Design - AlwaysOn Point of Care Desktop

AlwaysOn Point of Care Desktop R E F E R E N C E A R C H I T E C T U R E G U I D E

THE VIRTUAL COMPUTINGENVIRONMENT COMPANY

AlwaysOn Point of Care Desktop

R E F E R E N C E A R C H I T E C T U R E G U I D E / 2

Table of Contents

About Desktop Validated Designs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Building a HITECH Healthcare Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5

The Challenge of Achieving Meaningful Use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5

Securing Protected Health Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6

Ensuring Continuous Availability for Non-Stop Care . . . . . . . . . . . . . . . . . . . . . . . . . . . .6

Requirements for High Availability (HA) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7

Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Summary of Main Findings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8

Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9

Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9

Solution Purpose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Business Challenge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Technology Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

About VMware View 4.6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

VMware View 4.6 Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

About Imprivata OneSign Authentication Management . . . . . . . . . . . . . . . . . . . . . . . . 13

Application SSO Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Vblock™ Infrastructure Platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Management Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Key Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Virtualization Operating System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Compute and Network Solution and Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Network Infrastructure and Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Storage Solution and Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Storage Infrastructure and Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Application Delivery Control (ADC) and Network Load Balancing (NLB) . . . . . . . . . . 20

Cisco Application Control Engine (ACE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

HAProxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

AlwaysOn Desktop Design Approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Architecture and Design of VMware View on VCE Vblock Platforms . . . . . . . . . . . . . 27

Compose/Recompose Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27



Client Access Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Solution Validation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

VCE Vblock Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Additional Components Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Unified Computing System Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

LAN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

SAN Configuration (VCE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Storage Array (EMC Celerra NS960) Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

CLARiiON Pools, RAID Groups and LUNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Celerra File Systems and NFS Exports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Microsoft Distributed File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

VMware Datastores . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Blade Provisioning and OS Installation (VCE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

VMware Virtual Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

VMware vSphere ESXi Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

VMware vSphere Advanced Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Datastores . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

VMware View 4.6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Virtual Desktop Pools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Storage Synchronization Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Imprivata OneSign . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Test Setup and Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Test Harness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

AlwaysOn Desktop Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

Stateless Desktop Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

Active/Active Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

Test Harness #2 – Using a Proximity Card (Manual) . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

Validation Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

Test Harness #1 – Validation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

Test Harness #2 – Validation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

Additional Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

About VCE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60



About Desktop Validated DesignsVMware’s Desktop Validated Designs are comprehensive design and implementation guides. The validated designs and solutions have met thorough architectural design development and lab testing and provide guidance for the introduction of proof of concepts, emerging new technology and architectures, as well as the enhancement of the customer’s use cases.

To qualify as a Desktop Validated Design Guide, the design must:

• Incorporategenerallyavailableproductsintothedesign.

•Employrepeatableprocessesforthedeployment,operation,andmanagementofcomponentswithinthesystem.

Validate designs through system-level testing. This level of testing:

- Validates a specific design use case or architectural practice on a limited scale and duration.

- Ensurestheviabilityoftheoreticaldesignsorconceptsinrealpractices

•Providedetailedsolutiondesignandimplementationguidancethatincludes:

- Examplesthatdefinetheproblemssolvedbythesolution.

- Productsthatwerevalidatedaspartofthedesigntesting.

- Software that was used for each component of the design.

- Configurations used to support the design test cases.

- A list of design limitations and issues that were discovered during the testing.

VMware®AlwaysOnPointofCareofferingsarepurpose-builtforhealthcareverticalstoaddressthehighavailability and disaster recovery needs of mission-critical clinical desktops and include VMware’s validated applicationintegrationandnetwork/compute/storagestacksfromVCE.



Introduction Thehealthcareindustryisundergoingamajortechnologicaltransformation.Electronicmedicalrecord(EMR)systems, mobile devices and other innovations hold the promise of improving the safety and quality of healthcaredelivery.AstheDepartmentofHealthandHumanServicesstates,EMRtechnologycanprovideclinicians and patients with better access to more complete and accurate information, which empowers patients to take a more active role in their health1 .

ManystudiesalsoshowthatEMRsystemshavethepotentialtoreducelong-termoperatingcosts2 and lower the occurrence of malpractice claims3.

As with other clinical applications, electronic medical records must be delivered to the actual point of care, whichreferstotheabilityorrequirementtophysicallybringasolutiontothepatient’sbedsideoranexamroom.Examplesofelectronicpoint-of-caresolutionsincludewall-mounteddisplaysandmobiledevicesinexamrooms that provide clinicians with access to patient records and computerized physician order-entry systems. These solutions play a central role in enabling healthcare organizations to accelerate their journey from paper-based to electronic healthcare information systems.

Building a HITECH Healthcare Infrastructure

TheUnitedStatesfederalgovernmenthassetanambitiousgoalofestablishinganationwideEMRinfrastructureby2015.InFebruary2009,CongresspassedtheAmericanRecoveryandReinvestmentAct(ARRA),alawthatincludesamajorsub-provisionknownastheHealthInformationTechnologyforEconomicandClinicalHealth(HITECH)Act.TheoverallgoalofHITECHistostimulatetheadoptionand“meaningfuluse”ofhealthcareinformationtechnology.Morespecifically,theHITECHActauthorized$19billioninfundingthroughMedicareandMedicaidEHRincentiveprogramsthatprovideincentivepaymentstohealthcareprovidersthatdemonstratemeaningfuluseofcertifiedEHRtechnology4.

The government began issuing incentive payments in May 2011, and eligible healthcare providers can participate intheprogramsuntil2014.Butby2015,U.S.hospitalsmustdemonstratemeaningfuluseofcertifiedEHRtechnology.After2015,however,incentiveswillnolongerbeavailable,andapenaltystagewillbegin.Penaltieswill start with reduced reimbursements that decrease annually, and eventually, penalized organizations will no longer receive any Medicare funding at all.

The Challenge of Achieving Meaningful Use

DespitetheprovenbenefitsandincentivesforadoptingEMRtechnologyandtheobviouspenaltiesfornon-compliance, many healthcare providers have struggled to satisfy even the most basic requirements for meaningfuluse.OneofthemajorreasonsforthisisthatthetraditionalapproachtohealthcareITistoocostlyandcomplex.Someapplicationshavetobeinstalledlocallyonendpointdevices,whilesomemustbeaccessedoverthenetwork,andothersstillcanonlybeusedondedicatedPCsorworkstations.Anotherissueisthatmany clinical applications are pre-installed on specialized hardware as appliances, which forces healthcare ITorganizationstomanagetheirinfrastructureinsilos.Thesituationissobadthatmanyfacilitieshavemoreserversthanhospitalbeds.Theresultisanexpensive,hard-to-manageinfrastructureforITteamsandacumbersomeworkflowforcaregivers.Findingtherightterminal,loggingin,andlaunchingtherightapplicationtake valuable time away from patients.

1 Source: U.S. Department of Health and Human Services, “Electronic Health Records and Meaningful Use.” http://healthit.hhs.gov/portal/server.pt?open=512&objID=2996&mode=2

2 Source: Health Data Management, “Study: EHR cuts long-term operating costs.” http://www.healthdatamanagement.com/news/ehr-cuts-long-term-operating-costs-41218-1.html

3 Source: Computerworld, “Study: Electronic medical records reduce malpractice claims.” http://www.computerworld.com/s/article/9122063/Study_Electronic_medical_records_reduce_malpractice_claims

4 Source: Center for Medicare & Medicaid Services, “Overview of EHR incentive programs.” http://www.cms.gov/ehrincentiveprograms/

http://healthit.hhs.gov/portal/server.pt?open=512&objID=2996&mode=2

http://www.healthdatamanagement.com/news/ehr-cuts-long-term-operating-costs-41218-1.html

http://www.computerworld.com/s/article/9122063/Study_Electronic_medical_records_reduce_malpractice_claims

http://www.cms.gov/ehrincentiveprograms/



Forexample,nursesatmanyhospitalsuseavarietyofendpoints,loggingintotheseendpointsatleast50timesduringasingleshift.Everytimeadoctorornurselogsinonanewendpoint,itcantakeupwardsofthreeminutes to bring up the user’s desktop environment, launch the correct application and find the necessary patient information. Over the course of a single shift, this approach takes a significant amount of time away frompatientcare.Evenrelativelysimpletasks,suchasquicklyanalyzingamedicalimageorevendictation,cantake up to five times as long because the clinician has to travel to a handful of dedicated workstations across the hospital.

Aphysician’stimeisexpensiveandvaluabletoahospital.Whenaphysicianisunproductivebecauseoftechnologyissues,patientcareandbillingarebothaffected.Thisproblemisamplifiedbythefactthatattractingandretainingthebestandbrightestcliniciansisaconstantandexpensivestruggleforhealthcareorganizations.Moreandmore,cliniciansenteringtheworkforcearedemandingaconsumer-likeuserexperienceintheworkplace,andhospitalITdepartmentsarebeingasked(orrequired)tosupportconsumerdevicessuchasAppleiPadtablets.Competitionfortalentamonglocalhospitalsystemsisfierceandexpensive,andmanyyoungerdoctorsnotonlyexpecttechnology,butalsowillalsoactivelyseekorganizationswiththoughtleadership in this area.

Securing Protected Health Information

Security and compliance have always been major concerns for the healthcare industry, but the proliferation of electronic health information has led to increased attention of data security breaches involving protected health information. One of the most notable incidents occurred in 2006, when the names, dates of birth and Social Security numbers of about 26.5 million active duty troops and veterans were on a laptop that disappeared while inthecustodyofadataanalystattheDepartmentofVeteransAffairs.Thelaptopanddatawererecovered,buttheDepartmentofVeteransAffairsstilleventuallypaid$20milliontocurrentandformermilitarypersonneltosettleaclassactionlawsuitonbehalfofthemenandwomenwhosepersonaldatawasaffectedbytheincident5 .

Inresponsetothisandmanyotherincidentsaffectingconfidentialmedicalrecords,thefederalgovernmentmandatedsignificantpenaltiesforsecuritylapsesaspartoftheHITECHAct.Forexample,publicnotificationof breaches of more than 500 records is now mandatory, including a requirement to post details on the DepartmentofHealthandHumanServiceswebsite,andHITECHpermitsfinesofupto$1.5millionforviolationsthatcostonly$25,000underthepreviousrule.Meetingthestricterguidelinesisespeciallydifficultin environments where clinicians are demanding remote access to patient data and support for laptops, smartphones,tabletcomputers,andothermobilesdevices,mostofwhicharehardtosecureandextremelyvulnerable to theft and loss.

