Date post: | 12-Apr-2015 |
Category: |
Documents |
Upload: | bach-ngoc-dat |
View: | 33 times |
Download: | 2 times |
AlwaysOn Point of Care Desktop R E F E R E N C E A R C H I T E C T U R E G U I D E
THE VIRTUAL COMPUTINGENVIRONMENT COMPANY
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 2
Table of Contents
About Desktop Validated Designs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Building a HITECH Healthcare Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
The Challenge of Achieving Meaningful Use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
Securing Protected Health Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6
Ensuring Continuous Availability for Non-Stop Care . . . . . . . . . . . . . . . . . . . . . . . . . . . .6
Requirements for High Availability (HA) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Summary of Main Findings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
Solution Purpose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Business Challenge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Technology Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
About VMware View 4.6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
VMware View 4.6 Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
About Imprivata OneSign Authentication Management . . . . . . . . . . . . . . . . . . . . . . . . 13
Application SSO Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Vblock™ Infrastructure Platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Management Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Key Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Virtualization Operating System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Compute and Network Solution and Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Network Infrastructure and Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Storage Solution and Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Storage Infrastructure and Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Application Delivery Control (ADC) and Network Load Balancing (NLB) . . . . . . . . . . 20
Cisco Application Control Engine (ACE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
HAProxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
AlwaysOn Desktop Design Approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Architecture and Design of VMware View on VCE Vblock Platforms . . . . . . . . . . . . . 27
Compose/Recompose Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 3
Client Access Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Solution Validation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
VCE Vblock Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Additional Components Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Unified Computing System Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
LAN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
SAN Configuration (VCE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Storage Array (EMC Celerra NS960) Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
CLARiiON Pools, RAID Groups and LUNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Celerra File Systems and NFS Exports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Microsoft Distributed File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
VMware Datastores . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Blade Provisioning and OS Installation (VCE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
VMware Virtual Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
VMware vSphere ESXi Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
VMware vSphere Advanced Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Datastores . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
VMware View 4.6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Virtual Desktop Pools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Storage Synchronization Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Imprivata OneSign . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Test Setup and Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Test Harness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
AlwaysOn Desktop Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Stateless Desktop Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Active/Active Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Test Harness #2 – Using a Proximity Card (Manual) . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Validation Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Test Harness #1 – Validation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Test Harness #2 – Validation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Additional Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
About VCE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 4
About Desktop Validated DesignsVMware’s Desktop Validated Designs are comprehensive design and implementation guides. The validated designs and solutions have met thorough architectural design development and lab testing and provide guidance for the introduction of proof of concepts, emerging new technology and architectures, as well as the enhancement of the customer’s use cases.
To qualify as a Desktop Validated Design Guide, the design must:
• Incorporategenerallyavailableproductsintothedesign.
•Employrepeatableprocessesforthedeployment,operation,andmanagementofcomponentswithinthesystem.
Validate designs through system-level testing. This level of testing:
- Validates a specific design use case or architectural practice on a limited scale and duration.
- Ensurestheviabilityoftheoreticaldesignsorconceptsinrealpractices
•Providedetailedsolutiondesignandimplementationguidancethatincludes:
- Examplesthatdefinetheproblemssolvedbythesolution.
- Productsthatwerevalidatedaspartofthedesigntesting.
- Software that was used for each component of the design.
- Configurations used to support the design test cases.
- A list of design limitations and issues that were discovered during the testing.
VMware®AlwaysOnPointofCareofferingsarepurpose-builtforhealthcareverticalstoaddressthehighavailability and disaster recovery needs of mission-critical clinical desktops and include VMware’s validated applicationintegrationandnetwork/compute/storagestacksfromVCE.
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 5
Introduction Thehealthcareindustryisundergoingamajortechnologicaltransformation.Electronicmedicalrecord(EMR)systems, mobile devices and other innovations hold the promise of improving the safety and quality of healthcaredelivery.AstheDepartmentofHealthandHumanServicesstates,EMRtechnologycanprovideclinicians and patients with better access to more complete and accurate information, which empowers patients to take a more active role in their health1 .
ManystudiesalsoshowthatEMRsystemshavethepotentialtoreducelong-termoperatingcosts2 and lower the occurrence of malpractice claims3.
As with other clinical applications, electronic medical records must be delivered to the actual point of care, whichreferstotheabilityorrequirementtophysicallybringasolutiontothepatient’sbedsideoranexamroom.Examplesofelectronicpoint-of-caresolutionsincludewall-mounteddisplaysandmobiledevicesinexamrooms that provide clinicians with access to patient records and computerized physician order-entry systems. These solutions play a central role in enabling healthcare organizations to accelerate their journey from paper-based to electronic healthcare information systems.
Building a HITECH Healthcare Infrastructure
TheUnitedStatesfederalgovernmenthassetanambitiousgoalofestablishinganationwideEMRinfrastructureby2015.InFebruary2009,CongresspassedtheAmericanRecoveryandReinvestmentAct(ARRA),alawthatincludesamajorsub-provisionknownastheHealthInformationTechnologyforEconomicandClinicalHealth(HITECH)Act.TheoverallgoalofHITECHistostimulatetheadoptionand“meaningfuluse”ofhealthcareinformationtechnology.Morespecifically,theHITECHActauthorized$19billioninfundingthroughMedicareandMedicaidEHRincentiveprogramsthatprovideincentivepaymentstohealthcareprovidersthatdemonstratemeaningfuluseofcertifiedEHRtechnology4.
The government began issuing incentive payments in May 2011, and eligible healthcare providers can participate intheprogramsuntil2014.Butby2015,U.S.hospitalsmustdemonstratemeaningfuluseofcertifiedEHRtechnology.After2015,however,incentiveswillnolongerbeavailable,andapenaltystagewillbegin.Penaltieswill start with reduced reimbursements that decrease annually, and eventually, penalized organizations will no longer receive any Medicare funding at all.
The Challenge of Achieving Meaningful Use
DespitetheprovenbenefitsandincentivesforadoptingEMRtechnologyandtheobviouspenaltiesfornon-compliance, many healthcare providers have struggled to satisfy even the most basic requirements for meaningfuluse.OneofthemajorreasonsforthisisthatthetraditionalapproachtohealthcareITistoocostlyandcomplex.Someapplicationshavetobeinstalledlocallyonendpointdevices,whilesomemustbeaccessedoverthenetwork,andothersstillcanonlybeusedondedicatedPCsorworkstations.Anotherissueisthatmany clinical applications are pre-installed on specialized hardware as appliances, which forces healthcare ITorganizationstomanagetheirinfrastructureinsilos.Thesituationissobadthatmanyfacilitieshavemoreserversthanhospitalbeds.Theresultisanexpensive,hard-to-manageinfrastructureforITteamsandacumbersomeworkflowforcaregivers.Findingtherightterminal,loggingin,andlaunchingtherightapplicationtake valuable time away from patients.
1 Source: U.S. Department of Health and Human Services, “Electronic Health Records and Meaningful Use.” http://healthit.hhs.gov/portal/server.pt?open=512&objID=2996&mode=2
2 Source: Health Data Management, “Study: EHR cuts long-term operating costs.” http://www.healthdatamanagement.com/news/ehr-cuts-long-term-operating-costs-41218-1.html
3 Source: Computerworld, “Study: Electronic medical records reduce malpractice claims.” http://www.computerworld.com/s/article/9122063/Study_Electronic_medical_records_reduce_malpractice_claims
4 Source: Center for Medicare & Medicaid Services, “Overview of EHR incentive programs.” http://www.cms.gov/ehrincentiveprograms/
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 6
Forexample,nursesatmanyhospitalsuseavarietyofendpoints,loggingintotheseendpointsatleast50timesduringasingleshift.Everytimeadoctorornurselogsinonanewendpoint,itcantakeupwardsofthreeminutes to bring up the user’s desktop environment, launch the correct application and find the necessary patient information. Over the course of a single shift, this approach takes a significant amount of time away frompatientcare.Evenrelativelysimpletasks,suchasquicklyanalyzingamedicalimageorevendictation,cantake up to five times as long because the clinician has to travel to a handful of dedicated workstations across the hospital.
Aphysician’stimeisexpensiveandvaluabletoahospital.Whenaphysicianisunproductivebecauseoftechnologyissues,patientcareandbillingarebothaffected.Thisproblemisamplifiedbythefactthatattractingandretainingthebestandbrightestcliniciansisaconstantandexpensivestruggleforhealthcareorganizations.Moreandmore,cliniciansenteringtheworkforcearedemandingaconsumer-likeuserexperienceintheworkplace,andhospitalITdepartmentsarebeingasked(orrequired)tosupportconsumerdevicessuchasAppleiPadtablets.Competitionfortalentamonglocalhospitalsystemsisfierceandexpensive,andmanyyoungerdoctorsnotonlyexpecttechnology,butalsowillalsoactivelyseekorganizationswiththoughtleadership in this area.
