Beyond VDI: Why Thin-Client Computing and Virtual Desktop ... · Beyond VDI: Why Thin-Client...
Transcript of Beyond VDI: Why Thin-Client Computing and Virtual Desktop ... · Beyond VDI: Why Thin-Client...
![Page 1: Beyond VDI: Why Thin-Client Computing and Virtual Desktop ... · Beyond VDI: Why Thin-Client Computing and Virtual Desktop Infrastructures Aren’t Cutting it Dr. Monica Lam Co-founder](https://reader030.fdocuments.in/reader030/viewer/2022040113/5f3778b1f792a64fb5659528/html5/thumbnails/1.jpg)
Beyond VDI: Why Thin-Client Computing
and Virtual Desktop Infrastructures Aren’t Cutting it
Dr. Monica Lam Co-founder and Chief Scientist, MokaFive Inc. Professor of Computer Science, Stanford University
![Page 2: Beyond VDI: Why Thin-Client Computing and Virtual Desktop ... · Beyond VDI: Why Thin-Client Computing and Virtual Desktop Infrastructures Aren’t Cutting it Dr. Monica Lam Co-founder](https://reader030.fdocuments.in/reader030/viewer/2022040113/5f3778b1f792a64fb5659528/html5/thumbnails/2.jpg)
Desktop Virtualization: Road to Discovery DATE INSTITUTION CONCEPTS 1999 w. Sun Labs Sun Rays 2000 2001 Stanford Collective Computing Utility (VDI) ($3M, NSF) 2002 2003 Virtual Appliances for Deploying & Managing
Software (LISA 2003) 2004 2005 MokaFive LivePCs: ($3M, Vinod Khosla) 2006 MokaFive LivePC Lab: ($15M, Highland Capital, Khosla) 2007 2008 MokaFive DaaS Desktop-as-a-Service Platform
Stanford POMI 2020: Programmable Open Mobile Internet ($10M from NSF)
© Copyright 2008 Moka5 Inc. 2
![Page 3: Beyond VDI: Why Thin-Client Computing and Virtual Desktop ... · Beyond VDI: Why Thin-Client Computing and Virtual Desktop Infrastructures Aren’t Cutting it Dr. Monica Lam Co-founder](https://reader030.fdocuments.in/reader030/viewer/2022040113/5f3778b1f792a64fb5659528/html5/thumbnails/3.jpg)
1999: Central Management & Mobility with Sun Rays
© Copyright 2008 Moka5 Inc. 3
Interactive Performance of SLIM: A Stateless Thin-Client Architecture. Schmidt, Lam, Northcutt, SOSP, 99.
![Page 4: Beyond VDI: Why Thin-Client Computing and Virtual Desktop ... · Beyond VDI: Why Thin-Client Computing and Virtual Desktop Infrastructures Aren’t Cutting it Dr. Monica Lam Co-founder](https://reader030.fdocuments.in/reader030/viewer/2022040113/5f3778b1f792a64fb5659528/html5/thumbnails/4.jpg)
2000: OS Virtualization
Inspired: • Linux Zap [’02] • Solaris Zones [’04]
Microsoft Windows in the future?
© Copyright 2008 Moka5 Inc. 4
Supporting Ubiquitous Computing with Stateless Consoles & Computation Caches. Schmidt, Stanford Ph.D. Thesis, 2000
![Page 5: Beyond VDI: Why Thin-Client Computing and Virtual Desktop ... · Beyond VDI: Why Thin-Client Computing and Virtual Desktop Infrastructures Aren’t Cutting it Dr. Monica Lam Co-founder](https://reader030.fdocuments.in/reader030/viewer/2022040113/5f3778b1f792a64fb5659528/html5/thumbnails/5.jpg)
2001: Virtual Desktop Infrastructure
© Copyright 2008 Moka5 Inc. 5
![Page 6: Beyond VDI: Why Thin-Client Computing and Virtual Desktop ... · Beyond VDI: Why Thin-Client Computing and Virtual Desktop Infrastructures Aren’t Cutting it Dr. Monica Lam Co-founder](https://reader030.fdocuments.in/reader030/viewer/2022040113/5f3778b1f792a64fb5659528/html5/thumbnails/6.jpg)