Security and compliance concerns are also hindering the adoption of cloud-based solutions for point-of-care accesstoEMRsystemsandclinicalapplications.Somehealthcareorganizationsareconsideringthird-partycloudservicesasawaytolowerITcosts,reducetheriskofmedicalerrors,andmakevitalinformationmoreaccessible to patients and caregivers in real time. But the notion of a public cloud can still make providers nervousaroundthesecurityandcontrolofmovingthestorageofpatientdataoffpremise,andmanypubliccloud services lack the security and control providers need to maintain compliance with internal policies and government regulations.

Ensuring Continuous Availability for Non-Stop Care

The catastrophic failure of a mission-critical system can become a disaster for any organization, but in a clinical setting where caregivers are completely dependent on electronic solutions, system availability can literally be a matter of life and death. As computing devices replace paper charts and physician prescription pads, these endpoints(mobileandfixed),becomesafety-criticalITsystemsthatmustdeliverthehighestpossiblelevelsof

5 Source: CNN, “VA will pay $20 million to settle lawsuit over stolen laptop’s data.” http://articles.cnn.com/2009-01-27/politics/va.data.theft_1_laptop-personal-data-single-veteran

http://articles.cnn.com/2009-01-27/politics/va.data.theft_1_laptop-personal-data-single-veteran



reliabilityandavailabilitytoensurepatientsafety.Ifacaregiverhastomakeafastmedicaldecisionbutcan’taccess the patient’s records because of a service outage or computer problem, the situation can escalate into aSeverity-1eventandtheconsequencescanbequiteserious.Inshort,EMRsystemsmustbeaccessibleasanon-stop service that is available to clinicians wherever and whenever they need patient information.

Unfortunately,theolddevice-centricapproachtoendpointmanagementmakesitextremelydifficult—ifnotimpossible—toprotecteverydesktop,laptop,hospitalcomputercart,andmobiledeviceinuse.Andevenifthesystemsareupandrunning,patientinformationisnotalwaysimmediatelyavailable,sincecliniciansstillsufferfrom long login times, password management issues or they waste precious time having to travel across the hospital to get to a machine where they can access data and perform specific tasks.

Whentakentogether,thechallengesofachievingmeaningfuluse,protectingpatientinformation,andensuringcontinuous access to point-of-care solutions have created a dilemma that can’t be solved with traditional approaches to desktop and application management. To overcome these and other challenges, healthcare providersneedanewapproachtopoint-of-caredelivery:onethatwillenablethemtomodernizetheirITinfrastructures so they can improve patient outcomes and get the most from the millions of dollars they are investinginEMRtechnology.

Thispaper,acollaborationoftheVCEcompany,Imprivata,andVitalImages,detailsanewreferencedesignfordelivering clinical desktops and patient care applications as non-stop services. This new reference design for deliveringanon-stoppoint-of-caresolutionprovidesallofthebenefits,efficienciesofscale,and24X7uptimedemanded of a public cloud service from a private cloud environment.

Requirements for High Availability (HA)

ThebusinessdriversforAlwaysOnPointofCareare:

•ConversiontoEHRcausingrapidincreaseindistributedlocationswherepoint-of-caredesktops MUST be available

•Tier-1criticaldesktop,requiringfastrecoveryandapplicationcontinuityduringdisasters

•Point-of-careaccessthatmustbemorefluidthantraditionalPCexperience

•Sessionmobility,arequiredfeaturetiedtopatientcareandclinicalproductivity.VDIistheonlywayto meet this requirement

• Idealopportunitytorapidlyrolloutafullymanageddesktopplatform

•Effectivewaytoimplementmanagedprintingservice

Theuserexperiencerequirementsare:

•Desktopsarealwaysonandenablefastlogon

•Desktopfollowsuserintheeventoffailover

•Accessallowedfromanyendpointdevicesfromanywhere

•Familiarinterfacetosustainthesameapplicationworkflow

•Quickprovisioning

•Easymanagement

•Maintainedsecurity

• Lowcost

•Highavailability



TheHighAvailability/DisasterRecovery(HA/DR)concernsare:

•Uptime:CorrespondscloselytoRecoverTimeObjectives(RTOs).DRsolutionsshouldofferquickrestoreswith minimal or no manual steps after the recovery

•Reliability:CorrespondscloselytoRecoveryPointObjectives(RPOs).Addressingdatabasetransactionalconsistence, avoiding corrupted file systems, and ensuring systems boot when restored are key to addressing this concern

•Cost:Solutionneedstobeaffordable.ThecostofmanydifferentsoftwaresolutionsorreplicatingstoragearrayscanpreventDRsolutionsfromgettingofftheground

•Complexity:Howtoreducecomplexity?Howmanydifferentsystemsareinvolvedwiththestrategy?ADRplan typically is thick and complicated in procedures

Solution ThisdocumentdescribestheReferenceArchitecture(RA)forhighlyavailableVMwareView4.6virtualdesktopsorAlwaysOnPointofCareontheVblock™InfrastructurePlatform.

Summary of Main Findings

IntheAlwaysOnPointofCarevalidation,thekeyfindingsare:

•Astatelessdesktoparchitectureisideallysuitedforstandarddesktopenvironmentswherethedesktopimageisconsistentfromusertouser.Withproperapplicationdesign,itcanbeusedinbroad-usecases

• Largehealthcaredesktopenvironmentsaccessroutineapplicationsanddesktopworkflows.Statelessdesktops cloned from multiple master images can be provisioned on demand and reduce the cost of maintenance

• Inafailoversituation,thestatelessdesktopprovidesthebusinesscontinuityrequiredformission-criticaldesktop and application access within seconds

Storagereplicationconsistsoftwopartsormethods.First,thegoldendesktopimages(usedtodeploythindesktopsviaVMwareViewComposer)needtobereplicatedbetweensitestoensureconsistency.EMCstorageplatformscansupportbothfileandblockbasedreplication.Forthisarchitecture,bi-directional,file-basedreplication was used

Second, the end-user’s data needs to be replicated between sites to ensure continued access to files as the user connectedtodesktopsinvarioussites.Forthisarchitecture,weusedEMCReplicatortoreplicatethegoldenimages.WhilescaletestingofUserdatareplicationwasbeyondthescopeofthisproject,minimalreplicationtoprovefunctionalitywasaccomplishedusingMicrosoftDistributedFilesSystem(DFS).Alternatively,EMCAtmos(http://www.emc.com/storage/atmos/atmos.htm)couldhavebeenusedtomanagetheend-userfiles.

ThedesignsimulatesmultipleapplicationusecasessuchasEMRsoftwareinstalledwithinvirtualmachines,hostedbrain-scanningapplications(VitalImages),Single-SignOnclient-servercomponents(Imprivata),andtypicalknowledgeworkerofficeapplications(MicrosoftExchangeServer,AdobeAcrobat).ImprivataOneSignandVitalImagesappliancesareconfiguredforfailoverandhighavailability(HA).ActiveDirectoryisconfiguredwith HA enabled.

Desktop recovery is the process of enabling a user to gain access to a new desktop after their current desktop goesoffline/fails.Afailovereventwithinthisreferencearchitectureoccurswhenonesiteistakenoffline(theViewenvironmentbecomesinaccessible)andtheend-user’sViewsessiondrops/disconnects.Whenthe

http://www.emc.com/storage/atmos/atmos.htm



end-userattemptstoreconnect,theirdesktopsessionisfailedover(redirectedbytheCiscoACEappliances)tothe surviving View infrastructure.

Afailbackeventwithinthisreferencearchitectureoccurswhenthefailedsiteisre-enabled(Viewenvironmentbecomesaccessible).Theend-userwillnotautomaticallybeconnectedtotheiroriginal(primary)desktopuntilhedisconnectsfromhisfailedover(secondary)desktopandtriestoreconnecttotheViewenvironment.

FolderredirectionisaccomplishedusingMicrosoftADGPOs.TheGPOmapstheend-user’s“MyDocuments”foldertoaDFSglobalnamespace.

ImprivataOneSign®automaticallyandsecurelyconnectsuserstoapplicationsthatrequireauthentication,andconsists of the following parts:

•TheOneSignServerhoststheOneSignmanagementsystem,storesdata,providesnetworkservices,andmore. Managing OneSign hardware, network, and security settings, the server also manages all appliance functions(e.g.,Backup/Restore),andeachapplianceismanagedindependently.OneSignsettingsarecontrolled through the intuitive OneSign Administrator. The OneSign Server can be deployed as a pair of physicalorvirtualappliances.Eachapplianceisconnectedtothenetwork,andeachisconnectedtotheotherbyanisolatedfailoverconnection.TheappliancethathandlesthedailyOneSigntrafficistheprimaryappliance. The backup appliance is called the failover appliance.

•TheOneSignAgentsresideonclient-sideworkstationstomanageuseraccessanduploaduseractivitydatatotheAppliancePair.TheAgenthandlesauthenticationofuserslocallythroughpasswords,biometrics,orIDtokens with or without robust password policies. Once a user authenticates to the OneSign system, the user is automatically signed onto deployed applications as they are launched. The OneSign Agent handles the localtransactionofproxyingusers’credentialstoapplicationsanddomains.TheOneSignAgentdownloadscredential and application information from the OneSign Server at login and queries the server for changes at anintervaldeterminedontheOneSignAdministratorPropertiespage.

• TheOneSignAdministratorisaweb-basedinterfaceformanagingtheOneSignServerortheAppliancePair.

Audience

This document is intended for use by sales engineers, field consultants, advanced services specialists, and customers who will configure and deploy a highly available virtual desktop solution that provides Single Sign-On(SSO)capabilitiestoprovidedesktopsasamanagedservice.

Scope

Thisdocumentprovidesanoverviewofahighlyavailable,VMwareView4.6solutionleveragingmultiple(inthiscase,two(2))VblockInfrastructurePlatforms.EnterprisescannowrealizedesktopscalabilityandhighavailabilitybydeployingtheAlwaysOnPointofCaresolutionacrossmultipledatacenters.Atypicaldisasterrecovery plan usually only ensures business critical applications/environments are protected and recoverable. AlwaysOnPointofCareleveragesanActive-Activedesignmodel,whichensuresanend-userhasoneormorestandby desktop available at all times. Should a site go down, the end-users can quickly access their stand-by desktopsbyre-launchingtheViewclientontheirendpointcomputenode(laptop,thinterminal,desktop,etc.).

ThisRAillustratesahighlyavailable,virtualdesktopsolutionforhealthcareprofessionals,butcanbeleveragedin other end-user environments as desired.

ThefollowingaspectsareaddressedwithinthisRA:

•Anarchitecturaloverview.

