IT & DATA MANAGEMENT RESEARCH,INDUSTRY ANALYSIS & CONSULTING

Optimizing VDI Success: The Network FactorAn ENTERPRISE MANAGEMENT ASSOCIATES® (EMA™) White Paper Prepared for Riverbed®

July 2013

Table of Contents

©2013 Enterprise Management Associates, Inc. All Rights Reserved. | www.enterprisemanagement.com

Optimizing VDI Success: The Network Factor

Executive Summary .......................................................................................................................... 1

Introduction ..................................................................................................................................... 1

The Network Factor in VDI Success ................................................................................................. 1

Optimizing VDI Performance For Remote/Branch ......................................................................... 2

The Riverbed Approach – Optimizing VDI for the Branch .............................................................. 3

High Performing VDI Session Management ............................................................................... 3

Storage Delivery for VDI ............................................................................................................ 5

VDI Performance Visibility with Cascade ................................................................................... 6

EMA Perspective ............................................................................................................................... 6

About Riverbed ................................................................................................................................. 7

Page 1 ©2013 Enterprise Management Associates, Inc. All Rights Reserved. | www.enterprisemanagement.com1

Optimizing VDI Success: The Network Factor

Executive SummaryAs organizations seek to continue leveraging the advantages of virtualization technologies, many are embracing virtualization of end user desktops via approaches such as Virtual Desktop Infrastructure (VDI). But while VDI solutions promise significant security and operational efficiency improvements, they also bring with them unique deployment challenges. If organizations hope to reap the full benefit of a VDI deployment, they must assure the best possible end-user experience, or adoption will stall and the project will fail. The network plays a critical role in making that a reality, particularly when trying to extend VDI deployments to remote/branch sites where WAN links will be a part of the connectivity picture. This ENTERPRISE MANAGEMENT ASSOCIATES® (EMA™) whitepaper examines the challenges of VDI in the branch and how Riverbed® solutions are designed to ensure that the network can deliver on the promise of VDI.

IntroductionRecent EMA research revealed that top drivers for embracing and deploying VDI include easier management, improved data security/control, and reduced physical desktop capital and administrative costs. BYOD (Bring Your Own Device) has complicated matters, blurring the lines between personal and corporate content. VDI presents a solution to help redraw those lines and keep corporate data and content secure regardless of users’ point of access; however, VDI faces some unique challenges, because it is attempting to replicate a dedicated desktop experience across the network. Further, that challenge can increase exponentially depending on how and from where a user is accessing their desktop and the applications they will run from that desktop.

The most common form of VDI solutions are server-based, whereby desktop images and application execution are hosted within centralized virtual servers, and most all keyboard, mouse, and display actions and traffic are transferred in real time from those servers to user endpoints across the network. A successful server-based VDI deployment requires attention to a number of key architectural design points, spanning all traditional technology domains within IT. In fact, VDI is somewhat unique in this regard, in that it requires careful and purposeful collaboration between server, storage, network, and desktop management teams if success is to be achieved.

The Network Factor in VDI SuccessMuch of the attention in the industry to date has been placed on optimal design and configuration of server and storage resources in the support of VDI deployments. For server-based VDI, this has traditionally existed entirely within the data center, and key considerations include such items as desktops per VM, VMs per host, storage technology, and storage tiering. Too often networking considerations tend to be secondary, and this is a mistake. VDI protocols do not tolerate latency or loss well, thus good performance along the network delivery path is critical to success. Once VDI traffic is outside of the data center, the focus almost entirely shifts to the network and its ability to delivery VDI traffic in a highly reliable, high performing manner. In networking terminology, this translates into low latency and low/no packet loss. In fact, VDI is so sensitive to loss and latency that many VDI solution providers recommend assigning VDI traffic a higher network QoS priority than even VoIP and video. Think of it this way –

VDI protocols do not tolerate latency or

loss well, thus good performance along the network delivery path is critical to success.

Page 2 ©2013 Enterprise Management Associates, Inc. All Rights Reserved. | www.enterprisemanagement.com2

Optimizing VDI Success: The Network Factor

any delay in responsiveness to keystrokes or mouse movements is instantly apparent to an end user, and frustration levels rise rapidly if the VDI approach does not meet the same responsiveness expectations as a traditional dedicated desktop.

The network plays a key role in the delivery and, ultimately, the end-user experience with VDI. Delivery from VDI server to end user will traverse one or more of the following types of networks: Local Area (LAN), Wide Area (WAN), and Internet. Logically, the most unmanageable and risky of these is the Internet, where bandwidth access and network delivery can be highly variable and unpredictable. The most manageable should be LAN, where sufficient bandwidth and capacity is typically delivered via 100Mbps or 1Gbps fixed networks, even in cases where the final access hop is wireless in nature.

