VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive

47
Horizon Mirage Image Deployment Deep Dive Mark Ewert, VMware Andy Philp, VMware EUC5587 #EUC5587

description

VMworld 2013 Mark Ewert, VMware Andy Philp, VMware Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare

Transcript of VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive

Page 1: VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive

Horizon Mirage Image Deployment Deep Dive

Mark Ewert, VMware

Andy Philp, VMware

EUC5587

#EUC5587

Page 2: VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive

2

Agenda

Horizon Mirage Single Image Management Overview

Horizon Mirage Single Image Management Deep Dive

• Base Layer considerations and strategies

• Base Layer lifecycle

• How Base and App Layers are deployed

• Handling potential Base Layer conflicts

Questions?

Page 3: VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive

3

VMware Horizon Mirage

Single Image Management Overview

Page 4: VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive

4

Layered, Single Image Management

Horizon Mirage Layers

Layers are stored in the data center

Mirage performs granular operations

on Mirage-managed endpoints

Orange layers continuously

backed up from endpoints

Green layers managed by IT –

OS, drivers

End User PC

Machine Identity Layer (identity, customizations)

User Personalization Layer (user data & profile, installed apps)

Base Layer (OS, infra SW, core apps)

Driver Library

Mirage Application layers

Page 5: VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive

5

Horizon Mirage Layers

Apps not installed

by Mirage

User profile

User data

Machine

identity

Drivers

Base layer

Network Optimized Synchronization & Streaming

Application layer(s)

Mirage

Servers &

Single

Instance

Stores

Page 6: VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive

6

Horizon Mirage Application Layers

Application Layers

• Traditional Windows apps and ThinApps

• Windows apps need to be captured

• Similar to ThinApp capture process

• Applications are “updated” (assigned) to CVDs

and CVD Collections

• App Layer deployment uses same mechanism

as Base Layer assignment

• Requires Base Layer to have been previously

deployed or deployed with App Layer

End User PC

Machine Identity Layer

(identity, customizations)

User Personalization Layer

(user data & profile, installed apps)

Base Layer

(OS, infra SW, core apps)

Driver Library

Application Layers

Page 7: VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive

7

Options: Multiple Applications per Layer and Multiple Layers

End User PC

Machine Identity Layer

User Personalization Layer

Base Layer

Driver Library

Application Layer MS Office, Adobe Acrobat, Google Chrome

End User PC

Machine Identity Layer

Base Layer

Driver Library

Application Layer 1: MS Office

Application Layer 2: Adobe Acrobat

Application Layer 3: GoogleChrome

User Personalization Layer

Page 8: VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive

8

Single Base Layer + App Layers = Multiple Use Cases

End User PC

Machine Identity Layer

Everything else

User Personalization Layer

Base Layer

Driver Library

Finance Apps

Human Resources Apps

Training Apps

Development Apps

Sales Support Apps

Page 9: VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive

9

Single Image Management with Base and Application Layers

Finance Apps

HR Apps

IT Apps

Finance Desktops

HR Desktops

IT Desktops

Single

Base Layer Windows 7

Antivirus

Common Apps

Page 10: VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive

10

Driver Profiles

Drivers required to support a specific brand/model of Endpoint

Decouples the hardware from the other layers

Download drivers from vendor and import into Mirage Driver library

Page 11: VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive

11

Single Image Management with Driver Profiles

Dell Drivers

HP Drivers

Lenovo Drivers

Dell Laptops

HP Laptops

Lenovo Laptops

Single

Base Layer

Page 12: VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive

12

Bringing It All Together: Single Image Management

Single

Base Layer Windows 7

Antivirus

Common Apps

Dell Drivers

HP Drivers

VMware Drivers

Finance Apps

HR Apps

IT Apps

Up to 20,000

Endpoints

Page 13: VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive

13

Image Management Step 1: Build Reference Machine

Network

Mirage server cluster

Mirage SIS

Laptop (or PC)

with Mirage client

Golden master VM

with Mirage client

Mirage Reference Machine

Page 14: VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive

14

Step 2: Create Reference Centralized Virtual Desktop (CVD)