•Failovervalidationresults.

•Descriptionsofthehardwareandsoftwarecomponentsusedintheconfigurationsofthecomputer,storage,network, and virtualization components of the solution.

• InformationforconfiguringaVblockplatformfordeployingVMwareView4.6.


R E F E R E N C E A R C H I T E C T U R E G U I D E / 1 0

Solution Purpose

TheVMwareAlwaysOnPointofCareSolutionontheVblockplatformsallows:

• Theconsolidationofadesktopenvironmentintooneormoreinfrastructuresbehindthefirewall,makingit easy to update the operating system, patch applications, ensure compliance, perform application migrations,andprovidesupportfromcentrallocations.Thesolutiondeliversaconsistentuserexperiencefor professionals whether they are within a hospital or at a remote location. Using this solution, less time is spent reacting to regulatory compliance and security issues, and more time can be spent adding value to the healthcare institution/facility.

•Theleveragingofsite-awaredistributionmechanismsandthedeploymentofmultipledesktopinfrastructures,so end-users always have access to their desktops.

•Asimplifieddesktopenvironmentwithpre-integrated,validatedunitsofinfrastructureprovidingvirtualizedcompute,network,andstorageresources.Withvalidatedconfigurations,onecansignificantlyreducethetimespent on testing and development. Therefore, time to production is accelerated.

VCEbuildsintegrated,validatedinfrastructurecalledVblockplatforms,builtfrombest-in-classcomponentsforcompute,network,storage,andvirtualization,fromCisco,EMCandVMware(respectively).Theseplatformsallow for massive consolidation and rapid provisioning of compute, network, and storage resources on an on-demand basis.

Business Challenge

The challenges related to traditional desktop deployment and day-to-day administration include lost laptops containingpatientdata,securitybreachesrelatedtovirusesorhackers,orsimplyensuringITresourcescanmaintaintherequiredservicelevelagreements(SLAs).Inadditiontothechallengesofoperationalmanagement,ITmustalsoconsiderimplicationsofbroadersystem-wideissuessuchascompliance,corporategovernance, and business continuity strategies.

Technology Solution

Enterprisesareturningtovirtualdesktoptechnologiestoaddresstheoperationalandstrategicissuesrelatedtotraditionaldesktopenvironmentsanddisasterrecovery/businesscontinuance(DR/BC).VMwareViewprovidesavirtualdesktopenvironmentthatissecure,costeffective,andeasytodeploy.VMwareViewalsohasthecapabilitytomeetthedemandingneedsofthedifferenttypesofuserprofileswhetherontheLANorontheWAN/MAN.CombiningVMware,CiscoACE,andImprivataSOSwiththeVblockplatformensureshighlevelsofuserexperienceanddesktopavailability,whichinturnmeansacceptanceofthevirtualdesktopdeployment within organizations.



About VMware View 4.6 Deliver rich, personalized virtual desktops as a managed service from a virtualization platform built to deliver theentiredesktop,includingtheoperatingsystem,applications,anddata.WithVMwareView4.6,desktopadministrators virtualize the operating system, applications, and user data to deliver modern desktops to end-users. Get centralized automated management of these components for increased control and cost savings. Improvebusinessagilitywhileprovidingaflexiblehighperformancedesktopexperienceforend-users,acrossavariety of network conditions.

VMware View 4.6 Architecture

Using VMware View’s virtual desktop infrastructure technologies, which include VMware View Manager’s administrative interface, desktops can be quickly and easily provisioned using templates. The technology permits rapid creation of virtual desktop images from one master image, enabling administrative policies to be set,andpatchesandupdatesappliedtovirtualdesktopsinminutes,withoutaffectingusersettings,data,orpreferences.

The VMware View 4.6 key components are:

View Connection Server:ActsasabrokerforViewclientconnections.ItauthenticatestheusersthroughtheActive Directory and then directs that request to the virtual desktop.

View Client: ClientsoftwareforaccessingthevirtualdesktopfromaWindowsPC,aMacPC,oratablet.TheadministratorcanconfiguretheclienttoallowuserstoselectadisplayprotocolsuchasPCoIPorRDP.

View Agent:Enablesdiscoveryofthevirtualmachineusedasthetemplateforvirtualdesktopcreation.Additionally, the agent communicates with the View client to provide features such as access to local USB devices, printing, and monitoring connections.

VMware View Manager: An enterprise-class desktop management solution that streamlines the management, provisioning, and deployment of virtual desktops. The View Manager is installed at the same time as the connectionserver,andallowstheusertoadministertheViewConnectionServer.ForthisRA,fourViewConnection Servers were deployed in each site to illustrate the internal load balancing.

Centralized Virtual Desktops: A method of managing virtual desktops that enables remote sites to access virtual desktops residing on server hardware in the datacenter.

VMware View Composer:AnoptionaltoolthatusesVMwareLinkedClonetechnologyemployingamasterimage to rapidly create desktop images that share virtual disks. This conserves disk space and streamlines management.



The following figure illustrates the VMware View physical architecture.

Figure 1: VMware View Physical Architecture



About Imprivata OneSign Authentication Management ImprivataOneSignAuthenticationManagementprovidesNoClickAccess™foruserauthentication,permittinguserstoaccessallworkstationsandapplicationstheyareauthorizedtouse.Password-relatedcallstotheIThelpdeskarevirtuallyeliminatedbycentrallymanagingeachuser’scompletecollectionofapplicationpasswordsandextendingseamlessandconvenientsinglesign-ontoanyenterpriseapplication.

•DeploysquicklywithoutinterferingwithexistingITinfrastructure.

All-in-one, appliance-based solution allows you to deploy in days, not months. OneSign enables you to leverage yourexistingLDAPuserdirectorywithoutrequiringmodificationstothedirectory.

•Built-insupportformultiplestrongauthenticationoptions.

Out-of-the-boxsupportisavailableforawidevarietyofstrongauthenticationmethodsincludingfingerbiometrics,proximitycards,smartcards,one-time-passwordtokensandquestionandanswer.StrongauthenticationtothedesktoporapplicationiscomplementedbyOneSignSecureWalk-Away,whichautomatically secures unattended computers from unauthorized access.

•Reducespassword-relatedhelpdeskcalls.

OneSignenablestheITstafftorapidlyenableanyapplicationforsinglesign-onwithouttheneedforscriptingor changing the end user’s workflow. Manages password changes within applications and enforces application passwordstrengthpolicies.PolicyoptionsallowenduserstodoSelf-ServicePasswordResetandlookuptheirapplication credentials.

•Streamlinesaccessworkflowsforbothlocalandremoteapplicationsanddesktops.

OneSignAuthenticationManagementoffersvariousworkflowsolutionsforsharedworkstationsincludingfastuserswitchingbetweenmultiple,concurrentWindowsdesktops,andsecurefastuserswitchingontopofagenericWindowsdesktops.

• Improvescomplianceandreportingefficiencywithdetailedvisibilityintouseraccessactivities.

OneSign records all application access events in a centralized database and can track activity down to the application screen level. At the push of a button, administrators can run any number of reports that can identify users sharing passwords to mapping what applications users have access to and what credentials they are using.

VMware View supports direct single sign-on from a local endpoint to a virtual desktop and bypasses the two logonpromptsforatypicalWindowssign-onexperience.VMwareViewworkswithleadingSSOproducts.

Fault tolerance/disaster recovery/site failover:Forfaulttolerancewithinasitethathasmultipleappliances,OneSign can accommodate a failure of one appliance with no interruption or degradation of service. Additional appliances at the site can provide higher levels of availability.



Ifanappliancefails(belowleft),otherappliancesinthesitetaketheload(belowright).

Figure 2: Imprivata Multi-Site Architecture

AppliancesinmultiplesitescanprovidefaulttolerancebyservingasbackupstooneanotheroveraWAN.Userenrollments,policies,andSSOdataareconstantlysynchronizedamongsites.Ifallappliancesinasiteare inaccessible, OneSign Agents can communicate with appliances in other sites and the switchover occurs automatically.Ifanentiresiteisdown,appliancesatanothersitecanserveagents.

Primary and secondary failover sites: ForeachsiteinyourOneSignenterprise,youcandesignateaprimaryandasecondaryfailoversite.GototheSitestabunderPropertiesanddrilldowntoaspecificsitetosetanassignment. You do not need to specify failover rules at an appliance level. OneSign Agents automatically fail over to appliances within the same site first and only then will fail over to an appliance within the failover sitesspecified.Usersarealwayschallengedwhenfailingovertoanapplianceinanothersite(becauseanewOneSignsessionmustbeestablished).

Agent determination of a home site:EachAgentdeterminesitshomesitebasedontheworkstation’sIPconfiguration.AccordingtotheOneSignenterprisetopology,eachactivesitehasalistofIPaddressrangesfor subnets belonging to this site. The initial attempt to determine the Agent’s home site involves matching theworkstationIPaddressagainstanyrangeinanysite.Ifarangeisfound,thenthesiteowningthisrangeisconsidered to be the home site for the Agent.

IncasethisdirectIPmatchingfails,theAgentanalyzestheroutingtableontheworkstation.TheroutelookupinvolvestryingtofindaroutethatcoversanyIPrangeforanysite.RoutelookuphelpstodeterminelocationforaVPNclientoutsidethecorporatenetworkwhendirectIPaddressmatchingdoesnotwork.

IPrangesarenotmeantforrestrictingaccess.Instead,theyhelpdeterminethepreferredsitetouse.Withthisinmind,inmostcorporateenvironmentsthereexistsanon-defaultroutetothecorporatenetwork.Therefore,forseveralsiteswithrestrictiveIPrangeswithinthecorporatenetworksub-net,thefirstonewillbechosenthrough the route rules.

Agent failover: Once all servers in the home site become unavailable, Agents will switch to using a failover site (ifspecified).Afterafailoveriscompleted,theOneSignsessionwillpreservetheconnectiontotheappliancein the failover site for the duration of the session lifetime. Once appliances in the home site become available again, new sessions authenticated on computers that belong to this site will start connecting back to the home site. However, active sessions do not automatically switch back. To force Agents to fail back to the active session, users must lock and unlock their OneSign session or log out and log back in.



Application SSO Configuration

TherearethreekeycomponentstotheImprivataarchitecture:

• TheOneSignAppliances,whichhosttheOneSignmanagementsystem,storedata,providepolicyatboththeuserandmachinelevel,fulfillnetworkauthenticationrequests,andenableEnterpriseSingleSign-On.

• TheOneSignAgents,whichresideonclient-sideworkstationstomanageuseraccessanduploaduseractivitydata to the Appliances.