Securing Protected Health Information
Security and compliance have always been major concerns for the healthcare industry, but the proliferation of electronic health information has led to increased attention of data security breaches involving protected health information. One of the most notable incidents occurred in 2006, when the names, dates of birth and Social Security numbers of about 26.5 million active duty troops and veterans were on a laptop that disappeared while inthecustodyofadataanalystattheDepartmentofVeteransAffairs.Thelaptopanddatawererecovered,buttheDepartmentofVeteransAffairsstilleventuallypaid$20milliontocurrentandformermilitarypersonneltosettleaclassactionlawsuitonbehalfofthemenandwomenwhosepersonaldatawasaffectedbytheincident5 .
Inresponsetothisandmanyotherincidentsaffectingconfidentialmedicalrecords,thefederalgovernmentmandatedsignificantpenaltiesforsecuritylapsesaspartoftheHITECHAct.Forexample,publicnotificationof breaches of more than 500 records is now mandatory, including a requirement to post details on the DepartmentofHealthandHumanServiceswebsite,andHITECHpermitsfinesofupto$1.5millionforviolationsthatcostonly$25,000underthepreviousrule.Meetingthestricterguidelinesisespeciallydifficultin environments where clinicians are demanding remote access to patient data and support for laptops, smartphones,tabletcomputers,andothermobilesdevices,mostofwhicharehardtosecureandextremelyvulnerable to theft and loss.
Security and compliance concerns are also hindering the adoption of cloud-based solutions for point-of-care accesstoEMRsystemsandclinicalapplications.Somehealthcareorganizationsareconsideringthird-partycloudservicesasawaytolowerITcosts,reducetheriskofmedicalerrors,andmakevitalinformationmoreaccessible to patients and caregivers in real time. But the notion of a public cloud can still make providers nervousaroundthesecurityandcontrolofmovingthestorageofpatientdataoffpremise,andmanypubliccloud services lack the security and control providers need to maintain compliance with internal policies and government regulations.
Ensuring Continuous Availability for Non-Stop Care
The catastrophic failure of a mission-critical system can become a disaster for any organization, but in a clinical setting where caregivers are completely dependent on electronic solutions, system availability can literally be a matter of life and death. As computing devices replace paper charts and physician prescription pads, these endpoints(mobileandfixed),becomesafety-criticalITsystemsthatmustdeliverthehighestpossiblelevelsof
5 Source: CNN, “VA will pay $20 million to settle lawsuit over stolen laptop’s data.” http://articles.cnn.com/2009-01-27/politics/va.data.theft_1_laptop-personal-data-single-veteran
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 7
reliabilityandavailabilitytoensurepatientsafety.Ifacaregiverhastomakeafastmedicaldecisionbutcan’taccess the patient’s records because of a service outage or computer problem, the situation can escalate into aSeverity-1eventandtheconsequencescanbequiteserious.Inshort,EMRsystemsmustbeaccessibleasanon-stop service that is available to clinicians wherever and whenever they need patient information.
Unfortunately,theolddevice-centricapproachtoendpointmanagementmakesitextremelydifficult—ifnotimpossible—toprotecteverydesktop,laptop,hospitalcomputercart,andmobiledeviceinuse.Andevenifthesystemsareupandrunning,patientinformationisnotalwaysimmediatelyavailable,sincecliniciansstillsufferfrom long login times, password management issues or they waste precious time having to travel across the hospital to get to a machine where they can access data and perform specific tasks.
Whentakentogether,thechallengesofachievingmeaningfuluse,protectingpatientinformation,andensuringcontinuous access to point-of-care solutions have created a dilemma that can’t be solved with traditional approaches to desktop and application management. To overcome these and other challenges, healthcare providersneedanewapproachtopoint-of-caredelivery:onethatwillenablethemtomodernizetheirITinfrastructures so they can improve patient outcomes and get the most from the millions of dollars they are investinginEMRtechnology.
Thispaper,acollaborationoftheVCEcompany,Imprivata,andVitalImages,detailsanewreferencedesignfordelivering clinical desktops and patient care applications as non-stop services. This new reference design for deliveringanon-stoppoint-of-caresolutionprovidesallofthebenefits,efficienciesofscale,and24X7uptimedemanded of a public cloud service from a private cloud environment.
Requirements for High Availability (HA)
ThebusinessdriversforAlwaysOnPointofCareare:
•ConversiontoEHRcausingrapidincreaseindistributedlocationswherepoint-of-caredesktops MUST be available
•Tier-1criticaldesktop,requiringfastrecoveryandapplicationcontinuityduringdisasters
•Point-of-careaccessthatmustbemorefluidthantraditionalPCexperience
•Sessionmobility,arequiredfeaturetiedtopatientcareandclinicalproductivity.VDIistheonlywayto meet this requirement
• Idealopportunitytorapidlyrolloutafullymanageddesktopplatform
•Effectivewaytoimplementmanagedprintingservice
Theuserexperiencerequirementsare:
•Desktopsarealwaysonandenablefastlogon
•Desktopfollowsuserintheeventoffailover
•Accessallowedfromanyendpointdevicesfromanywhere
•Familiarinterfacetosustainthesameapplicationworkflow
•Quickprovisioning
•Easymanagement
•Maintainedsecurity
• Lowcost
•Highavailability
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 8
TheHighAvailability/DisasterRecovery(HA/DR)concernsare:
•Uptime:CorrespondscloselytoRecoverTimeObjectives(RTOs).DRsolutionsshouldofferquickrestoreswith minimal or no manual steps after the recovery
•Reliability:CorrespondscloselytoRecoveryPointObjectives(RPOs).Addressingdatabasetransactionalconsistence, avoiding corrupted file systems, and ensuring systems boot when restored are key to addressing this concern
•Cost:Solutionneedstobeaffordable.ThecostofmanydifferentsoftwaresolutionsorreplicatingstoragearrayscanpreventDRsolutionsfromgettingofftheground
•Complexity:Howtoreducecomplexity?Howmanydifferentsystemsareinvolvedwiththestrategy?ADRplan typically is thick and complicated in procedures
Solution ThisdocumentdescribestheReferenceArchitecture(RA)forhighlyavailableVMwareView4.6virtualdesktopsorAlwaysOnPointofCareontheVblock™InfrastructurePlatform.
Summary of Main Findings
IntheAlwaysOnPointofCarevalidation,thekeyfindingsare:
•Astatelessdesktoparchitectureisideallysuitedforstandarddesktopenvironmentswherethedesktopimageisconsistentfromusertouser.Withproperapplicationdesign,itcanbeusedinbroad-usecases
• Largehealthcaredesktopenvironmentsaccessroutineapplicationsanddesktopworkflows.Statelessdesktops cloned from multiple master images can be provisioned on demand and reduce the cost of maintenance
• Inafailoversituation,thestatelessdesktopprovidesthebusinesscontinuityrequiredformission-criticaldesktop and application access within seconds
Storagereplicationconsistsoftwopartsormethods.First,thegoldendesktopimages(usedtodeploythindesktopsviaVMwareViewComposer)needtobereplicatedbetweensitestoensureconsistency.EMCstorageplatformscansupportbothfileandblockbasedreplication.Forthisarchitecture,bi-directional,file-basedreplication was used
Second, the end-user’s data needs to be replicated between sites to ensure continued access to files as the user connectedtodesktopsinvarioussites.Forthisarchitecture,weusedEMCReplicatortoreplicatethegoldenimages.WhilescaletestingofUserdatareplicationwasbeyondthescopeofthisproject,minimalreplicationtoprovefunctionalitywasaccomplishedusingMicrosoftDistributedFilesSystem(DFS).Alternatively,EMCAtmos(http://www.emc.com/storage/atmos/atmos.htm)couldhavebeenusedtomanagetheend-userfiles.
ThedesignsimulatesmultipleapplicationusecasessuchasEMRsoftwareinstalledwithinvirtualmachines,hostedbrain-scanningapplications(VitalImages),Single-SignOnclient-servercomponents(Imprivata),andtypicalknowledgeworkerofficeapplications(MicrosoftExchangeServer,AdobeAcrobat).ImprivataOneSignandVitalImagesappliancesareconfiguredforfailoverandhighavailability(HA).ActiveDirectoryisconfiguredwith HA enabled.
Desktop recovery is the process of enabling a user to gain access to a new desktop after their current desktop goesoffline/fails.Afailovereventwithinthisreferencearchitectureoccurswhenonesiteistakenoffline(theViewenvironmentbecomesinaccessible)andtheend-user’sViewsessiondrops/disconnects.Whenthe
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 9
end-userattemptstoreconnect,theirdesktopsessionisfailedover(redirectedbytheCiscoACEappliances)tothe surviving View infrastructure.
Afailbackeventwithinthisreferencearchitectureoccurswhenthefailedsiteisre-enabled(Viewenvironmentbecomesaccessible).Theend-userwillnotautomaticallybeconnectedtotheiroriginal(primary)desktopuntilhedisconnectsfromhisfailedover(secondary)desktopandtriestoreconnecttotheViewenvironment.
FolderredirectionisaccomplishedusingMicrosoftADGPOs.TheGPOmapstheend-user’s“MyDocuments”foldertoaDFSglobalnamespace.