WAN links typically come into play in large, distributed organizations that need dedicated, secure access to common centralized resources across broadly geographically distributed user sites. WAN links are almost always narrower in bandwidth than the LAN, and because they are connecting sites that may be quite distant geographically, they will always introduce transmission latency. Further, because they are smaller in bandwidth than LAN links, congestion is more common in the WAN and thus packet drops and loss are also more common. The result of traversing WAN links is a significant operational risk for VDI performance and user satisfaction, simply due to the nature of the WAN and how it behaves.

Optimizing VDI Performance For Remote/Branch Despite the challenges presented by the WAN, organizations would still like to deploy VDI across distributed organizations. A success-oriented approach starts with visibility, rooted in application-aware network performance monitoring for planning and troubleshooting. The rest of the story lies in understanding what active approaches can be taken to optimize the infrastructure for carrying and delivering VDI to remote, WAN-connected sites and users.

Application Delivery Controllers (ADCs) can play an important role. At certain times, such as the beginning of the business day and after lunch, large numbers of users, both local and remote, will all try to launch desktop sessions at the same time, potentially overloading VDI connections and authentication services. ADCs deployed in the datacenter ensure effective load balancing between connection and authentication servers during such “boot storms,” reducing login time and user frustration. ADCs can also provide global load balancing capabilities, so remote users can seamlessly access their desktops with the highest degree of assured availability via synchronized multi-datacenter hosting architectures, no matter where they are.

Traditional WAN optimization can also help to some degree. Such systems can apply QoS and priority queuing for latency-sensitive VDI session traffic. Unfortunately, compression and caching, two of the most powerful network traffic optimization techniques, cannot be applied in a way that will have a significant affect, as VDI session traffic is highly variable and non-repetitive. While bandwidth requirements may vary based on VDI protocol, recommended minimum per-session allocations start at 50-60 kbps and grow to 200+ kbps, particularly for graphically intensive applications. This means that reserving a high priority WAN delivery queue for VDI support can rapidly eat up precious and costly WAN bandwidth as the user

A success-oriented approach starts

with visibility (and) understanding what

active approaches can be taken to optimize

the infrastructure for delivering VDI to

remote, WAN-connected sites and users.

Page 3 ©2013 Enterprise Management Associates, Inc. All Rights Reserved. | www.enterprisemanagement.com3

Optimizing VDI Success: The Network Factor

population expands. Further, even with the most carefully constructed WAN optimization regime, there is no 100% guarantee against congestion or link loss, both of which will directly disrupt remote VDI users.

While some may be willing to accept these risks and over-engineer capacity and performance attributes of the WAN to mitigate them, the better answer is to find a way to bring the VDI session server closer to the VDI users themselves. In other words, to localize the virtualized desktop execution environment and the data it will be accessing most regularly, so that LAN performance can be realized.

Localizing VDI to the branch can be accomplished by implementing a VDI product architecture that distributes VDI session servers directly to remote sites, so that VDI protocols need only traverse the LAN between endpoint and session server. With many options for providing local virtualized hosting, either on a dedicated system or a branch-in-a-box platform, finding a place to host the VDI session servers is often quite simple. Further, VDI connection/authorization servers can continue to reside back at the datacenter, where greater security can be ensured. Finally, since VDI protocols are terminated at the VDI session server, any additional network traffic going back across the WAN looks like traditional application traffic, and can be operated on as normal using well-established WAN optimization technologies. This approach also avoids the problem known as “hair pinning” where, for example, remote branch print traffic is invoked on the desktop but must run through the a centralized VDI session server before traveling back out to the branch for actual printing. With branch-site VDI session hosting, such traffic stays on the LAN.

The only factor left to consider is the third leg of the VDI stool – storage. As it turns out, storage is really important because that is where VDI user desktop images are kept and maintained. Desktop images are pulled from storage when a user logs in, so timeliness is important and congestion common when many users are logging in simultaneously – a phenomenon known as “login storms” or “boot storms.” There are two obvious choices for storage in our remote site optimization scenario. Storage systems can be kept in the datacenter, where security is higher and backup processes can be run efficiently, but performance will suffer because of the latency introduced when pulling desktop images across the WAN. Alternatively, storage equipment and systems can be deployed at the branch, where performance will be higher but so will costs and data protection risks. An ideal situation would be to find a way to get the best of both worlds – to provide local storage performance but centralized storage integrity.

The Riverbed Approach – Optimizing VDI for the BranchRiverbed had taken on the challenge of assuring high performing VDI at the branch by delivering a multi-faceted solution that offers accelerated/optimized VDI access as well as local storage performance with centralized storage integrity. Key to these is the combination of Riverbed Stingray™ Traffic Manager, the Riverbed Steelhead® WAN Optimization platform, and the innovative Granite™ overlay for intelligent storage delivery optimization. These active components are complemented by the Riverbed Cascade® portfolio of application-aware network performance monitoring solutions, which closes the loop for assuring VDI success.