•TheOneSignUI,whichisaweb-basedinterfaceformanagingOneSignandtheAppliancesintheenterprise.

ThisdistributedAlwaysOnPointofCaredesign:

•Providesscalabilityandperformance:Supporthundredsofthousandsofusersbyaddingappliancesasneeded. Maintain authentication time by load sharing across appliances.

•Enablesuserroamingacrosssites:Shareandmaintainenrollments,policies,andSSOservices.Manageusers,computers, and policies centrally.

• Increasesup-timewithlocalandremotefaulttolerance:FailoveracrossLAN/WANtoappliance(s)inthesameor another site.

•AllowsOneSignappliancestobeplacedinmultiplelocations:ThelicenseusedinthedesignisOneSignEnterprisewithaclusteroffouractiveappliancesovertwositesthatcanbeconnectedoverLANand/orWAN.TheOneSigndatabaseisreplicated&synchronizedandOneSignagentscanfailoveracrosstheWAN.

Figure 3: AlwaysOn Distributed Architecture

The workload simulation performs knowledge worker desktop performance with 400 concurrent users accessingthesystems.Theconfigurationissetashot-standbyDRandnoactionisrequiredbytheend-user.After the failover event, users can retrieve a new stateless desktop instantly and continue a desktop and application workload.



Vblock™ Infrastructure Platform

Figure 4: Vblock Infrastructure Platform

ThebuildingblocksofaVblockInfrastructurePlatformcomprisecoretechnologiesthattogetherprovidetemplate-based virtualization. Using template-based virtualization to allocate and provision resources, an enterprise can:

•Reduceperformancebottlenecksandconfigurationerrorsthroughautomationofresource configuration tasks.

•Enabletherapiddeploymentofresourcesusingatemplate,therebyreducingoperationalexpensesandcosts.

Management Solution

EMCIonixUnifiedInfrastructureManager/ProvisionCenter(UIM/PC)providessimplifiedmanagementforVblockInfrastructurePlatformsbycombiningprovisioningaswellasconfiguration,change,andcompliancemanagement.

Figure 5: Vblock Management



Key Features

•ManageVblockInfrastructurePlatformsasasingleentity.

• Integratewithenterprisemanagementplatforms.

•ConsolidateviewsintoallVblockInfrastructurePlatforminfrastructurecomponents,includingcompute,network, and storage.

•Achievesystem-widecompliancethroughpolicy-basedmanagement.

•Easilydeployhardwareandsoftware,ESXiandinfrastructureprovisioning,anddisasterrecoveryinfrastructure.

WithEMCIonixUIM/PC,youcancombinemanagementoftheindividualcomponentsinVblockInfrastructurePlatformsintoasingleentitytoreduceoperationalcostsandeasethetransitionfromphysicaltovirtualtoprivate cloud infrastructure. Centralizing provisioning, change control, and compliance management across VblockInfrastructurePlatformsreducesoperatingcosts,ensuresconsistency,improvesoperationalefficiency,andspeedsdeploymentofnewservices.WithEMCIonixUIMtakingcareofyourVblockInfrastructurePlatform,you can more easily make the management transition from physical to virtual to private cloud infrastructure.

Comparedtobuildingandintegratingpiecesindividually,theadvantagesprovidedbyUIM’sintegratedmanagement solution become obvious. Although some tools integrate basic health and performance data from the compute, network, and storage domains, the operationally critical areas of configuration, change, and compliance management remain separate for the most part. This type of disjointed, distributed management can result in:

•Higherongoingoperationalcostsandreducedongoingoperationalefficiency.

• Slowerservicedeployments.

• InconsistentmanagementacrossVblockInfrastructurePlatforms.

• Inabilitytoautomaticallyensureconfigurationsforaccuracyandcompliance.

• Inabilitytosimultaneouslyandeasilyrestoremultipleelementstoacompliantstate.

• LessoverallflexibilityinsupportingtheITneedsofthebusiness.

Virtualization Operating System

VMware’svSphere4.1providesthecloudoperatingsystem.TheVblockInfrastructurePlatformconvergedinfrastructureadoptstheESXiHypervisorArchitecture.ESXihasanultra-thinfootprintandsetsanewbarforsecurityandreliability.Withnewmemorymanagementandexpandedresourcepoolingcapabilities,VMwarevSphere 4.1 accelerates the evolution of datacenters and service providers into cloud computing environments.

Compute and Network Solution and Components

Cisco’sUnifiedComputingSystem(UCS)isthebackboneofthevirtualinfrastructure,providingadatacenterarchitecture for an administrator that is easy to use and manage. The platform, optimized for virtual environments, is designed with open industry standard technologies and aims to reduce TCO and increase businessagility.Thesystemintegratesalow-latency,lossless10GigabitEthernetunifiednetworkfabricwithenterprise-class,x86-architectureservers.Thesystemisanintegrated,scalable,multi-chassisplatforminwhichallresourcesparticipateinaunifiedmanagementdomain.AsofthewritingofthisRA,VblockInfrastructurePlatformssupporttheB200M2,B230M2,B250M2,andB440M1blades,withadditionalbladesbeingqualifiedovertime.TherightchoiceofbladeisdependentonCPUandmemoryrequirementsoftheapplicationshostedon the system.



Network Infrastructure and Design

Figure 6: Network Infrastructure



Storage Solution and ComponentsEMC’sCelerrastoragetechnologiesprovideadministratorswiththetoolstomanageandmaintaineachend-user’sdataandapplicationsinthevirtualdesktopinfrastructure.UsingtheEMCCelerraandahostofbest-of-breed software applications, administrators have a comprehensive set of solutions to maintain administrative andsecuritypolicies.UsersoftheEMCCelerrawillbenefitfromprovenfiveninesavailabilityandinnovativetechnologieslikeEnterpriseFlashDrives,FullyAutomatedStorageTiering(FAST),andVirtualProvisioning.

PowerPath/VE(virtualedition)isincludedforintelligentpathroutingandoptimizedloadbalancingacrossallVblockplatforms.EMCPowerPath/VEenablescustomerstoimproveperformanceandsimplify,standardize,and automate storage path management across the virtual environment.

Storage Infrastructure and Design

Figure 7: Storage Infrastructure



Application Delivery Control (ADC) and Network Load Balancing (NLB)

Cisco Application Control Engine (ACE)

Cisco®ApplicationControlEngine(ACE)istheindustry’sonlyvirtualizedload-balancingandApplicationDeliverySolution(ADC)designedtomeettherequirementsoftoday’sapplicationdelivery.CiscoACEisa state-of-the-art virtualized load balancer and an application delivery solution that includes server load balancing, content switching, server offloading, and application optimization.

Serverloadbalancing,theprimarycapabilityoftheCiscoACE,isamechanismfordistributingtrafficacrossmultipleservers,offeringhighapplicationavailabilityandserverresourceutilization.Flexibleapplicationtrafficmanagement,offloadingofCPU-intensivetaskssuchasSSLencryptionanddecryptionprocessing,andTCPsessionmanagementimproveserverefficiency.FromwithinVMwarevCenter,usingthefunctionsintegratedbythe plug-in, the user can:

•Deployvirtualmachinesasrealserversintoanexistingserverfarm.

•MonitorapplicationtrafficflowforvirtualmachinesthroughtheCiscoACE.

•SecurelyactivateandsuspendapplicationtrafficflowsthroughtheCiscoACEfortheassociatedrealservers.

Single-paneprovisioning,applicationtrafficmonitoring,andoperationsmanagementstreamlinethedeployment of services and the maintenance operations for applications and virtual machines. Organizations do not need to undertake a separate integration or management application development project to gain these functions.

Figure 8: Cisco ACE/ANM vCenter Integration



TheCiscoApplicationControlEngine(CiscoACE)providesahighlyavailableandscalabledatacentersolutionfromwhichtheVMwareViewenvironmentcanbenefit.TheCiscoACEisavailableasanapplianceorintegratedservicesmoduleintheCiscoCatalyst6500platform.UsingIPaddresspolices(orotheridentifiers),asingleViewConnectionFQDNcanbeconfiguredtointelligentlydistributerequestsforvirtualdesktopstothemultipleVMwareViewenvironmentsand,ifdesired,tooffloadtheSSLencryptiontoensurebetterutilizationofView Connection Server resources.

TheCiscoACEfeaturesandbenefitsincludethefollowing:

•Devicepartitioning(upto250virtualCiscoACEcontexts).

• Load-balancingservices(upto16Gbpsofthroughputcapacityand325,000Layer-4connectionspersecond).

•Centralized,role-basedmanagementthroughApplicationNetworkManager(ANM)GUIorCLI.

• SSLoffload(upto15,000SSLsessionspersecondthroughlicensing).

• Supportforredundantconfigurations(intra-chassis,inter-chassis,andinter-context).

CiscoApplicationNetworkingManager(ANM)SoftwareispartoftheCiscoApplicationControlEngine(ACE)productfamily.Itisacriticalcomponentofanydatacenterorcloudcomputingarchitecturethatrequirescentralized configuration, operation, and monitoring of Cisco datacenter networking equipment and services. CiscoANMprovidesthismanagementcapabilityforCiscoACEdevices.

CiscoANM4.1integratesintoVMwarevCenter,allowingaccesstoCiscoANMtoadd,delete,activate,andsuspendtrafficandchangeload-balancingweightsforserversbenefitingfromCiscoACEload-balancingservices.Additionally,userscanalsoaccessANM’srealservermonitoringgraphs,greatlyenhancingusers’ knowledge of the true operations of their applications in real time. To speed implementation, server administratorscannowuseCiscoANMdiscoverytoolstoautomateimportationandmappingofvirtualmachinestoexistingCiscoACErealserversasshownbelow.