ImprivataOneSign®automaticallyandsecurelyconnectsuserstoapplicationsthatrequireauthentication,andconsists of the following parts:
•TheOneSignServerhoststheOneSignmanagementsystem,storesdata,providesnetworkservices,andmore. Managing OneSign hardware, network, and security settings, the server also manages all appliance functions(e.g.,Backup/Restore),andeachapplianceismanagedindependently.OneSignsettingsarecontrolled through the intuitive OneSign Administrator. The OneSign Server can be deployed as a pair of physicalorvirtualappliances.Eachapplianceisconnectedtothenetwork,andeachisconnectedtotheotherbyanisolatedfailoverconnection.TheappliancethathandlesthedailyOneSigntrafficistheprimaryappliance. The backup appliance is called the failover appliance.
•TheOneSignAgentsresideonclient-sideworkstationstomanageuseraccessanduploaduseractivitydatatotheAppliancePair.TheAgenthandlesauthenticationofuserslocallythroughpasswords,biometrics,orIDtokens with or without robust password policies. Once a user authenticates to the OneSign system, the user is automatically signed onto deployed applications as they are launched. The OneSign Agent handles the localtransactionofproxyingusers’credentialstoapplicationsanddomains.TheOneSignAgentdownloadscredential and application information from the OneSign Server at login and queries the server for changes at anintervaldeterminedontheOneSignAdministratorPropertiespage.
• TheOneSignAdministratorisaweb-basedinterfaceformanagingtheOneSignServerortheAppliancePair.
Audience
This document is intended for use by sales engineers, field consultants, advanced services specialists, and customers who will configure and deploy a highly available virtual desktop solution that provides Single Sign-On(SSO)capabilitiestoprovidedesktopsasamanagedservice.
Scope
Thisdocumentprovidesanoverviewofahighlyavailable,VMwareView4.6solutionleveragingmultiple(inthiscase,two(2))VblockInfrastructurePlatforms.EnterprisescannowrealizedesktopscalabilityandhighavailabilitybydeployingtheAlwaysOnPointofCaresolutionacrossmultipledatacenters.Atypicaldisasterrecovery plan usually only ensures business critical applications/environments are protected and recoverable. AlwaysOnPointofCareleveragesanActive-Activedesignmodel,whichensuresanend-userhasoneormorestandby desktop available at all times. Should a site go down, the end-users can quickly access their stand-by desktopsbyre-launchingtheViewclientontheirendpointcomputenode(laptop,thinterminal,desktop,etc.).
ThisRAillustratesahighlyavailable,virtualdesktopsolutionforhealthcareprofessionals,butcanbeleveragedin other end-user environments as desired.
ThefollowingaspectsareaddressedwithinthisRA:
•Anarchitecturaloverview.
•Failovervalidationresults.
•Descriptionsofthehardwareandsoftwarecomponentsusedintheconfigurationsofthecomputer,storage,network, and virtualization components of the solution.
• InformationforconfiguringaVblockplatformfordeployingVMwareView4.6.
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 1 0
Solution Purpose
TheVMwareAlwaysOnPointofCareSolutionontheVblockplatformsallows:
• Theconsolidationofadesktopenvironmentintooneormoreinfrastructuresbehindthefirewall,makingit easy to update the operating system, patch applications, ensure compliance, perform application migrations,andprovidesupportfromcentrallocations.Thesolutiondeliversaconsistentuserexperiencefor professionals whether they are within a hospital or at a remote location. Using this solution, less time is spent reacting to regulatory compliance and security issues, and more time can be spent adding value to the healthcare institution/facility.
•Theleveragingofsite-awaredistributionmechanismsandthedeploymentofmultipledesktopinfrastructures,so end-users always have access to their desktops.
•Asimplifieddesktopenvironmentwithpre-integrated,validatedunitsofinfrastructureprovidingvirtualizedcompute,network,andstorageresources.Withvalidatedconfigurations,onecansignificantlyreducethetimespent on testing and development. Therefore, time to production is accelerated.
VCEbuildsintegrated,validatedinfrastructurecalledVblockplatforms,builtfrombest-in-classcomponentsforcompute,network,storage,andvirtualization,fromCisco,EMCandVMware(respectively).Theseplatformsallow for massive consolidation and rapid provisioning of compute, network, and storage resources on an on-demand basis.
Business Challenge
The challenges related to traditional desktop deployment and day-to-day administration include lost laptops containingpatientdata,securitybreachesrelatedtovirusesorhackers,orsimplyensuringITresourcescanmaintaintherequiredservicelevelagreements(SLAs).Inadditiontothechallengesofoperationalmanagement,ITmustalsoconsiderimplicationsofbroadersystem-wideissuessuchascompliance,corporategovernance, and business continuity strategies.
Technology Solution
Enterprisesareturningtovirtualdesktoptechnologiestoaddresstheoperationalandstrategicissuesrelatedtotraditionaldesktopenvironmentsanddisasterrecovery/businesscontinuance(DR/BC).VMwareViewprovidesavirtualdesktopenvironmentthatissecure,costeffective,andeasytodeploy.VMwareViewalsohasthecapabilitytomeetthedemandingneedsofthedifferenttypesofuserprofileswhetherontheLANorontheWAN/MAN.CombiningVMware,CiscoACE,andImprivataSOSwiththeVblockplatformensureshighlevelsofuserexperienceanddesktopavailability,whichinturnmeansacceptanceofthevirtualdesktopdeployment within organizations.
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 1 1
About VMware View 4.6 Deliver rich, personalized virtual desktops as a managed service from a virtualization platform built to deliver theentiredesktop,includingtheoperatingsystem,applications,anddata.WithVMwareView4.6,desktopadministrators virtualize the operating system, applications, and user data to deliver modern desktops to end-users. Get centralized automated management of these components for increased control and cost savings. Improvebusinessagilitywhileprovidingaflexiblehighperformancedesktopexperienceforend-users,acrossavariety of network conditions.
VMware View 4.6 Architecture
Using VMware View’s virtual desktop infrastructure technologies, which include VMware View Manager’s administrative interface, desktops can be quickly and easily provisioned using templates. The technology permits rapid creation of virtual desktop images from one master image, enabling administrative policies to be set,andpatchesandupdatesappliedtovirtualdesktopsinminutes,withoutaffectingusersettings,data,orpreferences.
The VMware View 4.6 key components are:
View Connection Server:ActsasabrokerforViewclientconnections.ItauthenticatestheusersthroughtheActive Directory and then directs that request to the virtual desktop.
View Client: ClientsoftwareforaccessingthevirtualdesktopfromaWindowsPC,aMacPC,oratablet.TheadministratorcanconfiguretheclienttoallowuserstoselectadisplayprotocolsuchasPCoIPorRDP.
View Agent:Enablesdiscoveryofthevirtualmachineusedasthetemplateforvirtualdesktopcreation.Additionally, the agent communicates with the View client to provide features such as access to local USB devices, printing, and monitoring connections.
VMware View Manager: An enterprise-class desktop management solution that streamlines the management, provisioning, and deployment of virtual desktops. The View Manager is installed at the same time as the connectionserver,andallowstheusertoadministertheViewConnectionServer.ForthisRA,fourViewConnection Servers were deployed in each site to illustrate the internal load balancing.
Centralized Virtual Desktops: A method of managing virtual desktops that enables remote sites to access virtual desktops residing on server hardware in the datacenter.
VMware View Composer:AnoptionaltoolthatusesVMwareLinkedClonetechnologyemployingamasterimage to rapidly create desktop images that share virtual disks. This conserves disk space and streamlines management.
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 1 2
The following figure illustrates the VMware View physical architecture.
Figure 1: VMware View Physical Architecture
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 1 3
About Imprivata OneSign Authentication Management ImprivataOneSignAuthenticationManagementprovidesNoClickAccess™foruserauthentication,permittinguserstoaccessallworkstationsandapplicationstheyareauthorizedtouse.Password-relatedcallstotheIThelpdeskarevirtuallyeliminatedbycentrallymanagingeachuser’scompletecollectionofapplicationpasswordsandextendingseamlessandconvenientsinglesign-ontoanyenterpriseapplication.
•DeploysquicklywithoutinterferingwithexistingITinfrastructure.
All-in-one, appliance-based solution allows you to deploy in days, not months. OneSign enables you to leverage yourexistingLDAPuserdirectorywithoutrequiringmodificationstothedirectory.
•Built-insupportformultiplestrongauthenticationoptions.
Out-of-the-boxsupportisavailableforawidevarietyofstrongauthenticationmethodsincludingfingerbiometrics,proximitycards,smartcards,one-time-passwordtokensandquestionandanswer.StrongauthenticationtothedesktoporapplicationiscomplementedbyOneSignSecureWalk-Away,whichautomatically secures unattended computers from unauthorized access.
•Reducespassword-relatedhelpdeskcalls.
OneSignenablestheITstafftorapidlyenableanyapplicationforsinglesign-onwithouttheneedforscriptingor changing the end user’s workflow. Manages password changes within applications and enforces application passwordstrengthpolicies.PolicyoptionsallowenduserstodoSelf-ServicePasswordResetandlookuptheirapplication credentials.
•Streamlinesaccessworkflowsforbothlocalandremoteapplicationsanddesktops.
OneSignAuthenticationManagementoffersvariousworkflowsolutionsforsharedworkstationsincludingfastuserswitchingbetweenmultiple,concurrentWindowsdesktops,andsecurefastuserswitchingontopofagenericWindowsdesktops.