Mirage server cluster

Mirage SIS

Only unique files

are copied across

the network

Network

Network optimized synchronization

Laptop (or PC)

with Mirage client

Golden master VM

with Mirage client

Mirage Reference Machine

Page 15: VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive

15

Step 3: Capture a Base Layer

Mirage

console

Reference

CVDs

Mirage SIS

Base Layer

Desktop Admin

Mirage server cluster

Base Layer Rules

Page 16: VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive

16

Step 4: Assign (Deploy) the Base Layer

Network

Mirage server cluster

Mirage SIS

Mirage

console

Base

Layer

Network

Collection

Page 17: VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive

17

Single Image Management Deep Dive

Page 18: VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive

18

Horizon Mirage Layers Recap

Horizon Mirage Layers

Layers are stored in the data center

Mirage performs granular operations

on Mirage-managed endpoints

Orange layers continuously

backed up from endpoints

Green layers managed by IT –

OS, drivers

End User PC

Machine Identity Layer (identity, customizations)

User Personalization Layer (user data & profile, installed apps)

Base Layer (OS, infra SW, core apps)

Driver Library

Mirage Application layers

Page 19: VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive

19

Base Layers

Base Layers are:

• a copy of the configuration of an Endpoint containing the operating system,

updates and service packs, and common applications

• captured from Reference Machine

Base Layers can be:

• deployed to Endpoints via CVDs and CVD Collections

• used to migrate Windows XP to Windows 7

• created and tested in the datacenter before deployment

Base Layer (OS, infra SW, core apps)

Page 20: VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive

20

Base Layer Considerations

Have as few Base Layers as possible,

one Base Layer is ideal!

Hardware Considerations

• most drivers can be handled by Driver Profiles

• a few drivers need to be installed after layer deployment

• some hardware requires “support software”

• Unified communications, scanners, point of sale

• VMware Tools

Page 21: VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive

21

Base Layer Considerations

Applications

• include system-level software: firewalls and antivirus

• software common to multiple departments or use-cases

OS and Software Licensing

• Volume licenses preferred

• Microsoft VLK for Windows and Office automatically detected

• MAK, Retail keys

• handled manually or via script after first layer deployment

• Applications tied to specific hardware or hardware key

• not recommended for Base Layer. Install outside of Mirage.

Page 22: VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive

22

Base Layers and Endpoint Encryption Software

Full Disk Encryption

• Mirage cannot make changes to partitions or boot sectors

• Install FDE that modify hard drives before Mirage

• Checkpoint FDE, PGPDisk, Sophos Safeguard, McAfee Endpoint Encryption

• Sophos v5.5 IS supported

Microsoft Bitlocker

• Bitlocker is fully supported by Mirage

• Must be enabled.

• Base Layers do not enable or disable Bitlocker

Microsoft Encrypted File System (EFS)

• Mirage supports EFS

• files are uploaded to Mirage unencrypted

• protecting (backing up) EFS files is enabled by default

Page 23: VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive

23

Base Layer Strategy: Department or Use Case Specific

Base Layer contents

• Operating system

• AntiVirus and Firewall

• Standard utilities

• Departmental applications

• Use case specific applications

Everything handled in single layer

• does not require external app deployment

Drawback: more reference machines and base layers to maintain

Page 24: VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive

24

Base Layer Strategy: Specialized Hardware

Base Layer contents

• Operating system

• AntiVirus and Firewall

• Standard utilities

• Point of Sale (PoS) hardware support

• PoS applications

Benefits: supports hardware required by special use case (PoS)

Drawback: more reference machines and base layers to maintain

Page 25: VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive

25

Base Layer Strategy: Generic Standard Desktop

Base Layer contents

• Operating system

• AntiVirus and Firewall

• Standard utilities

Driver Profile

Supports multiple departments and use cases

• Fewer reference machines and base layers to maintain

Drawback: requires another way to handle applications

Page 26: VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive

26

Application Deployment Options

New! Horizon Mirage Application Layers

• Windows Applications

• ThinApps

New! Horizon Workspace

• ThinApps

• SaaS Apps

Legacy systems:

• Microsoft SCCM

Application Remoting

Page 27: VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive

27

Base Layer Lifecycle

Build and Test Reference Machine

Create Reference CVD

Create Base Layer

Test Base Layer

Deploy Base Layer to Endpoints

• with Driver Profile and optional App Layer(s)