Figure 9: Cisco ACE vCenter Plug-in

CiscoACEoptimizesoverallapplicationavailability,security,andperformancebydeliveringapplicationswitching and load balancing. Below is the configuration used for this reference architecture:

crypto csr-params ACE country US state GA common-name desktops.rtp.vce.com



access-list VDI line 8 extended permit tcp any any eq www access-list VDI line 16 extended permit icmp any any access-list VDI line 24 extended permit tcp any any eq https

probe icmp PING interval 3 faildetect 1 passdetect interval 5 passdetect count 1

rserver host ProxyA-1 ip address 10.1.56.49 inservicerserver host ProxyA-2 ip address 10.1.56.54 inservicerserver host ProxyB-1 ip address 10.1.68.49 inservicerserver host ProxyB-2 ip address 10.1.68.54 inservicerserver redirect REDIRECT-TO-HTTPS webhost-redirection https://%h%p 301 inservice

serverfarm host HAproxyFarm-A probe PING rserver ProxyA-1 80 inservice rserver ProxyA-2 80 inserviceserverfarm host HAproxyFarm-B probe PING rserver ProxyB-1 80 inservice rserver ProxyB-2 80 inserviceserverfarm redirect REDIRECT-HAproxyFARM rserver REDIRECT-TO-HTTPS inservice

parameter-map type ssl vDesktop_SSL_Parameter_Map authentication-failure ignore

sticky ip-netmask 255.255.255.255 address source HAproxyFARM-A-STICKY timeout 5 replicate sticky serverfarm HAproxyFarm-A backup HAproxyFarm-Bsticky ip-netmask 255.255.255.255 address source HAproxyFARM-B-STICKY timeout 5



replicate sticky serverfarm HAproxyFarm-B backup HAproxyFarm-A

ssl-proxy service Desktops-SSL key desktops.rtp.vce.com cert newdesktops.cerssl-proxy service SSL_SERVICEssl-proxy service proxy-1 key key.pem cert cert.pemssl-proxy service vDesktop_SSL_Proxy key desktops.rtp.vce.com cert newdesktops.cer ssl advanced-options vDesktop_SSL_Parameter_Map

class-map match-all HTTP-VIP 2 match virtual-address 10.1.54.16 tcp eq wwwclass-map match-all HTTPS-VIP 2 match virtual-address 10.1.54.16 tcp eq httpsclass-map type http loadbalance match-any SiteA-Subnet 2 match source-address 10.1.80.0 255.255.255.0 3 match source-address 10.1.81.0 255.255.255.0 4 match source-address 10.1.82.0 255.255.255.0 5 match source-address 10.0.1.0 255.255.255.0class-map type http loadbalance match-any SiteB-Subnet 2 match source-address 10.1.83.0 255.255.255.0 3 match source-address 10.1.84.0 255.255.255.0 4 match source-address 10.1.85.0 255.255.255.0 5 match source-address 10.1.55.0 255.255.255.0 6 match source-address 10.223.252.128 255.255.255.128

policy-map type loadbalance first-match HAproxy-VIP-LB-POLICY class SiteA-Subnet sticky-serverfarm HAproxyFARM-A-STICKY class SiteB-Subnet sticky-serverfarm HAproxyFARM-B-STICKY class class-default sticky-serverfarm HAproxyFARM-A-STICKYpolicy-map type loadbalance first-match HTTP-VIP-l7slb class class-default serverfarm REDIRECT-HAproxyFARMpolicy-map type loadbalance first-match HTTPS-VIP-l7slb class SiteA-Subnet sticky-serverfarm HAproxyFARM-A-STICKY class SiteB-Subnet sticky-serverfarm HAproxyFARM-B-STICKY class class-default sticky-serverfarm HAproxyFARM-A-STICKYpolicy-map type loadbalance first-match REDIRECT-POLICY class class-default serverfarm REDIRECT-HAproxyFARMpolicy-map type loadbalance first-match VIP-VDI-l7slb



class SiteA-Subnet sticky-serverfarm HAproxyFARM-A-STICKY class SiteB-Subnet sticky-serverfarm HAproxyFARM-B-STICKY class class-default sticky-serverfarm HAproxyFARM-A-STICKY

interface vlan 314 ip address 10.1.54.14 255.255.255.0 peer ip address 10.1.54.13 255.255.255.0 access-group input VDI nat-pool 1 10.1.54.15 10.1.54.15 netmask 255.255.255.255 pat service-policy input VDI-LB no shutdown

ip route 0.0.0.0 0.0.0.0 10.1.54.1

snmp-server contact “ACE”snmp-server location “RTP”snmp-server community public group Network-Monitor

snmp-server host 10.0.1.45 traps version 2c public

snmp-server enable traps slb vserversnmp-server enable traps slb realsnmp-server trap link ietf

HAProxy

HAProxyisafree,veryfastandreliablesolutionofferinghighavailability,loadbalancing,andproxyingforTCPandHTTP-basedapplications.ItisparticularlysuitedforwebsitescrawlingunderveryhighloadswhileneedingpersistenceorLayer7processing.Supportingtensofthousandsofconnectionsisclearlyrealisticwithtoday’shardware.Itsmodeofoperationmakesitsintegrationintoexistingarchitecturesveryeasyandriskless,whilestillmakingitpossibletoavoidexposingfragilewebserverstotheInternet,suchasbelow:

Figure 10: HAProxy Design



HAProxyimplementsanevent-driven,single-processmodelthatenablessupportforaveryhighnumberofsimultaneous connections at very high speeds. Multi-process or multi-threaded models can rarely cope with thousands of connections because of memory limits, system scheduler limits, and lock contention everywhere. Event-drivenmodelsdonothavetheseproblemsbecauseimplementingallthetasksinuser-spaceallowsafiner resource and time management. The down side is that those programs generally don’t scale well on multi-processorsystems.That’sthereasonwhytheymustbeoptimizedtogetthemostworkdonefromeveryCPUcycle.

TheHAProxycanbedownloadedfromhttp://haproxy.1wt.eu/ and is known to reliably run on the following OS/Platforms:

Linux2.4onx86,x86_64,Alpha,SPARC,MIPS,PARISC

Linux2.6onx86,x86_64,ARM(ixp425),PPC64

Solaris8/9onUltraSPARC2and3

Solaris10onOpteronandUltraSPARC

FreeBSD4.10-6.2onx86

OpenBSD3.1to-currentoni386,amd64,macppc,alpha,sparc64andVAX(checktheports)

OncetheLinuxVMwasimplementedandtheHAProxyinstalled,the/etc/haproxy/haproxy.cfgfilewasmodifiedtosupportbasicHTTP(80)loadbalancingacrossthefour(4)ViewConnectionServersineachsite.

global log 127.0.0.1 local0 log 127.0.0.1 local1 notice user haproxy group haproxy maxconn 4096 daemondefaults applications HTTP log global mode http balance roundrobin option dontlognull option redispatch contimeout 10000 clitimeout 300000 srvtimeout 300000 maxconn 60000 retries 3listen http 10.1.68.49:80 cookie SERVERID insert nocache indirect server vgangabvmvcs01 vgangabvmvcs01.rtp.vce.com:80 cookie sa1 check server vgangabvmvcs2 vgangabvmvcs2.rtp.vce.com:80 cookie sa2 check server vgangabvmvcs3 vgangabvmvcs3.rtp.vce.com:80 cookie sa3 check server vgangabvmvcs4 vgangabvmvcs4.rtp.vce.com:80 cookie sa4 checklisten stats bind 10.1.68.49:8888 stats uri /

http://haproxy.1wt.eu/



Thelastcomponentoftheconfigurationabove(listenstats)enablesaweb-basedGUIthatillustratesthecurrent status of the load balanced hosts as shown below:

Figure 11: HAProxy Statistics Report

AlwaysOn Desktop Design Approach Individuallaptopsanddesktopsaremanagedasstandaloneentitiesresidingoutsideofthedatacenterenvironment and are not always subject to an organization’s information security, backup and recovery, and applicationusagepolicies.AsenterprisesandITorganizationsrequiremoresecure,highlyavailable,andefficientmeansformanagingcorporateresources,theneedtobringalloftheseresourcesunderthecontrolofacentralizeddatacentermanagedbyITbecomesparamount.VMwareView,CiscoACE,ImprivataSSOandVblocktechnologiesallofferthecapabilitiesforacentralizeddatacentermanagedbyIT.

ThisReferenceArchitecture(RA)hasbeendesignedasalowimpact,cost-effectiveapproachtobringalloftheseresourcesunderthecontrolofthedatacenterusingVMware,Cisco,EMC,andImprivatatechnologies,while providing a rich, single view of an end-user’s applications and data.



Architecture and Design of VMware View on VCE Vblock Platforms ThefollowingdiagramshowsthelogicaltopologyfortheAlwaysOnPointofCareReferenceArchitecture:

Figure 12: AlwaysOn Desktop Logical Diagram .

Compose/Recompose Best Practices TheViewdesktopplatformconsistsoftwoindependentViewimplementations,withoneateachsite.Ineachofthesesites,apoolofdesktopswillbecreatedfromthesamemasterimage.Whilethesepoolsareessentiallyseparate from each other, building them with the same naming conventions and using the same master image will give the end-user the perception that they are identical.

One site should be designated as the source for the master image that both sites will be using. Changes should not be made to the master image on the non-source site. This will allow the VM to be updated via storage replication.

Note:Changestothemastershouldbethoroughlytestedbeforedeployingtoeitherproductionpool.Considermaking a small test pool for beta users to ensure that any updates are fully functional.



Inbothsites,poolswithidenticalconfigurationoptionsshouldbecreatedusingthesamemasterimage.Generallytheseshouldbe“floating”poolsofdesktopsthatare“refreshed”orrolledbacktotheiroriginalstateaftereachuserlogsoff.Thispreventstheunnecessarybuildupoftemporaryfilesandpersonalinformationoneach desktop.

Whensizingthepools,takeintoaccountthemaximumsizeofthepoolduringfailover.Thepoolshouldhavethecapacitytohandle(orexpandtohandle)100%oftheusersineventofanemergency.Provisioningextradesktopsupfrontwillallowforfasterlogoninanemergency.Theunuseddesktopscanbeleftpoweredofftoconserveresources,buteachstep(includingapoweronoperation)thatneedstobeperformedatfailoveraddstimetotheuser’slogonexperience.

Tomaintaintheidenticalappearance,itisadvisabletobuildandprepthemasterimage,allow(orforce)ittoreplicate from the source to the non-source location before composing either location. Once the master image is in place at both sites, a typical compose or recompose operation can be performed.

Note: This is not a fully automated process. The administrator should perform the same task on the pool at bothsitesandsettheoptionsidenticallyasmuchaspossible.End-userscouldnoticeanydifferencesinnamingor configuration.

Ifdesktopavailabilityismorecriticalthanhavingthelatestversionoftheimage,administratorscansimplychangethe“DefaultImageforNewDesktops”onthepoolandsettherecomposetooccuronuserlogoff.This will gradually replace the older images with the newer updated version as desktops become available for maintenance.

Ifhavingaspecificversionofthedesktopimageisahigherpriorityandadowntimewindowisestablished,theentirerecomposeofapoolcanbecompletedbyforcinguserstologoff.Thiswilltakelesstimetocompleteandwill keep the pools in a more consistent state, but will prevent use of the pools during the operation.

Forenvironmentswithmorethanonepoolormorethanonemasterimage,theprocessisthesameonapool-by-pool basis:

•DesignateaSourcesiteforthemasterimage,anddonotmodifythatimageonanyothersite.