• Improvescomplianceandreportingefficiencywithdetailedvisibilityintouseraccessactivities.
OneSign records all application access events in a centralized database and can track activity down to the application screen level. At the push of a button, administrators can run any number of reports that can identify users sharing passwords to mapping what applications users have access to and what credentials they are using.
VMware View supports direct single sign-on from a local endpoint to a virtual desktop and bypasses the two logonpromptsforatypicalWindowssign-onexperience.VMwareViewworkswithleadingSSOproducts.
Fault tolerance/disaster recovery/site failover:Forfaulttolerancewithinasitethathasmultipleappliances,OneSign can accommodate a failure of one appliance with no interruption or degradation of service. Additional appliances at the site can provide higher levels of availability.
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 1 4
Ifanappliancefails(belowleft),otherappliancesinthesitetaketheload(belowright).
Figure 2: Imprivata Multi-Site Architecture
AppliancesinmultiplesitescanprovidefaulttolerancebyservingasbackupstooneanotheroveraWAN.Userenrollments,policies,andSSOdataareconstantlysynchronizedamongsites.Ifallappliancesinasiteare inaccessible, OneSign Agents can communicate with appliances in other sites and the switchover occurs automatically.Ifanentiresiteisdown,appliancesatanothersitecanserveagents.
Primary and secondary failover sites: ForeachsiteinyourOneSignenterprise,youcandesignateaprimaryandasecondaryfailoversite.GototheSitestabunderPropertiesanddrilldowntoaspecificsitetosetanassignment. You do not need to specify failover rules at an appliance level. OneSign Agents automatically fail over to appliances within the same site first and only then will fail over to an appliance within the failover sitesspecified.Usersarealwayschallengedwhenfailingovertoanapplianceinanothersite(becauseanewOneSignsessionmustbeestablished).
Agent determination of a home site:EachAgentdeterminesitshomesitebasedontheworkstation’sIPconfiguration.AccordingtotheOneSignenterprisetopology,eachactivesitehasalistofIPaddressrangesfor subnets belonging to this site. The initial attempt to determine the Agent’s home site involves matching theworkstationIPaddressagainstanyrangeinanysite.Ifarangeisfound,thenthesiteowningthisrangeisconsidered to be the home site for the Agent.
IncasethisdirectIPmatchingfails,theAgentanalyzestheroutingtableontheworkstation.TheroutelookupinvolvestryingtofindaroutethatcoversanyIPrangeforanysite.RoutelookuphelpstodeterminelocationforaVPNclientoutsidethecorporatenetworkwhendirectIPaddressmatchingdoesnotwork.
IPrangesarenotmeantforrestrictingaccess.Instead,theyhelpdeterminethepreferredsitetouse.Withthisinmind,inmostcorporateenvironmentsthereexistsanon-defaultroutetothecorporatenetwork.Therefore,forseveralsiteswithrestrictiveIPrangeswithinthecorporatenetworksub-net,thefirstonewillbechosenthrough the route rules.
Agent failover: Once all servers in the home site become unavailable, Agents will switch to using a failover site (ifspecified).Afterafailoveriscompleted,theOneSignsessionwillpreservetheconnectiontotheappliancein the failover site for the duration of the session lifetime. Once appliances in the home site become available again, new sessions authenticated on computers that belong to this site will start connecting back to the home site. However, active sessions do not automatically switch back. To force Agents to fail back to the active session, users must lock and unlock their OneSign session or log out and log back in.
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 1 5
Application SSO Configuration
TherearethreekeycomponentstotheImprivataarchitecture:
• TheOneSignAppliances,whichhosttheOneSignmanagementsystem,storedata,providepolicyatboththeuserandmachinelevel,fulfillnetworkauthenticationrequests,andenableEnterpriseSingleSign-On.
• TheOneSignAgents,whichresideonclient-sideworkstationstomanageuseraccessanduploaduseractivitydata to the Appliances.
•TheOneSignUI,whichisaweb-basedinterfaceformanagingOneSignandtheAppliancesintheenterprise.
ThisdistributedAlwaysOnPointofCaredesign:
•Providesscalabilityandperformance:Supporthundredsofthousandsofusersbyaddingappliancesasneeded. Maintain authentication time by load sharing across appliances.
•Enablesuserroamingacrosssites:Shareandmaintainenrollments,policies,andSSOservices.Manageusers,computers, and policies centrally.
• Increasesup-timewithlocalandremotefaulttolerance:FailoveracrossLAN/WANtoappliance(s)inthesameor another site.
•AllowsOneSignappliancestobeplacedinmultiplelocations:ThelicenseusedinthedesignisOneSignEnterprisewithaclusteroffouractiveappliancesovertwositesthatcanbeconnectedoverLANand/orWAN.TheOneSigndatabaseisreplicated&synchronizedandOneSignagentscanfailoveracrosstheWAN.
Figure 3: AlwaysOn Distributed Architecture
The workload simulation performs knowledge worker desktop performance with 400 concurrent users accessingthesystems.Theconfigurationissetashot-standbyDRandnoactionisrequiredbytheend-user.After the failover event, users can retrieve a new stateless desktop instantly and continue a desktop and application workload.
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 1 6
Vblock™ Infrastructure Platform
Figure 4: Vblock Infrastructure Platform
ThebuildingblocksofaVblockInfrastructurePlatformcomprisecoretechnologiesthattogetherprovidetemplate-based virtualization. Using template-based virtualization to allocate and provision resources, an enterprise can:
•Reduceperformancebottlenecksandconfigurationerrorsthroughautomationofresource configuration tasks.
•Enabletherapiddeploymentofresourcesusingatemplate,therebyreducingoperationalexpensesandcosts.
Management Solution
EMCIonixUnifiedInfrastructureManager/ProvisionCenter(UIM/PC)providessimplifiedmanagementforVblockInfrastructurePlatformsbycombiningprovisioningaswellasconfiguration,change,andcompliancemanagement.
Figure 5: Vblock Management
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 1 7
Key Features
•ManageVblockInfrastructurePlatformsasasingleentity.
• Integratewithenterprisemanagementplatforms.
•ConsolidateviewsintoallVblockInfrastructurePlatforminfrastructurecomponents,includingcompute,network, and storage.
•Achievesystem-widecompliancethroughpolicy-basedmanagement.
•Easilydeployhardwareandsoftware,ESXiandinfrastructureprovisioning,anddisasterrecoveryinfrastructure.
WithEMCIonixUIM/PC,youcancombinemanagementoftheindividualcomponentsinVblockInfrastructurePlatformsintoasingleentitytoreduceoperationalcostsandeasethetransitionfromphysicaltovirtualtoprivate cloud infrastructure. Centralizing provisioning, change control, and compliance management across VblockInfrastructurePlatformsreducesoperatingcosts,ensuresconsistency,improvesoperationalefficiency,andspeedsdeploymentofnewservices.WithEMCIonixUIMtakingcareofyourVblockInfrastructurePlatform,you can more easily make the management transition from physical to virtual to private cloud infrastructure.
Comparedtobuildingandintegratingpiecesindividually,theadvantagesprovidedbyUIM’sintegratedmanagement solution become obvious. Although some tools integrate basic health and performance data from the compute, network, and storage domains, the operationally critical areas of configuration, change, and compliance management remain separate for the most part. This type of disjointed, distributed management can result in:
•Higherongoingoperationalcostsandreducedongoingoperationalefficiency.
• Slowerservicedeployments.
• InconsistentmanagementacrossVblockInfrastructurePlatforms.
• Inabilitytoautomaticallyensureconfigurationsforaccuracyandcompliance.
• Inabilitytosimultaneouslyandeasilyrestoremultipleelementstoacompliantstate.
• LessoverallflexibilityinsupportingtheITneedsofthebusiness.
Virtualization Operating System
VMware’svSphere4.1providesthecloudoperatingsystem.TheVblockInfrastructurePlatformconvergedinfrastructureadoptstheESXiHypervisorArchitecture.ESXihasanultra-thinfootprintandsetsanewbarforsecurityandreliability.Withnewmemorymanagementandexpandedresourcepoolingcapabilities,VMwarevSphere 4.1 accelerates the evolution of datacenters and service providers into cloud computing environments.
Compute and Network Solution and Components
Cisco’sUnifiedComputingSystem(UCS)isthebackboneofthevirtualinfrastructure,providingadatacenterarchitecture for an administrator that is easy to use and manage. The platform, optimized for virtual environments, is designed with open industry standard technologies and aims to reduce TCO and increase businessagility.Thesystemintegratesalow-latency,lossless10GigabitEthernetunifiednetworkfabricwithenterprise-class,x86-architectureservers.Thesystemisanintegrated,scalable,multi-chassisplatforminwhichallresourcesparticipateinaunifiedmanagementdomain.AsofthewritingofthisRA,VblockInfrastructurePlatformssupporttheB200M2,B230M2,B250M2,andB440M1blades,withadditionalbladesbeingqualifiedovertime.TherightchoiceofbladeisdependentonCPUandmemoryrequirementsoftheapplicationshostedon the system.
