Everyone working within the EUC and virtualization field knows this joke. Every year some analysts and vendors are promising us that this year is going to be the year of VDI (Virtual Desktop Infrastructure).
Within the last 5 years of my professional career I gained a lot of practical experience and feedback about VDI projects within Germany. I am trying to summarize what has happened within the VDI field over the last years and which technologies and solutions within the Horizon stack changed the way how we deliver virtual desktop in 2016 compared to 2012 (2013/2014/2015 ). If you want to see how specific Vendors within the VDI world evolved I would recommend you to also read this nice article about the state of EUC market by Rob Beekmans.
In theory a EUC strategy based on VDI offers many advantages.
- Operational benefits (control over the desktop, easier rollouts & updates of OS and Applications)
- Multiple access options (multiple endpoints from every location)
- Security benefits (Data is always within a controlled domain)
- Management benefits
To have a great VDI infrastructure as an outcome of project the following conditions should all be met within the implementation. I would simply call them success factors:
- The Total costs of ownership (capital and operational expenditures) did not exceed the old solution
- The user experience was identical or better than the old solution
- The VDI design allows all of the operational benefits
- The organization around the desktop has been adopted to manage virtual desktops
How did the technologies and therefore our design constraints have been changed over the years? Let me try to summarize it.
It’s always about the cost. Depending on the organization and business model IT can be a business enabler. But to be honest: Most compaines I have worked with so far have seen the IT as a cost center that has been grown chaotically over the years.
Old Legacy Physical world:
Most teleworkers (what an outdated word) use computers to fulfill specific tasks (creating reports, doing payments, access information, distribute information, and many more). In most cases those tasks are fulfilled with help of Software installed on top of a Operating System, which runs on top of some hardware extended with periphery like monitor, mouse, keyboard, webcams, etc.
We have costs for the OS, the licensing, deployment and updates of Application we install on every single Desktop, the Hardware, and the operational costs during the complete lifecycle of a Computer (ordering, inventory, fill-the-computer, delivery, maintenance, support, updates, etc.). Organization created process all around the situation and were able to deal functionally with the problems.
The total cost of ownership for EUC was always high and in most cases higher than some responsible person have seen it (‘a computer just costs 500Euros – why should I move to a more expensive VDI?’)
From a wording and technological point of view VDI was trending. Achieving all the positive aspects mentioned motivated some companies to move to VDI.
Windows XP was about to retire. Windows 7 must be rolled out. The physical Hardware has received the end of its lifecycle as well. Why not moving to a VDI?
From a cost perspective VDI suddenly increased the amount of investment that needs to be taken. New Endpoints (PC, Thinclients, Zeroclients). Even if you had ‘cheaper’ (you barely found them) thin-clients Microsoft opened their pocket and requested 100$ for the VDA license, additionally to the Win 7 license per user.
Costs for the Application and their support-services remained nearly the same. Operational cost benefits might have remained quiet similar to the legacy world (more on that topic later)
And suddenly we hosted desktops within a datacenter with enterprise server, network, storage, cooling and power requirements. Comparing SAN/NAS capacity within a datacenter with a Desktop:
X0$ per GB (DC) vs 1$ per GB (Consumer HDD)
More datacenter hardware + licensing for Virtualization & Desktop Brokering solution (e.g. view VMware View) really increased the costs.
What has changed from a pure cost perspective within this year. We still need datacenter hardware, but the density of Desktops per Node has increased a lot. Thanks to hyper-converged solutions we are able to decrease the costs of storage within a VDI environment. And we do not just decrease the costs. We are now also be able to scale the costs linear. We need more storage? We add a computing node with storage capacity to it. Thx to the intensive usage of SSDs and Flash-devices in today’s hyper converged solutions we are able to offer great performance with a minimum costs.
I had several VDI projects with vSAN within the last year and to be honest: vSAN is one perfect solution for VDI. For sure it can serve more use-cases than VDI, but within remember within Horizon you have a license for vSAN All-Flash included. Starting with Horizon Advanced you now have a professional storage solution integrated (vSphere and vCenter of course as well), therefore you can drop the SAN/NAS costs tremendously and recalculate the whole VDI business case.