•MakesurethatthemasterimagevirtualmachineisbeingreplicatedeffectivelyfromtheSourcetotheNon-Source site.

•AnyactionthatisperformedonthepoolattheSourcelocationshouldalsobeperformedattheNon-Sourcesite.Thisincludespoolcreation,userentitlement,recomposeoperations,applicationentitlement(whereused),andothergeneralmodificationofpoolsettings.

Notallpoolsneedtobeprotected.Ifyouhavepoolsthatdonotperformcriticalfunctions,chooseasiteforthatpoolanddonotperformthereplicationorpoolcreationstepsontheothersite.Ifthatsitebecomesunavailable, so will the desktops associated with it.

Note:Ifapoolisonlygoingtoexistinonesite,usersofthatpoolwillneedtobedirectedtothatsitebythetop-level load balancers.

Choosing some pools for protection and leaving other non-critical pools out of the process could substantially reduce the overall hardware costs.



Client Access DevicesVMware View supports client/endpoint devices for accessing virtual desktop deployment including:

Zero Client

TeradiciPCoIPPortalProcessor

OperatingSystemIndependent

Support for graphic intensive applications including 3D graphics, CAD, video animation and more

Secure and risk-free from viruses

Multi-monitor support

Support for VMware View

Thin Client

OperatingsystemscanbeWindowsEmbeddedStandard,WindowsXPe,CE,Linux,orproprietarydistribution

Multi-monitor support

Support for VMware View

Secure lockdown, but endpoint security protection is required

Inaddition,VMwareViewClientalsorunsontheAppleiPadtabletandtraditionalnotebookcomputersfordesktop mobility access.

ForthefullaccesstotheVMwareViewHCL, visit: http://www.vmware.com/resources/compatibility/search.php?deviceCategory=vdm

Solution Validation

VCE Vblock Platform Configuration Details

ThissectionprovidestheVblockPlatformconfigurationdetails:

Hardware

Cisco

Nexus5010and5020Switches(SiteAused5010s,andSiteBused5020s)

UnifiedComputingSystemwith(persite):

Two(1)B200M2SeriesBladeswith3.33GHzIntelXeon6coreCPU,96GBRAM (using12,8GB1067MHzDIMMs)

Two(2)B250M2SeriesBladeswith3.33GHzIntelXeon6coreCPU,192GBRAM (using48,4GB1067MHzDIMMs)

One(1)B440M1SeriesBladeswith2.266GHzIntelXeon8coreCPU,128GBRAM (using32,4GB1067MHzDIMMs)

EMC

One(1)CelerraNS960Storagearray(persite)

http://www.vmware.com/resources/compatibility/search.php?deviceCategory=vdm



Software

Cisco

NX-OS5.0(2)N2(1)on5010

NX-OS4.2(1)N2(1)on5020

UCSManager1.3(1p)

EMC

CelerraDART6.0.40-5

CLARiiONFLARE4.30.00.5.512

PowerPath/VE5.4SP2(build298)

IonixUnifiedInfrastructureManager(UIM)2.1.0.0.543

Unisphere Management Console 1.0.0.14

VirtualStorageIntegrator(VSI)forVMwarevSphere4.0.1.67

VMware

vSphereESXi4.1–Patch1(320092)

vCenterServer4.1–Update1(345043)

vCenter Update Manager 4.1

View4.6(366101)

ViewAgent(4.6.0-366101)withVMwareSVGA3DDriver(7.14.1.49)

Other

RequiredinadditiontotheabovecomponentsisanenvironmentwithActiveDirectory,CA,DFSwithreplicationenabled,DNS,DHCP,andMicrosoftExchange2010.



Additional Components Configuration Details This section provides the additional components configuration details that are not validated on a Vblock Platformconfiguration:

Hardware

Cisco

ACE4710Appliances(sharedbybothsites)

Catalyst3750switches(sharedbybothsites)

Catalyst6506switch(sharedbybothsites)

MDS9506(bothsitessharedtheMDSinfrastructure)

Nexus7010Switches(sharedbybothsites)

Wyse

Z90Terminals

Software

Cisco

ApplicationNetworkingManager(ANM)4.2(0)

ACEOSA4(2.1)

ACE/ANMvCenterPlug-in1.0.1

IOS12.2(55)SE1on3750s

IOS12.2(33)SXI5on6506

NX-OS4.2(5)on9506

NX-OS5.1(2)on7010s

Other

HAProxy1.4.10

ImprivataOneSignSSO4.5-27(virtualappliance)

VitalImagesVitreaCore6.0Update02

VMwareReferenceArchitectureWorkloadSimulator(RAWC)1.2.0.0

WindowsXPeSP3onWyseTerminals



Unified Computing System Configuration FollowingaretheconfigurationdetailsoftheCiscoUnifiedComputeSystemthatwasimplementedpriortoleveragingtheEMCIonixUnifiedInfrastructureManager(UIM)toprovisiontheVMwareESXihosts.

Assumptions:UIMhasbeenpre-configuredontheVblockplatformaccordingtotheinstallationguide.

LAN Configuration

VLANs

ThefollowingfigureshowsthelistofVLANsconfiguredineachVblockPlatformandusablebyUIM.ThedVLAN##VLANsareusedfortheViewdesktopsthemselves.

Figure 13: Site A VLANs

Figure 14: Site B VLANs

MACPools

VerifythattheMACpoolisdefinedinUIM.

Figure 15: UIM MAC Pools



NetworkDiagram

Figure 16: AlwaysOn Desktop Network Diagram

SAN Configuration (VCE)

VSANs

ThefollowingfigureshowsthelistofVSANsconfiguredineachVblockPlatformandusablebyUIM.

Figure 17: Site A & B VSANs



WWNPools

VerifythattheWWNpoolisdefinedinUIM.

Figure 18: UIM WWN Pool

Storage Connectivity Diagram

Figure 19: AlwaysOn Desktop Storage Diagram



Storage Array (EMC Celerra NS960) Configuration

TheCelerraNS960storagesystemintheVblockPlatformswasusedfortestingthevirtualdesktopdeployment.TheESXclusters,whichcontainedhostsfromtwochassis,weremappedtofourfront-endportsoftheCLARiiONportionoftheCelerra.Allthevirtualdesktopfiles(i.e.,vmdks,vmx,logs,etc.)werelaidoutonFibreChannel(FC)disksatthearrayback-end,excepttheVMswapfile,whichwaslaidoutonSATAdisksatthearrayback-end.BelowisanillustrationoftheESXiVirtualMachineSwapfileLocationconfiguration.

Figure 20: ESXi Host Swapfile Location

Additionally,theESXiclusterSwapfileLocationpropertyneedstobemodified:

Figure 21: vCenter Cluster Swapfile Location

CLARiiON Pools, RAID Groups and LUNs

Asinglepoolnamed“Pool0-AlwaysOnPointofCare”wascreatedusingfifty(50)FC15KRPM450GBdrivesinaRAID5configurationwithFASTCacheandenabledusingfour(4)200GBEFDs.

Figure 22: EMC FAST Cache Configuration



The pool was used for storing the View linked clones and replicas of the user desktops. The details of the storage pool are shown below.

Figure 23: Storage Pool Configuration

RAIDGroupsnamed“RAIDGroup1”(RG1)and“RAIDGroup2”(RG2)werecreated.RG1usesfour(4)FC15KRPM450GBdrivesina3+1RAID5andRG2useseight(8)SATA7.2KRPM2TSBdrivesina6+2RAID6configurations.

Figure 24: RAID Group Configuration

LUNsfromRG1hadFASTCacheenabledandwereusedtostorethe15GBbootLUNsfortheESXihostsandseveral250GBinfrastructureLUNsforgeneralusebytheenvironment.LUNsfromRG2didnothaveFASTCache enable and were used to store the virtual desktop VM swap files.

Figure 25: Storage Group Configuration



Celerra File Systems and NFS Exports

Asinglefilesystemsupportedbyfive(5)FC15K450GBdrivesinaRAID54+1configurationwasexportedviaNFSandusedtostorethegoldendesktopimages.Asynchronous,cross-sitereplicationwasconfiguredtocopyeach site’s golden desktop image to the other site for safekeeping.

Figure 26: EMC Replicator Configuration

Microsoft Distributed File System

DistributedFileSystem(DFS)isasetofclientandserverservicesthatallowsanorganizationusingMicrosoftWindowsserverstoorganizemanydistributedSMBfilesharesintoadistributedfilesystem.DFSprovideslocation transparency and redundancy to improve data availability in the face of failure or heavy load by allowingsharesinmultipledifferentlocationstobelogicallygroupedunderonefolderorDFSroot.

DFShastwomajorlogicalcomponents.First,DFSnamespacesprovideanabstractionlayerforSMBnetworkfileshares,allowingonelogicalnetworkpathtobeservedbymultiplephysicalfileservers.Second,DFSsupportsthereplicationofdatabetweentheserversusingDFSReplication(DFSR).ForthisRA,adomain-basedDFSnamespacewasusedtostoreuserdataandDFSRwasusedtocross-sitereplicatethefilestoensureuser access during a site outage.

Adomain-basedDFSnamespacestorestheDFSconfigurationwithinActiveDirectory.TheDFSnamespaceroot is accessible at \\domainname\<dfsroot> or \\fq.domain.name\<dfsroot>. The namespace roots do not havetoresideondomaincontrollers,theycanresideonmemberservers.Ifdomaincontrollersarenotusedasthe namespace root servers, then multiple member servers should be used to provide full fault tolerance.

Figure 27: Microsoft DFS Architecture



VMware Datastores

Below is a picture outlining the details from a vCenter perspective for Site A. Site B was configured in the same manner.

Figure 28: Datastore Configuration

Blade Provisioning and OS Installation (VCE)

UsingUIMDashboard,InfrastructureServiceCatalog,andfullyautomatedInfrastructureProvisioningCenter,asingleITadministratorcannowprovisioninfrastructureserviceswithjustafewclicks,allwhileensuringcompliancewithapprovedstandards.Infrastructureservicesaredeployedmuchfaster,withreducedcostsandsubstantiallyfewerpeople,allowingexpensive,cross-domainITteamstofocusonmorestrategicinitiatives.

Oncealltheresourcesarediscoveredandgraded,UIMallowsanadministratortocreateaserviceofferingasshowninthefigurebelow.Serviceofferingstemplatizeanddesignatethetypeandamountofresources.Administratorscanreuseserviceofferingstodeployadditionalresourcesastheneedarises.