High Performing VDI Session ManagementThe Riverbed Stingray Traffic Manager is a an advanced ADC solution that can be deployed either as pure software or as a virtual appliance, to improve accessibility to VDI for remote and branch users, via two primary scenarios. The first is where a Stingray Traffic Manager is deployed for local load balancing

Page 4 ©2013 Enterprise Management Associates, Inc. All Rights Reserved. | www.enterprisemanagement.com4

Optimizing VDI Success: The Network Factor

between multiple connections or security servers within a single datacenter. The second leverages the Stingray Traffic Manager’s global load balancing capabilities, supporting active management of VDI session initiation across multiple redundant data centers. An example of this second scenario is shown in Figure 1.

Figure 1: Riverbed Stingray Solution for VDI

Key benefits of the Riverbed approach include:

• Simpler deployment scenarios using intelligent load balancing rather than exposing multiple, discrete connection or security servers.

• Improved resilience for single-datacenter architectures, preventing individual security or connection server outages from blocking VDI access.

• Improved connection server performance via SSL and compression offload.

•Ready accommodation of boot storms via dynamic allocation of security and connection server resources.

• Improved security via Stingray Traffic Manager’s ability to act as a “deny-all” gateway, allowing only specifically validated traffic types, and/or the optional Stingray Application Firewall.

• Full support/enablement of high availability VDI architectures such as VMware View AlwaysOn Desktop.

Page 5 ©2013 Enterprise Management Associates, Inc. All Rights Reserved. | www.enterprisemanagement.com5

Optimizing VDI Success: The Network Factor

Storage Delivery for VDIThe Granite solution accomplishes this feat by “projecting” centralized data center storage out to a specialized module on the Steelhead at the remote branch, effectively putting an image of stored data directly into the branch without requiring traditional storage systems. A typical deployment scenario to leverage this approach would include deployment of Steelhead with Granite in the branch as well as datacenter-side Steelhead and Granite appliances (see Figure 2). The VDI session host could either be implemented on a branch compute system, or optionally on a VMware vSphere-based Virtual Services Platform (VSP) partition on the branch Steelhead appliance itself. The Granite components deliver local images of centralized storage, and the Steelhead optimizes the WAN link traffic.

Figure 2: Riverbed Steelhead/GRANITE Solution for VDI

The benefits of this approach are many:

•VDI sessions are hosted locally, providing a true LAN-quality end-user experience.

•Virtual desktops execute from the branch-based appliance, minimizing login/boot storm impact on the centralized storage platform.

•Data and images needed for VDI session hosting are asynchronously replicated to the datacenter, where security can be applied in depth and backups run without congesting the WAN.

•There is no need to reserve expensive WAN bandwidth for latency/loss-intolerant VDI protocols.

•All execution of user desktops takes place locally, so no hair pinning is experienced when accessing local printing and peripherals.

•Application and data traffic generated by hosted desktop session are optimized within the WAN just as traditional non-VDI traffic has in the past.

•Desktops are managed, secured and deployed centrally, keeping with traditional VDI deployments.

Finally, there is an additional benefit here in terms of resilience. One of the biggest concerns with VDI in the branch is what happens if/when there is a failure in WAN connectivity back to the datacenter. In a non-optimized setting, remote users whose desktop sessions are hosted in the datacenter will suffer total loss of function if there were ever to be any significant impairment in WAN connectivity. By locating the VDI session server in the branch, some level of productivity can be maintained during WAN outages, as long as they do not require initial connection authorization or login.

Page 6 ©2013 Enterprise Management Associates, Inc. All Rights Reserved. | www.enterprisemanagement.com6

Optimizing VDI Success: The Network Factor

VDI Performance Visibility with CascadeFor accurate planning, vigilant operations, and efficient troubleshooting, performance monitoring systems must provide direct awareness of VDI health and activity in context with the full operational environment. Riverbed provides such capabilities within the Cascade portfolio of performance monitoring products, which provide both broad and deep visibility and analysis to support VDI success. In particular, Riverbed Cascade Pilot supports troubleshooting via deep packet-level analysis of VDI traffic (see Figure 3), revealing individual channel activity such as keyboard, mouse, and video, and allows operators to understand whether or not network traffic is adhering to QoS policies, what other traffic/activity is present that might impact VDI in any way, and more.