© Copyright 2008 Moka5 Inc. 6
2003: LivePCs
• LivePCs = Secure, managed VM images in the cloud • PCs (Windows, Linux, Mac PC) are generic platforms • USB flash: personalized cache as a network accelerator
• Supports disconnected operation The Collective: A Cache-Based System Management Architecture, US Patent, Lam et al, 2003 & NSDI, 2005
or
http server
![Page 7: Beyond VDI: Why Thin-Client Computing and Virtual Desktop ... · Beyond VDI: Why Thin-Client Computing and Virtual Desktop Infrastructures Aren’t Cutting it Dr. Monica Lam Co-founder](https://reader030.fdocuments.in/reader030/viewer/2022040113/5f3778b1f792a64fb5659528/html5/thumbnails/7.jpg)
© Copyright 2008 Moka5 Inc. 7
LivePC Creator/Player
![Page 8: Beyond VDI: Why Thin-Client Computing and Virtual Desktop ... · Beyond VDI: Why Thin-Client Computing and Virtual Desktop Infrastructures Aren’t Cutting it Dr. Monica Lam Co-founder](https://reader030.fdocuments.in/reader030/viewer/2022040113/5f3778b1f792a64fb5659528/html5/thumbnails/8.jpg)
MokaFive Professional DaaS
VM 1
VM 1
VM 2
VM 2
VM 3
VM 3
Network VM 2
VM 1
VM 3
© Copyright 2008 Moka5 Inc. 8
![Page 9: Beyond VDI: Why Thin-Client Computing and Virtual Desktop ... · Beyond VDI: Why Thin-Client Computing and Virtual Desktop Infrastructures Aren’t Cutting it Dr. Monica Lam Co-founder](https://reader030.fdocuments.in/reader030/viewer/2022040113/5f3778b1f792a64fb5659528/html5/thumbnails/9.jpg)
3. Thin-client computing reduces the hardware cost
Top Three Myths Around VDI
© Copyright 2008 Moka5 Inc. 9
![Page 10: Beyond VDI: Why Thin-Client Computing and Virtual Desktop ... · Beyond VDI: Why Thin-Client Computing and Virtual Desktop Infrastructures Aren’t Cutting it Dr. Monica Lam Co-founder](https://reader030.fdocuments.in/reader030/viewer/2022040113/5f3778b1f792a64fb5659528/html5/thumbnails/10.jpg)
Cost of End-Point Hardware • Thin-client hardware: $300 + $60 a year (no monitor)
• PC: $499 (no monitor) • Intel Pentium Dual Core 1.86 GHz,
2GB M, 160 GB SATA drive
• Consumerization of PCs: $0 • Let the employees use their own computers
© Copyright 2008 Moka5 Inc. 10
![Page 11: Beyond VDI: Why Thin-Client Computing and Virtual Desktop ... · Beyond VDI: Why Thin-Client Computing and Virtual Desktop Infrastructures Aren’t Cutting it Dr. Monica Lam Co-founder](https://reader030.fdocuments.in/reader030/viewer/2022040113/5f3778b1f792a64fb5659528/html5/thumbnails/11.jpg)
Moving desktops to data centers? • Server virtualization in data centers:
• Consolidation reduces cost and energy
• Desktop virtualization in data centers? • Additional cost: data center operation • Servers: 4-10 users per processor
(Terminal services: 40 users per OS) • Storage: 5GB per user • Energy; rent; labor
© Copyright 2008 Moka5 Inc. 11
![Page 12: Beyond VDI: Why Thin-Client Computing and Virtual Desktop ... · Beyond VDI: Why Thin-Client Computing and Virtual Desktop Infrastructures Aren’t Cutting it Dr. Monica Lam Co-founder](https://reader030.fdocuments.in/reader030/viewer/2022040113/5f3778b1f792a64fb5659528/html5/thumbnails/12.jpg)
Cost of Server Operation • The “Superbowl” effect
• Must provision for the “important moment” • Superbowl for TV networks, final projects at school • 9 to 5 for companies?
