SUN Solaris
Free BSD
Netware
7/28/2019 Volume3 UCS V
29/107
Cisco Systems, Inc. UCS and Virtual Desktop Solutions 1-26
Descr ibe Appl icat ion Vir tual izat ion
Like desktop applications can be virtualized. In doing this the application is distributed
across the network in much the same way as the desktop is. In fact you could look at the
desktop as the first application streamed to your client. Applications can also be made torun in a web interface or even pushed down onto the client where required.
2008 Cisco Systems Inc. All rights reserved. Course Title Module Name 27
Describe Application Virtualization
Normal application deployment is slow
By deploying applications virtually they can beadded in minutes to seconds
Apps can be streamed or run from desktop
7/28/2019 Volume3 UCS V
30/107
1-27 UCS-Virtualization Cisco Systems, Inc.
Descr ibe Data and Prof i le Management
As part of meeting the need of your consumers it is necessary to also provide the ability
to customize the virtual desktop to the type of worker, their data resource needs, and
applications that are usable. Through the use of group and user profiles as well as policiesthis is easily implemented and enforced.
2008 Cisco Systems Inc. All rights reserved. Course Title Module Name 28
Describe Data and Profile Management
Clients can access different desktop VM each time
By using profiles personality and data can be maintained
Storage of data can be redirected to a network location
Profiles stored on network applied as needed
Allow for security policy enforcement and customizedstorage access
7/28/2019 Volume3 UCS V
31/107
Cisco Systems, Inc. UCS and Virtual Desktop Solutions 1-28
Descr ibe Access Protocols
Key to user performance is the type of protocol used to connect a client to their virtual
desktop. Each vendor has their own protocol:
Citrix - ICA-HDX
Vmware- PCoIP
MS- RDP
Which you use is dependent on which vendor is supplying the VDI software.
2008 Cisco Systems Inc. All rights reserved. Course Title Module Name 29
Describe Access Protocols
Used to access thevirtualized desktops
Should support Fatand Thin clients
Vendor specific
Citrix: ICA
Vmware: PCoIP
MS: RDP
Web Portals for easyaccess from anywhere
7/28/2019 Volume3 UCS V
32/107
1-29 UCS-Virtualization Cisco Systems, Inc.
Exam ine ICA vs. PCoIP
Comparison is somewhat of an odd thing to do as the protocol will likely not be the major
decision factor in which vendor you will choose. However there is a lot of FUD and
misunderstanding about which is the better to use.Ultimately they both work well however in the above table are a number of
distinguishable comparatives for them. In general ICA is more tolerant of network
latency, and vmware is best at providing the richest VD experience.
2008 Cisco Systems Inc. All rights reserved. Course Title Module Name 31
Examine ICA vs. PCoIP
Category ICA PCoIP
User Experience Lossy Compression Lossless Compression
Bandwidth
Constraints
Better Performance Good Performance
Handling Flash
Content
Flash Redirection Flash Remoting
Resource
Comsumption /Scalability (host)
Less Host Resources More Host Resources
7/28/2019 Volume3 UCS V
33/107
Cisco Systems, Inc. UCS and Virtual Desktop Solutions 1-30
Define the Session s Bro ker
Every VDI architecture has a server that will be used to broker session to virtual
desktops. The broker will:
Authenticate a user
Coordinate attaching them to a desktop - or
Initiate the provisioning process for a new one
Register new desktops as they are created
This server can be a bare metal installed system or a VM in the VDI infrastructure.
Obviously putting it into the VDI infrastructure allows this system to be protected by thehypervisors ha features. This also allows you to scale this in a farm through VM cloning.
2008 Cisco Systems Inc. All rights reserved. Course Title Module Name 32
Define the Sessions Broker
Coordinatesconnection to yourdesktop
Directs users to newVM desktops
Redirects clients toprevious desktops
Responsible for
connection distributionand management
7/28/2019 Volume3 UCS V
34/107
1-31 UCS-Virtualization Cisco Systems, Inc.
Define Static and Dyn amic Arc hi tectures
Virtual desktops can be assigned or pooled sometimes known as static or dynamic. In a
static deployment you are assigned a virtual desktop machine which is the same one you
use every time you connect. In a dynamic architecture you are assigned to a virtualmachine desktop and through the use of profiles and policies it is modified to be your
desktop when you connect. Each can be use separate or together. For example a typical
knowledge worker will wish to have his desktop VM persist and be the same one he left,exactly as he left it. A good use of pooled would be like a university computer lab where
students log in and get a desktop with their specific applications on it.
2008 Cisco Systems Inc. All rights reserved. Course Title Module Name 33
Define Static and Dynamic Architectures
Can use both architectures
Static Maps the user to the same VM eachconnection
Dynamic creates the VM each time a userconnects
7/28/2019 Volume3 UCS V
35/107
Cisco Systems, Inc. UCS and Virtual Desktop Solutions 1-32
Explain Server Infrastruc ture
Infrastructure servers are the VM that run the VDI software that includes the broker,
provisioner, licenser, as well as some that may be used for communications grooming.
They also can be the type that supplies AD, DHCP, DNS, and other essential services.In some VDI products it is recommended that these be dedicated machines, however they
can hugely benefit from protection to scale if you put them in VMs as part of the overall
solution.
