CLEARPATH SOLUTIONS GROUP

1

What you didn’t know you needed to know before implementing VMware View

Josh Townsend Virtualization Practice Manager

SE

SS

ION

OV

ER

VIE

W

Don’t be caught unprepared when you make the move to virtual desktops!

This session will provide attendees with an overview of how VMware View integrates with your existing infrastructure, Windows images, applications, and processes.

Building on Clearpath’s experience in implementing VMware View for customers of many sizes in a variety of industries, we will look at many of the issues that can cause a View pilot or production implementation to get off track.

Prerequisites and best practices for the pieces of your environment that touch View will be reviewed, including Active Directory, Distributed File System (DFS), Group Policies, Load Balancers, ThinApp packaging, and base image optimization.

Finally, we’ll discuss how to integrate the several facets of your IT group that will have to be involved in your View roll-out: application, desktop/helpdesk, network, storage, and infrastructure teams.

2

VMware View from 30,000’

3

User Experience Virtual Desktop OS, Data, Apps

Thin Client

Desktop

Laptop

OS, Provisioning & Update

User Data & Personalization

Application Virtualization

Desktop VM

• Disaster Recovery

• Security

• Availability & Backup

VMware View Deployed Components

4

Thin Client

Desktop

Local Mode

VMWARE VIEW MANAGER

VMWARE VIEW

COMPOSER

VMWARE THINAPP

Centralized Virtual Desktops

Linked Clones

Platform VMware vSphere For Desktops

Management VMware View Manager, VMware View Composer, VMware ThinApp

User Experience PCoIP, Print, Multi-Monitor Display, Multimedia, USB Redirection, Local Mode

Parent Image

SQL Server vCenter View Composer View Event DB

VMware View Linked Clones

5

TRADITIONAL VDI VMWARE VIEW COMPOSER

Linked Clones

Parent Image

VMWARE THINAPP

VMWARE VIEW

COMPOSER

VMware View Offline Desktop – Local Mode

6

VMWARE VIEW

MANAGER Offline

Desktop

Centralized Virtual Desktop

PCoIP

High Performance Experience

• Flexible and adaptive for the

best experience across LAN

and WAN

• Optimized for desktop delivery

• Customize the experience by

user, use case, available

conditions

• End-to-end software solution

with optional hardware

• Addressing requirements from

the task worker to power user

7

PCoIP Optimization

Configurable Experience

• Ensures responsive desktop while

rendering pages and graphics

• Build to lossless delivers best

performance and highest resolution

• Customize with Optimization Controls

• Select the right settings for the user, use

case or conditions

• Reduce bandwidth use up to 75%

• Increase user density and scalability on the

WAN

8

VIE

W T

EA

M

And we haven’t even involved the desktop team or helpdesk!

9

Reduce Application Conflict and Support Costs

10

Operating System

Streamline Application

Packaging and Deployment

with ThinApp

Decouple applications and data from

OS

Eliminate application conflicts

Enable application flexibility

Enable many versions of same app

Deployment flexibility

Zero endpoint footprint

Easily integrates into existing ESD tools

Application Application

Operating System

VOS VOS

Application

sandbox

Application

sandbox

App Files App Files

ThinApp Behind the Scenes

11

ThinApp Links the Application, Virtual Operating System (VOS), Virtual File System and Virtual Registry into a Single Package

Windows Operating System

ThinApp Compressed Container (EXE)

Virtual OS

Application

Registry Access

File Access

Virtual Registry

Virtual File System

Physical Registry

Physical File System

Sandbox

• Application encapsulation and Isolation

• Intercepts file and system calls

• Process Loading- start exe from VOS, Launch from host OS (Virtual/Physical).

• DLL Loading. loads DLL dependencies the EXE/DLL/OCX files from archive

• Thread and process management. VOS tracks all processes and threads inside virtual registry (COM & Utility)

VS

PH

ER

E C

ON

SID

ER

AT

ION

S

Upgrade to 5.0 Update 1 (Not 5.1 yet)

• View Storage Accelerator (VSA) feature reduces

read IOPS significantly Boot-storm operation (~80% in

peak IOPS, ~45% in average IOPS) *Steady state workload with View Planner 2.1

12

Almost all application launch times are improved with VSA Enabling digest on User Data Disk (UDD) not much more beneficial than system disk only

~60% savings in Reads No savings in writes as expected

TH

INA

PP

S / A

PP

LIC

AT

ION

ST

RE

AM

ING

Plan for a change in App IO profile & settings

• Streamed / ThinApps can generate more write IO’s than

thick installed apps – 20-45% more.

