USDD VDI Project

Where Do We Begin???

• POC in Spring 2009 with PDS• Targeted test group (ESX 3.5/20-30 VMs)• Used repurposed Dell PowerEdge servers and

local storage• Identified project scope for Phase 1 for

upcoming fall term• Planned sizing requirements with room to

grow for future phases

VDI Server Farm

• HP C7000 Blade Enclosure (16 slot) with Proliant BL490c G6 blade servers

• Cluster 1 (Staff) 8 blades (approx 260 running/accessible persistent VM’s) XP/7 Mix

• Total 726GB physical RAM in cluster 1 (1.5 GB for WIN 7/768 MB for XP)

• Cluster 2 (Student K-12) 8 blades (approx 630 running/accessible Non-Persistent VM’s)

VDI Server Farm

• Approx 1.2 TB physical RAM in cluster 2 (1 GB for WIN 7/768 MB for XP)

• ESXi 4.1, VSphere/VCenter 4.1, View client 4.6• Currently licensed for 800 concurrent sessions

(accessed/not available)• High Watermark at a single point for

concurrent logged in sessions (approx 550)

VDI Storage

• Net App FAS 3140 – 4 disk shelves 56 drives• Using NetApp’s Data On Tap for compression and

deduplication to reduce redundant data• Added 256GB Flash Cache after Phase 1 to optimize

storage for disk reads, also help alleviate any boot storms

• Testimonial• Compare/Contrast with using (block-based storage)

ISCSI, FC, and (file based storage) NFS http://media.netapp.com/documents/tr-3808.pdf

NetApp Disk Writes

• WAFL is the Write Anywhere File Layout, an approach to writing data to disk locations that minimizes the conventional parity RAID write penalty. By storing system metadata (inodes, block maps, and inode maps) in the same way application data is stored, WAFL is able to write file system metadata blocks anywhere on the disk. This approach in turn allows multiple writes to be "gathered" and scheduled to the same RAID stripe—eliminating the traditional read-modify-write penalty prevalent in parity-based RAID schemes.

Core Infrastructure

• Existing Core 6509 switch – added 1-10GB Ethernet module then expanded that to 2 modules after Phase 1

• Port channeled both modules together to create redundant links to NetApp and Blade Chassis

Remote Access using Security Gateway

• Developed by VMware and Teradicci• Eliminates need for Site to Site VPN• Authentication occurs in DMZ/acts as a broker

to View Manager• http://www.vmware.com/pdf/view-46-archite

cture-planning.pdf Page 60

• Issues/Experience/Feedback

Security Gateway Features

* Enables a one click secure remote connection. Offers VPN-less connectivity from an Internet connection for VMW View clients and PCoIP zero clients

* Supports up to 2000 concurrent connections* Supports up to 400 Mbit/s throughput

Source Protocol Port Destination NotesAny PCoIP TCP/UDP 4172 Security Server External clients

use TCP port 4172 to a security server when SSL is enabled and uses UDP port 4172 in both directions

Security Server PCoIP TCP/UDP 4172 View desktop Security servers use TCP 4172 to transmit PCoIP traffic to View desktops and security servers also use UPD 4172 to transmit PCoIP traffic in both directions

VDI Remote access using PCoIP

Remote PC running VM Ware View client with Internet Connection

USDD ASA 5510 firewall using TCP/UDP 4172

Security Gateway Server in DMZ

VMWare View Connection Server using secure tunnel to desktop for External Connections

DataCenter

Virtual Desktops

Application Deployment

• Packaging and Vitalizing applications using VMWare Thin App

• Thin App Boot Camp - http://communities.vmware.com/community/vmtn/desktop/thinapp/bootcamp

• What is Thin App? An agentless application virtualization solution that isolates applications from their underlying OS eliminating application conflict and gives you the ability to streamline application delivery and management

Application Deployment Using Thin App

• How it works? Wizard based software that virtualizes applications by encapsulating application files and registry into a single Thin App package that can be deployed, managed and updated independently from the underlying OS. Prescan, Build, Post scan

• The virtualized application runs independently from the OS and behaves the same across different configurations for compatibility.

Thin App Key Benefits

• Requires no agent• Success rate of 90-95% packaging applications• Complete application isolation from OS minimizing

application conflicts (missing .dll)• Integrates with VMware Horizon Application Manager

allowing users to access applications from a simple web-based catalog

• App link capability• Flexibility – assign Thin App packages to individual

desktops or pools of desktops

Liquidware Labs Profile Unity

• Management console can be installed on Win 2000 and above. Can also be installed on domain controller. 32 and 64 bit support

• Profile Unity client needs to be installed on VMs and must be in domain

• Run .exe as startup script using Group Policy • Powerful and can be very granular/filter-rules based• Filters consist of the following elements: a filter

name, filter rules, machine classes, operating system types, and connection types.

Liquidware Labs Profile Unity

• Currently using PU with VDI for folder redirection (Desktop & My Documents), preserve some application data, application deployment and locations based printing and also manually added printers

Filter Rules

• Group Membership • User Name • TCP/IP Address • Host Name • Computer Name • MAC Address • Domain • OU (User) • OU (Computer) • View Client Name

Filesystem Rules/Filters• Application Data • Cookies • Desktop • Favorites • History • Personal (My Documents) • Program Group • Recent • Send To • Start Menu • Startup Group • User Profile • Local AppData • Program Files • System Drive • System Root

Project Planning/Advice

• Develop your roadmap/identify phases • Put core infrastucture in place for robust

computing experience (avoid bottlenecks)• Allow for room to grow• Get a good understanding of what your staff is

currently doing with technology and wants to do• Plan out your application deployment strategy to

avoid managing many Pools• Stay Committed-avoid supporting 2 environments

Hands On Activity

Install Client and login remotely

Questions/Discussion