Figure 29: UIM Service Offering



Oncetheserviceofferingiscreated,itisactivatedandplacedintheUIMServiceManagerforuseinprovisioningtheresources.FromtheServiceManager,serviceofferingsareprovisioned(resourcesallocatedandlockeddown)andactivated(OSinstalled)asillustratedbelow.

Figure 30: UIM Service Manager



VMware Virtual Infrastructure

VMware vSphere ESXi Servers

IneachVDIenvironment/site,therewerethree(3)ESXiserversimplementedtosupportthevirtualdesktopsandtwo(2)ESXiserversimplementedtosupportthevSphereandViewinfrastructures(seeSiteAandSiteBfiguresbelow).Additionally,two(2)ESXiserverswereimplementedtomanagetheRAWCtestharness,andtwo(2)ESXiserverswereleveraged(othernon-RAworkloadswerealsoonthesehosts)tosupporttheMicrosoftExchange2010andVitalImagesservers(seeSiteCfigurebelow).

Figure 31: Site C Workload Generation and Shared Applications



Figure 32: Site A Resources

Figure 33: Site B Resources

VMware vSphere Advanced Parameters

Nospecificadvancedparametersweretunedforthistesting.AlltheVAAIparameterswereleftturnedon by default.



Datastores

Eight(8)499GBdatastoresforstoringtheViewLinkedClonesandReplicaslabeled“Desktop_LUN_XX.”

One(1)99GBdatastorelabeled“SiteA_Gold”usedspecificallytostoregoldenimagesofvirtualdesktops,whicharereplicatedasynchronouslytoSiteB.AsimilardatastoreisconfiguredinSiteB(labeled“SiteB_Gold”)and is replicated asynchronously to Site A.

Three(3)1TBdatastoresforstoringtheVMswapfilesforeachvirtualdesktop.

Three(3)249GBdatastoresforstoringtherequiredinfrastructureVMs.

Figure 34: Site A Datastores



VMware View 4.6 Inthisenvironment,fourViewConnectionServerswereusedtoillustratelocalloadbalancing.(Note:Asingleconnectionservercouldhavehandledall400desktops.)ThefollowingfigureshowsvCenterServerIntegrationwithVMwareView4.6.ItalsoshowsthatVMwareComposerisenabled.

Figure 35: Site A vCenter/View Composer Settings

The following figure shows the View Connection Servers and related configuration information.

Figure 36: Site A View Connection Servers



EachViewConnectionServerconfigurationhadtobemodifiedtosupporttheuseofCiscoACESSLencryptionoffloading as shown below.

Figure 37: View Connection Server Configuration

Inaddition,theeventdatabasewasconfiguredtologalltheeventsoccurring.Thefollowingfigureshowstheconfiguration details.

Figure 38: View Event Database Configuration

Virtual Desktop Pools

Fortestingthevirtualdesktopenvironment,twoDesktoppoolswith200desktopsperpoolwerecreatedwithineachsite.Inproductionenvironments,poolsshouldbefurthersegregatedtoallowforflexiblemaintenance of desktops.



Storage Synchronization Configuration

Inadditiontoperiodicbackupsofthegoldendesktopimages,organizationsshouldconsiderreplicatingthemtoanothersite.EMCReplicatorcanenablethisreplicationasitprovidesefficient,asynchronousdatareplicationoverInternetProtocol(IP)networks.WithReplicator,youcancreatepoint-in-time,network-attachedstorage(NAS)filesystemcopiesandconsistentiSCSIlogicalunitnumber(LUN)copiesonlocalorremote sites.

Figure 39: VM Gold Image Replication Configuration

Scripted and/or manual procedures can be used to re-instantiate replicated golden desktop images, should the need arise.

Imprivata OneSignOneSignappliancescanbeimplementedasaphysical1Userverorvirtualappliance.ForthisRA,theOneSignappliancesweredeployedasvirtualappliancesusinganOVFprovidedbyImprivata.Toensurelocal(persite)andremote(acrosssite)availability,two(2)OneSignapplianceswereimplementedineachsite.

Figure 40: AlwaysOn Distributed Architecture

AftertheOVFsweredeployed,awizardguidedusthroughtheimplementation,whichincludedpairingtheappliances into local and remote clusters, as well as configuration of a replication process to keep all appliances in sync with one another. Once the configuration tasks were completed, we connected to the web-based GUItolicensetheproduct(peruser),configureProximityCardsettings,integratewithActiveDirectory,andcreatepolicesthathandledtheOne-Touchloginbehavior.BelowisanexampleofaComputerPolicythatautomaticallylaunchestheViewClientandconnectsittoaViewConnectionServerathttps://10.1.54.16.(Thisis



actuallyavirtualIP(VIP)ontheCiscoACEappliance;FQDNorIPaddresseswillwork.Weusedbothin ourtesting.)

Figure 41: Imprivata View Configuration

Additionally,UserPoliciescanbeconfiguredspecifictoauthentication,passwordself-service,offlineauthentication,andRADIUSintegration.BelowistheUserPolicyweusedforthisRA,whichenablespasswordandproximitycardauthentication:

Figure 42: Imprivata Authentication Configuration



Test Setup and Configurations

Test Harness

The Test Harness describes the environment, the choice of tools and equipment used for validation, and the proceduresusedfortheworkloadcharacterization.ForthisRA,thegoalwastoexploretheabilitytoreconnectausertoadesktopafteracompletesiteoutage(meaningallresourceswithinasinglesiteareunavailable).Tosimulatetheoutage,wedisabledthenorthboundEthernetuplinksononeofthesite’sCiscoUCS6100sasillustrated below:

Figure 43: Simulating an Outage

The primary objective of the test harnesses was to validate if an end-user would successfully obtain a desktop after a complete site outage event occurred. The results of these tests are considered subjective in nature, as theywere“witnessed.”

The first harness required a mechanism to generate load on two Vblock platforms simultaneously. The VMware ReferenceArchitectureWorkloadCode(RWAC)waschosenasthemechanismortooltobeused.Thesecondharnessrequiredtheuseofaproximitycardandmanual/humanintervention.Aproximitycard(orproxcard)isa generic name for contactless integrated circuit devices used for security access or payment systems.

TestHarness#1–UsingRAWCtogenerateloadduringsitefailure

TheRAWCworkloadrunsonaWindows7orXPguestoperatingsystemandisexecutedoneachdesktopvirtualmachineononeormoreESXihosts.TheRAWCworkloadhasasetoffunctionsthatperformsoperationsoncommondesktopapplicationsincludingMicrosoftOffice,AdobeReader,WindowsMediaPlayer,Java,and7-Zip.

The applications are called randomly and perform operations that mimic those of a typical desktop user, includingopen,save,close,minimizeandmaximizewindows,viewanhtmlpage,inserttext,insertrandomwords and numbers, conduct a slideshow, view a video, send and receive email, and compress files.



TheRAWCworkloadusesaconfigurationfilethatiscreatedviatheRAWCGUIandwritesapplicationopen/close times and any errors to log files in a shared network folder. Various test variables can be configured viatheRAWCGUI,includingastartdelayforcreatingbootstormsanddensity(delaybetweenapplicationoperations),applicationspeed,numberofemailscreatedandsent,andtypingspeed.FormoreinformationonRAWC,seetheWorkload Considerations for Virtual Desktop Reference Architectures by VMware.

BelowisascreenshotoftheRAWCworkloadconfigurationusedforthisSA.ThisworkloadrandomlyloadedMSWord,Excel,InternetExplorer,PowerPointandAdobeAcrobatforthree(3)iterations.

Figure 44: RAWC Workload Configuration

Thisharnessemployedtwo(2)VMwareViewdesktoppoolspersite.Onepoolwasforactivedesktopsandtheother was for stand-by desktops. All of the linked clones were created from the same parent virtual machine. Thisconfigurationresultedinseventy-five(75)virtualdesktopsperdatastore,wellwithinVMware’sbestpracticerecommendationof128vDesktopsperdatastore.

Commoninfrastructurecomponents,suchasActiveDirectory,DFS,DNS,DHCP,andVMwareViewConnectionservers,aswellasImprivataSSOappliancesdidnotsharethesamecomputeorstorageresourcesasthevirtualdesktops.AvSpherecluster(outsideoftheVblocks)consistingoftwo(2)ESXihostswasusedtohosttheRAWCworkloadgenerationtool,Exchange2010server,andVitalImagesservers.EachdesktopinfrastructureservicewasimplementedasavirtualmachinerunningWindows2008R2.

AlwaysOn Desktop Configuration

TheWindows7goldenvirtualdesktopimagewascreatedasfollows:

Windows7Enterprise,SP1(Build7601),32-bit

One(1)vCPU

1GBvRAM

VMXNET3Adapter

AdobeReader9.4

ImprivataOneSignAgent4.5.217.217

MicrosoftOfficeEnterprise2007

http://www.vmware.com/files/pdf/VMware-WP-WorkloadConsiderations-WP-EN.pdf



InternetExplorer8.0

VMwareDesktopRAWCWorkloadSimulator1.2.0

VMwareTools8.3.2.2658

VMware View Agent 4.6.0.366101

* http://www.vmware.com/resources/techresources/10157

Stateless Desktop Configuration

Automatedpoolsusingvirtualmachinesnapshotswereusedtogeneratethevirtualdesktops,andFloatingUserAssignmentwasconfiguredtorandomlypickdesktopsforuserseachtimetheylogin.ForthisRA,additionalpersonalizationofthedesktop(e.g.,theuseofpersonaorprofilemanagement)wasnotnecessary,andthestatelessnessofthevirtualdesktopwasachievedusingaMicrosoftActiveDirectoryGPOtoredirectMyDocumentstoaDFSshareviaaglobalnamespace.

Figure 45: Automated / Floating Desktop Pool

Active/Active Configuration

MultipleAutomated/Floating(AF)virtualdesktoppoolswerecreatedinSiteAforSiteAusersastheirprimarydesktop and in Site B for Site B users as their primary desktop, thereby creating an Active/Active configuration. Additionally,multiplestandbyAFvirtualdesktoppoolswerecreatedineachsitetodeliverAlwaysOndesktops.

Figure 46: Site A - Pool Configuration

http://www.vmware.com/resources/techresources/10157



Figure 47: Site B- Pool Configuration

Test Harness #2 – Using a Proximity Card (Manual)

ThesecondtestharnesswasperformedmanuallyusingaproximitycardreaderattachedtoaWyseZ90terminal.Additionally,wetestedtheeffectsofdistancelatencybyacquiringavirtualdesktopoverawide-areanetwork.ACiscoVPNclientwasusedtoaccesstheRAresources.(ViewSecurityServerscouldalsohavebeenused.)CiscoACEwasconfiguredtosendallconnectionsfromtheVPN’sDHCPIPrange(assignedtoWyseterminal)toSiteBtoobtaintheirprimaryvirtualdesktop.ThesamegoldenimageanddesktoppoolconfigurationusedforHarness#1wasreusedforthisharness.