• Streamed / ThinApps can generate 20-45% less read

IO’s

• Optimize your ThinApps as much as possible to reduce

performance impact.

• Precache ThinApp sandbox (%profile%\Application

Data\ThinStall)

• Know your apps – understand their workload profile

(read/write, CPU, memory). Dedicate app-specific

pools and place on appropriate resources.

• Disable Outlook Cached Mode, Place Notes data

directory within Persona profile.

13

ST

OR

AG

E S

IZIN

G

IOPS, IOPS, IOPS

• VMware View Storage Workload Characterization • Very different than traditional server workloads

• Write heavy (up to 90% writes in some scenarios)

• Windows 7 can generate ~5000 IOPS at boot

• Idle Windows 7 can still generate IOPS

• IO Splits • Replica disk – 100% Read

• Delta disk – 80% Write / 20% Read

• Disposable Disk – 90% Write / 10% Read

• Persistent Disk – Varies, start with 1:1. Monitor & adjust.

• VAAI Support on array very important

• Max VM’s per VMFS Datastore: • Full VM: 32

• Linked Clone: 140 (assumes VAAI)

• Max VM’s per NFS Datastore: 250

• Besides C:\, also include video swap, 3D video swap, suspend space, memory swap (use memory reservations to reduce), and Linked Clone growth rate

14

VMware View Storage & Virtual Disk Example

15

VM

WA

RE V

IEW

LU

N S

IZIN

G A

ND

PE

RF

OR

MA

NC

E

Example Storage Sizing – 100 Desktops

• IOPS Per Disk Type:

• EFD: 2500

• 15k SAS: 180

• 7.2k NL SAS: 80

• RAID5 IOPS Calculation

N=# Disks, R=IOPS/Disk, I=Total

IOPS

• Read: I=R*(N-1)

• Write: I=(R*(N-1))/4

• RAID10 IOPS Calculation

N=# Disks, R=IOPS/Disk, I=Total

IOPS

• Read: I=R*(N-1)

• Write: I=(R*N)/2

16

Performance/IOPS

Workload Write IOPS Read IOPS

EFD

Replicas 0 3976

15k SAS

Linked Clones 872 392

Persistent Disks 10 204

Total IOPS to 15k Spindles 882 596

VM IO = VM Read IO + (VM Write IO * RAID Penalty) | RAID5 Write Penalty = 4

596+(882*4) = 4124

15k Spindles Required (180 IOPS Each) = 23

Capacity

Tier/Workload Space Required (GB)

EFD

Replicas 280

15k SAS

Linked Clones 2197

Persistent Disks 430

Cache, Swap, Slack 440

Total 15k SAS Required (GB) 3067

# 15k Disks 20

Usable Disks after RAID5 parity 16

Disk Size (GB) 300

Usable Capacity per Disk (GB) 268

Total 15k SAS Usable Capacity (GB) 4288

• 23 x 15k spindles is worst case scenario • FAST Cache will absorb a percentage of IO Less disks • # of 15k Disks to achieve IOPS exceeds required space (GB)

CO

MP

UT

E S

IZIN

G

Servers, CPU, Memory, IO ports

• CPU • 8-10 vCPU’s per physical core.

• Hyperthreading can offer some boost

• Newest CPU’s in a highly tuned environment could reach 15-18 vCPU:pCore

• Avoid vSMP unless necessary (70% vCPU utilization)

• Turn off power management in BIOS for consistent experience

• Memory • 2GB XP, 2-3GB Win7 x86, 3-4GB Win7 x64

• Some benefit from TPS, but Win7 uses large pages.

• Oversubscribe for shift work desktops, but do so sparingly for full-time use desktops. Users will feel balloon and swapping.

• IO • Extra NIC’s for concurrent vMotions

• Very dense environments – size for bandwidth of PCoIP plus normal client-server communication.

• Additional NIC’s to support any necessary network segmentation

• Cisco UCS offers IO flexibility

17

N+1

NE

TW

OR

K C

ON

SID

ER

AT

ION

S

VLAN, Subnet, DHCP

• Subnet Size • Desktops per View Composer Pool: 1000

• All desktops in pool share same master image, including port group/VLAN

• Subnet bits: /22

• Do you really want a broadcast domain with 1000 nodes?

• Multiple pools with different network configs (increases disk space requirements)

• Have DHCP prepared to serve enough addresses per pool.

• Shorten DHCP lease time for stateless desktop environments – 8 days will not work. Recommend 2-4 hours.