2008 Cisco Systems Inc. All rights reserved. Course Title Module Name 34
Explain Server Infrastructure
Provide Specific Servicesto the VDI solution:
Applications Server (Farms)
Management Servers
i.e. Virtual Center
Communication Grooming
Dynamic Provisioning Server
Application Profiler
Other Servers Essential toVDI
Domain Controller
DNS
RDP Licensing server
DHCP
7/28/2019 Volume3 UCS V
36/107
1-33 UCS-Virtualization Cisco Systems, Inc.
Summarize UCS/Software/Storage Compat ibi l i ty
This chart depicts the eco partner relationship to Cisco and the UCS in terms of VDI
solutions. Each of these will have a Cisco validated design (CVD) that can be referenced.
2008 Cisco Systems Inc. All rights reserved. Course Title Module Name 35
Summarize UCS/Software/StorageCompatibility
Hypervisor
Desktop
Storage
UCS
VMware
View 4.5 XenDesktop 4
Hyper-V
Microsof t VDI XenDesk top4
Xenserver 5.6
XenDesktop 4
EMC /
NETAPPEMC/NETAPP
EMC/NETAPPEMC/NETAPP
EMC/NETAPP
7/28/2019 Volume3 UCS V
37/107
Cisco Systems, Inc. UCS and Virtual Desktop Solutions 1-34
Examine VDI design using UCS
Upon completion of this section you will:
Describe Suggested Architecture for VDI on UCS
Examine UCS Scalable Architecture
Summarize Logical Configuration
Compare Competitor Suggested Architecture
Summarize UCS VDI Configuration
Summarize Advantages of UCS for VDI
2008 Nuova, Inc. All rights reserved. ICNX5 v1.017
Examine VDI design
using UCS
Upon completion of this section you will:
Describe Suggested Architecture for VDI on UCS Examine UCS Scalable Architecture Summarize Logical Configuration Compare Competitor Suggested Architecture
Summarize UCS VDI Configuration Summarize Advantages of UCS for VDI
7/28/2019 Volume3 UCS V
38/107
1-35 UCS-Virtualization Cisco Systems, Inc.
Descr ibe Suggested Archi tectu re for VDI on UCS
The UCS is ideal for VDI deployments. In the picture above we see a UCS with 2 fabric
interconnects. Beneath them are the chassis that will contain blades for virtual desktops
and blades for the infrastructure servers. Networking is provided northbound from thefabric interconnects to a Nexus 5K or some other access layer switching. The nexus 5K
and the UCS use 10GbE so speed and performance are exceptional. The FIs also connect
to 2 separate MDS to provide access to FC LUNs used for booting. By doing this the hostcan have mobile service profiles within the UCS. The storage using unified storage
provides FC LUNs for booting hosts and NFS storage for VM disks.
2008 Cisco Systems Inc. All rights reserved. Course Title Module Name 18
LAN
Nexus 5000Access
UCS FabricInterconnect
MDS 9xxx
NetAPP/EMC
UCS Chassis and Blades
Describe Suggested Architecture for VDIon UCS
7/28/2019 Volume3 UCS V
39/107
Cisco Systems, Inc. UCS and Virtual Desktop Solutions 1-36
Examine UCS Scalable Arc hi tecture
The UCS architecture scales up to 12 Chassis currently and shortly up to 20 chassis in the
future as a single UCS domain. The interesting thing about this architecture is that as we
add chassis we have to do nothing at all to the underlying infrastructure providing nearlinear scaling. This also means rapid deployment by just connect more chassis to the
fabric interconnect; deploy servers from the SP templates. All you then need to do is add
more storage and increase the XenDesktop infrastructure to handle more desktops
2008 Cisco Systems Inc. All rights reserved. Course Title Module Name 19
Examine UCS Scalable Architecture
7/28/2019 Volume3 UCS V
40/107
1-37 UCS-Virtualization Cisco Systems, Inc.
Summ ar ize Logical Conf igu ration
This is the logical diagram of how this would be linked:
Each chassis has 1-4 up links per IOM. The fewer uplinks the fewer chassis, butnetwork performance is essential for large deployments.
The first chassis has 2 B200 blades for the infrastructure VMs
All other blades are B250 to host the Desktops
Links are port channeled from the FI to the nexus 5K
5Ks are port channeled together with 4 links
5Ks provide network links to the storage for NFS access
FC is split out at the FI and handle by two separate fabrics each with its own
MDS. The Storage is best handled by an array that can provide multi-protocol support.
2008 Cisco Systems Inc. All rights reserved. Course Title Module Name 20
Summarize Logical Configuration
7/28/2019 Volume3 UCS V
41/107
Cisco Systems, Inc. UCS and Virtual Desktop Solutions 1-38
Compare Compet itor Sugg ested Arch i tecture
Compare this to an HP suggested deployment. Notice the following:
If you were to scale how many switching elements have to be managed
How difficult it is to add additional server arrays.
How many pieces of bolt on software will be required?
And this is all before adding in the VDI software. The picture while neat looking
demonstrates how the simplicity of the UCS provides a much better platform for VDI.
2008 Cisco Systems Inc. All rights reserved. Course Title Module Name 21
Compare Competitor SuggestedArchitecture Consider this from our Competition, whats your
first reaction to this?
Source: Scalability of XenDesktop 4 on Microsoft Windows Server 2008 R2 Hyper-V paper
7/28/2019 Volume3 UCS V
42/107
1-39 UCS-Virtualization Cisco Systems, Inc.