Validation Results

The most critical metric for this virtual desktop validation is the amount of time it took to obtain a new desktop afterasimulatedoutageoccurred.Inthisenvelopetesting,thesystemwasoptimizedsuchthatobtaininganewdesktopaftersitefailureoccurredwithin30seconds.Themajorityofthisdelay(~20seconds)wasspentwaiting for the View Client to give up trying to connect to the previous View Connection server.

Outsidethescopeofthiseffortisanextremelyimportantmetricforvirtualdesktopvalidation:theend-userapplication response time. Careful design considerations should be given to ensure the end-user response time foranyapplicationactivityislessthanthree(3)seconds.ResponsetimemetricswerecollectedduringtheRAWCharnesstestingtoillustrateloadontheenvironmentduringfailover.Theseresultsaredisplayedbelow.

Test Harness #1 – Validation

PriortostartingtheRAWCworkloadgeneration,screenshotsfromwithinViewManagerwerecapturedtoillustrate the number of current sessions and available desktops.

Figure 48: Site A Pre-Test Status



Figure 49: Site B Pre-Test Status

TheRAWCworkloadgenerationhasstartedandtheCiscoACEisprocessingtherequestsfordesktopsbydistributingtheloadacrossthetwo(2)HAProxieswithineachsite,basedonthesourceIPoftheRAWClauncher.

Figure 50: Cisco ACE Real Time Statistics for server farm

Mid-way through the test, the screenshots from within View Manager are captured to illustrate the number of remote/connected sessions.

Figure 51: Site A Mid-Test Status



Figure 52: Site B Mid-Test Status

Although application response time metrics were not critical to the success of this validation, the results were captured to illustrate load on the system.

Figure 53: Site A Application Response Time Metrics

ThenorthboundEthernetuplinksweredisabledonSiteBtosimulateanoutage.Almostimmediately,theRAWCsession launchers lose connection to their remote desktop sessions.

Figure 54: Simulate Outage causing remote sessions to end



SincetheremotedesktopsessionsforSiteBhavedisconnected,weusedRAWCtorestartthem.CiscoACEaccepted the View Server connection requests, determined that Site B was down, and automatically redirected the connections to Site A. Desktop sessions are restarted.

Figure 55: Site B workload restarted, on Site A

All 200 remote desktop sessions, originally connected to Site B, are now reestablished on Site A.

Figure 56: Site A - Sessions after outage

Once again, application response time metrics are captured to illustrate load on the system, but this time for the Site B workload running on Site A resources.

Figure 57: Site B workload running on Site A



Test Harness #2 – Validation

TheinitialphaseofthistestinvolvesloggingintotheenvironmentusingtheImprivataSSOmechanismwhichchainsintotheWindowsGINAandprovidesmanualorproximitycardmethodsofauthentication.

Figure 58: Imprivata Login Screen

Oncetheuserisauthenticated(inthiscase,viaMicrosoftADaccount),ImprivataSSOpolicesstarttheVMwareViewclientandpassthecredentialstoenableaseamlessloginexperiencetotheusers’virtualdesktopsinSiteA.

Figure 59: Successful login to Site A



Thenextseriesofscreenshotsillustratestheaccessingofcriticalapplicationsandfiles.FirstisVitreaCore’sVISand a three-dimensional knee scan that was accessed via a web browser and manufacture plug-in. The Vitrea back-end application was housed at a separate site and was not subjected to our simulated outage.

Figure 60: Vitrea VIS image

Next,weaccessedemailviatheMSOutlookclient.TheExchange2010instanceservinguptheemailislocatedataseparatesitewithVitreaCore’sVIS.

Figure 61: Email Access



FileswithinaDFS-basedsharearethelastitemstobeaccessed.Thefilesshareswerelocatedwithineachsite,andDFSR(replication)wasconfiguredtoensurecopiesoffilesweredistributedbetweenthesites.GPOredirectionwasusedtomaptheuser’sMyDocumentsorDocumentsfoldertotheDFSshare.

Figure 62: File Access

ThenorthboundEthernetuplinksweredisabledonSiteAtosimulateanoutage.Almostimmediately(3-10seconds),theViewclientdisconnects,andtheImprivataloginwindowappeared(asshownabove).Theuserthenmanuallyorusingaproximitycardre-authenticatedthemselvesandCiscoACEpoliciesdirectedthemtoastandby desktop in Site B.

Figure 63: User redirected to Site B after Site A failure



Thenextseriesofscreenshotsillustratetheaccessingofapplicationsinitiallytested.Thistime,however,theywere accessed from the user desktop in Site B.

Figure 64: Vitrea Core VIS access from Site B

Figure 65: Outlook

Figure 66: Files



Additional Considerations

Inanyvirtualdesktopdeployment,datacenterservicessuchasbackup,recovery,security,andbusinesscontinuity need to be considered. These considerations may impose additional restrictions on scalability and performance.VCEprovidesin-depthdiscussionsonsolutionsthataddresstheseusecases.

ConclusionAscomputingdevicesreplacepaperchartsandphysicianprescriptionpads,theseendpoints(mobileandfixed),becomesafety-criticalITsystemsthatmustdeliverthehighestpossiblelevelsofreliabilityandavailabilitytoensurepatientsafety.Ifacaregiverhastomakeafastmedicaldecisionbutcan’taccessthepatient’srecordsbecause of a service outage or computer problem, the situation can escalate into a Severity-1 event and the consequences can be quite serious.

Unfortunately,theolddevice-centricapproachtoendpointmanagementmakesitextremelydifficult—ifnotimpossible—toprotecteverydesktop,laptop,hospitalcomputercart,andmobiledeviceinuse.Toovercomethis challenge, healthcare providers need a new approach to point-of-care delivery: one that will enable them tomodernizetheirITinfrastructuressotheycanimprovepatientoutcomesandgetthemostfromthemillionsof dollars they are investing in technology.

ThisreferencearchitectureforAlwaysOnPointofCare,acollaborationoftheVCEcompany,Imprivata,andVitalImages,detailedanewreferencedesignfordeliveringclinicaldesktopsandpatientcareapplicationsasnon-stopservices.Inafailoversituation,thisnewreferencedesignprovidesthebusinesscontinuityrequiredformission-critical desktop and application access within seconds.

AlwaysOn Point of Care offers:

•ConversiontoEHRcausingrapidincreaseindistributedlocationswherepoint-of-caredesktopsMUSTbeavailable.

•Tier-1criticaldesktop,providingfastrecoveryandapplicationcontinuityduringdisasters.

•Point-of-careaccessthatismorefluidthantraditionalPCexperience.

• Sessionmobility,arequiredfeaturetiedtopatientcareandclinicalproductivity.

• Theidealopportunitytorapidlyrolloutafullymanageddesktopplatform.

•Aneffectivewaytoimplementmanagedprintingservice.

The end-user experiences:

•Desktopsthatarealwaysonandthatenablefastlogon.

•Adesktopthatfollowsthemintheeventoffailover.

•Accessfromanyendpointdevicesfromanywhere.

•Afamiliarinterfacetosustainthesameapplicationworkflow.

Insummary,AlwaysOnPointofCareoffersasolutionthatisaccessibleasanon-stopserviceandavailabletoclinicians wherever and whenever they need patient information.



Acknowledgements

Cisco,Imprivata,VitalImages,Wyse,EMCRTPLabs

ReferencesVMwareViewReferenceArchitecture http://www.vmware.com/resources/techresources/1084

VMwareWorkloadConsiderationsforVirtualDesktopReferenceArchitectures http://www.vmware.com/files/pdf/VMware-WP-WorkloadConsiderations-WP-EN.pdf

VMware View http://www.vmware.com/products/view/

VMware vSphere 4 http://www.vmware.com/products/vsphere/

Cisco UCS http://www.cisco.com/go/unifiedcomputing

Cisco Data Center Solutions http://www.cisco.com/go/datacenter

Cisco Validated Designs http://www.cisco.com/go/designzone

EMCCelerraFamily http://www.emc.com/products/family/celerra-family.htm

EMCPowerPath/VE http://www.emc.com/products/detail/software/powerpath-ve.htm

HAProxy http://haproxy.1wt.eu/

ImprivataOneSign http://www.imprivata.com/onesign_platform

WyseZ90 http://www.wyse.com/solutions/vmware/index.asp

http://www.vmware.com/resources/techresources/1084

http://www.vmware.com/files/pdf/VMware-WP-WorkloadConsiderations-WP-EN.pdf

http://www.vmware.com/products/view/

http://www.vmware.com/products/vsphere/

http://www.cisco.com/go/unifiedcomputing

http://www.cisco.com/go/datacenter

http://www.cisco.com/go/designzone

http://www.emc.com/products/family/celerra-family.htm

http://www.emc.com/products/detail/software/powerpath-ve.htm

http://haproxy.1wt.eu/

http://www.imprivata.com/onesign_platform

http://www.wyse.com/solutions/vmware/index.asp


VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www .vmware .comCopyright © 2011 VMware, Inc . All rights reserved . This product is protected by U .S . and international copyright and intellectual property laws . VMware products are covered by one or more patents listed athttp://www .vmware .com/go/patents . VMware is a registered trademark or trademark of VMware, Inc . in the United States and/or other jurisdictions . All other marks and names mentioned herein may be trademarks of their respective companies . Item No: VMW-RAG-REFARCHPARTNER-USLET-WEB

About VCE VCE,theVirtualComputingEnvironmentCompanyformedbyCiscoandEMCwithinvestmentsfromVMwareandIntel,acceleratestheadoptionofconvergedinfrastructureandcloud-basedcomputingmodelsthatdramaticallyreducethecostofITwhileimprovingtimetomarketforourcustomers.VCE,throughtheVblockplatform,deliverstheindustry’sfirstcompletelyintegratedITofferingwithend-to-endvendoraccountability.VCEprepackagedsolutionsareavailablethroughanextensivepartnernetwork,andcoverhorizontalapplications,verticalindustryofferings,andapplicationdevelopmentenvironments,allowingcustomerstofocusonbusinessinnovationinsteadofintegrating,validating,andmanagingITinfrastructure.Formoreinformation, go to http://www.vce.com.

THE VIRTUAL COMPUTINGENVIRONMENT COMPANY

Design - AlwaysOn Point of Care Desktop

Documents

Transcript of Design - AlwaysOn Point of Care Desktop