Desktop Virtualization Solution
1 Desktop Virtualization
1.1 The current status of office automation environment
The existing office automation system is based on the traditional PC mode, which requires the installation of the needed software programs and client on every PC, while since the important data is distributed on different PCs, it is inconvenient to collect and backup them.
In the current situation, the client security risk is increased. There are many PC security vulnerabilities, so the business data in the client are under the risk of leakage and loss, and the users' business environment may also be attacked or damaged.
The staff's working environment is bound to PCs, so when the hardware or software break down, the staff have no choice but wait for IT maintenance personnel to repair, resulting in a lack of maintenance response which directly leads to low influence and inefficiency.
The cost of business terminal maintenance keeps increasing, because IT operation personnel should carry out not only PC maintenance, but also the desktop management and the maintenance of operating system environment, application installation, configuration and update. With an increase of applications, maintenance work is going to escalate.
As the scenes of applications get more and more complicated, there are increasing requirements for functionality, security, convenience of business system, for example:
Fast switching among work scenes: the increasingly scattered workplaces results in the problem of how to share the data. The current system cannot meet the need of a flexible desktop which can switch according to the users.
Business continuity: a quicker response to a variety of natural disasters and environmental changes requires greater capabilities in business continuity to order to restore business access within a short time.
Relocation and expansion of workplace: how to achieve the capability of user access as it was in the past or even surpass that in the past at the lowest cost of IT resources.
Therefore, to simplify the client environment and implement centralized deployment, management, operation and maintenance, desktop virtualization is an effective solution.
1.2 What is desktop virtualization?
In simple terms, desktop virtualization is the technology that supports enterprise-level remote dynamic access to the desktop system and the unified management of data center. We can have access to our personal desktop systems on any device no matter where and when we are through desktop virtualization.
From the day when modern computing came to existence, it always has been a problem to let multiple devices co-calculating, and gradually came different models in different periods such as the models of "host/terminal", "client/server (C/S)", "browser/server (B/S)" and so on. However, no matter what kind of model it is, they all reflect the same guiding idea--cooperation and collaboration of the calculation in the "foreground" and the "background". "Background" here mainly refers to the data center, computing center and other core facilities, usually including servers, storage, network system, and security system. It is infrastructure-oriented, centered on infrastructure construction, focused on the improvement of clustering, fault tolerance, and to cope with disaster, server consolidation and other solutions. The "foreground" refers to the terminal equipment and its users, such as PC, workstations, notebooks, netbooks, smart phones, PDAs, etc. It is application-oriented, and values the business security, continuity, diversity and extensiveness of applications and business.
As the network gains its popularity, TCP/IP-based network computing has become factual standard. After a good commitment to historical responsibility, the "tight coupling" approach encounters new challenge in the face of the explosive increase and change of the "foreground", including: application convenience, flexible mobility of terminal platforms, data security, business continuity and so on. Although some of the current programs on the market can partially tackle with these challenges, it cannot solve the problems completely. From the users' point of view, they need a package of integrated solutions to make IT optimization and improvement really meet the needs of business development. At this point, desktop virtualization technology came into being.
Among the top ten on the 2010 InfoWorld list of hot spots technologies, desktop virtualization is the second. Forrester predicts that from the beginning of 2010, desktop virtualization will gradually be adopted by enterprises on a large scale. After years of development of the virtualization technology, the desktop virtualization derived from it will bring a fundamental change in enterprise IT system.
1.3 Advantages of Desktop Virtualization Solution
1.3.1 Use of thin client
The computational execution process is rare at the edge of the desktop virtualization environment, so the dependency of the computing system architecture on the processing capability of the terminal device is reduced. This provides an opportunity for the IT personnel to significantly reduce terminal hardware costs. They can use the PC as a desktop virtualization terminal device to extend the service life the PC or to replace aging PCs by thin clients, whose service life is twice of standard PCs.
1.3.2 Improved data security
Moving data from the edge of the IT environment to the data center reduces the security risks faced by IT departments. The centralization of data access can reduce the risk of data leakage and theft and simplify compliance procedures.