• PVLAN – Consider putting desktops on a PVLAN to isolate communication between VM’s – control spread of malware.

• Consider DHCP for BOTH View desktops & Client devices (double what you have now)

18

NE

TW

OR

K C

ON

SID

ER

AT

ION

S

Summary of Typical bandwidth requirements

Application Average bandwidth

Peak bandwidth

Maximum rtt

Comment

Remote "bare bones" data entry 200 kbit/s 500 kbit/s 250 ms

Expect visible blur/low quality initial screen updates,

long update times (2-5 seconds) for full screen or

large window change, noticeable delay (0.25-2

seconds) on smaller screen updates such as pull

down menus.

Basic text processing/form filling with no

multimedia and infrequent

window/screen switching 250 kbit/s 1 Mbit/s 250 ms

Expect some initial blur/artifacts when updating

screen or switching large windows, large updates

may be a bit slow (1-2 seconds).

Multiple text based Windows

applications (Excel, Word, Outlook) with

frequent window switching and some

graphics content

400 kbit/s 2 Mbit/s 150 ms There may still be some lower quality initial screen

updates. Screen should generally update in less than

1 second.

Multiple text windows applications

including occasional lower quality

multimedia, e.g., YouTube 360p 1 Mbit/s 4 Mbit/s 100 ms

Possible reduction in frame rate/quality for video but

should be fairly good. Still possibility for lower initial

quality full screen update though a lot less noticeable.

Switching multiple graphics/text

windows applications including frequent

360p video and some animations (e.g.,

Flash)

1.5 Mbit/s 8 Mbit/s 100 ms Full screen updates should get fairly snappy and

quality should be high for those updates. Videos may

still appear with slight blur.

Occasional larger video (480p/720p)

and/or animation and/or photo editing

etc. 2 Mbit/s 12 Mbit/s 100 ms

Snappy updates but possibly lower quality noticeable for large videos. Small videos should look crisp.

Frequent large video (e.g., playing 480p

20% of the time), video editing,

demanding multimedia apps 5 Mbit/s 30 Mbit/s 50 ms

Experience should be almost indistinguishable from a

local PC. Note powerful server and at least dual

vCPU required to keep up.

"The works" 16 Mbit/s 80 Mbit/s 25 ms

Experience should be indistinguishable from a local

PC for most applications except for GPU intensive

applications (3D games etc.). Powerful server and

dual or quad vCPU.

PC

OIP

NE

TW

OR

K T

UN

ING

TIP

S

Bandwidth tuning tips

•Use a full-duplex end-to-end network link •If you have a single user, look up the application and ensure you allocate enough bandwidth to satisfy the peak PCoIP requirement and any other network traffic •If you have multiple users sharing a network connection, use the following rule: Add the average bandwidth for all the users. •Add the maximum peak bandwidth for all the users. •If you have four or less users, add 50% margin. If you have eight or less users add 25% margin. For 16 or less users add 20% margin. For more than 16 users add 10% margin. •Consider segmenting PCoIP traffic via IP QoS DSCP or a layer 2 CoS or virtual LAN (VLAN). •QoS – VoIP, then PCoIP, then rest. •If a VPN is used, confirm that UDP traffic is supported. •Do not route PCoIP traffic through TCP-based SSL tunnels. Use IPSEC or DTLS-enabled SSL solutions. •Latency isn’t ‘bad’ but constant fluctuations of ±30ms can cause problems

DE

PL

OY

ME

NT &

AS

SIG

NM

EN

T M

OD

EL

S

View Pool Deployment & Assignment Models

Pool Type Description

Automated

An automated pool uses a vCenter Server template or virtual machine snapshot to generate new desktops. The desktops can be created when the pool is created or generated on demand based on pool usage.

Manual

A manual pool provides access to an existing set of machines. Any type of machine that can install View Agent is supported. Examples include vCenter virtual machines, physical machines and Blade PCs.

Terminal Services

Microsoft Terminal Services pool provides Terminal Services sessions as desktops to View users. View Connection Server manages Terminal Services sessions in the same way as normal desktops.

21

Assignment Model Description

Floating Users will receive desktops picked randomly from the pool each time they log in.

Dedicated Users receive the same desktops each time they log into the pool.

Deployment Model Description

Linked Clone

View Composer linked clones share the same base image and use less storage space than full virtual machines. The user profile for linked clones can be redirected to persistent disks that will be unaffected by OS updates and refreshes.

Full

Desktops sources will be full virtual machines that are created from a vCenter Server template.