Summarize UCS VDI Con f igurat ion
This slide summarizes how the infrastructure and virtual desktops will be distributed in
the solution. The first chassis houses 2 B200 for infrastructure servers. The other 3 slots
have B250 blades for the virtual desktops. As you scale you simply add more chassispacked with B250s.
2008 Cisco Systems Inc. All rights reserved. Course Title Module Name 22
Summarize UCS VDI Configuration
VM VM VM VM
Windows 7 Desktops
VM VM VM VM
Windows 7 Desktops
VM VM VM VM
Windows 7 Desktops
VM VM VM VM
Windows 7 Desktops
VDI Mgr
SessionBroker
Profile Mgmt
ManagementServices
Profile Srv
LIC
AD/DNS
/DHCP
ManagementServices
Legend:
AD Active DirectoryDDC Desktop DeliveryControllerPVS Provisioning ServerDMC Desktop MasterControllerLIC Licensing server
7/28/2019 Volume3 UCS V
43/107
Cisco Systems, Inc. UCS and Virtual Desktop Solutions 1-40
2008 Cisco Systems Inc. All rights reserved. Course Title Module Name 24
Describe VDI Test Setup
VM VM VM VM
Win7 Desktops
VM VM VM VM
vSphere
XenDesktop Infrastructure
NetappStorage
LAN
vSphere
OS
VSI
Launchers
OS
VSI
Launchers
Cisco UCS
Cisco UCS
Nexus 5000Access
UCS FabricInterconnect
Load GeneratorWorkload -LoginVSI Pro 2.1
System under test
MDS 9xxxKnowledge workerworkload
Descr ibe VDI Test Setup
In the Cisco validated designs for VDI our testing was done in the following fashion:
The first chassis was used to house the infrastructure servers and workload
generators
2 x B200, 48 GB RAM; are running vmware ESX and host the infrastructureVMs
3 x B250 are running Login VSI virtual desktop benchmarking tool
Benchmarking blades generate work load for the desktop VMs
1-4 UCS chassis each containing up to 4 B250 blades to host the desktop VMs
Testing includes:
Booting
Login
Use of Exchange and other Office programs
Use of other common business programs (acrobat, zip)
7/28/2019 Volume3 UCS V
44/107
1-41 UCS-Virtualization Cisco Systems, Inc.
The testing was done with a single chassis, 2 chassis, and 3 chassis to determine the
scaling per blade as the infrastructure grew. The test was monitored for some key
performance values to ensure user usability even under load.
7/28/2019 Volume3 UCS V
45/107
Cisco Systems, Inc. UCS and Virtual Desktop Solutions 1-42
2008 Cisco Systems Inc. All rights reserved. Course Title Module Name 25
Summarize Factors Influencing Scalability
End user experience
App response ()
Desktop Response
Workload definition Knowledge
Mobile
Power
Hardware platform.
B250-M2 with 192 GB
B230 with 192 GB
Hypervisor choice
vSphere + Xendesktop
XenServer + Xendesktop
Vmware View and vSphere
Desktop OS configuration
Windows 7 1, 1.5, 2GB RAM
Windows XP
No system degradation
Ballooning Thrashing
Backend Storage
IOPS are very heavy
vmware
View Xendesktop
xenserver
Inf-
Srv
Windows
- XP
Windows
- 7
Inf-
Srv
Inf-
SrvInf-
Srv
Windows
- XPWindows
- 7
Inf-
Srv
Inf-
Srv
Summarize Factors Inf luencin g Scalabi l i ty
In order to determine the scalability of the solution as designed we needed to achieve
specific goals in performance. The following are factors that influence scalability in this
deployment:
End user Experience - User expects applications to respond in less than 2 secondsat worst.
Workload definition - Task based vs. Knowledge worker. All our tests reflect theknowledge worker as 80 % of VDI consumers typically are knowledge workers.
Hardware Platform - We used B250 M2 for the processors. We needed only192GB RAM as we became CPU bound before memory. How would B230 help
with this?
Hypervisor - This moderately impacts the results in terms of performance and
numbers of supportable desktops. With View you have no choice, but withXendesktop you do.
Desktop OS Configuration - Typically a desktop OS should be optimized fordesktop virtualization. Typically customers do not do this. This impacts how
much resources are needed per desktop.
System Degradation - Ballooning and Thrashing can occur as you scale when itdoes you have reached the limit of your design
7/28/2019 Volume3 UCS V
46/107
1-43 UCS-Virtualization Cisco Systems, Inc.
Backend storage - Expect to see heavy IOPs. These are offset by storagecapabilities mentioned earlier.
7/28/2019 Volume3 UCS V
47/107
Cisco Systems, Inc. UCS and Virtual Desktop Solutions 1-44
2008 Cisco Systems Inc. All rights reserved. Course Title Module Name 26
Describe Software Stack DescriptionInfrastructure Hosts
Cisco UCS 1.3(1j)
Descr ibe Software Stack Descr ip t ion Infrastruc ture Hosts
This describes the build out of the infrastructure hosts, and desktop host blades and OS:
The desktop hosts are:
B250 M2 2 x 6 core with 192 GB RAM
Blades run either ESX4.01 or ESXi 4.01
Infrastructure hosts are:
B200 2x4 core with 48 GB RAM
Blades run ESX 4.01
7/28/2019 Volume3 UCS V
48/107
1-45 UCS-Virtualization Cisco Systems, Inc.