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 1 8
Network Infrastructure and Design
Figure 6: Network Infrastructure
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 1 9
Storage Solution and ComponentsEMC’sCelerrastoragetechnologiesprovideadministratorswiththetoolstomanageandmaintaineachend-user’sdataandapplicationsinthevirtualdesktopinfrastructure.UsingtheEMCCelerraandahostofbest-of-breed software applications, administrators have a comprehensive set of solutions to maintain administrative andsecuritypolicies.UsersoftheEMCCelerrawillbenefitfromprovenfiveninesavailabilityandinnovativetechnologieslikeEnterpriseFlashDrives,FullyAutomatedStorageTiering(FAST),andVirtualProvisioning.
PowerPath/VE(virtualedition)isincludedforintelligentpathroutingandoptimizedloadbalancingacrossallVblockplatforms.EMCPowerPath/VEenablescustomerstoimproveperformanceandsimplify,standardize,and automate storage path management across the virtual environment.
Storage Infrastructure and Design
Figure 7: Storage Infrastructure
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 2 0
Application Delivery Control (ADC) and Network Load Balancing (NLB)
Cisco Application Control Engine (ACE)
Cisco®ApplicationControlEngine(ACE)istheindustry’sonlyvirtualizedload-balancingandApplicationDeliverySolution(ADC)designedtomeettherequirementsoftoday’sapplicationdelivery.CiscoACEisa state-of-the-art virtualized load balancer and an application delivery solution that includes server load balancing, content switching, server offloading, and application optimization.
Serverloadbalancing,theprimarycapabilityoftheCiscoACE,isamechanismfordistributingtrafficacrossmultipleservers,offeringhighapplicationavailabilityandserverresourceutilization.Flexibleapplicationtrafficmanagement,offloadingofCPU-intensivetaskssuchasSSLencryptionanddecryptionprocessing,andTCPsessionmanagementimproveserverefficiency.FromwithinVMwarevCenter,usingthefunctionsintegratedbythe plug-in, the user can:
•Deployvirtualmachinesasrealserversintoanexistingserverfarm.
•MonitorapplicationtrafficflowforvirtualmachinesthroughtheCiscoACE.
•SecurelyactivateandsuspendapplicationtrafficflowsthroughtheCiscoACEfortheassociatedrealservers.
Single-paneprovisioning,applicationtrafficmonitoring,andoperationsmanagementstreamlinethedeployment of services and the maintenance operations for applications and virtual machines. Organizations do not need to undertake a separate integration or management application development project to gain these functions.
Figure 8: Cisco ACE/ANM vCenter Integration
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 2 1
TheCiscoApplicationControlEngine(CiscoACE)providesahighlyavailableandscalabledatacentersolutionfromwhichtheVMwareViewenvironmentcanbenefit.TheCiscoACEisavailableasanapplianceorintegratedservicesmoduleintheCiscoCatalyst6500platform.UsingIPaddresspolices(orotheridentifiers),asingleViewConnectionFQDNcanbeconfiguredtointelligentlydistributerequestsforvirtualdesktopstothemultipleVMwareViewenvironmentsand,ifdesired,tooffloadtheSSLencryptiontoensurebetterutilizationofView Connection Server resources.
TheCiscoACEfeaturesandbenefitsincludethefollowing:
•Devicepartitioning(upto250virtualCiscoACEcontexts).
• Load-balancingservices(upto16Gbpsofthroughputcapacityand325,000Layer-4connectionspersecond).
•Centralized,role-basedmanagementthroughApplicationNetworkManager(ANM)GUIorCLI.
• SSLoffload(upto15,000SSLsessionspersecondthroughlicensing).
• Supportforredundantconfigurations(intra-chassis,inter-chassis,andinter-context).
CiscoApplicationNetworkingManager(ANM)SoftwareispartoftheCiscoApplicationControlEngine(ACE)productfamily.Itisacriticalcomponentofanydatacenterorcloudcomputingarchitecturethatrequirescentralized configuration, operation, and monitoring of Cisco datacenter networking equipment and services. CiscoANMprovidesthismanagementcapabilityforCiscoACEdevices.
CiscoANM4.1integratesintoVMwarevCenter,allowingaccesstoCiscoANMtoadd,delete,activate,andsuspendtrafficandchangeload-balancingweightsforserversbenefitingfromCiscoACEload-balancingservices.Additionally,userscanalsoaccessANM’srealservermonitoringgraphs,greatlyenhancingusers’ knowledge of the true operations of their applications in real time. To speed implementation, server administratorscannowuseCiscoANMdiscoverytoolstoautomateimportationandmappingofvirtualmachinestoexistingCiscoACErealserversasshownbelow.
Figure 9: Cisco ACE vCenter Plug-in
CiscoACEoptimizesoverallapplicationavailability,security,andperformancebydeliveringapplicationswitching and load balancing. Below is the configuration used for this reference architecture:
crypto csr-params ACE country US state GA common-name desktops.rtp.vce.com
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 2 2
access-list VDI line 8 extended permit tcp any any eq www access-list VDI line 16 extended permit icmp any any access-list VDI line 24 extended permit tcp any any eq https
probe icmp PING interval 3 faildetect 1 passdetect interval 5 passdetect count 1
rserver host ProxyA-1 ip address 10.1.56.49 inservicerserver host ProxyA-2 ip address 10.1.56.54 inservicerserver host ProxyB-1 ip address 10.1.68.49 inservicerserver host ProxyB-2 ip address 10.1.68.54 inservicerserver redirect REDIRECT-TO-HTTPS webhost-redirection https://%h%p 301 inservice
serverfarm host HAproxyFarm-A probe PING rserver ProxyA-1 80 inservice rserver ProxyA-2 80 inserviceserverfarm host HAproxyFarm-B probe PING rserver ProxyB-1 80 inservice rserver ProxyB-2 80 inserviceserverfarm redirect REDIRECT-HAproxyFARM rserver REDIRECT-TO-HTTPS inservice
parameter-map type ssl vDesktop_SSL_Parameter_Map authentication-failure ignore
sticky ip-netmask 255.255.255.255 address source HAproxyFARM-A-STICKY timeout 5 replicate sticky serverfarm HAproxyFarm-A backup HAproxyFarm-Bsticky ip-netmask 255.255.255.255 address source HAproxyFARM-B-STICKY timeout 5
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 2 3
replicate sticky serverfarm HAproxyFarm-B backup HAproxyFarm-A
ssl-proxy service Desktops-SSL key desktops.rtp.vce.com cert newdesktops.cerssl-proxy service SSL_SERVICEssl-proxy service proxy-1 key key.pem cert cert.pemssl-proxy service vDesktop_SSL_Proxy key desktops.rtp.vce.com cert newdesktops.cer ssl advanced-options vDesktop_SSL_Parameter_Map
class-map match-all HTTP-VIP 2 match virtual-address 10.1.54.16 tcp eq wwwclass-map match-all HTTPS-VIP 2 match virtual-address 10.1.54.16 tcp eq httpsclass-map type http loadbalance match-any SiteA-Subnet 2 match source-address 10.1.80.0 255.255.255.0 3 match source-address 10.1.81.0 255.255.255.0 4 match source-address 10.1.82.0 255.255.255.0 5 match source-address 10.0.1.0 255.255.255.0class-map type http loadbalance match-any SiteB-Subnet 2 match source-address 10.1.83.0 255.255.255.0 3 match source-address 10.1.84.0 255.255.255.0 4 match source-address 10.1.85.0 255.255.255.0 5 match source-address 10.1.55.0 255.255.255.0 6 match source-address 10.223.252.128 255.255.255.128
policy-map type loadbalance first-match HAproxy-VIP-LB-POLICY class SiteA-Subnet sticky-serverfarm HAproxyFARM-A-STICKY class SiteB-Subnet sticky-serverfarm HAproxyFARM-B-STICKY class class-default sticky-serverfarm HAproxyFARM-A-STICKYpolicy-map type loadbalance first-match HTTP-VIP-l7slb class class-default serverfarm REDIRECT-HAproxyFARMpolicy-map type loadbalance first-match HTTPS-VIP-l7slb class SiteA-Subnet sticky-serverfarm HAproxyFARM-A-STICKY class SiteB-Subnet sticky-serverfarm HAproxyFARM-B-STICKY class class-default sticky-serverfarm HAproxyFARM-A-STICKYpolicy-map type loadbalance first-match REDIRECT-POLICY class class-default serverfarm REDIRECT-HAproxyFARMpolicy-map type loadbalance first-match VIP-VDI-l7slb
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 2 4
class SiteA-Subnet sticky-serverfarm HAproxyFARM-A-STICKY class SiteB-Subnet sticky-serverfarm HAproxyFARM-B-STICKY class class-default sticky-serverfarm HAproxyFARM-A-STICKY
interface vlan 314 ip address 10.1.54.14 255.255.255.0 peer ip address 10.1.54.13 255.255.255.0 access-group input VDI nat-pool 1 10.1.54.15 10.1.54.15 netmask 255.255.255.255 pat service-policy input VDI-LB no shutdown
ip route 0.0.0.0 0.0.0.0 10.1.54.1
snmp-server contact “ACE”snmp-server location “RTP”snmp-server community public group Network-Monitor
snmp-server host 10.0.1.45 traps version 2c public
snmp-server enable traps slb vserversnmp-server enable traps slb realsnmp-server trap link ietf
HAProxy
HAProxyisafree,veryfastandreliablesolutionofferinghighavailability,loadbalancing,andproxyingforTCPandHTTP-basedapplications.ItisparticularlysuitedforwebsitescrawlingunderveryhighloadswhileneedingpersistenceorLayer7processing.Supportingtensofthousandsofconnectionsisclearlyrealisticwithtoday’shardware.Itsmodeofoperationmakesitsintegrationintoexistingarchitecturesveryeasyandriskless,whilestillmakingitpossibletoavoidexposingfragilewebserverstotheInternet,suchasbelow:
Figure 10: HAProxy Design
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 2 5
HAProxyimplementsanevent-driven,single-processmodelthatenablessupportforaveryhighnumberofsimultaneous connections at very high speeds. Multi-process or multi-threaded models can rarely cope with thousands of connections because of memory limits, system scheduler limits, and lock contention everywhere. Event-drivenmodelsdonothavetheseproblemsbecauseimplementingallthetasksinuser-spaceallowsafiner resource and time management. The down side is that those programs generally don’t scale well on multi-processorsystems.That’sthereasonwhytheymustbeoptimizedtogetthemostworkdonefromeveryCPUcycle.