• Redundancy to guard against a single-point of failure • Google docs (July 8, 2008: 45 minutes) • Amazon EC2 (July 20, 2008: 8 hours)
• Resource allocation and management among clusters
LivePCs: an http server can support thousands of users
© Copyright 2008 Moka5 Inc. 12
![Page 13: Beyond VDI: Why Thin-Client Computing and Virtual Desktop ... · Beyond VDI: Why Thin-Client Computing and Virtual Desktop Infrastructures Aren’t Cutting it Dr. Monica Lam Co-founder](https://reader030.fdocuments.in/reader030/viewer/2022040113/5f3778b1f792a64fb5659528/html5/thumbnails/13.jpg)
2. Central management => centralized execution
Top Three Myths Around VDI
© Copyright 2008 Moka5 Inc. 13
3. Thin-client computing reduces the hardware cost
![Page 14: Beyond VDI: Why Thin-Client Computing and Virtual Desktop ... · Beyond VDI: Why Thin-Client Computing and Virtual Desktop Infrastructures Aren’t Cutting it Dr. Monica Lam Co-founder](https://reader030.fdocuments.in/reader030/viewer/2022040113/5f3778b1f792a64fb5659528/html5/thumbnails/14.jpg)
Security and Management, commtouch, May 2008
• Number of active zombies per day: 10-15 millions • Typical number of zombies in a single botnet:
10,000 – 200,000 • New zombies that come ‘alive’ every 24 hours:
200,000-500,000 • Typical Zombies Activities: Spam, phishing, malware, command
& control, data theft, click fraud, DDoS • Spam activity on the Internet accounted for by zombies:120
billion messages daily
Stealthy security breaches are harmful!
© Copyright 2008 Moka5 Inc. 14
![Page 15: Beyond VDI: Why Thin-Client Computing and Virtual Desktop ... · Beyond VDI: Why Thin-Client Computing and Virtual Desktop Infrastructures Aren’t Cutting it Dr. Monica Lam Co-founder](https://reader030.fdocuments.in/reader030/viewer/2022040113/5f3778b1f792a64fb5659528/html5/thumbnails/15.jpg)
System Admin with Virtual Machines • VMs by themselves do not improve management
• VMs: complete machines “on a platter” • Virtual machines holistic management • Virtual machines outside-the-box security control
• Central management ≠> centralized execution • Physical security ≠ security
© Copyright 2008 Moka5 Inc. 15
![Page 16: Beyond VDI: Why Thin-Client Computing and Virtual Desktop ... · Beyond VDI: Why Thin-Client Computing and Virtual Desktop Infrastructures Aren’t Cutting it Dr. Monica Lam Co-founder](https://reader030.fdocuments.in/reader030/viewer/2022040113/5f3778b1f792a64fb5659528/html5/thumbnails/16.jpg)
© Copyright 2008 Moka5 Inc. 16
Administration Work Flow
LivePC Creation Tools One-Click Post
Multi-Platform Support Online and Offline Use (Cache-On-Go) Faster Launch (Streaming & Predictive Fetch)
Automatic & Incremental Updates via RSS (Slim Transfer & Auto Subscription)
System & User State Separation (Rejuvenation)
MokaFive LivePC
Server Network
Portable Devices
Laptop
Desktop
![Page 17: Beyond VDI: Why Thin-Client Computing and Virtual Desktop ... · Beyond VDI: Why Thin-Client Computing and Virtual Desktop Infrastructures Aren’t Cutting it Dr. Monica Lam Co-founder](https://reader030.fdocuments.in/reader030/viewer/2022040113/5f3778b1f792a64fb5659528/html5/thumbnails/17.jpg)
MokaFive System Architecture
© Copyright 2008 Moka5 Inc. 17
Admin-controlled MokaFive-controlled
User data
![Page 18: Beyond VDI: Why Thin-Client Computing and Virtual Desktop ... · Beyond VDI: Why Thin-Client Computing and Virtual Desktop Infrastructures Aren’t Cutting it Dr. Monica Lam Co-founder](https://reader030.fdocuments.in/reader030/viewer/2022040113/5f3778b1f792a64fb5659528/html5/thumbnails/18.jpg)
Securing the End Points with Encrypted Keys
• Hardware / software: • Encryption • Revocation • Self-destructs after 10
incorrect password guesses
• Hardware only: • Self-destructs if physically
tampered
© Copyright 2008 Moka5 Inc. 18