2008 Cisco Systems Inc. All rights reserved. Course Title Module Name 27
Describe Windows 7 desktopconfiguration
Descr ibe Windows 7 desktop con f iguration
The above picture describes how the desktop VMs are configured:
1 vCPU
1.5 GB RAM - This is average for W7 desktops
OS - Windows 7 Enterprise - This is 32 bit, 64 bit would require more memoryresources.
Other software includes:
vmware tools
Microsoft Office2001
IE 8.0
Adobe Reader 9
Adobe Flash 9
7/28/2019 Volume3 UCS V
49/107
Cisco Systems, Inc. UCS and Virtual Desktop Solutions 1-46
2008 Cisco Systems Inc. All rights reserved. Course Title Module Name 28
Explain Scalability Results of VDI onUCS
Explain Scalabi l i ty Resu l ts of VDI on UCS
Based on the build stated in the previous slides you can see the scalability results for 1-16
blades (1 - 4 Chassis). Below are the highlights of this:
1 B250 can handle a load of 110 VM desktops
8 B250 can handle 880 VM Desktops - Linear scaling No infrastructure changes
16 B250 can handle 1760 VM desktops - Linear scaling no infrastructure changes
This comes out to be 9.16 VM per CPU core, which is a great density. If these were
Windows XP desktops the numbers would be considerably larger as XP uses less
resources. The key here is that we went from 1 desktop to nearly 2000 all without havingto add additional switchin and management endpoints.
7/28/2019 Volume3 UCS V
50/107
1-47 UCS-Virtualization Cisco Systems, Inc.
2008 Cisco Systems Inc. All rights reserved. Course Title Module Name 29
Examine LoginVSI Response timegraphsvSphere results descibed in the the next few slides
0
500
1000
1500
2000
2500
3000
3500
Responsetime/ms
Active Sessions
1760 Desktop Sessions on vSphereBelow 2000ms: 99.9%
Average Response_Time
Max Response_Time
Min Response_Time
Examine Log inVSI Respon se t ime graph s
This graphs depicts the response time to VMs as the number of desktops scale. While
there are spikes notice that the response time has a near flat growth up through 1760
VMs. This is 99.9% of the time responding in under 2 seconds.
7/28/2019 Volume3 UCS V
51/107
Cisco Systems, Inc. UCS and Virtual Desktop Solutions 1-48
2008 Cisco Systems Inc. All rights reserved. Course Title Module Name 30
Examine Memory Utilization for 1760 desktoptest
The non-Kernel memory is almost 96% utilized(192*94%) by 110 Windows 7 desktop each of 1.5 G
Examine Memory Ut i l izat ion fo r 1760 desk top test
In this graph you can see the memory utilization for a single blade running 110 desktop
VMs. As depicted it is about 96% utilized. Provided we had more CPU resource the
B250 could handle more VMs for future growth.
7/28/2019 Volume3 UCS V
52/107
1-49 UCS-Virtualization Cisco Systems, Inc.
2008 Cisco Systems Inc. All rights reserved. Course Title Module Name 31
Examine Network Utilization Graph
vmnic0/vmnic2 were A/A nics, Average 100Mb/s and Peak 300Mb/sPer chassis seen around 800-900Mb/s
Examine Netwo rk Ut i l izat ion Graph
This shows the network traffic and how easily the UCS handles it. Average was 100 Mb/s
with spikes up to 300.
7/28/2019 Volume3 UCS V
53/107
Cisco Systems, Inc. UCS and Virtual Desktop Solutions 1-50
2008 Cisco Systems Inc. All rights reserved. Course Title Module Name 32
Compare Cisco UCS Solution for DesktopVirtualization
Single Server Performance of XenDesktop
Server Hypervisor Processor Memory # of desktops
Dell PowerEdge R710 Hyper-V 5660@2.80 GHz 72 GB 67
HP 460C G6 Hyper-V 5520@2.93 GHz 48 GB 44
Cisco UCS B250-M2 vSphere 4.0 U2 5680 @3.33 GHz 192 GB 110
Cisco UCS B250-M2 XenServer 5.6 5680 @3.33 GHz 192 GB 110
Performance results and competitive comparison
Up to 40% more desktops compared tocompetition
Single server scale testing comparison: Same Workload LoginVSI 2.1 medium workload (knowledgeworker) Windows 7 32-Bit, 1.5 GB desktops Large memory clearly a differentiator for Windows 7 desktops
Source: Based on publicly available documents from Citrix/Dell/Microsoft
Source: Based on work done by Citrix Consulting, Windows 7 VM is 1 GB
Compare Cisco UCS Solut ion fo r Desktop Vir tual izat ion
When compared to our competitors you can see for the physical space used we are able
pack more desktop vms per blade. This is a testament to our large memory density and
the M81 KR card. The M81KR card gives us more than 2 virtual NICs to work withallowing us to neatly separate traffic with the blade.
7/28/2019 Volume3 UCS V
54/107
1-51 UCS-Virtualization Cisco Systems, Inc.