TheHAProxycanbedownloadedfromhttp://haproxy.1wt.eu/ and is known to reliably run on the following OS/Platforms:
Linux2.4onx86,x86_64,Alpha,SPARC,MIPS,PARISC
Linux2.6onx86,x86_64,ARM(ixp425),PPC64
Solaris8/9onUltraSPARC2and3
Solaris10onOpteronandUltraSPARC
FreeBSD4.10-6.2onx86
OpenBSD3.1to-currentoni386,amd64,macppc,alpha,sparc64andVAX(checktheports)
OncetheLinuxVMwasimplementedandtheHAProxyinstalled,the/etc/haproxy/haproxy.cfgfilewasmodifiedtosupportbasicHTTP(80)loadbalancingacrossthefour(4)ViewConnectionServersineachsite.
global log 127.0.0.1 local0 log 127.0.0.1 local1 notice user haproxy group haproxy maxconn 4096 daemondefaults applications HTTP log global mode http balance roundrobin option dontlognull option redispatch contimeout 10000 clitimeout 300000 srvtimeout 300000 maxconn 60000 retries 3listen http 10.1.68.49:80 cookie SERVERID insert nocache indirect server vgangabvmvcs01 vgangabvmvcs01.rtp.vce.com:80 cookie sa1 check server vgangabvmvcs2 vgangabvmvcs2.rtp.vce.com:80 cookie sa2 check server vgangabvmvcs3 vgangabvmvcs3.rtp.vce.com:80 cookie sa3 check server vgangabvmvcs4 vgangabvmvcs4.rtp.vce.com:80 cookie sa4 checklisten stats bind 10.1.68.49:8888 stats uri /
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 2 6
Thelastcomponentoftheconfigurationabove(listenstats)enablesaweb-basedGUIthatillustratesthecurrent status of the load balanced hosts as shown below:
Figure 11: HAProxy Statistics Report
AlwaysOn Desktop Design Approach Individuallaptopsanddesktopsaremanagedasstandaloneentitiesresidingoutsideofthedatacenterenvironment and are not always subject to an organization’s information security, backup and recovery, and applicationusagepolicies.AsenterprisesandITorganizationsrequiremoresecure,highlyavailable,andefficientmeansformanagingcorporateresources,theneedtobringalloftheseresourcesunderthecontrolofacentralizeddatacentermanagedbyITbecomesparamount.VMwareView,CiscoACE,ImprivataSSOandVblocktechnologiesallofferthecapabilitiesforacentralizeddatacentermanagedbyIT.
ThisReferenceArchitecture(RA)hasbeendesignedasalowimpact,cost-effectiveapproachtobringalloftheseresourcesunderthecontrolofthedatacenterusingVMware,Cisco,EMC,andImprivatatechnologies,while providing a rich, single view of an end-user’s applications and data.
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 2 7
Architecture and Design of VMware View on VCE Vblock Platforms ThefollowingdiagramshowsthelogicaltopologyfortheAlwaysOnPointofCareReferenceArchitecture:
Figure 12: AlwaysOn Desktop Logical Diagram .
Compose/Recompose Best Practices TheViewdesktopplatformconsistsoftwoindependentViewimplementations,withoneateachsite.Ineachofthesesites,apoolofdesktopswillbecreatedfromthesamemasterimage.Whilethesepoolsareessentiallyseparate from each other, building them with the same naming conventions and using the same master image will give the end-user the perception that they are identical.
One site should be designated as the source for the master image that both sites will be using. Changes should not be made to the master image on the non-source site. This will allow the VM to be updated via storage replication.
Note:Changestothemastershouldbethoroughlytestedbeforedeployingtoeitherproductionpool.Considermaking a small test pool for beta users to ensure that any updates are fully functional.
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 2 8
Inbothsites,poolswithidenticalconfigurationoptionsshouldbecreatedusingthesamemasterimage.Generallytheseshouldbe“floating”poolsofdesktopsthatare“refreshed”orrolledbacktotheiroriginalstateaftereachuserlogsoff.Thispreventstheunnecessarybuildupoftemporaryfilesandpersonalinformationoneach desktop.
Whensizingthepools,takeintoaccountthemaximumsizeofthepoolduringfailover.Thepoolshouldhavethecapacitytohandle(orexpandtohandle)100%oftheusersineventofanemergency.Provisioningextradesktopsupfrontwillallowforfasterlogoninanemergency.Theunuseddesktopscanbeleftpoweredofftoconserveresources,buteachstep(includingapoweronoperation)thatneedstobeperformedatfailoveraddstimetotheuser’slogonexperience.
Tomaintaintheidenticalappearance,itisadvisabletobuildandprepthemasterimage,allow(orforce)ittoreplicate from the source to the non-source location before composing either location. Once the master image is in place at both sites, a typical compose or recompose operation can be performed.
Note: This is not a fully automated process. The administrator should perform the same task on the pool at bothsitesandsettheoptionsidenticallyasmuchaspossible.End-userscouldnoticeanydifferencesinnamingor configuration.
Ifdesktopavailabilityismorecriticalthanhavingthelatestversionoftheimage,administratorscansimplychangethe“DefaultImageforNewDesktops”onthepoolandsettherecomposetooccuronuserlogoff.This will gradually replace the older images with the newer updated version as desktops become available for maintenance.
Ifhavingaspecificversionofthedesktopimageisahigherpriorityandadowntimewindowisestablished,theentirerecomposeofapoolcanbecompletedbyforcinguserstologoff.Thiswilltakelesstimetocompleteandwill keep the pools in a more consistent state, but will prevent use of the pools during the operation.
Forenvironmentswithmorethanonepoolormorethanonemasterimage,theprocessisthesameonapool-by-pool basis:
•DesignateaSourcesiteforthemasterimage,anddonotmodifythatimageonanyothersite.
•MakesurethatthemasterimagevirtualmachineisbeingreplicatedeffectivelyfromtheSourcetotheNon-Source site.
•AnyactionthatisperformedonthepoolattheSourcelocationshouldalsobeperformedattheNon-Sourcesite.Thisincludespoolcreation,userentitlement,recomposeoperations,applicationentitlement(whereused),andothergeneralmodificationofpoolsettings.
Notallpoolsneedtobeprotected.Ifyouhavepoolsthatdonotperformcriticalfunctions,chooseasiteforthatpoolanddonotperformthereplicationorpoolcreationstepsontheothersite.Ifthatsitebecomesunavailable, so will the desktops associated with it.
Note:Ifapoolisonlygoingtoexistinonesite,usersofthatpoolwillneedtobedirectedtothatsitebythetop-level load balancers.
Choosing some pools for protection and leaving other non-critical pools out of the process could substantially reduce the overall hardware costs.
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 2 9
Client Access DevicesVMware View supports client/endpoint devices for accessing virtual desktop deployment including:
Zero Client
TeradiciPCoIPPortalProcessor
OperatingSystemIndependent
Support for graphic intensive applications including 3D graphics, CAD, video animation and more
Secure and risk-free from viruses
Multi-monitor support
Support for VMware View
Thin Client
OperatingsystemscanbeWindowsEmbeddedStandard,WindowsXPe,CE,Linux,orproprietarydistribution
Multi-monitor support
Support for VMware View
Secure lockdown, but endpoint security protection is required
Inaddition,VMwareViewClientalsorunsontheAppleiPadtabletandtraditionalnotebookcomputersfordesktop mobility access.