In short: vSAN enabled us to decrease the infrastructure costs a lot! Always go for Horizon
Advanced or Horizon Enterprise.
Enhancements within the new remote protocol Blast Extreme might also change the costs for our endpoints since it’s using H.264 encoding which can be efficiently offloaded to nearly every CPU and cheap SoC. Cheaper Endpoints supported for Blast with a better user-experience might show up in the nearer future.
The user experience is a really important factor within VDI. The user wants to have everything in place that helps him doing his job and additional tasks ASAP. Multimedia-Content (CAD and youtube [must be a cool job]), low logon-times, SSD-Computer-feeling is (depending on the use case) are mandatory characteristics. Without the acceptance of the user the VDI project will have a heavier standing (that’s a German saying… no idea if that fits in English ;)
Security is so so so important within the EUC field. Security does not give us (or the user) any functional benefit, but it mitigates risks. We all know those users who are sticking everything into any kind of hole/port and then wonder why they are screwed. [OK, that sentence sounds quiet weird but I think you got the message].
User Experience depends on how we communicate changes and how good we design the solution. The communication of the upcoming change is so important to make sure we take away the frightening of the new way how we do our daily work. For many people a change in their daily doing (aka work) is one of the toughest thing. Changing from XP to Win7, Office 2007 to 2013, Physical to VDI. We must spent time and tell (& train) them the changes and advantages for them and then for sure needs to make sure we establish a solution that fulfill the promises we have given.
Before vSphere 6.0 one big disadvantage was the usage of 3d graphics within Horizon View on top of vSphere. I remember that we lost several bidding against Citrix on XenServer because of the lack/quality of NVIDIA’s and AMD’s integration. To have a unified user experience we needed to deal with user-profiles as well. A user that creates his own settings in a specific App wants to keep for the rest of the time. A user that has no idea about Notes does not want to run all the initial setup routine upfront. Persona Management or Roaming Profiles were not meeting any kind of qualitative requirements we had. Big profiles, environment changes only with scripts and therefore complexity led to longer login-times or corrupt profiles. Redirection of most of the important directories was the answer for many things, but still: we had many problems here.
Luckily not everything was bad. PCOIP has been a solid remote protocol that worked fine, even though it required a little bit of resources on the endpoint side to deliver a good experience (especially with multimedia content). For very standardized & minimal-personalized use cases we were able to deliver a good and valid solution based on linked clones. Performance was quiet fine when we sized the hosts and storage correctly (for IOPS). But especially sizing for IOPS came with a high-cost.
The biggest problem (from the perspective of the end-user) within a stateless desktop concept (in form of a floating desktop pool) was that every desktop suddenly was standardized. No chances to bribe the admin (with beers and flowers) to get quickly a specific application that was never intended within the initial use case (missing assessment maybe?!). Sure, from some IT management perspectives a user should only get what we have defined up-front. But in reality there are always some exceptions. And those exceptions are quiet hard to handle within a floating pool. ThinApp was quiet the solution that promised us to deal with that, but it never really kept up with this expectations based on its technological limitations. In the end many desktop pools in the world ended up as pools with a dedicated user-assignment losing all the operational benefits (more on that later).
vSphere 6.0 and vGPU support are increasing the possibilities to bring real 3d server graphic cards into a virtual desktop infrastructure. Even though some limitations still exist (!!!I want vMotion and more important: Instant Clones!!!) we can handle and work within complex 3d applications from wherever we want.
Within stateless desktops (floating pools) we are still limited that a user is not able to install unique application on his own. But AppVolumes brings us more granularity how we deliver applications into a stateless Desktop (based on Active Directory) entitlements. User Environment Manager makes sure we are keeping the user-environment and user-profile lean-clean and efficient based on our defined policies. Once a user requests an additional Application we can give him the AppStack containing this application in a very quick way.