![Page 19: Beyond VDI: Why Thin-Client Computing and Virtual Desktop ... · Beyond VDI: Why Thin-Client Computing and Virtual Desktop Infrastructures Aren’t Cutting it Dr. Monica Lam Co-founder](https://reader030.fdocuments.in/reader030/viewer/2022040113/5f3778b1f792a64fb5659528/html5/thumbnails/19.jpg)
Holistic Management Delivering a mirror of a golden image
Rejuvenate system disk by default Incremental updates • Image provisioning • Software deployment • Software updates • Software rollback • Lockdown • New services (e.g. encryption) • Revocation
© Copyright 2008 Moka5 Inc. 19
![Page 20: Beyond VDI: Why Thin-Client Computing and Virtual Desktop ... · Beyond VDI: Why Thin-Client Computing and Virtual Desktop Infrastructures Aren’t Cutting it Dr. Monica Lam Co-founder](https://reader030.fdocuments.in/reader030/viewer/2022040113/5f3778b1f792a64fb5659528/html5/thumbnails/20.jpg)
Minimizing Virtual Image Sprawl
• A single virtual image for employees in the same dept • Running on different hardware • Different user states
© Copyright 2008 Moka5 Inc. 20
![Page 21: Beyond VDI: Why Thin-Client Computing and Virtual Desktop ... · Beyond VDI: Why Thin-Client Computing and Virtual Desktop Infrastructures Aren’t Cutting it Dr. Monica Lam Co-founder](https://reader030.fdocuments.in/reader030/viewer/2022040113/5f3778b1f792a64fb5659528/html5/thumbnails/21.jpg)
Separation of System and User State
• User state customization: • a separate virtual disk for user state
• Machine customization • Domain join • Active Directory with group policy • Cached credentials
• Local environment customization • USB and network printer pass through
© Copyright 2008 Moka5 Inc. 21
![Page 22: Beyond VDI: Why Thin-Client Computing and Virtual Desktop ... · Beyond VDI: Why Thin-Client Computing and Virtual Desktop Infrastructures Aren’t Cutting it Dr. Monica Lam Co-founder](https://reader030.fdocuments.in/reader030/viewer/2022040113/5f3778b1f792a64fb5659528/html5/thumbnails/22.jpg)
Outside-the-Box Security • Quick patching
• Only touched blocks that need to be fetched • Can recall patches easily if necessary
• Recover from zero-day vulnerabilities • Automatic rejuvenation • Viruses in the user state:
Defense-in-depth; clean with new anti-virus/OS
• Only way to get rid of all root kit attacks
• Baremetal version – eliminates keylogging
© Copyright 2008 Moka5 Inc. 22
![Page 23: Beyond VDI: Why Thin-Client Computing and Virtual Desktop ... · Beyond VDI: Why Thin-Client Computing and Virtual Desktop Infrastructures Aren’t Cutting it Dr. Monica Lam Co-founder](https://reader030.fdocuments.in/reader030/viewer/2022040113/5f3778b1f792a64fb5659528/html5/thumbnails/23.jpg)
1. Central management => bad user experience
2. Central management => centralized execution
Top Three Myths Around VDI
© Copyright 2008 Moka5 Inc. 23
3. Thin-client computing reduces the hardware cost
![Page 24: Beyond VDI: Why Thin-Client Computing and Virtual Desktop ... · Beyond VDI: Why Thin-Client Computing and Virtual Desktop Infrastructures Aren’t Cutting it Dr. Monica Lam Co-founder](https://reader030.fdocuments.in/reader030/viewer/2022040113/5f3778b1f792a64fb5659528/html5/thumbnails/24.jpg)
Overheads of Virtual Desktop Infrastructure
© Copyright 2008 Moka5 Inc. 24
• VM • Multiplexed VM • Remote display
![Page 25: Beyond VDI: Why Thin-Client Computing and Virtual Desktop ... · Beyond VDI: Why Thin-Client Computing and Virtual Desktop Infrastructures Aren’t Cutting it Dr. Monica Lam Co-founder](https://reader030.fdocuments.in/reader030/viewer/2022040113/5f3778b1f792a64fb5659528/html5/thumbnails/25.jpg)
Main Frame to PC/Laptop Revolution
© Copyright 2008 Moka5 Inc. 25
VDI is a Throw Back to Main Frame Days
• Allows occasional disconnection from the network
• Fast and cheap hardware
• Interactive applications
• 3D graphics: Google earth
• USB peripherals
• Personal Computer -- personal control: hw, applications
Question: Why Not?