2008 Cisco Systems Inc. All rights reserved. Course Title Module Name 23
Explain Why UCS and Networking is bestfor VDI
Using a Provisioning Server based designrequires a fast/low-latency network
Cisco UCS provides 10Gbe as well as QoS inservice profile
Competitors require multiple layers andswitches to accomplish this (complexity)
UCS is best in class Compute/Network andstorage for VDI Deployments
Keyvalue
Explain Why UCS and Networkin g is best for VDI
Basically no other competitor offers anything similar to our linear scaling design. The
UCS offers the following advantages:
Configure once, scale a lot - Because we can configure the UCS through the useof the service profile, new hypervisors hosts can be deployed quickly without
adding to your management headache.
As part of a service profile you can use policies to control behavior like QoS foryour desktop VMs
As you scale there is little to no change to the infrastructure other than addingchassis and blades
7/28/2019 Volume3 UCS V
55/107
Cisco Systems, Inc. UCS and Virtual Desktop Solutions 1-52
Summarize Advantages of UCS for VDI
This chart summarizes the advantages of the UCS in VDI. Take a moment to review.
2008 Cisco Systems Inc. All rights reserved. Course Title Module Name 23
UCS Manager constructs pools, Templates and policies allows rapid serverprovisioning
Various user type can be mapped to specific server pools based on userprofilesVarious policies like boot from SAN, makes provisioning OS simplerUCSM allows QoS policies to be set right from the server adapter
UCS ServiceProfiles
Windows 7 has a large memory footprint; scaling Win 7 requires large memoryUCS extended memory technology makes it possible for high bandwidth(1333MHz) memory access even with four times more DIMM slots on a twosocket architectureLargermemory footprint desktops makes B250-M2 ideal for VDI deployment
UCS ExtendedMemory
Cisco VIC simplifies Network management in the hypervisorUsing VN-Link in hardware the number of network management points can bereduced by an order of magnitudeProvides low latency and high bandwidth for applications
Virtual InterfaceCard (Palo)
Summarize Advantages of UCS for VDIUnique benefits due to key UCS technologies
UCS is an ideal platform for Desktop Virtualization
Unified Fabric with high I/O bandwidth helps in scaling data intensive workloadsWire once infrastructure for bandwidth and not for connectivityEliminates multiple adapters, cables and switches to scale the infrastructure,reduces power in the Data Center.
Unified Fabric
(FCoE)
7/28/2019 Volume3 UCS V
56/107
Lesson 2
Virtual Security Gateway
Overview
Overview
This lesson introduces the motivation, concepts, and basic functionality of the CiscoVirtual Security Gateway ( VSG )
Objectives
The specific objectives of this lesson are to familiarize you with the following product
features and functionalities:
Virtual Security Gateway (VSG) Overview
VSG Architecture
VSG Packet Flow
vPath Summary
VSG Policy Model
Virtual Network Management Center (VNMC)
Deployment Scenario
High Availability
Use Case Example
Licensing
Summary
7/28/2019 Volume3 UCS V
57/107
2-1 UCS-Virtualization Cisco Systems, Inc.
Contents
VIRTUAL SECURITY GATEWAY OVERVIEW ............................................................................................ 2-0
OVERVIEW ............................................................................................................................................ 2-0
OBJECTIVES ........................................................................................................................................... 2-0
OVERVIEW OF CISCO VIRTUAL SECURITY GATEWAY ............................................................................................ 2-3WHAT PROBLEM IS BEING SOLVED WITH VIRTUAL SECURITY GATEWAY ................................................................... 2-4MANAGING VIRTUAL FIREWALLS WITH THE VSG AND VNMC .............................................................................. 2-5VSGDEPLOYMENT REQUIREMENTS ................................................................................................................ 2-6MULTI-TENANT DEPLOYMENT ........................................................................................................................ 2-7APPLICATION TIERED DEPLOYMENT ................................................................................................................. 2-8THE BIG PICTURE ....................................................................................................................................... 2-10
VSGARCHITECTURE COMMUNICATIONS ........................................................................................................ 2-11LOGICAL DEPLOYMENT LIKE PHYSICAL SERVERS ................................................................................................. 2-13INTELLIGENT TRAFFIC STEERING WITH VPATH .................................................................................................. 2-14VSGPERFORMANCE ACCELERATION WITH VPATH ............................................................................................ 2-15VPATH SUMMARY...................................................................................................................................... 2-16VSGPOLICY MODEL .................................................................................................................................. 2-18VSGPOLICY MODEL .................................................................................................................................. 2-19ATTRIBUTES.............................................................................................................................................. 2-20ATTRIBUTES (CONTINUED) ........................................................................................................................... 2-21VIRTUAL NETWORK MANAGEMENT CENTER (VNMC) ...................................................................................... 2-23NON DISRUPTIVE ADMINISTRATION ............................................................................................................... 2-24VNMC:MULTI-TENANT ORG STRUCTURE...................................................................................................... 2-25VNMC:MULTI-TENANT MANAGEMENT ....................................................................................................... 2-26
VNMC:ADMINISTRATIVE ROLES.................................................................................................................. 2-27DEPLOYMENT IN A MULTITENANT ENVIRONMENT ............................................................................................ 2-29DEPLOYMENT IN A MULTITENANT ENVIRONMENT ............................................................................................ 2-30DEPLOYMENT OF VSGS ON A DEDICATED HOST. .............................................................................................. 2-31DEPLOYMENT OF VSGS ON A DEDICATED HOST. .............................................................................................. 2-32VSG/VNMCDEPLOYMENT STEPS ................................................................................................................ 2-33VSGSOLUTIONHIGH AVAILABILITY............................................................................................................. 2-34
VSG USE CASES ................................................................................................................................... 2-35
EXAMPLE :3-TIER SERVER ZONES.................................................................................................................. 2-36VSGPOLICY PROVISIONING LOGICAL FLOW.................................................................................................... 2-37SECURITY POLICY FLOW-DEFINE ZONES......................................................................................................... 2-38