Modern Intel CPUs and vSAN (together with NVIDIA Grid 3d cards) are making sure that we can create a great experience that is nearly identical to a physical computer with SSDs. What we still need for the future? Selecting only specific applications within AppStack that are entitled to a user (instead of injecting all Applications on an AppStack). This feature (called AppToggle) is available in AppVolume 3.0, but honestly/unfortunately: we don’t deploy AppVolume 3.0 in the current state a customer site.
Another great thing I am missing currently is the fact that we can re-specify virtual hardware settings for specific users. We always have users that might work harder than the others (from a resource demand perspective), but we want to keep them in the same pool. I imagine something like instant clones that clones rapidly a running VM with in parallel changing the hardware specs.
The design of an infrastructure is a really critical part when we create IT solutions. Within a VDI project it is even more important or let’s say more difficult like in some other domains. VDI project’s have a lot of stakeholders which daily-job will or better should definitely change after a virtual desktop infrastructure is in place. And that is quiet the problem right here. If you are not able to overcome the resistance internally the outcome will not be the one the initiator expected.
We will use new tools and methods to deal with Security, Application delivery, update management, user management, infrastructure operations.
If we cannot convince and re-organize the way we deliver and operate the desktops we will end up in a situation that manage the virtual desktops in the same way as we have done it in the old days. If that’s the case CapEx will increase, OpEx will increase.
In my opinion there for every VDI project there must be this one mission that should be targeted to with every design decision made.
Make the Desktop stateless
Every stakeholder must be aware of this mantra. Every stakeholder must agree that this mission is the necessary and only aim we should follow (for 80/90% of the VDI use-cases). And to be honest, this is going to be tough and long journey that requires a lot of up-front work.
IMO most projects are lacking a fundamental and methodological requirement engineering approach within the design phase. Therefore an important step upfront is mandatory. Assessment.
Which applications do users use? Which user needs which application? How are they delivered? How much resources do they need? …… Based on the assessment a good design can be created (in the best case based on VCDX or similar industry approved methodologies).
In my experience most failed VDI projects did put most of the effort on the technical questions and implementation details.
(Numbers may differ)
If you are a consultant: Convince the customer to fund the time for initial first two phases assessment and design
If you are a customer: If the company that wants to deliver your new VDI solution and does not focus on the first two phases right from the beginning: better switch them ;-).
To achieve a stateless desktop we are struggling with the biggest problem: Windows. Don’t get me wrong. I like Windows, but it was never meant to be stateless. The way it handles user and application data within its file system and registry is not really stateless friendly.
The next problem is that we don’t really want statelessness in the first place. Our user want a state-full desktop in a stateless world. And this was quiet hard to achieve within 2012 (if you haven’t had any 3rd party solutions like AppStack, etc. in place).
Roaming-Profiles :(, Persona Management :(, ThinApp :|, 50 desktop pools for 50 different application sets :(
At this time VMware didn’t gave us much technological options to solve those challenges. We know how it has end -> Dedicated desktop pools :(:(:(
Another topic we had regularly with customer: load-balancer. A load-balancer is nearly always recommended in every View environment to scale-out over various connection and security server. Unfortunately VMware had no load-balancing appliance delivered that we could have used here.
Acquiring CloudVolumes and Immidio was a brilliant move by VMware to address the above mentioned challenges. User Environment Manager (UEM) and App Volumes are solutions I really learned to love the more time I have spent with them. So many problems in the past we had solved with ‘complex’ scripting can now be solved quiet out of the box (policy/condition based user environment and application settings). Hours of troubleshooting complex WMI filtering issues: gone. If you have ever dealt with challenges within native Microsoft group policies and user profiles you will love UEM.
AppVolume is a product I like as well since it offers us new options how we deliver applications and design our desktop pools . The biggest challenge here: Keep the availability high and logon-times low (it might take a while until an AppStack gets merged into the GuestOS). A good AppStack design becomes relevant to achieve an acceptable user experience. Making AppVolumes high-available is something that also increases the footprint within your management cluster (I hope you have design one for your VDI environment). Multiple App Volumes manager, a database cluster, a load-balancer are mandatory to avoid a single point of failure (SPOF).
