Architecting VMware Horizon Workspace for Scale

and Performance

Jared Cook, VMware

Andrew Johnson, VMware

Kit Colbert, VMware

EUC4546

#EUC4546

2 2

Agenda

Horizon Workspace Architecture

• vApp

• Configurator

• Connector

• Service

• Data

• Data Preview

• Gateway

• Clients

Horizon Workspace vSphere and vApp Architecture

• vCenter Configuration

• Backup and Recovery

Q&A

3 3

Horizon Workspace 1.5 Architecture

4 4

Horizon Workspace vApp

Workspace vApp

Configurator

VA

OS (SLES)

tcserver

Service VA

OS (SLES)

App

API

DB tcserver

Data VA

OS (SLES)

App

API

DB LDAP Jetty

App

Connector

VA

OS (SLES)

tcserver

App

Gateway

VA

OS (SLES)

Nginx

Modules

• Central Wizard UI

• Distributes settings

across VAs

• Network, Gateway,

vCenter, SMTP

attributes

• Add / remove modules

• Manage certs, security

• User authentication (RSA SecureID)

• AD secure bind and synchronization

• Set replication schedule

• Sync View pools and ThinApp

• Enables single user-

facing domain

• Routes requests to

correct node

• Workspace Admin UI

• Application Catalog

• Manage user entitlements

• Workspace Groups

• Reporting

• Stores files

• Controls file sharing policy for

internal and external users

• Manage file preview server

• Serves end user web UI

5 5

Performance Hardware Configuration

Host Machine Spec : Dell PowerEdge R815 - 32 CPU(2 CPU,16

cores each) x 2.6 GHz AMD Processor, 256 GB RAM

• Service VM – 4 CPU, 8 GB Memory per VM

• Data VM – 8 CPU, 16 GB Memory per VM

• Gateway VM – 2 CPU, 2 GB Memory per VM (default values)

• Configurator VM - 1 CPU, 1 GB Memory per VM (default values)

• Connector VM - 2 CPU, 4 GB Memory VM (default values)

• External Database – (only one in use in any given test)

• Oracle DB - 4 CPU, 8 GB Memory per VM

• vPostgres DB - 4 CPU, 8 GB Memory per VM

• Active Directory (Version Win 2008 R2) - 2 CPU, 4 GB Memory VM

6 6

Horizon Workspace – Configurator VA

• Configure vApp

• First VA

• Heartbeat

• Add/Remove other Horizon Workspace VAs

• Only one Configurator VA per vApp

• Communication Workflow

Workspace vApp

Configurator

VA

OS (SLES)

tcserver

App

Service VA

OS (SLES)

App

API

DB tcserver

Data VA

OS (SLES)

App

API

DB LDAP Jetty

Connector

VA

OS (SLES)

tcserver

App

Gateway

VA

OS (SLES)

Nginx

Modules

7 7

Horizon Workspace – Configurator VA Performance Characteristics

• Sized at 1 CPU, 1 GB Memory

• Support for Entire vAPP

• 1 Configurator VA per vAPP

• Due to not playing a Role on interacting with Users this appliance does not

need many resources, as it is just keeps the vAPP well organized

8 8

Horizon Workspace – Connector VA

• Authentication and Integration

• Types of Authentication (Kerberos, AD, RSA)

• How to architecture for different authentication types

• Each Connector VA can support up to 30,000 users

Workspace vApp

Configurator

VA

OS (SLES)

tcserver

Service VA

OS (SLES)

App

API

DB tcserver

Data VA

OS (SLES)

App

API

DB LDAP Jetty

App

Connector

VA

OS (SLES)

tcserver

App

Gateway

VA

OS (SLES)

Nginx

Modules

9 9

Horizon Workspace – Connector VA Performance Characteristics

10K Users

(40 simultaneous users)

30K Users

(40 simultaneous users)

CPU use - GW 20-60% 10-65%

CPU use - Service 15-80% 10-85%

CPU use - Data 10-40% 10-50%

CPU use - Conn 5-30% 5-30%

Throughput 5.64 Calls/Sec 5.71 Calls/Sec

10,202*5 Launches

in 30 minutes

10,335*5 Launches

in 30 minutes

10 10

Horizon Workspace – Service VA

• Administration and management

• Entitlements, Global Catalog, Reporting, Device Registration

• For Enterprise deployments two or more Service VAs are suggested

• Each Service VA can handle up to 100,000 users

Workspace vApp

Configurator

VA

OS (SLES)

tcserver

Service VA

OS (SLES)

App

API

DB tcserver

Data VA

OS (SLES)

App

API

DB LDAP Jetty

App

Connector

VA

OS (SLES)

tcserver

App

Gateway

VA

OS (SLES)

Nginx

Modules

11 11

Horizon Workspace – Service VA Performance Comparison

Goal

• Performance between HWS 1.0 and 1.5

Configuration

• 10000 users entitled to 1 web app, 100 groups, 4 vCPUs, 8 GB RAM

Results

Test HWS 1.0 HWS 1.5

User sync 232 users/min 357 users/min

App entitlement 189 users/min 909 users/min

Data provisioning 45-333 users/min 263 users/min

Data deprovisioning 333 users/min 769 users/min

12 12

Horizon Workspace – Service VA Performance Characteristics

Test 10K Users 30K Users

Sync Users 30 Minutes 110 Minutes

Group Membership 20 Minutes 180 Minutes

Total Dir Sync 50 Minutes 190 Minutes

Provision to Data 30 Minutes 81 Minutes

Entitlements 53 Minutes 65 Minutes

De-Provision 30 Minutes 45 Minutes

13 13

Horizon Workspace – Data VA

• It is recommended that each Data VA support up to 1,000 users

• At least three Data VAs are required. The first Data VA is a master data node,

the others are user data nodes

• Each user data node requires its own dedicated volume. In proof of concept or

small-scale pilot scenarios, you can use a Virtual Machine Disk (VMDK). For

production, you must use NFS.