SECURITY
POLICY
FLOW
-D
EFINEZ
ONES......................................................................................................... 2-39SECURITY POLICY FLOW-DEFINE POLICY ........................................................................................................ 2-40
SECURITY POLICY FLOW-RULES WITHIN POLICY............................................................................................... 2-41SECURITY POLICY FLOW-CONDITIONS WITHIN RULES........................................................................................ 2-42SECURITY POLICY FLOW-ASSIGN POLICIES TO POLICY SET.................................................................................. 2-43SECURITY PROFILE...................................................................................................................................... 2-44ASSIGN VSG TO THE SECURITY PROFILE ......................................................................................................... 2-45PORT PROFILE TO SECURITY PROFILE BINDING ................................................................................................. 2-46VCENTER:VM ATTACH TO A PORTGROUP (PORTPROFILE)................................................................................. 2-47
7/28/2019 Volume3 UCS V
58/107
Virtual Security Gateway Overview 2-2
VSGLICENSING MODEL.............................................................................................................................. 2-49SUMMARY................................................................................................................................................ 2-51
OVERVIEW OF CISCO VIRTUAL SECURITY GATEWAY ............................................................................................ 2-3WHAT PROBLEM IS BEING SOLVED WITH VIRTUAL SECURITY GATEWAY ................................................................... 2-4MANAGING VIRTUAL FIREWALLS WITH THE VSG AND VNMC .............................................................................. 2-5VSGDEPLOYMENT REQUIREMENTS ................................................................................................................ 2-6MULTI-TENANT DEPLOYMENT ........................................................................................................................ 2-7APPLICATION TIERED DEPLOYMENT ................................................................................................................. 2-8THE BIG PICTURE ....................................................................................................................................... 2-10VSGARCHITECTURE COMMUNICATIONS ........................................................................................................ 2-11LOGICAL DEPLOYMENT LIKE PHYSICAL SERVERS ................................................................................................. 2-13INTELLIGENT TRAFFIC STEERING WITH VPATH .................................................................................................. 2-14VSGPERFORMANCE ACCELERATION WITH VPATH ............................................................................................ 2-15VPATH SUMMARY...................................................................................................................................... 2-16VSGPOLICY MODEL .................................................................................................................................. 2-18VSGPOLICY MODEL .................................................................................................................................. 2-19ATTRIBUTES.............................................................................................................................................. 2-20ATTRIBUTES (CONTINUED) ........................................................................................................................... 2-21VIRTUAL NETWORK MANAGEMENT CENTER (VNMC) ...................................................................................... 2-23NON DISRUPTIVE ADMINISTRATION ............................................................................................................... 2-24VNMC:MULTI-TENANT ORG STRUCTURE...................................................................................................... 2-25VNMC:MULTI-TENANT MANAGEMENT ....................................................................................................... 2-26VNMC:ADMINISTRATIVE ROLES.................................................................................................................. 2-27DEPLOYMENT IN A MULTITENANT ENVIRONMENT ............................................................................................ 2-29DEPLOYMENT IN A MULTITENANT ENVIRONMENT ............................................................................................ 2-30
DEPLOYMENT OF VSGS ON A DEDICATED HOST. .............................................................................................. 2-31DEPLOYMENT OF VSGS ON A DEDICATED HOST. .............................................................................................. 2-32
VSG/VNMCDEPLOYMENT STEPS ................................................................................................................ 2-33VSGSOLUTIONHIGH AVAILABILITY............................................................................................................. 2-34
VSG USE CASES ................................................................................................................................... 2-35
EXAMPLE :3-TIER SERVER ZONES.................................................................................................................. 2-36VSGPOLICY PROVISIONING LOGICAL FLOW.................................................................................................... 2-37SECURITY POLICY FLOW-DEFINE ZONES......................................................................................................... 2-38SECURITY POLICY FLOW-DEFINE ZONES......................................................................................................... 2-39SECURITY POLICY FLOW-DEFINE POLICY ........................................................................................................ 2-40SECURITY POLICY FLOW-RULES WITHIN POLICY............................................................................................... 2-41SECURITY POLICY FLOW-CONDITIONS WITHIN RULES........................................................................................ 2-42SECURITY POLICY FLOW-ASSIGN POLICIES TO POLICY SET.................................................................................. 2-43SECURITY PROFILE...................................................................................................................................... 2-44ASSIGN VSG TO THE SECURITY PROFILE ......................................................................................................... 2-45PORT PROFILE TO SECURITY PROFILE BINDING ................................................................................................. 2-46VCENTER:VM ATTACH TO A PORTGROUP (PORTPROFILE)................................................................................. 2-47VSGLICENSING MODEL.............................................................................................................................. 2-49
Licensing Details ........................................................................................................................................... 2-49SUMMARY................................................................................................................................................ 2-51
7/28/2019 Volume3 UCS V
59/107
2-3 UCS-Virtualization Cisco Systems, Inc.