Figure 3: Riverbed Cascade VDI Visibility Solution

EMA PerspectiveFor most modern enterprises, VDI is a strategic investment. As such, VDI planning and deployment requires focused efforts to prepare the appropriate back-end server and storage architecture as well as ensure that networks are ready to deliver the new types of traffic loads that VDI brings. End user training is also required, as an important step towards smoothing the transition, protecting productivity, and ensuring sufficient levels of adoption to achieve business objectives and capture returns on the resources that will have been committed.

The growing adoption of VDI marks an important evolutionary step in IT infrastructure. Enabled by steady and significant improvements in virtualization technologies, VDI projects are helping organizations to reduce desktop support costs, enable greater worker mobility, and improve security posture. Also, the greater/broader the deployment of VDI, the greater the returns realized, translating into large-scale plans for VDI deployment across both campus and distributed organizations.

While VDI can bring simplicity to important aspects of IT planning and support, it is in itself no simple technology. VDI both leverages and relies upon all aspects of the IT infrastructure, including end-user device, compute, storage, and the network. Further, it is essential that every aspect of the supporting VDI infrastructure be both highly available and high performing, in order to assure that end users will be provided acceptable quality of experience and uninterrupted IT-enabled productivity.

Page 7 ©2013 Enterprise Management Associates, Inc. All Rights Reserved. | www.enterprisemanagement.com7

Optimizing VDI Success: The Network Factor

The potential hurdles for supporting VDI deployment to remote/branch facilities across the WAN represents a significant challenge that must be addressed with serious deliberation and adaptive design. Any approach taken needs to include special accommodations and optimizations for branch users, so that they can be provided the same quality of experience of large campus users. More specifically the latency, jitter, and loss inherent with wide area networking must be eliminated from the infrastructure equation if performance risks are to be adequately mitigated. Further, and in particular as VDI user populations grow, specific steps must be taken to address initial VDI session connection time, removing the impact of boot storms and assuring reliable access.

The Riverbed Granite solution, used in conjunction with Riverbed Steelhead, represents an innovative and powerful approach to optimizing VDI for the branch. By offloading VDI session traffic to the branch LAN via local hosting and virtual storage optimization, the WAN can be removed from the network factor almost entirely, and returned to a well-known and natural role that can be optimized via well known, proven techniques. Further, the Riverbed Stingray Traffic Manager offers clear advantages for improving connection speed, security, and reliability via a combination of local and global load balancing and acceleration capabilities. Riverbed goes even further, offering discrete and specific VDI performance monitoring and troubleshooting capabilities within the Riverbed performance management suite of network management products, providing necessary visibility for planning and supporting VDI deployments in production at enterprise scale.

In EMA’s perspective, employing optimization solutions such as these will be essential for the long-term success of large-scale, distributed VDI deployment projects.

About RiverbedRiverbed delivers application performance for the globally connected enterprise. With Riverbed, enterprises can successfully and intelligently implement strategic initiatives such as virtualization, consolidation, cloud computing, and disaster recovery without fear of compromising performance. By giving enterprises the platform they need to understand, optimize and consolidate their IT, Riverbed helps enterprises to build a fast, fluid and dynamic IT architecture that aligns with the business needs of the organization. Additional information about Riverbed (NASDAQ: RVBD) is available at www.riverbed.com.

The combined Riverbed solution of Granite/

Steelhead, Stingray Traffic Manager, and Cascade

performance management represents a powerful

approach to optimizing VDI for the branch.

About Enterprise Management Associates, Inc.Founded in 1996, Enterprise Management Associates (EMA) is a leading industry analyst firm that provides deep insight across the full spectrum of IT and data management technologies. EMA analysts leverage a unique combination of practical experience, insight into industry best practices, and in-depth knowledge of current and planned vendor solutions to help its clients achieve their goals. Learn more about EMA research, analysis, and consulting services for enterprise line of business users, IT professionals and IT vendors at www.enterprisemanagement.com or blogs.enterprisemanagement.com. You can also follow EMA on Twitter or Facebook.

This report in whole or in part may not be duplicated, reproduced, stored in a retrieval system or retransmitted without prior written permission of Enterprise Management Associates, Inc. All opinions and estimates herein constitute our judgement as of this date and are subject to change without notice. Product names mentioned herein may be trademarks and/or registered trademarks of their respective companies. “EMA” and “Enterprise Management Associates” are trademarks of Enterprise Management Associates, Inc. in the United States and other countries.

©2013 Enterprise Management Associates, Inc. All Rights Reserved. EMA™, ENTERPRISE MANAGEMENT ASSOCIATES®, and the mobius symbol are registered trademarks or common-law trademarks of Enterprise Management Associates, Inc.

Corporate Headquarters: 1995 North 57th Court, Suite 120 Boulder, CO 80301 Phone: +1 303.543.9500 Fax: +1 303.543.7687 www.enterprisemanagement.com2699.071613