Page 28: VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive

28

Base Layer Lifecycle Continued

Update Reference Machine

Changes update Reference CVD via

Mirage synchronization (backup)

Create updated Base Layer

Test updated Base Layer

Deploy updated Base Layer to Endpoints

• with optional updated Driver Profile and App Layer(s)

Page 29: VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive

29

How Layers Are Deployed

1. Mirage logically “flattens” the layers

2. Takes VSS snapshot of each Endpoint

3. Analyzes Endpoints to determine what

to download

Local

Base Layers

Server

Page 30: VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive

30

How Layers Are Deployed

4. Just the files and settings required are

downloaded to each Endpoint

5. User prompted to Reboot

6. Mirage merges Layer into existing

config during Windows boot

7. User logs in

8. Mirage finalizes Layer deployment

• Driver detection

Page 31: VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive

31

Handling Base Layer Conflicts

Page 32: VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive

32

Base Layer Conflicts

Base Layers can potentially conflict with software

installed on Endpoints.

• older version of application in Base Layer

• Windows updates in Base Layer conflict with Endpoint application

requirements

• newer updates on Endpoint conflict with versions in Base Layer

Handling Conflicts:

1. Test before deployment

2. Layer Dry-Run Reports

3. Base Layer Rules

4. Base Layer Override Policies

Page 33: VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive

33

Layer Dry Run Reports

Page 34: VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive

34

Layer Dry Run Reports – Conflict Report

Page 35: VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive

35

What Base Layers Capture

Base Layer captures include by default:

• Contents of the C:\ drive (with some exceptions)

• All major settings

• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\

• HKEY_LOCAL_MACHINE\SOFTWARE

Captures do NOT include:

• Machine identity

• User profiles

Page 36: VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive

36

Base Layer Rules and Override Policies

Base Layer Rules:

• what is included and excluded in a Base Layer capture

• what is explicitly protected from being overwritten on Endpoints

during Base Layer deployment

Base Layer Override Policies

• enable special handling based on existence of files or registry settings

• example: if specific files required by Office 2007 exist, do not overwrite

them with newer versions in the Base Layer

Page 37: VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive

37

Anatomy of Base Layer Rules: File System

1. Show Factory Rules

2. Do Not Download: Rules

Files that will NOT be overwritten

by layer

3. Rule Exceptions:

Files within the do not download

areas that WILL be overwritten by

layer.

1

2

3

Page 38: VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive

38

Anatomy of Base Layer Rules: Registry

1. System and Software Hives

HLKM\System\CurrentControlSet

HKLM\Software

2. Registry Keys to Exclude

Keys that will NOT be overwritten

by layer

3. Registry Values to Exclude:

Values that will NOT be overwritten

by layer

1

2

3

Page 39: VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive

39

Base Layer Rules Example – Windows Defender

1

2

1. File System Do Not Download Rules

2. Registry Keys to Exclude:

HKLM\SYSTEM Hive

Page 40: VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive

40

Base Layer Rules Example – Windows Defender

3

3. Registry Keys to Exclude:

HKLM\SOFTWARE Hive

Page 41: VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive

41

Base Layer Override Policies

Enable preserving files and registry settings IF they already exist.

Page 42: VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive

42

Base Layer Override Policy Example – Zimbra Desktop

1

2

1. File System: Do Not Override

by Layer

2. Not-to-Override Registry Keys:

HKLM\SOFTWARE Hive

3 3. Not-to-Override Registry Values:

HKLM\SOFTWARE Hive

Page 43: VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive

43

QUESTIONS

Page 44: VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive

44

Other VMware Activities Related to This Session

HOL:

HOL-MBL-1309

Horizon Mirage - Manage Physical Desktops

Group Discussions:

EUC1000-GD; EUC1004-GD

Mirage with Daniel Beveridge or Mark Ewert

EUC5587

Page 45: VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive

THANK YOU

Page 46: VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive
Page 47: VMworld 2013: VMware Horizon Mirage Image Deployment Deep Dive

Horizon Mirage Image Deployment Deep Dive

Mark Ewert, VMware

Andy Philp, VMware

EUC5587

#EUC5587