2009 Cisco Systems, Inc. All rights reserved. UCS Technical Training Overview
Overview of Cisco
Virtual SecurityGateway
Upon completion of this section you will:
Virtual Security Gateway (VSG) Overview
VSG Architecture
VSG Packet Flow
vPath Summary
VSG Policy Model Virtual Network Management Center (VNMC)
Deployment Scenario
High Availability
Use Case Example
Licensing
Summary
Overview o f Cisco Vir tual Securi ty Gateway
This section discusses the challenges server, network and security administrators face invirtualized environments and how the Virtual Security Gateway (VSG) addresses a
subset of those challenges.
7/28/2019 Volume3 UCS V
60/107
Virtual Security Gateway Overview 2-4
2010 Ciscoand/or its affiliates. All rights reserved. Cisco ConfidentialPresentation_ID 33
App
OS
App
OS
App
OS
App
OS
VM-to-VM traffic VM-to-VM traffic
Control inter-VM trafficAddress new security challenges
Enable Dynamic Provisioning
Mobility Transparent Enforcement
VLAN-agnostic OperationPolicy based
Administrative SegregationServer Network Security
VSG: What Problem is Being Solved
What prob lem is being solved w ith Vir tual Securi ty Gateway
The use of Virtual Security Gateway (VSG) will allow inter VM access and control aswell as handling new instantiations of VMs that are immediately secure upon creation.
Security policy continues to travel with the VM as it does with network policy as
provided with the Nexus 1000V.
Security is separate from network segregation.
The administration of virtual environments by IT groups is preserved with tasking
separated along the traditional IT groups of Server, Network and Security administrators.
7/28/2019 Volume3 UCS V
61/107
2-5 UCS-Virtualization Cisco Systems, Inc.
2010 Ciscoand/or its affiliates. All rights reserved. Cisco ConfidentialPresentation_ID 44
Virtual NetworkManagement
Center
(VNMC)
Virtual Security GatewayVirtual Firewall for Nexus 1000V
VM context aware rulesContext awareSecurity
Establish zones of trustZone based
Controls
Policies follow vMotionDynamic, Agile
Efficient, Fast, Scale-out SWBest-in-class
Architecture
Security team manages securityNon-Disruptive
Operations
Central mgmt, scalable deployment,
multi-tenancyPolicy Based
Administration
Virtual
Security
Gateway
(VSG)
XML API, security profilesDesigned for
Automation
Managing Vir tual Firewal ls with the VSG and VNMC
VSG / VNMC provides a framework in which security administrators define security
policy that network or server administrators can use as new similar virtual machines arecreated. Security policies defined in VNMC are created and utilized in security profiles
that are bound to port profiles by network administrators.
Port profiles separate network and server administration. When a new virtual machine is
provisioned, the server administrator selects the appropriate port profile(port group) foruse by the VM
Firewall services can be based on concepts of zoning, vDCs or vApps as well as tenants.
Security policies are mobile and provide for scaling in larger or growing virtual
environments.
The security teams activities area non disruptive to other IT activities.
A published XML API schema is supplied with VNMC for the automation of repetitivetasks.
7/28/2019 Volume3 UCS V
62/107
Virtual Security Gateway Overview 2-6
2010 Ciscoand/or its affiliates. All rights reserved. Cisco ConfidentialPresentation_ID 55
VMWare vSphere 4.0+ and Virtual Center
Nexus 1000V Series switch (1.4 or later)
One (or More) Active VSGs per tenant
Virtual Network Management Center(VNMC)
Note: Licensing is based on the same linesas Nexus 1000V (per CPU Socket)
VSG Deployment Requirements
VSG Deployment Requ irements
VMWare vSphere 4.0+ and Virtual Center
Nexus 1000V Series switch (1.4 or later)
One (or More) Active VSGs per tenant
Virtual Network Management Center (VNMC
One or more VSGs per tenant
Note: Licensing is based on the same lines as Nexus 1000V (per CPU Socket)
*VMWare with Enterprise + license
7/28/2019 Volume3 UCS V
63/107
2-7 UCS-Virtualization Cisco Systems, Inc.
2010 Ciscoand/or its affiliates. All rights reserved. Cisco ConfidentialPresentation_ID 66
Multi-tenant Deployment
Deployment granularity depending on use case
Tenant, VDC, vApp
Multi-instance deployment provides scale-out
Tenant A
vSphere
Nexus 1000V
vPath
Tenant B
VDC-1
vApp
vApp
VDC-2
Virtual Network Management Center
Mult i - tenant Deployment
VNMC can be used to define Tenants, VDCs and vAPPs for the application of various
firewall services. This granularity can meet most expected use cases. The tenant modelfollows or is analogous to the org model used by Cisco UCS for administration. And
users of the VSM via the CLI will recognize the org definitions starting at the root org.
Visibility is restricted to the scope of the tenant unlike the current implementation of
UCS.
VSG uses a two component model for deployment. The first is the Policy Decision Point
(PDP) and the second the Policy Enforcement Point. (PEP). The PDP (VSG) resides as a
VM, and is deployed as a Virtual services node (VSN-Generic) (Cisco-VSB,Virtual
services Blade) or the VSG can be deployed on the Nexus 1010
The Policy Enforcement Point (PEP) is deployed as part of the VEM used by the Nexus1000V. a component of the VEM (vpath) provides additional services to be discussed in a
subsequent topic.