ST

AT

EL

ES

S D

ES

KT

OP

S

Persistent vs. Stateless

• Audit/Event Logs not maintained locally in stateless

desktops – use event log forwarding if you need

desktop logs

• Train your users on where to save data if they want it

persisted.

• Train helpdesk staff on how to troubleshoot.

• Offer Apps as a Service via ThinApp – restrict users’

ability to install.

• Boot/Login Storms more prevelant

22

WIN

DO

WS L

ICE

NS

E A

CT

IVA

TIO

N

Must Have a Key Management Server

• To activate Windows 7 Linked Clone desktops, you

must have a Key Management Server (KMS). View

cannot provision Windows 7 without a KMS.

• Must activate 25 Windows 7 desktops before KMS is

activated.

• Also consider adding Office 2010 KMS keys to server.

• http://blog.clearpathsg.com/blog/bid/155705/Using-

KMS-for-VMware-View-Windows-Activation for more

help.

23

LO

AD

BA

LA

NC

ING

& S

SL

Certificates Needed

• Load Balancers

• DNS RR

• NLB

• HAProxy

• vCloud Network & Security (vShield Edge)

• F5, A10, etc.

SSL Certificates

• Best to have public CA certs for mobile devices, BYOD, home

access. Deploying AD Certificate Services certificates to

unmanaged devices is challenging.

24

AC

TIV

E D

IRE

CT

OR

Y

Directory Services Matter

Impact Stateless desktop pools can put pressure on Active Directory - Computer Object Creation / Deletion - Replication of Created / Deleted Objects (Bandwidth) - CPU Overhead of object creation / deletion - NTDS.DIT Fragmentation – Offline Defrags may be needed - GPO Reads – Full reads when new VM is created, not incremental update checks - New OU Structures for View Desktops - Computer account password expiration can impact linked clone refresh.

Recommendations Upgrade Active Directory to 2008 Implement DFS-R for SYSVOL (http://blogs.technet.com/b/notesfromthefield/archive/2008/04/27/upgrading-your-sysvol-to-dfs-r-replication.aspx)

GR

OU

P P

OLIC

Y C

ON

SID

ER

AT

ION

S

New Policies for New Desktop Methods

Loopback Policy Processing Mode for View Desktops Model and Test GPO Changes for functionality and performance Advanced Group Policy Management Console in MDOP (SA Benefit) Look for old policies that could negatively impact performance or conflict with View - Login scripts - High levels of event logging - Screen Savers - Unused Policies

DF

S F

OR

PE

RS

ON

A &

TH

INA

PP R

EP

OS

ITO

RIE

S

User Data Anywhere but the Desktop

2008 Mode – Requires AD to be at 2008 Domain Functional Levels - No direct upgrade path from 2003 DFS mode to 2008 DFS mode - Why 2008 Mode?

- Access Based Enumeration - Remote Differential Compression - More scalable for branch offices - Improved monitoring (DFSDIAG)

- Replication Topology (Hub & Spoke, Full Mesh) may be different for Persona than

other shares, depending on user mobility and availability requirements.

Replication Considerations - Files with TEMP attribute are not replicated!!!

- Outlook and other programs may save files (attachements) with T. - Antivirus programs may add T attribute.

- Replication intervals across WAN links - File filters – remove mp3, avi, mpeg unless business requirement.

Size for profiles now using VMware Capacity Planner, Liquidware Labs, PS1 Login Script

DE

SK

TO

P B

C/D

R

DR Your Desktop

With VMware View, desktop disaster recovery and business continuity are more possible than with physical desktops. You don’t need to replicate all desktops 1:1 to DR site. Full VM’s replicate. Linked Clones spin up fast on DR hardware. Replicate your templates whenever updated. Seed pools with template image and minimal number of desktops (1) to enable rapid provisioning in event of disaster. Update DR templates for correct network configuration. View Connection Server and Security Servers cannot be replicas of Production. Must be new unique View environment. Have DNS, AD, DHCP, KMS Server ready at DR. Backup View components, verify backups often: http://www.vmware.com/files/pdf/techpaper/VMware-View-Backup-Best-Practices.pdf Develop SOP and Run Book for backup and recovery operations.

CL

IEN

T C

HO

ICE

S –

RE

PU

RP

OS

ED

, TH

IN, Z

ER

O?