1.3.3 Simplified data backup
The centralized virtual desktop completely resides in the data center, so it is easier to ensure the full compliance with backup policies. Besides, depending on the architecture of the platform, the use of merged images and incremental stored files can further simplify the extraction and collection of important data, so that the backup process can also be simplified. "On a regular computer, there can be hard disk crashes and data loss, and the use of centralized virtual desktops causes the system to constantly back up the data. " explains a law firm whose focus is on backup issues.
1.3.4 Simplified recovery from disasters
Virtualization machines help to simplify the recovery from disaster to a great extent because central IT personnel can easily restore virtual desktops to the last known healthy state. Thus, IT personnel no longer need to provide an alternate terminal device that uses the latest image to keep ungraded.
1.3.5 Deployment time
When thin clients are used in a desktop virtualization architecture, since there is no need to install anything on the terminal device, the process of deployment is significantly simplified. According to the senior executive of a medical industry supplier. "the benefits of virtual desktops start from the easy deployment of applications ... [previously] I need to spend an hour on each PC to deploy new applications to it in a year, but now I may only need to spend 15 minutes on the virtual PCs to perform the same deployment."
1.3.6 Simplified PC maintenance
If used properly, virtual desktop maintenance is much easier compared to traditional PCs. Because of the unique nature of virtual machines, maintenance tasks become much simpler, including patching applications, provisioning/terminating provisioning users, moving to new operating systems, and performing auditing responsibilities. A law firm emphasized: "One of the major benefits for us is the centralized desktop support."
1.3.7 Access Flexibility
The users can not access their PCs in the company when they need to work at home, away from the desks, or in other teleworking situations. When the company's desktop environment is centralized, it can provide access to the company's desktop environment for the users.
Overall, virtualization technology increases the efficiency of utilizing the enterprise's resource through more flexible management tools, a smarter and stronger data center to make the desktop more secure and flexible, which reduces the total ownership cost of the enterprise and brings the maximum investment benefit.
1.4 Benefits of implementing desktop virtualization
For IT systems, desktop virtualization can help you:
1.4.1 To access and use in a more flexible way
Since IT technology came into being, there is the contradiction between the users and the IT management:
In the early era of large machine, the use and the management work were all performed in the machine room. It was not convenient for the users, but the work was simple for the management of administrators.
Then the PC appeared. Users did not have to work in the machine room, which made it more convenient to use IT technology. However, the management of administrator became more complex. The management was decentralized with the decentralization of PCs. Even if the network allowed the management work to be done online, the success rate was still relatively low and the management capacity was limited.
Today, network access is no longer a bottleneck, the desktop virtualization technology has solved this problem:
Users can remotely access the desktop system to have the exactly same experience as on PCs.
Administrators can easily complete all the management work in the data center.
Thus actually the desktop virtualization technology has effectively separated use and system management.
1.4.2 Reduced costs on the terminal equipment procurement and maintenance
Simplifying IT architecture has directly contributed to the benefit of lower cost on the terminal equipment procurement. The thin client, for example, costs below 1, 500 yuan, while the current price of a PC is about 4, 000 yuan. Therefore, each client can save about 2, 500 yuan. When invested in physical servers, according to 1: 1 compression ratio (all using virtual desktops), as long as the servers that worth 100 thousand yuan can load 50 virtual desktops, the hardware investment can be balanced. But the general compression ratio will not be 1: 1, and more importantly, the service life of a thin client is usually 6-8 years, twice as long as the PC, which contribute to the reduced cost in the second term investment. In addition, the service life of current PC system can also be extended greatly. As long as the peripherals are available, it can be converted into a common terminal, which indirectly reduces the amount of e-waste as well.
1.4.3 Secured use due to centralized management and unified configuration
Since the calculation takes place in the data center, and all desktop management and configuration are in the data center, the administrator can configure and manage all the desktops and applications in the data center such as system upgrades, application installations, and so on, which avoids the management difficulties and high cost due to the distributed terminals. It is especially suitable for the application scenarios of a large scale and changing needs (frequent changing of operating system) such as the school machine room, teaching center.
Since it is only the final operation images that are transmitted and all the data and calculations take place in data center without transmitting the confidential data and information via network, there is increased security. In addition, the data can be configured to not allow to download through the client so as to make sure that the users will not take away or spread confidential information.
