What is VDI

What's new with virtual desktop infrastructure?

One of the major applications of virtualization is not just server consolidation but also end-user virtual machines. VMware View is the virtual desktop brokering and provisioning system in VMware's data center virtualization platform, vSphere. This series will cover the basics of the virtual desktop product, including installation, security and application virtualization features.

Virtual desktops: An introduction
Before I go any further, I would like to outline my experience and some caveats.

First, I've been working in the area of thin-client computing since the mid-1990s. Before I got into virtualization and VMware, I was a Citrix-certified instructor working initially with Citrix MetaFrame 1.8 on Windows NT4 Terminal Service Edition and more or less ending with Citrix Presentation Server 4.5 on Windows 2003. Before VMware came along and eclipsed my Citrix work, my main product was Citrix.

Second, I don't believe in panaceas. There are things I still really love about the Citrix Product range, and indeed I still continue to use a Citrix Presentation Server to connect to my remote lab environment, which is held in co-location in the U.K. So my message is this: Fully research the advantages and disadvantages of all the remote desktop and application delivery options now available. When I started, if you wanted to deliver a desktop or application to a user down the wire, there was only one way to do it -- Citrix. Now we are bombarded daily with complimentary and competing solutions, including, for example:

· VMware Virtual Desktop View

· VMware ThinApp

· Citrix XenDesktop

· Citrix Provisioning Server

· Microsoft V-App

· Sun Virtual Desktop Connector (VDC)

· HP Client Virtual Software (CVS)

· ThinPrint

· UniPrint

Virtual desktop infrastructure (VDI) is essentially the same as Terminal Services (TS) or Citrix XenApp (formerly MetaFrame/Presentation server). That is to say you provide a desktop to the user via a "thin" protocol. The difference between server-based computing and virtual desktops is rather than having many users connected to one shared TS or Citrix Desktop -- users connect to their own personal desktop. The advantages of VDI are many, but its key advantages beyond the benefits of "thin-client computing" generally lie in remedying some of the limitations presented by the shared desktop approach of TS and Citrix XenApp.

Advantages of virtual desktops

· One user's activity does not affect the performance of other users. Each user is limited to the resources within their VM.

· Applications install natively to the Windows environment. There is no need for complicated installation routines and validation to make applications work in an environment for which they were never actually designed.

· Desktop hardening -- the process of bolting down the desktop whilst desirable in VDI is not mandatory. In Terminal Services and Citrix XenApp, you absolutely must bolt down the desktop to stop one user affecting the stability of the environment for other users using the shared desktop.

· VDI allows you to leverage your corporate license agreement with Microsoft at no additional charge, whereas each Citrix XenApp end-user connection requires a license from Citrix. Microsoft has gone so far as to introduce a specific licensing model currently called the VECD (Vista Enterprise Centralized Desktop) program to promote the use of Windows as the operating system in the virtual desktop. It's by no means mandatory that you must use Windows as the guest operating system in a VDI project. You could use a Linux desktop distribution if you prefer it or your needs require it. This said few VDI environments run with just the virtualization layer and Windows XP on its own. Nine times out of ten there will be some type of "VDI Broker" server -- which will need licensing too!

· VDI can be coupled with other application virtualization tools such as Microsoft's V-App or VMware's ThinApp to reduce the footprint of the virtual desktop (because less is installed to Windows) and also allow for advanced features such as being able to run many different versions of the same application (flavors of Microsoft Word and Adobe Acrobat, for instance) on the same virtual desktop.

· Unique Features such as VMware View's "Offline Desktop," which allows an end user to take a copy of the virtual desktop from the ESX host and make it available on the PC/laptop even when they are not connected to the corporate network. Offline Desktop uses "deltas" to make sure only changes are synchronized back to the server copy of the VM, and a TTL value which allows for the offline desktop to work only for a limited period.

· View3 introduced View Composer to enable a "linked clone" feature. This allows for one single master VM from which many virtual desktops can be created (the linked clone). These linked clones contain only the changes the user makes during the virtual desktop session and as such massively reduce the disk space required to run virtual desktops.

Disadvantages of virtual desktops

· Printing is a huge challenge in the world of thin-client computing. By far the biggest challenge is the amount of bandwidth used to send a print job from the remote data center back to the end-user's physical printer. It's quite common to see Microsoft PowerPoint print jobs balloon in size to hundreds of megabytes. Some thin-client vendors have their own solution using some kind of "universal" PCL printer drivers. Some organizations prefer to buy in a third-party printing solution such as ThinPrint or UniPrint. In View 3, VMware acquired a license for the core thin-print product which they call virtual printing. This licensed version of ThinPrint should be good enough to address most printing needs.

· The most common VDI protocol is still Microsoft RDP. RDP has been shown not to perform as well as Citrix ICA Protocol -- and to be especially weak in the realm of multimedia, Flash-based web-pages and graphical intensive applications such as computer-aided design. Microsoft, VMware and Citrix all have projects to improve the client protocols used to connect to Windows Vista and Windows 7.

· Storage is quite a significant penalty in VDI. However, with the advent of de-duplication technology from the storage vendors such as NetApp, and the introduction of a "Thin Provisioned" virtual disk in vSphere4 -- this becomes less significant. As I have already mentioned VMware had effectively created a kind of built-in de-duplication process with View Composer. If you combine thin-provision from your storage vendors with thin-provisioning from VMware together with the linked clones feature -- you are really doing your level best to reduce the disk foot print of virtual desktop environment.

How most VDI Systems Work
Despite the plethora of solutions that now crowd the virtual desktop space, as you might expect, they all work very much in the same way and offer very similar features. Most will have some kind of "broker" which acts as an intermediary between the end-user and the virtual desktop. The job of the broker is to provide a logon process after which the user can select their desktop -- and very often this connection will be based around a certificates-based SSL connection rather than relying on Microsoft RDP Security. This broker will also integrate with vCenter to allow you to create "pools" of desktops for different purposes -- a Sales Desktop Pool and an Accounts Desktop Pool for example. It will also integrate with Active Directory to allow you to allocate the right virtual desktop to the right people.

At the end-users' side they can either use a webpage to log in or a dedicated 32-bit client. Frequently, the full client will offer a higher level of features to the end user than an ActiveX or Java client can provide. There will normally be some kind of "agent" installed to the virtual desktop which allows the user to connect to the virtual machine (VM). Frequently, this agent will support advanced features such as two-factor authentication with technologies such as RSA's Secure ID and the ability to redirect encrypted USB drive connections to/from the virtual desktop to the end-user machine. This allows the user to log in with very high security and, for example, still use a USB based printer sat on their desk.

For "Dilbert" or call center-style users, you might even want to go so far as replacing the physical desktop PC with a thin client sometimes referred to as a "dumb" terminal -- I've often wondered why they aren't called Smart Terminals! -- which merely offers a screen, keyboard and mouse interface to the virtual desktop. There are many, many of these devices available. It's well worth asking the OEM vendor for samples of their devices so you can test them against your VDI environment -- because they vary massively in quality, reliability and functionality. To be brutally honest, they can be rubbish and downright PITA. Some popular vendors of smart terminals include:

· Wyse

· ChipPC

· Panologic

· NeoWare (now acquired by HP)

· Sun Sunray

· OEMs -- All the major vendors, such as HP Dell, and HP, have some kind of thin-client device