ProjectVRC-RubenSpruijt-JeroenvdKamp

7/31/2019 ProjectVRC-RubenSpruijt-JeroenvdKamp

1/81

Project Virtual Reality Check

#DUTCHVMUG

Jeroen van de KampCTO

[email protected]
http://www.twitter.com/rspruijt


2/81


3/81

Project Virtual Reality Check

Jeroen van de Kamp:[email protected]

@theJeroen

Ruben [email protected]

@rspruijt


4/81


5/81

Agenda

Introduction

Conclusion Phase 1,2,3

Impact Application Virtualization on VDI

Unpublished results: VDI and AntiVirus


6/81

VDI in praktijk.

Whos administering/building VDI?

Whos on Windows XP? Whos on Windows 7?

Whos on VMware vSphere v4.x?

Whos on VMware vSphere v5.x?

Whos on the others?

Whos doing/considering stateful/persistent VDI?

Whos doing/considering stateless/non-persistent VDI?

Whos doing/considering central/shared storage?

Whos doing/considering local storage?


7/81


8/81


9/81

Performance AnalysReview

VDI + SBC


10/81

Independent & Unbia


11/81

Latest Gear


12/81

~1000


13/81www.ProjectVRC.com


14/81


15/81

VRC Publications

Phase I, II: Virtualizing TS/RDS/XenApp

Phase III: VDI bestpractices (Windows XP / Windows 7)

Phase IV: Application Virtualization and VDI

Phase V: Impact and Bestpractices AntiVirus on VDI (in


16/81

Test platform VRC

Server Brand/Model HPDL380G6

CPU 2 x Intel Quad core [email protected] Nehalem (16 logical cpu!)

Memory 96 GB DDR3

Disk 8 x 146Gb, 820.2Gb, dual port 10.000RPM Serial SCSI

RAID level RAID-5 with online spare

RAID controller HP Smart Array P400i, with 512MB and Battery Backed Write Cache

NIC NC373i Gigabit Adapters, Broadcom 5708


17/81


18/81

Login VSI

Turn-Key Benchmark for SBC + VDI (hosted)

Considered Industry Standard (driven by Citrix!)

Protocol independent

Standard workloads: light, medium, high & multimedia

Data randomization

Used by: Citrix, MS, Dell, HP, Cisco, VCE, EMC, Intel, QPanologic, Atlantis, Fujitsu, Virsto, Hitachi, Datacore, McCSC, FusionIO, Unidesk


19/81

Single Server


20/81

Configuration 1


21/81

Start the Test


22/81

Saturation


23/81

Single Server


24/81

Configuration 2


25/81

Start the Test


26/81

Saturation


27/81

SBC (RDS/TS/XenAPP)

Terminal S

AD

FileShareHypervisor

Terminal Server

Logging


28/81

VDI

Hypervisor

XP XP XP

AD

File ShareLogging


29/81

VSI (Standard) Workload

Office:

Outlook, Word,

PowerPoint

Excel

PDF printer & Adobe PDF

Internet Explorer (multiple sites + Flash Video)

FreeMind (Java)


30/81

VSI (Standard) Workload


31/81

VRC Phase I+II: RDS Workloads on Hype


32/81

Conclusions Phase I & II

Virtualization RDS/XenApp: Yes we can!

Virtualizing X64 RDS Workloads Yes! (not higher density)

Best-Practices

No vCPU overcommit + 2vCPU minimum

On Nehalem = 4vCPU/VM sweet spot

Dedicated Host

Update Best-Practices

ASLR & TPS

Intel Nehalem: impressive

Hyper-Threading + EPT-D = Doubling Capacity


33/81

VRC Phase III WinXP / Win7 VDI Work


34/81

VSI vs VRCOptimizations


35/81

Project VRC must emphasize that it is

crucial to test and validateoptimizations in your own VDI deployment

Disable services Win7

default

Win7

VSI opt

Win7 BP

opt

Application Experience V

Base Filtering Engine V

Background Intelligent Transfer service V

Diagnostic Policy service V

Function Discovery Resource Publication V

Offline files V

Superfetch V V

TCP/IP NetBios Helper

Themes V

Windows Defender V V

Windows Search V V

Windows Update V V

Windows Firewall V

WLAN Autoconfig V

Windows media player Network Sharing Service V

Routing and remote Access V

HomeGroup Provider V

Internet Connection Sharing V

Media Center Extender Service V

Net.Tcp Port Sharing Service V


36/81


37/81

Conclusion I/Os


38/81

VIRUSSCANNER and VDI ; TOTAL I/Os


39/81

SBC vs VDI

VDI

SBC


40/81

Phase III - Conclusions

Windows 7 more than Windows XP

Boot, First Loop

Windows 7 less than Windows XP

Second Loop, Idle

Best practice:

Use VRC Optimizations

fix page file

A/V

HIMP - RedBull


41/81

VRC Phase IV: AppVirt Impact on V


42/81


43/81

Impact of Application Virtualization on VDI

VSIMax

Local vs Streaming

I/O Impact


44/81

Application Virtualization Test Setup

3 major AppVirt vendors: Citrix Application Streaming (XenApp 6.0)

Microsoft Application Virtualization (App-V 4.6)

VMware ThinApp (ThinApp 4.6)

Office 2007 suite virtualized as 1 package

Deployment Scenarios:

streamed

precached

shared cache


45/81

VDI

Hypervisor

7 7 7

AD

File ShareLogging


46/81

Please Note!