1.4.4 Power consumption reduction, energy saving and emission reduction
The traditional PC is generally more than 200W, while the thin client is about 25W, which means the power consumption of a thin client equals to one tenth of a traditional PC. The computing pressure of servers will bring a certain degree of power consumption rise, but compared with the large number of clients it can be left out. Thus, the year-round electricity cost will be reduced by about 90%.
The reduction in power consumption means the reduction of carbon emission, which echoes to the requirement of a low-carbon era.
It should be emphasized that the advantage of desktop virtualization has a typical scale effect, which means that more terminals there are, more prominent the benefits and advantages will be.
1.5 Desktop virtualization and cloud computing
With the rise of "cloud computing", cloud-based application delivery has gradually become an inevitable trend of IT industry development. For enterprises, the best way to improve IT efficiency with the same budget is to build a private "cloud" architecture. And the first step of the private "cloud" must be desktop computing virtualization. At this point the users do not need to understand what technology is used in the background, what is the hardware or software platform, or to be distracted by the system security or data protection. They can enjoy the functionality and services provided by desktop virtualization without any concern. This is what cloud computing offers.
It has always been the focus and difficulty for enterprise IT terminal management to standardize desktops. The traditional terminal desktop standardization solution generally consists of the terminal unified deployment solution, the terminal unified management solution and the corresponding asset management, the patch management, the application control management module, and the security module.
With the development of virtualization technology, enterprise desktop management embraced a new solution - Virtual Desktop Infrastructure (VDI).
VDI is committed to solving the problems of terminal desktop information security, centralized computing, centralized management, mobile officing, ideal solution of teleworking. It is a manifestation of private enterprise cloud. It uses remote desktop technology and supports front-end thin client, back-end desktop backward shifting, and centralized computing.
2 Desktop virtualization solution
2.1 VMware View Manager virtual desktops
The background of View is vSphere for Desktop, the highest version of support of vSphere. vSphere provides powerful server virtualization and has a number of successful cases. As a support for virtual desktop back-end, v Sphere provides:
Each snap-in can support up to 1000 virtual machines and can be used for the deployment of large virtual desktops. By using vMotion more quickly and efficiently, you can shorten the moving time of the virtual machine, compress or add desktops according to needs and priorities, and deploy the servers through the dynamic allocation of resources.
The high-performance of vSphere can provide a fast and stable platform for virtual desktops, and through its monitoring system platform master the physical server and performance of the virtual machine.
It increased the density of desktop virtualization machine -- 16 to 20 virtualization machines / cores, which greatly increased the supporting number of virtualization machine per server.
•High availability and business connectivity
vSphere is optimized according to desktop workloads. For example: the performance is improved due to the reduced memory exchange.
•Quick recovery from disasters
Data Recovery and Storage VMotion technology ensure the security of the virtual desktop platform.
•VMware View Manager Virtual Desktop Delivery Center
VMware View Manager 4.5 is an enterprise-level virtual desktop manager. It is a key component of VMware View 4.5. IT administrators use VMware View Manager as a central point of control to support the end users to securely access their virtual desktops and applications and to help customers deliver desktops in a secure hosted service through compact integration between VMware and vSphere™. VMware View Manager is highly scalable and reliable. It uses the Web-based intuitive management interface to create and update desktop images, to manage users’ data, to implement global policies, so that it can manage and monitor tens of thousands of virtual desktops.
•View Manager includes the following components:
VMware View Connection Server - to manage the secure access to virtual desktops, working with VMware vCenter™ Server to provide advanced management
VMwareware View Agent - to provide conversation management and single sign-on function
VMware View Client - to support end users on PCs and thin clients to connect to virtual desktops through VMware View Connection Server.
View Client with Local Mode, which can access the virtual desktop even if the network is interrupted without affecting the implementation of IT policies.
VMware View Administrator allows the administrators to configure settings, manage virtual desktops, set up desktop permissions and assign applications.
Comprehensive support of Windows 7 virtual desktop can minimize user disruptions when moving through delivering Windows 7 in the form of virtual desktops. To avoid desktop hardware updates, re-adjusting PC usage to access Windows 7 help to achieve a faster investment return, which makes operating system delivery more cost-effective and provides excellent end-user experience.
To maintain stable access with high-performance PCoIP display protocols is aimed to support the widest range of usage and deployment options, even through low-bandwidth connections.