ForthefullaccesstotheVMwareViewHCL, visit: http://www.vmware.com/resources/compatibility/search.php?deviceCategory=vdm
Solution Validation
VCE Vblock Platform Configuration Details
ThissectionprovidestheVblockPlatformconfigurationdetails:
Hardware
Cisco
Nexus5010and5020Switches(SiteAused5010s,andSiteBused5020s)
UnifiedComputingSystemwith(persite):
Two(1)B200M2SeriesBladeswith3.33GHzIntelXeon6coreCPU,96GBRAM (using12,8GB1067MHzDIMMs)
Two(2)B250M2SeriesBladeswith3.33GHzIntelXeon6coreCPU,192GBRAM (using48,4GB1067MHzDIMMs)
One(1)B440M1SeriesBladeswith2.266GHzIntelXeon8coreCPU,128GBRAM (using32,4GB1067MHzDIMMs)
EMC
One(1)CelerraNS960Storagearray(persite)
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 3 0
Software
Cisco
NX-OS5.0(2)N2(1)on5010
NX-OS4.2(1)N2(1)on5020
UCSManager1.3(1p)
EMC
CelerraDART6.0.40-5
CLARiiONFLARE4.30.00.5.512
PowerPath/VE5.4SP2(build298)
IonixUnifiedInfrastructureManager(UIM)2.1.0.0.543
Unisphere Management Console 1.0.0.14
VirtualStorageIntegrator(VSI)forVMwarevSphere4.0.1.67
VMware
vSphereESXi4.1–Patch1(320092)
vCenterServer4.1–Update1(345043)
vCenter Update Manager 4.1
View4.6(366101)
ViewAgent(4.6.0-366101)withVMwareSVGA3DDriver(7.14.1.49)
Other
RequiredinadditiontotheabovecomponentsisanenvironmentwithActiveDirectory,CA,DFSwithreplicationenabled,DNS,DHCP,andMicrosoftExchange2010.
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 3 1
Additional Components Configuration Details This section provides the additional components configuration details that are not validated on a Vblock Platformconfiguration:
Hardware
Cisco
ACE4710Appliances(sharedbybothsites)
Catalyst3750switches(sharedbybothsites)
Catalyst6506switch(sharedbybothsites)
MDS9506(bothsitessharedtheMDSinfrastructure)
Nexus7010Switches(sharedbybothsites)
Wyse
Z90Terminals
Software
Cisco
ApplicationNetworkingManager(ANM)4.2(0)
ACEOSA4(2.1)
ACE/ANMvCenterPlug-in1.0.1
IOS12.2(55)SE1on3750s
IOS12.2(33)SXI5on6506
NX-OS4.2(5)on9506
NX-OS5.1(2)on7010s
Other
HAProxy1.4.10
ImprivataOneSignSSO4.5-27(virtualappliance)
VitalImagesVitreaCore6.0Update02
VMwareReferenceArchitectureWorkloadSimulator(RAWC)1.2.0.0
WindowsXPeSP3onWyseTerminals
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 3 2
Unified Computing System Configuration FollowingaretheconfigurationdetailsoftheCiscoUnifiedComputeSystemthatwasimplementedpriortoleveragingtheEMCIonixUnifiedInfrastructureManager(UIM)toprovisiontheVMwareESXihosts.
Assumptions:UIMhasbeenpre-configuredontheVblockplatformaccordingtotheinstallationguide.
LAN Configuration
VLANs
ThefollowingfigureshowsthelistofVLANsconfiguredineachVblockPlatformandusablebyUIM.ThedVLAN##VLANsareusedfortheViewdesktopsthemselves.
Figure 13: Site A VLANs
Figure 14: Site B VLANs
MACPools
VerifythattheMACpoolisdefinedinUIM.
Figure 15: UIM MAC Pools
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 3 3
NetworkDiagram
Figure 16: AlwaysOn Desktop Network Diagram
SAN Configuration (VCE)
VSANs
ThefollowingfigureshowsthelistofVSANsconfiguredineachVblockPlatformandusablebyUIM.
Figure 17: Site A & B VSANs
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 3 4
WWNPools
VerifythattheWWNpoolisdefinedinUIM.
Figure 18: UIM WWN Pool
Storage Connectivity Diagram
Figure 19: AlwaysOn Desktop Storage Diagram
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 3 5
Storage Array (EMC Celerra NS960) Configuration
TheCelerraNS960storagesystemintheVblockPlatformswasusedfortestingthevirtualdesktopdeployment.TheESXclusters,whichcontainedhostsfromtwochassis,weremappedtofourfront-endportsoftheCLARiiONportionoftheCelerra.Allthevirtualdesktopfiles(i.e.,vmdks,vmx,logs,etc.)werelaidoutonFibreChannel(FC)disksatthearrayback-end,excepttheVMswapfile,whichwaslaidoutonSATAdisksatthearrayback-end.BelowisanillustrationoftheESXiVirtualMachineSwapfileLocationconfiguration.
Figure 20: ESXi Host Swapfile Location
Additionally,theESXiclusterSwapfileLocationpropertyneedstobemodified:
Figure 21: vCenter Cluster Swapfile Location
CLARiiON Pools, RAID Groups and LUNs
Asinglepoolnamed“Pool0-AlwaysOnPointofCare”wascreatedusingfifty(50)FC15KRPM450GBdrivesinaRAID5configurationwithFASTCacheandenabledusingfour(4)200GBEFDs.
Figure 22: EMC FAST Cache Configuration
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 3 6
The pool was used for storing the View linked clones and replicas of the user desktops. The details of the storage pool are shown below.
Figure 23: Storage Pool Configuration
RAIDGroupsnamed“RAIDGroup1”(RG1)and“RAIDGroup2”(RG2)werecreated.RG1usesfour(4)FC15KRPM450GBdrivesina3+1RAID5andRG2useseight(8)SATA7.2KRPM2TSBdrivesina6+2RAID6configurations.
Figure 24: RAID Group Configuration
LUNsfromRG1hadFASTCacheenabledandwereusedtostorethe15GBbootLUNsfortheESXihostsandseveral250GBinfrastructureLUNsforgeneralusebytheenvironment.LUNsfromRG2didnothaveFASTCache enable and were used to store the virtual desktop VM swap files.
Figure 25: Storage Group Configuration
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 3 7
Celerra File Systems and NFS Exports
Asinglefilesystemsupportedbyfive(5)FC15K450GBdrivesinaRAID54+1configurationwasexportedviaNFSandusedtostorethegoldendesktopimages.Asynchronous,cross-sitereplicationwasconfiguredtocopyeach site’s golden desktop image to the other site for safekeeping.
Figure 26: EMC Replicator Configuration
Microsoft Distributed File System
DistributedFileSystem(DFS)isasetofclientandserverservicesthatallowsanorganizationusingMicrosoftWindowsserverstoorganizemanydistributedSMBfilesharesintoadistributedfilesystem.DFSprovideslocation transparency and redundancy to improve data availability in the face of failure or heavy load by allowingsharesinmultipledifferentlocationstobelogicallygroupedunderonefolderorDFSroot.
DFShastwomajorlogicalcomponents.First,DFSnamespacesprovideanabstractionlayerforSMBnetworkfileshares,allowingonelogicalnetworkpathtobeservedbymultiplephysicalfileservers.Second,DFSsupportsthereplicationofdatabetweentheserversusingDFSReplication(DFSR).ForthisRA,adomain-basedDFSnamespacewasusedtostoreuserdataandDFSRwasusedtocross-sitereplicatethefilestoensureuser access during a site outage.
Adomain-basedDFSnamespacestorestheDFSconfigurationwithinActiveDirectory.TheDFSnamespaceroot is accessible at \\domainname\<dfsroot> or \\fq.domain.name\<dfsroot>. The namespace roots do not havetoresideondomaincontrollers,theycanresideonmemberservers.Ifdomaincontrollersarenotusedasthe namespace root servers, then multiple member servers should be used to provide full fault tolerance.
Figure 27: Microsoft DFS Architecture
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 3 8
VMware Datastores
Below is a picture outlining the details from a vCenter perspective for Site A. Site B was configured in the same manner.
Figure 28: Datastore Configuration
Blade Provisioning and OS Installation (VCE)
UsingUIMDashboard,InfrastructureServiceCatalog,andfullyautomatedInfrastructureProvisioningCenter,asingleITadministratorcannowprovisioninfrastructureserviceswithjustafewclicks,allwhileensuringcompliancewithapprovedstandards.Infrastructureservicesaredeployedmuchfaster,withreducedcostsandsubstantiallyfewerpeople,allowingexpensive,cross-domainITteamstofocusonmorestrategicinitiatives.
Oncealltheresourcesarediscoveredandgraded,UIMallowsanadministratortocreateaserviceofferingasshowninthefigurebelow.Serviceofferingstemplatizeanddesignatethetypeandamountofresources.Administratorscanreuseserviceofferingstodeployadditionalresourcesastheneedarises.
Figure 29: UIM Service Offering
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 3 9
Oncetheserviceofferingiscreated,itisactivatedandplacedintheUIMServiceManagerforuseinprovisioningtheresources.FromtheServiceManager,serviceofferingsareprovisioned(resourcesallocatedandlockeddown)andactivated(OSinstalled)asillustratedbelow.
Figure 30: UIM Service Manager
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 4 0
VMware Virtual Infrastructure
VMware vSphere ESXi Servers
IneachVDIenvironment/site,therewerethree(3)ESXiserversimplementedtosupportthevirtualdesktopsandtwo(2)ESXiserversimplementedtosupportthevSphereandViewinfrastructures(seeSiteAandSiteBfiguresbelow).Additionally,two(2)ESXiserverswereimplementedtomanagetheRAWCtestharness,andtwo(2)ESXiserverswereleveraged(othernon-RAworkloadswerealsoonthesehosts)tosupporttheMicrosoftExchange2010andVitalImagesservers(seeSiteCfigurebelow).