Performance, Form Factor, Power Consumption Thick Clients • Good

• Best performance • No VDA if Windows and if under SA • Local Mode support • VPN Support

• Bad • Additional heavy-touch management • Double licensing

• Other • Live CD, PXE Boot

Thin Clients • Good

• Light touch management • Smaller footprint • Lower power consumption • Lower licensing costs

• Bad • Cost • Performance • New management tools

• Other • Several vendors to choose from • Don’t cheap out

Zero Clients • Good

• Lightest Touch • No moving parts • No persistent storage • Easy to configure/deploy • Low cost

• Bad • Limited support of client side

caching • Teradici lockin • No local mode • No VPN • No WiFi

• Several vendors to choose from. • Choose one with good tool for firmware

upgrade deployments.

PE

RIP

HE

RA

LS

More than a desktop…..

• CD/DVD – Need USB devices and LAN speeds. http://blog.clearpathsg.com/blog/bid/155645/Using-a-CD-DVD-drive-in-VMware-View

• USB Device Control – what devices will you allow, disallow?

• Other: USB Microphones for voice dictation, webcams, VoIP devices

• Plan for additional bandwidth to support the peripheral use and associated applications.

• Verify compatibility with existing and planned peripherals.

AN

TIV

IRU

S C

ON

SID

ER

AT

ION

S

ProjectVRC.com

Best Practices • Legacy AV Solution

• Pre-scan image before cloning to populate scanned file hash cache

• Randomize scan times • Reconsider scheduled scans • Reconsider update schedules • Disable unneeded plugins (IE,

Outlook) • Disable network scanning • Disable NPS, Firewall, IDS • Scan only on write option • Reconsider heuristic scanning

• vShield Endpoint

• Reduce IOPS • Reduce CPU/Mem • Place security software closer

to the elements you are trying to protect

MO

NIT

OR

ING

, TR

OU

BL

ES

HO

OT

ING

Monitoring Matters

Free Tools: View PAL, PCoIP Log Viewer Paid: vCenter Ops for View, Liquidware Labs, Xangati

OP

TIM

IZE W

IND

OW

S

Windows 101

Optimize your base Windows image, test, optimize again. Best to start with a new clean install, not a re-used Ghost image. VM Hardware Version 8 (9 for Sparse SE disks once View is certified for vSphere 5.1) Every IOP counts and is multiplied across the environment. CPU and memory waste reduces efficiency of VDI environment. Disable unused services. Turn off startup apps/services Tune Windows boot parameters for faster startup Remove unneeded vHardware Remove unused Windows features Disable NTFS Last Accessed and 8dot3 The list is long…. Check out VMware and EMC whitepapers to get started. Get a copy of Clearpath’s whitepaper with additional tuning tips sent to you – leave your card for a copy!

VIEW TCO / ROI

34

VMware View – Infrastructure Cost per User

35

VMware View Enterprise (List) : $150

VMware View Premier (List) : $250

If under Software Assurance : $0

Microsoft VDA License (List) : $100

If purchased : $250

Repurpose existing PC : $25

Microsoft

VDA License

Thin/Zero

Client

View

License

Includes vCenter Server, vSphere for Desktop, and View Manager (Connection Server(s), Security Server(s), Transfer Server(s)

Adds View Composer (Linked Clones), Local Mode, vShield Endpoint, ThinApp, Persona Management

SO

UR

CE: ID

C –

QU

AN

TIF

YIN

G B

US

INE

SS V

AL

UE O

F V

MW

AR

E V

IEW

, JU

NE 2

01

1

Physical Desktop TCO

36

$1 spent on Hardware, requires $3.8 more to support it!

Average Useful Life : 4 years

Operational Expense : $2480 (over useful life of 4 years)

Capital Expense : $1000 (one time)

Productivity Cost : $1360 (over useful life of 4 years)

Total Cost of Ownership : $4840 (over useful life of 4 years)

Measure Soft Costs Now

VM

WA

RE V

IEW

TC

O

VMware View - TCO

37

$1 spent on Hardware, requires $1.3 to support it

Average Useful Life : 4 years

Operational Expense : $1160 (over useful life of 4 years)

Capital Expense : $1250 (includes VDA, View S&S license )

Productivity Cost : $440 (over useful life of 4 years)

Total Cost of Ownership : $2850 (over useful life of 4 years)

4 Year TCO Comparison (Traditional Desktop vs. VMware View

38

Source: IDC – Quantifying Business Value of VMware View, June 2011

Save $500/PC annually

Impact of VMware View on Windows 7 Migration (5000 Desktops)

39

Double the speed, Half the Cost

Questions?

40

Clearpath Solutions Group

• EMC

• VMware

• Cisco

• http://www.clearpathsg.com

• Facebook | Twitter | LinkedIn | Blog

41

We Speak Cloud.