It can provide end users with applications and data access independent from certain devices, and with abundant media content no matter what is the number of monitor configurations to offer the users seamless access to local printers, scanners, and other local peripherals.
It can make the disk lasting with VMware View Composer to permanently save the data and setting of the end users. Users can flexibly use any PC, laptop or thin client in the company or out of the company. By using View Client with Local Mode, the end users can access their virtual desktops even when they are disconnected.
•Simplified virtual desktop and application management
To manage virtual machine permissions for users or groups of users
To manage assignment of virtual applications to a desktop or desktop pool
To deploy and update multiple virtual desktops and applications from a single location within minutes
To extend IT resources by delegating administrative rights through role-based administration
To utilize and extend the current directory service tools and infrastructure automated desktop deployments
To implement a new desktop or desktop group with a refined policy implementation
To customize advanced desktop or desktop groups with advanced virtual desktop image management via virtual machine templates
To quickly create or update desktop images via link cloning
To install updates, patches, and new applications without causing any disruption to the end user
To automatically discover and connect to local printers and print from virtual desktops, free from the problems of compatibility issues, bandwidth restrictions, and complex user settings
To achieve high-quality printing of enterprise-level scalability and reliability despite the network connection
To monitor tens of thousands of virtual desktop computers through a more scalable console with new management in a single VMware View Manager instance
To establish a cluster for VMware View Manager instances to improve redundancy problem, scalability, and performance
To use built-in SSL to form a secure encrypted link from an uncontrolled device to a virtual desktop
To realize two-factor authentication through integrated RSA SecurID to ensure secure access
To support access to virtual desktops hosted on VMware vSphere Windows Terminal Server, blade PC environment, or remote physical PCs.
2.2 VMware View main features
VMware View is the only end-to-end solution for desktops that delivers desktops in the form of hosted services. It can provide scalable management, various user experiences and a common virtualization platform that can be used in business promotion.
The underlying architecture
VMware vSphere For Desktops
This release is designed for desktops and provides a highly scalable, reliable, and stable platform for running virtual desktops and applications. It is deployed with built-in business continuity and disaster recovery capability that protect desktop data and its usability, and not as expensive and complex as traditional solutions, providing provide a strong background guarantee for desktop virtualization.
VMware vCenter Server for Desktops
This release is a centralized management center for VMware Sphere that allows you to fully control and examine the clusters, hosts, virtual machines, storage, network connections, and other key elements in a virtual infrastructure.
Desktop management architecture
(Desktop delivery and management)
VMware View Manager
It enables IT administrators to centrally manage thousands of virtual desktops from a single image, simplifying the management, provisioning, and deployment of virtual desktops. In addition, end users can securely and easily access VMware View virtual desktops through a View Manager connection.
It allows customers to quickly create desktop images that share virtual disks with a single parent image while segmenting users' data and settings so that they can be managed independently. Thus, patching and updating the parent image linked to the desktop does not affect users' data and settings.
It simplifies application management and distribution, quickly deploys applications for users, and avoids conflicts. It can provide quick application delivery for ICBC virtual desktop applications and provide different applications for different departments.
VMware View Client with Local Mode
This component of VMware View runs on Windows PC, Mac, and thin clients, and the end users can access its virtual desktop environment, regardless of whether or not there is a network connection
2.3 Major advantages of VMware View
Compared to traditional desktop solutions, VMware View desktop virtualization solution has the following obvious features and advantages.
2.3.1 Low cost
IDC's latest report shows that the enterprise spends $3 to manage the hardware that cost $1 to buy. The traditional IT ignored the real efficient cost-cutting means of optimizing the operational management that takes over 70% of the cost. Compared with the traditional PC solution, VMware View will reduce the cost by more than 50%.
VMware desktop virtualization solutions can significantly reduce the costs on desktop management in the following areas:
The users' operating system is centrally located in the data center and managed and maintained in a unified manner, greatly reducing the operational costs of IT managers.
The time of system deployment is shortened. The administrator can deploy the users' desktops in minutes and the desktops can function immediately when deployed.
You can manage and maintain the entire enterprise's desktop system in a single instance of by using the unique Composer function of VMware's. in the mean time it can significantly reduce the pressure on the back-end storage expansion.