7/28/2019 Volume3 UCS V
64/107
Virtual Security Gateway Overview 2-8
2010 Ciscoand/or its affiliates. All rights reserved. Cisco ConfidentialPresentation_ID 77
Application Tiered Deployment3-tier Server Zones
WebServerWeb
Server
Permit Only Port 80(HTTP) of WebServers
Permit Only Port 22 (SSH) to
application servers
Only Permit Web servers
access to Application servers
Policy Content Hosting
WebClient
Web-zone
DBserverDB
server
Database
zone
AppServerApp
Server
Application
zone
Only Permit Application servers
access to Database servers
Block all external access to
database servers
Tenant A
Appl icat ion Tiered Deployment
In this example we have a deployment needing North/South security as well as East/West
security. Inbound and outbound traffic can be controlled through the construction of ruleslimiting the inbound and out bound ports access. East/West traffic can be controlled
through the construction of zones and rules constructed to limit the contact these zones
have with one another.
Rules are constructed to allow or deny access. And the creation of numerous rules can beaggregated into policies and further into policy sets.
7/28/2019 Volume3 UCS V
65/107
2-9 UCS-Virtualization Cisco Systems, Inc.
2010 Ciscoand/or its affiliates. All rights reserved. Cisco ConfidentialPresentation_ID 8 2010 Ciscoand/or its affiliates. All rights reserved. Cisco ConfidentialPresentation_ID 8
VSG SystemArchitecture
7/28/2019 Volume3 UCS V
66/107
Virtual Security Gateway Overview 2-10
2010 Ciscoand/or its affiliates. All rights reserved. Cisco ConfidentialPresentation_ID 99
VMWare
vCenter
VSM
VMWarevCenter
VSM
Virtual Network
Management Center
(VNMC)
Security Profiles
Port ProfilesInteractions
VMAttributes
VSNVSG
Packets
VSG System Architecture
ESX Servers
Nexus 1000VvPath
VM-to-IP Binding
The Big Picture
The components that comprise a VSG /VNMC software architecture consist of VSG
(which can run redundantly-i.e. with a secondary) and also includes the virtual supervisormodule VSM (which can run redundantly or standalone), VMware Virtual Center, and
one or more instances of a virtual Ethernet module (one per ESX server).
7/28/2019 Volume3 UCS V
67/107
2-11 UCS-Virtualization Cisco Systems, Inc.
2010 Ciscoand/or its affiliates. All rights reserved. Cisco ConfidentialPresentation_ID 1010
VMWare
vCenter
VSM
VMWarevCenter
VSM
Virtual Network
Management Center
(VNMC)
Encrypted Channel
VSNVSG
VSG System Architecture -Communication
SOAP/HTTPS
APIXML/HTTPS
ESX Servers
Nexus 1000VvPath
XML/HTTPS
Encrypted Channel
Security Profiles
Port Profiles
Interactions
VMAttributes
Packets
VSG Archi tecture Communicat ions
VMWare vCenter communicates using a certificate based exchange over https. As you
can see from the above graphic https is used for VSM and VSG communications with theVNMC. VNMC gets the visibility to vCenter VM attributes to use in the Security Policy
VSG and VMNC communicate over secure layer 3 (SSL) with Pre-Shared Key
VNMC publishes Device and Security Policies to Tenant VSGs
VMNC and VSM communicate over secure layer 3 (SSL) with Pre-Shared Key
VSM provides VM to IP Mapping to VNMC
VEM communicate with VSG over Layer 2 Service VLAN
vPath redirects the data traffic over Service VLAN
Policy Result is sent to vPath (VEM) by VSG and cached for flow duration.
Note: SOAP, originally defined as Simple Object Access Protocol, is a protocol
specification for exchanging structured information in the implementation of WebServices in computer networks. It relies on Extensible Markup Language (XML) for its
message format, and usually relies on other Application Layer protocols, most notably
Remote Procedure Call (RPC) and Hypertext Transfer Protocol (HTTP)
7/28/2019 Volume3 UCS V
68/107
Virtual Security Gateway Overview 2-12
Encrypted communication between VSM and VEMs (Nexus 1000V) are over the
control Vlan and communication between VSG and the vPath component of the
VEMs is over a service Vlan.
These Vlans will need to be defined on a UCS system in addition to management andpacket vlans
7/28/2019 Volume3 UCS V
69/107
2-13 UCS-Virtualization Cisco Systems, Inc.
2010 Ciscoand/or its affiliates. All rights reserved. Cisco ConfidentialPresentation_ID 1111
Virtual Security GatewayLogical deployment l ike physic al appl iances
Nexus 1000V
Distributed Virtual Switch
VM VM VM
VM VM
VM
VM VM VM
VM
VM
VM VM VM
VM VM VMVM
VM
vPath
VNMC
Log/Audit
VSG
Secure Segmentation(VLAN agnostic)
Efficient Deployment(secure multiple hosts)
Transparent Insertion(topology agnostic)
High Availability
Dynamic policy-basedprovisioning
Mobility aware(policies follow vMotion)
Logical deploym ent l ike physical servers
Each VSG is deployed as a VSB (virtual services blade) and resides outside of the areas
needing licensing for deployment. This reduces the licensing requirement to those nodesthan need service security. Licensing requirements based on CPU socket would see their
need for licensing reduced on nodes that are used a dedicated service nodes.
Logging can be off loaded to syslog servers for event recoding of allow /deny events as
they occur.
VEMS( using vPath tech