Project VRCs goal is to investigaoverall performance impact of AppViVDI.

Project VRC does not recommenvirtualizing the Microsoft Office suite a

overall best practice.


47/81

VMware ThinApp


48/81

Streamed vs. Local installed %

Locally Installed

XenApp Streaming

App-V RTSP

ThinApp Streaming

100

56

77

74


49/81

Pre-cached vs. Local installed %


50/81

streamed vs. Local installed % - upd.

Update:

Citrix Application Streaming (November 2011)VSImax 56 >> 61 ..


51/81

Typical Streaming Scenario

Office Locally Installed

Outlook

Word

PowerPoint

Streamed Apps

Excel

PDF Reader

Freemind


52/81

Typical Streaming Scenario (%) *

(*) Some Apps are locally installed

P j VRC IV C l i


53/81

Project VRC IV Conclusions

Worst/worse case scenario or reality?

Impact VSImax Full Virtualization: up to 20-40%

Typical Streaming Scenario Impact: 5-10%

Streaming apps = up to 22-45% less READ I/Os

Streaming apps = up to 20-45% more WRITE I/Os

Application Virtualization IS key in

Optimized (virtual) Desktop


54/81

One more thing


55/81

VRC Phase V: AV Impact on V


56/81

VDI & AntiVirus

A l f ti


57/81

A couple of questions

Who is using AV in VDI statefull?

Who is using AV in VDI stateless?

Who does a scheduled/manual scan during production h

VIRUSSCANNER TOTAL I/O


58/81

VIRUSSCANNER: TOTAL I/Os

J th M i


59/81

Jonathan Meunier

A ti i l ti


60/81

Anti-virus solutions

Microsoft Forefront Endpoint Protection 10

Trend Micro OfficeScan 10.5

DeepSecurity 7.5*

McAfee

Move AV 2.0

Endpoint protection*

Symantec Endpoint Protection 12.1

N l VSI lt


61/81

Normal VSI results

Default Install ForeFront


62/81

Default Install ForeFront ..

Protect desktop VMs


63/81

Protect desktop VMs

AV directly installed on the VMs

FEP, TM OfficeScan

Manager, agents on the VMs

SEP

Manager, Security VM, agents on the VMs

Deep Security Move

ForeFront Endpoint Protection


64/81

ForeFront Endpoint Protection

Hypervisor

ImageDeploy

AV

VM 1

AV

VM x

AV

Symantec Endpoint Protection


65/81

Symantec Endpoint Protection

Hypervisor

VM 1 VM x

Agent Agent

Manager

Linked to AD

Deployment of theagents

McAfee Move AV


66/81

McAfee Move AV

Hypervisor

VM 1 VM x

Agent Agent

SVM

Win 2k8r2

Deployment of theagent

SVM

Win 2k8r2idle

Trend Micro Deep Security


67/81

Trend Micro Deep Security

Hypervisor

VM 1 VM x

AV AV

Mana

FilterDriver

Deployment of theagent

vShield

vShiApplia

vShield

SVMLinux

DISCLAIMER!


68/81

DISCLAIMER!

Results will change!!!

Results are only about performance during production, dsay anything about

Quality of security features

Impact of maintenance

Etc

Context: AV is tested Stateless: VMs are reset before ev

Jonathan Meunier


69/81

Jonathan Meunier

ForeFront 2010


70/81

ForeFront 2010

Custom 1

Incoming files only

Custom 2

Incoming Files

behavior monitoring disable

Network inspection disable

Heuristics Disabled

Custom 2

Trend Micro Office Scan


71/81

Trend Micro Office Scan

Behavior Monitor Disable

TM Best Pactices Max Layer Scan Compressed files = 1

Scan OLE object Max Layer = 1

Disable IntelliTrap

Baseline Response Time


72/81

Baseline Response Time

Total IOs


73/81

Total IO s

Total Read IOs


74/81

Total Read IO s

Total Write IOs


75/81

Total Write IO s


76/81

Conclusions


77/81

Conclusions

Testing AV is complicated

VRC system is balanced: CPU/MEM/DISK IO AV + Stateless??!!

Image is not fully scanned after resets

AV agents loose registration/connection in central manager afte

Licensing/Certificate issues

CPU impact on boot or Service do not start

Conclusions


78/81

Conclusions

Offloading introduces Response time Latency

Offloading architectures are complicated Do AV vendors fully understand VDI? (discussion perform

versus functionality)

AV+AppVirt

Availability Best Practices

More info:


79/81

More info:

www.projectvrc.com

www.twitter.com/ProjectVRC www.loginconsultants.com (VSI)

www.pqr.nl


80/81

One more thing..

Win een AR-Drone


81/81

Win een AR Drone

ProjectVRC-RubenSpruijt-JeroenvdKamp

Documents

Transcript of ProjectVRC-RubenSpruijt-JeroenvdKamp