• Choice of LibreOffice (included in data-va) or Microsoft Office Preview server

Workspace vApp

Configurator

VA

OS (SLES)

tcserver

Service VA

OS (SLES)

App

API

DB tcserver

Data VA

OS (SLES)

App

API

DB LDAP Jetty

App

Connector

VA

OS (SLES)

tcserver

App

Gateway

VA

OS (SLES)

Nginx

Modules

14 14

Horizon Workspace – Data Performance: Data Upload + Auth

• Test

• Measure authentication rate and response time during heavy data upload

• Data users uploading 100 1MB files in 1 hour, 50 concurrent users logging in

• Configuration

• 4 vCPUs, 8 GB RAM for service, gateway, 8 vCPUs, 16 GB RAM for data

• Results

Test HWS 1.0

(500)

HWS 1.0

(1000)

HWS 1.5

(500)

HWS 1.5

(1000)

Auth response time 9 sec 24 sec 9 sec 26 sec

Auth throughput 2.1 tx/sec 5.5 tx/sec 1.7 tx/sec 5.7 tx/sec

Data CPU Usage 60-80% 90-100% 65% 85%

GW CPU Usage 50-65% 70-100% 55% 85%

15 15

Horizon Workspace – Data Preview Services (MS Office)

• Windows 7 Enterprise or Windows 2008 R2 Standard required

• MS Office 2010 Professional, 64-bit required

• Horizon Data Preview Installer

• Admin account w/ permissions to create local accounts

• Disable UAC

• Conversion of documents in real-time

Environment Server

OS Windows Server 2008 R2

RAM 4GB

vCPU 4 vCPU (8 cores)

Network 1Gbps

Software MS Office 2010 Professional

16 16

Horizon Workspace – Data Preview Performance Characteristics

17 17

Horizon Workspace – Gateway VA

• The Gateway VA provides a single namespace

for all Horizon Workspace interaction

• As the Gateway VA is involved in every interaction between the user an

the vAPP, the more demanding the load, or number of Users the more

Gateway VAs that need to be added

• Minimum of: 1 Gateway per 2 Data Vas

• It is recommended that each Gateway VA support up to 2,000 users

• For high availability, place multiple Gateway VAs behind a load balancer

Workspace vApp

Configurator

VA

OS (SLES)

tcserver

Service VA

OS (SLES)

App

API

DB tcserver

Data VA

OS (SLES)

App

API

DB LDAP Jetty

App

Connector

VA

OS (SLES)

tcserver

App

Gateway

VA

OS (SLES)

Nginx

Modules

18 18

Horizon Workspace – Recommended Specs / Max # of Users

vCPU RAM Disk Maximum #

of Users

Connector-va 2 4GB 5GB 30,000

Gateway-va 6 32GB 9GB 2,000

Service-va 6 8GB 32GB 100,000

Data-va (user node) 6 32GB 175GB 1,000

MS Preview Server 8 4GB 32GB 1,000

19 19

Horizon Workspace vSphere & vAPP Considerations

20 20

Horizon Workspace – Infrastructure Dependencies

• Active Directory – Horizon Workspace requires Active Directory to sync users and

groups.

• DNS – All the virtual appliances refer to each other by their hostnames. Both forward

and reverse records are required for all the virtual appliances in the Horizon

Workspace vApp.

• SMTP – The Horizon Workspace vApp requires access to a SMTP server. The

SMTP server FQDN and port number are needed at installation time.

• NTP – All virtual appliances rely on time synchronization. Enable and configure time

sync on the vSphere hosts to point to your enterprise.

• Load Balancer and Reverse Proxy – Needed for multiple Gateway-VAs, protects

from single point of failure.

• External Storage – Horizon Workspace vApp supports external NFS volumes for

Horizon file sharing.

21 21

Horizon Workspace – Architecture Diagram

VMware Horizon 1.5 Architecture Diagram

22 22

vSphere & vCenter Configuration

• IP Pools Defined

• HA, DRS, vMotion Enabled

• FT, EVC Mode Disabled

23 23

Horizon Workspace – Backup Best Practices

Three Types of Persistently Stored Data

• External Database (vPostgres or Oracle)

• Data Stored in a VMDK (virtual machine disk format)

• Horizon File blobs stored on NAS volumes or on VMDKs

Backing Up Horizon Workspace

1. Create a point-in-time backup of external database

2. Take a point-in-time backup of each VA in the the Horizon Workspace vApp

3. If using external storage take a point-in-time backup of Horizon Data blob store

• If using VMDK, the data blob backup is part of the step 2

DR Restoration Sequence

1. If using NAS, restore blobs from blob backup, if using VMDK go to step 2

2. Restore the Horizon Workspace VAs from the VA backup

3. Restore external database

4. Power on the Horizon Workspace vApp and MS Preview Server

24 24

Horizon Workspace – vPostgres Considerations

VMware vFabric Postgres 9.1+

Resource Value

vCPU 4

RAM 8GB

Disk 1 – Root Disk (OS) 2GB

Disk 2 – Data Disk 32GB

Disk 3 – SWAP Disk 16GB

Disk 4 – Diagnostic 2GB

For enterprise deployment best practice is to use an external database.

25 25

Other VMware Activities Related to This Session

HOL:

HOL-MBL-1304

Horizon Workspace - Explore and Deploy

Group Discussions:

EUC1005-GD

Workspace with Rasmus Jensen

THANK YOU

Architecting VMware Horizon Workspace for Scale

and Performance

Kit Colbert, VMware

Jared Cook, VMware

Andrew Johnson, VMware

EUC4546

#EUC4546