It only takes one operation of installing application, system patch, management, upgrade, etc, to allow all the users to use them.
It can extend the service life of PC desktops, reduce the cost of purchasing desktop updates, and significantly reduce the cost of maintaining desktops.
It can bring more flexible and fast service business. When need to add new users, as long as the hardware resources are still sufficient, you can provide the users with a desktop system within a minute with simple deployment. There is no need for the traditional complex desktop preparation work. Only with a unified simple terminal equipment can you provide the users with access.
When the design of the architecture is reasonable and the hardware is sufficient, high scalability can deliver the desktops to the users swiftly. When hardware is insufficient you only need to connect the news physical servers to the resource pool of VMware.
The computational execution process rarely occurs at the edge of the desktop virtualization environment, so the dependency of the computing architecture on the processing capability of the terminal device is reduced. This offers an opportunity for IT personnel to significantly reduce the terminal hardware costs. They can re-use the current PC as a virtual desktop terminal device to extend their service life, or use thin client devices instead of aging PCs, whose service life is typically twice as the standard PCs.
2.3.2 Simplify management
By using the VMware View desktop virtualization solution, IT managers can be freed from everyday tedious desktop management and be engaged in business innovation.
The data show that by using the VMware solution, the workload of the IT administrators will be greatly reduced.
2.3.3 High security
Moving data from the edge of the IT environment to the data center essentially reduces the security risks facing IT departments. Centralized data access can reduce the risk of data leakage and loss and can also simplify compliance procedures.
•Prevent data leakage and theft
All the business work are saved the actually operated on the data center server. Users can only remotely see the image of program operation, which can guarantee the security of the data. Through built-in strategy, the users cannot keep the file and information on various local equipment, which prevents the leak of confidential data caused by the copy.
•Prevent data loss and corruption
All the business data and design files are kept in the data center, and managed, backed up and recovered by the IT personnel so as to avoid damage and loss of data caused by faulty keeping of the terminal users.
•Improve desktop security
Virtual desktop operating system is placed in the data center, which is less vulnerable to malicious attacks compared to traditional PCs. Administrators can upgrade the desktops of all users and minimize system risk by installing the security patches in the data center only once.
•Reduce hardware risk:
When the desktop hardware is replaced by other "thin devices", it can prohibit the use of portable devices such as USB to reduce the possibilities of users' stealing information and bringing in computer virus.
•Control the visiting of users
The administrator can assign the visiting of users flexibly and dynamically according to users' position and policies of the company. Through the background configuration, users can get corresponding services or lose the access.
Using virtual machine management technology as a virtual desktop infrastructure can achieve a much more flexible architecture. There is no longer a logical association between the physical PC hardware and the application delivered by the PC, and thus many of the tasks required to manage the PC are greatly simplified. Using this new architecture, IT departments can manage the desktop environment more effectively, especially for end users beyond the capabilities of current desktop management tools.
At the same time, through a secure remote access protocol, the end users are able to access the virtual desktops in the enterprise wherever they are as long as they are permitted to work, which greatly improved the flexibility of the business.
2.3.5 Powerful enterprise-level functions and stability
VMware® Virtual Center provides centralized management, operational automation, resource optimization, and high availability for IT environments. Distributed services based on virtualiztion provide unprecedented responsiveness, maintainability, efficiency, and reliability for data center. VirtualCenter allows IT departments:
To coordinate available resources with pre-defined business priorities while using VMware's distributed resource scheduler to optimize labor-intensive and resource-intensive operations.
To use VMotion™ to migrate running virtual machines and perform uninterrupted IT environment maintenance.
To use VMware HA to achieve the application availability that is cost-effective, independent from application and operating system.
To use VMware FT to achieve disaster recovery of virtual machine system, which ensures that the user's virtual machine cannot be interrupted when the physical machine breaks down.
VirtualCenter provides the highest level of simplicity, efficiency, security, and reliability required to manage virtual IT environments of any size.
2.3.6 Green IT: energy saving and emission reduction
In today's economic climate, green IT and cost savings are relevant to every IT organization. Saving energy is a motivation of virtualization. Since then, VMware has developed VMware Distributed Power Management (DPM) to reduce energy consumption in VMware virtualized environments by keeping unused virtual servers on standby.