I heard two magic words: Load-balancer and SPOF. With NSX we have a good solid basic load-balancer in the VMware portfolio. But it is part of NSX and therefore we would need to license NSX for Horizon as well. Most people don’t know about that, therefore I would love to see NSX within the Horizon Enterprise license as well. NSX’s technology allows us to create micro-segmented Desktops and integrate various security solutions to avoid high frequently occurring situation we had in Germany with the malware ‘Locky‘ this year.
Focusing on existing SPOF we still heavily rely on a high-available vCenter and come on: It is September 2016 and we still have no real good option for that (MSCS does not count). With AppVolumes and Instant Clones even a minor downtime of the vCenter can lead to severe situations where people are not able to work within their virtual desktops (which will have a direct impact on the profitability of a company). I hope one day (hopefully after VMworld Barcelona) we will gather new knowledge about an integrated high-availability solution within the vCenter Server Appliance. WE NEED THAT!
Why do we want those stateless desktops with a floating user assignment? As soon as we have that in place the whole way how we operate desktops is changing. Updates? Pushed out easily and seamless. Problem with the Desktop? ‘Have you tried login off and on again?’ would now solve even more problems as it was within Windows in the past. Instant Clones always create instantly a clean and fresh version of a Desktop once a user logs off. That is not just an operational, but also a security benefit. For sure this fact will make it more important to manage the master more than ever. Having problems with mis-configured application settings? Offer a self-service to allow users to restore their backed up application settings. On-board new users? A couple of minutes (from a technical point of view – remember: you still need to change your organisational processes as well to benefit).
Summarized: Only in a stateless desktop construct we are really able to easily and centrally manage and operate thousands of desktops with a minimum head-count. And this is should always be one of the benefits we can achieve with VDI in the end. If we move to a complete floating world, we will see all the expected benefits right from the beginning of the VDI project.
Linked Clones, No AppVolumes, No UEM, No vRealize Operations (vROPS) for Horizon. Why should we care about vROPS? Because this solution is quiet great once you have started understanding how to work with it. From a pure operational perspective this can be learned really fast. The pre-defined dashboards will give you fastest access to relevant information around a user. We talked about user-experience and performance. If a user now calls and complains why the desktop is slow the support just types in the name and gets all relevant metrics in one view (CPU, memory, storage contention, logon times, PCOIP metrics and data about processes and services from within the Desktop).
Instant Clones, AppVolumes, UEM, vRealize Operations (vROPS) for Horizon are part of Horizon Enterprise. If you have the license. Use those technologies. vROPS can be tough and overwhelming in the beginning, but once you understood how to use it, you will see the benefits. I have seen multiple customer who had the license but did not using it. Spend 1 day for your service provider for installation and integration and 0.5 days to let him give you some introductions on that solution. You will not regret it.
One thing I would love to have for the nearer future. One integrated interface to manage all Horizon components. The view admin interface has not changed for 20 years. App Volumes and UEM are still managed as it was when they were still Immidio and CloudVolumes. Integrating those solutions into a great !!! (html-5 based) UI with a well-conceived role-based-access mechanism would be another buying argument for the customer.
In my opinion (IMO) Horizon Enterprise is the solution you should go with. Sticking to Horizon Standard will bring you back to the limitations we had since 2012. The higher license cost might be mitigated by reduced hardware costs. vSAN is the perfect fit for VDI. The saved capital should be spent to create a fully-featured stateless desktop environment. Only with that you will be able to gain reduced opex and therefor reduced TCO on a long-term while improving the functionality and quality of the end-user computing experience.
For sure there are many other different companies and good products out there that might solve specific problems better than VMware’s solutions. But the Horizon Enterprise stack as it is today offers us a complete set we need to deliver a successful VDI project. To be able to keep up with the future where more and more Software-as-a-Service application will be used the whole VDI stack must get extended with a next layer. At the moment VMware calls the solution Workspace One. It is quiet an interesting solution and as soon as I have gathered more practical experience I am going to write about that as well.
You want help for a proof-of-concept, design, implementation or general consulting? Get in touch via twitter, linkedIn, Xing or e-mail