Virtual Desktop Implementation at

Air Products18 November 2009

Dianna KnaussVirtual Desktop Technical Program Manager

Introduction◦ What is Virtual Desktop?◦ Why the change?◦ Approach◦ What does this enable?

Virtual Desktop Architecture End Node devices

◦ Thin client◦ Repurposing

Application Virtualization Lessons Learned The dirty little secrets the vendors won’t tell you Live Demo

Agenda

A virtual desktop is a copy of Windows running on a server in the data center instead of on a PC

Application Virtualization – applications run in a separate “bubble” and do not directly interact with the operating system

Server Virtualization – multiple virtual servers run and share a single physical server

What is Virtual Desktop?

Reduce complexity of computing environment

Security◦Simplify security patching◦Reduce virus scanning◦Increased data security

Eliminate software distribution Reduce application variability Reduce hardware cost

Why the change?

Push the boundaries Take more risk Limit options to drive penetration and

speed Faster with more risk Won’t have all the answers –

exploratory in nature

Approach

What Does This Enable? New acquisitions can quickly be given

access to our corporate applications◦ No need to buy specific Air Products PC’s, make

use of existing PC and browser◦ Install dumb terminal from local supplier

JV’s & Outsource partners can get access to our applications, and we can limit what they can see & do.

Improves security and helps prevent loss of our corporate data

This is foundational to other offerings

Virtual Desktop Infrastructure

Broker

Hypervisor

Provisioning

App Virt.ICA

Thin Client Device

(1) Secure USB compartment(2) Power button (3) Flash activity LED(4) Line-in (microphone) connector(5) Line-out (headphone or speaker) audio connector(6) Universal serial bus (USB) connectors (2)(7) Power LED

Needed to leverage our existing assets◦ 4 year purchased PC replacement cycle◦ 65% laptop population◦ Windows licensing is per device and we don’t have Software

Assurance allows user mobility without increasing license costs

Potential options◦ Ubuntu Linux hardware driver difficulties with laptops◦ WinFLiP (Windows for Legacy PCs) – not made for mobile PCs◦ Group Policy lockdown (Air Products’ choice)

Takes a Windows PC and makes it a “thin client” Avoids a PC reload Provides a “no touch” approach User has no ability to access most items, make changes, or

access hard disk or programs

Repurposed PCs

VDI is accessed via the users desktop or laptop (repurposed PC)

The physical PC is locked down with these exceptions: ◦ accessing the Internet (how users get to VDI)◦ Saving printer and network info◦ making minor adjustments to the display and mouse settings

The user moves Outlook PST folders into their 2GB mailbox Migration

User data is moved from your PC to the Virtual Server (5GB limit) The Outlook profile will NOT be migrated – users will recreate it Only certain settings will be migrated from the Windows Profile It will take 1-2 days to become adjusted to using the new virtual desktop

so plan accordingly

Applications accessed by “base image”, Citrix hosting, virtualized streamed applications, or the web

Only applications necessary for business will be made available

What happens when moving to Virtual Desktop?

First focus must be to limit the number of applications to minimize $$$$

The focus is on business applications No personal apps (non-business applications) Standardization and single versions are a must Transparent apps have been interesting

◦ Transparent apps are allowed but are not IT supported◦ To make them available in VDI, we must sequence them◦ Can drive cost if encounter too many of these

Virtual Desktop Applications

Listed in order of preference Web application minimal/no footprint Virtualized application

◦ Leaves no residual code on the desktop◦ Requires effort to “sequence” the application◦ AppV, ThinApp, or XenApp◦ Only 80 – 90% of apps can be virtualized

Hosted application (Citrix or Windows Terminal)◦ May not be an option if application interoperability is necessary◦ Many apps interoperate with MS Office

Install in VDI O/S base image◦ Include anything that frequently operates with other apps (MS

Office, PDF reader, etc)◦ Any app included will require a license for each VDI user◦ Any changes require an update to the base image

Application options

Virtualized Application Constraints

MS App-V Application Limitations ◦ Over 4 GB in size when sequenced ◦ Start services at boot time◦ Require device drivers – ex. Print drivers◦ Part of the OS – ex. PowerShell◦ COM+ and COM DLL surrogate virtualization◦ 64-bit applications – coming in App-V 4.6 release

Heavy data analysis to define your market◦ Highly mobile users, users with variable bandwidth or high

latency, and users with one-off apps are not good candidates◦ How do you determine who those users are?

Don’t underestimate migration effort◦ Consider Windows profiles, Outlook profiles, PST files, file shares,

printing, etc. carry over as little as possible◦ Remember network bandwidth impacts

Each VDI implementation is unique◦ Cost versus control◦ Starting point Admin rights, data location, PST files, bandwidth

availability, persistence, application space, etc. Understand business continuity plans

◦ There is no “offline use” in VDI◦ Verify MS Office apps are not part of their plans

Lessons Learned

Software licensing requires a PhD◦ Software vendors have not thought through licensing the

virtual world◦ Several unexpected license costs – e.g. VECD, AV scan

Vendors & complexity◦ No vendor owns the whole game◦ Immature monitoring and performance tools◦ Stability & performance requires $$$$

Browser-based apps are not without issues◦ Shared folders & ActiveX Controls◦ Cookies

Thin clients take MORE bandwidth Bandwidth and wireless variability are not VDIs friend

The dirty little secrets . . .

Live Demo

Questions?