While the current thin client power consumption is one-sixth of the PC. If using thin clients as a front-end equipment in the virtual desktop environment, terminal power consumption will be reduced by 83.3%.
At present, China's thermal power generated 500 grams of carbon dioxide per kilowatt, so each desktop will reduce the annual emissions of carbon dioxide by 200 kg.
3 Detailed program elaboration
3.1 The overall architecture of the virtualization solution
Optimized cloud computing infrastructure platform as virtual desktop infrastructure
3.2 System architecture topology
3.3 Physical connection topology
3.4 Description of the program
3.4.1 Desktop Virtualization Recommendations
The whole program consists of the following modules: vSphere virtual desktop, vCenter server, view manager server, domain controller server, disk array storage and so on.
1. Three Sugon A840r-G provide the virtual desktop for vSphere to deploy the Vsphere ESXi software to provide virtual desktop. A840r-G has 4 AMD 6200 series processors, 256G memory, and fully meet the need of virtual desktop CPU and memory.
2. vCenter Server is a centralized management center for VMware Sphere that gives you complete control and visibility of clusters, hosts, virtual machines, storage, network connections, and other key elements in a virtual infrastructure while deploying VMware View Composer. The vCenter server is hosted by an A620r-G physical server with two AMD 6200 series processors and 128G of memory.
3. View Manager server is designed to enable IT administrators to manage thousands of virtual desktops from a single image, simplifying the management, provisioning, and deployment of virtual desktops. In addition, end users can securely and easily access VMware View virtual desktops through a View Manager connection. View Manager server carried by an A620r-G physical server, is configured with two AMD 6200 series processors and128G memory.
4. AD domain server, Thinapp server, Persona management server, Security server are also irreplaceable part of the View program, these servers can be achieved through the virtual machine.
5. Storage planning:
The stored data types include the parent virtual machine of the desktop pool, the desktop virtual machine used by the users of the cloned desk pool of the full virtual machine, the copied virtual machine linking the cloned desktop pool, and the connected clone based on this copy,
The function servers include vCenter, view manager, AD, which stores the data in the locally function nodes.
For all the physical disks are divided into two raids, you can leave a disk as a hot spare disk to store the data of file sharing server in the first raid, and store the other in the other raid. This can physically separate these two parts of the frequent reading and writing which are file sharing server and the clone linkage.
3.4.2 Recommendations on high-end graphics development design environment
For high-end graphics development and design environment, we recommend the following architecture deployment of the design environment of high graphics display requirements:
Desktop Virtualization Architecture from the Designers
The program directly places all the design environment, all graphic workstations or high-end PCs in the data center in order to ensure that the graphics function of the workstation or high-end PCs can be activated, and that lossless and smooth graphics will be displayed on the designer's desktop by installing a dedicated PCoIP card to the workstations or high-end PCs. The designer can use the thin client of the PCoIP chip with zero management or ordinary PCs (installed with View Client) through the PCoIP protocol to connect.
3.4.3 Integration of office environment and design environment
Administrators can manage and distribute the office environment and design environment through View Manager. IT administrators can assign the users of virtual desktops and design computers, and all employees can access through a unified interface.
Overall connection diagram
3.4.4 Recommendations on data backup
In desktop virtualization solutions, there are usually two forms of data existence. 1) existing on the file server 2) existing in each virtual machine. (VMware View software exclusively support the persistent disk mode. That is to say the data saved by the users will automatically stored in the persistent disk).
Backup methods vary according to these two completely different ways of data storage. It will be very convenient if the documents are all stored in the file server. You only need to install the backup server on the file server and directly backup the data in the tape or storage. Given that there might be a document shared by multiple users, it's time to think about using the repeat deleting function of backup software. In this way, the backup file will take up very little space in the disk. If the users' data exist in every virtual machine, you can use VMware's unique Vstorage API backup interface technology to do the data backup. When creating a new desktop pool, VIEW allows the user's to redirect persistent disk to a dedicated data store to backup the users' data to other storage through the advanced backup interface of the Vstorage API (using third-party backup software such as symantec NBU, IBM Tivoli, Commvault, etc.). With this backup solution, administrators no longer need to install the backup software Agent in each virtual machine, so that the requirements of management and performance have been well satisfied. Its working principle is as shown below.