![Page 26: Beyond VDI: Why Thin-Client Computing and Virtual Desktop ... · Beyond VDI: Why Thin-Client Computing and Virtual Desktop Infrastructures Aren’t Cutting it Dr. Monica Lam Co-founder](https://reader030.fdocuments.in/reader030/viewer/2022040113/5f3778b1f792a64fb5659528/html5/thumbnails/26.jpg)
MokaFive: “Eat your cake and have it too”
© Copyright 2008 Moka5 Inc. 26
Security Quality of Life
![Page 27: Beyond VDI: Why Thin-Client Computing and Virtual Desktop ... · Beyond VDI: Why Thin-Client Computing and Virtual Desktop Infrastructures Aren’t Cutting it Dr. Monica Lam Co-founder](https://reader030.fdocuments.in/reader030/viewer/2022040113/5f3778b1f792a64fb5659528/html5/thumbnails/27.jpg)
New Frontier: Security + Quality of Life
© Copyright 2008 Moka5 Inc. 27
Portability Platform of choice
• Macs, EEEPC Personalization Performance
Green initiative • Work from home
Information leakage • Data breach disclosure
12000 lost laptops per week in airports
• Encryption statutes • SOX • HIPPA • IP Foreign travel
Corporate LivePCs on Consumer PCs
Security Quality of Life
![Page 28: Beyond VDI: Why Thin-Client Computing and Virtual Desktop ... · Beyond VDI: Why Thin-Client Computing and Virtual Desktop Infrastructures Aren’t Cutting it Dr. Monica Lam Co-founder](https://reader030.fdocuments.in/reader030/viewer/2022040113/5f3778b1f792a64fb5659528/html5/thumbnails/28.jpg)
Use Cases
• Business: HR staff’s home access to employee data Disaster recovery: a backup PC in your pocket
• HMO: Patient data access in clinics, hospitals, homes
• Law firm: Proprietary client info &software access
• University: Labs for running different courses
• ISV: Demos on customers’ machines
© Copyright 2008 Moka5 Inc. 28
![Page 29: Beyond VDI: Why Thin-Client Computing and Virtual Desktop ... · Beyond VDI: Why Thin-Client Computing and Virtual Desktop Infrastructures Aren’t Cutting it Dr. Monica Lam Co-founder](https://reader030.fdocuments.in/reader030/viewer/2022040113/5f3778b1f792a64fb5659528/html5/thumbnails/29.jpg)
Future Use Cases
• Hotels
• Internet cafes
• Consumers
© Copyright 2008 Moka5 Inc. 29
![Page 30: Beyond VDI: Why Thin-Client Computing and Virtual Desktop ... · Beyond VDI: Why Thin-Client Computing and Virtual Desktop Infrastructures Aren’t Cutting it Dr. Monica Lam Co-founder](https://reader030.fdocuments.in/reader030/viewer/2022040113/5f3778b1f792a64fb5659528/html5/thumbnails/30.jpg)
Stanford POMI 2020 Project: Programmable Open Mobile Internet
© Copyright 2008 Moka5 Inc. 30
mini workstation
PC laptop
phone
10x cheaper, 10x more users
mainframe
![Page 31: Beyond VDI: Why Thin-Client Computing and Virtual Desktop ... · Beyond VDI: Why Thin-Client Computing and Virtual Desktop Infrastructures Aren’t Cutting it Dr. Monica Lam Co-founder](https://reader030.fdocuments.in/reader030/viewer/2022040113/5f3778b1f792a64fb5659528/html5/thumbnails/31.jpg)
Technological Trends Convergence of broadband, wifi, cellular, wimax
Convergence of PC, CE, phones
© Copyright 2008 Moka5 Inc. 31
communication
computation internet
media
games
![Page 32: Beyond VDI: Why Thin-Client Computing and Virtual Desktop ... · Beyond VDI: Why Thin-Client Computing and Virtual Desktop Infrastructures Aren’t Cutting it Dr. Monica Lam Co-founder](https://reader030.fdocuments.in/reader030/viewer/2022040113/5f3778b1f792a64fb5659528/html5/thumbnails/32.jpg)
Three-Tier Architecture
© Copyright 2008 Moka5 Inc. 32
My key, cache, window into my digital ID, digital personality, digital assets, and the internet
Personalize the generic PC, Borrow the power, display, keyboard, memory, …
SERVERS
PHONES
PC/TVs
Internet
![Page 33: Beyond VDI: Why Thin-Client Computing and Virtual Desktop ... · Beyond VDI: Why Thin-Client Computing and Virtual Desktop Infrastructures Aren’t Cutting it Dr. Monica Lam Co-founder](https://reader030.fdocuments.in/reader030/viewer/2022040113/5f3778b1f792a64fb5659528/html5/thumbnails/33.jpg)
© Copyright 2008 Moka5 Inc. 33
Conclusion: Virtual Desktop as a Service
Deliver • One click post and subscribe • Faster launch
Maintain & Control
• Incremental update • Rejuvenation • Revocation, AAA & Encryption • BareMetal™
Users free to work anywhere
• Online & offline • X-platform • Isolation (Secure and Confidential)
Create
• Creator Wizard Lifecycle of
Desktops as a Service
Pioneered Virtual Desktops • Optimized for DaaS • “The Collective” • 15 patents pending