Figure 31: Site C Workload Generation and Shared Applications
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 4 1
Figure 32: Site A Resources
Figure 33: Site B Resources
VMware vSphere Advanced Parameters
Nospecificadvancedparametersweretunedforthistesting.AlltheVAAIparameterswereleftturnedon by default.
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 4 2
Datastores
Eight(8)499GBdatastoresforstoringtheViewLinkedClonesandReplicaslabeled“Desktop_LUN_XX.”
One(1)99GBdatastorelabeled“SiteA_Gold”usedspecificallytostoregoldenimagesofvirtualdesktops,whicharereplicatedasynchronouslytoSiteB.AsimilardatastoreisconfiguredinSiteB(labeled“SiteB_Gold”)and is replicated asynchronously to Site A.
Three(3)1TBdatastoresforstoringtheVMswapfilesforeachvirtualdesktop.
Three(3)249GBdatastoresforstoringtherequiredinfrastructureVMs.
Figure 34: Site A Datastores
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 4 3
VMware View 4.6 Inthisenvironment,fourViewConnectionServerswereusedtoillustratelocalloadbalancing.(Note:Asingleconnectionservercouldhavehandledall400desktops.)ThefollowingfigureshowsvCenterServerIntegrationwithVMwareView4.6.ItalsoshowsthatVMwareComposerisenabled.
Figure 35: Site A vCenter/View Composer Settings
The following figure shows the View Connection Servers and related configuration information.
Figure 36: Site A View Connection Servers
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 4 4
EachViewConnectionServerconfigurationhadtobemodifiedtosupporttheuseofCiscoACESSLencryptionoffloading as shown below.
Figure 37: View Connection Server Configuration
Inaddition,theeventdatabasewasconfiguredtologalltheeventsoccurring.Thefollowingfigureshowstheconfiguration details.
Figure 38: View Event Database Configuration
Virtual Desktop Pools
Fortestingthevirtualdesktopenvironment,twoDesktoppoolswith200desktopsperpoolwerecreatedwithineachsite.Inproductionenvironments,poolsshouldbefurthersegregatedtoallowforflexiblemaintenance of desktops.
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 4 5
Storage Synchronization Configuration
Inadditiontoperiodicbackupsofthegoldendesktopimages,organizationsshouldconsiderreplicatingthemtoanothersite.EMCReplicatorcanenablethisreplicationasitprovidesefficient,asynchronousdatareplicationoverInternetProtocol(IP)networks.WithReplicator,youcancreatepoint-in-time,network-attachedstorage(NAS)filesystemcopiesandconsistentiSCSIlogicalunitnumber(LUN)copiesonlocalorremote sites.
Figure 39: VM Gold Image Replication Configuration
Scripted and/or manual procedures can be used to re-instantiate replicated golden desktop images, should the need arise.
Imprivata OneSignOneSignappliancescanbeimplementedasaphysical1Userverorvirtualappliance.ForthisRA,theOneSignappliancesweredeployedasvirtualappliancesusinganOVFprovidedbyImprivata.Toensurelocal(persite)andremote(acrosssite)availability,two(2)OneSignapplianceswereimplementedineachsite.
Figure 40: AlwaysOn Distributed Architecture
AftertheOVFsweredeployed,awizardguidedusthroughtheimplementation,whichincludedpairingtheappliances into local and remote clusters, as well as configuration of a replication process to keep all appliances in sync with one another. Once the configuration tasks were completed, we connected to the web-based GUItolicensetheproduct(peruser),configureProximityCardsettings,integratewithActiveDirectory,andcreatepolicesthathandledtheOne-Touchloginbehavior.BelowisanexampleofaComputerPolicythatautomaticallylaunchestheViewClientandconnectsittoaViewConnectionServerathttps://10.1.54.16.(Thisis
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 4 6
actuallyavirtualIP(VIP)ontheCiscoACEappliance;FQDNorIPaddresseswillwork.Weusedbothin ourtesting.)
Figure 41: Imprivata View Configuration
Additionally,UserPoliciescanbeconfiguredspecifictoauthentication,passwordself-service,offlineauthentication,andRADIUSintegration.BelowistheUserPolicyweusedforthisRA,whichenablespasswordandproximitycardauthentication:
Figure 42: Imprivata Authentication Configuration
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 4 7
Test Setup and Configurations
Test Harness
The Test Harness describes the environment, the choice of tools and equipment used for validation, and the proceduresusedfortheworkloadcharacterization.ForthisRA,thegoalwastoexploretheabilitytoreconnectausertoadesktopafteracompletesiteoutage(meaningallresourceswithinasinglesiteareunavailable).Tosimulatetheoutage,wedisabledthenorthboundEthernetuplinksononeofthesite’sCiscoUCS6100sasillustrated below:
Figure 43: Simulating an Outage
The primary objective of the test harnesses was to validate if an end-user would successfully obtain a desktop after a complete site outage event occurred. The results of these tests are considered subjective in nature, as theywere“witnessed.”
The first harness required a mechanism to generate load on two Vblock platforms simultaneously. The VMware ReferenceArchitectureWorkloadCode(RWAC)waschosenasthemechanismortooltobeused.Thesecondharnessrequiredtheuseofaproximitycardandmanual/humanintervention.Aproximitycard(orproxcard)isa generic name for contactless integrated circuit devices used for security access or payment systems.
TestHarness#1–UsingRAWCtogenerateloadduringsitefailure
TheRAWCworkloadrunsonaWindows7orXPguestoperatingsystemandisexecutedoneachdesktopvirtualmachineononeormoreESXihosts.TheRAWCworkloadhasasetoffunctionsthatperformsoperationsoncommondesktopapplicationsincludingMicrosoftOffice,AdobeReader,WindowsMediaPlayer,Java,and7-Zip.
The applications are called randomly and perform operations that mimic those of a typical desktop user, includingopen,save,close,minimizeandmaximizewindows,viewanhtmlpage,inserttext,insertrandomwords and numbers, conduct a slideshow, view a video, send and receive email, and compress files.
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 4 8
TheRAWCworkloadusesaconfigurationfilethatiscreatedviatheRAWCGUIandwritesapplicationopen/close times and any errors to log files in a shared network folder. Various test variables can be configured viatheRAWCGUI,includingastartdelayforcreatingbootstormsanddensity(delaybetweenapplicationoperations),applicationspeed,numberofemailscreatedandsent,andtypingspeed.FormoreinformationonRAWC,seetheWorkload Considerations for Virtual Desktop Reference Architectures by VMware.
BelowisascreenshotoftheRAWCworkloadconfigurationusedforthisSA.ThisworkloadrandomlyloadedMSWord,Excel,InternetExplorer,PowerPointandAdobeAcrobatforthree(3)iterations.
Figure 44: RAWC Workload Configuration
Thisharnessemployedtwo(2)VMwareViewdesktoppoolspersite.Onepoolwasforactivedesktopsandtheother was for stand-by desktops. All of the linked clones were created from the same parent virtual machine. Thisconfigurationresultedinseventy-five(75)virtualdesktopsperdatastore,wellwithinVMware’sbestpracticerecommendationof128vDesktopsperdatastore.
Commoninfrastructurecomponents,suchasActiveDirectory,DFS,DNS,DHCP,andVMwareViewConnectionservers,aswellasImprivataSSOappliancesdidnotsharethesamecomputeorstorageresourcesasthevirtualdesktops.AvSpherecluster(outsideoftheVblocks)consistingoftwo(2)ESXihostswasusedtohosttheRAWCworkloadgenerationtool,Exchange2010server,andVitalImagesservers.EachdesktopinfrastructureservicewasimplementedasavirtualmachinerunningWindows2008R2.
AlwaysOn Desktop Configuration
TheWindows7goldenvirtualdesktopimagewascreatedasfollows:
Windows7Enterprise,SP1(Build7601),32-bit
One(1)vCPU
1GBvRAM
VMXNET3Adapter
AdobeReader9.4
ImprivataOneSignAgent4.5.217.217
MicrosoftOfficeEnterprise2007
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 4 9
InternetExplorer8.0
VMwareDesktopRAWCWorkloadSimulator1.2.0
VMwareTools8.3.2.2658
VMware View Agent 4.6.0.366101
* http://www.vmware.com/resources/techresources/10157
Stateless Desktop Configuration
Automatedpoolsusingvirtualmachinesnapshotswereusedtogeneratethevirtualdesktops,andFloatingUserAssignmentwasconfiguredtorandomlypickdesktopsforuserseachtimetheylogin.ForthisRA,additionalpersonalizationofthedesktop(e.g.,theuseofpersonaorprofilemanagement)wasnotnecessary,andthestatelessnessofthevirtualdesktopwasachievedusingaMicrosoftActiveDirectoryGPOtoredirectMyDocumentstoaDFSshareviaaglobalnamespace.
Figure 45: Automated / Floating Desktop Pool
Active/Active Configuration
MultipleAutomated/Floating(AF)virtualdesktoppoolswerecreatedinSiteAforSiteAusersastheirprimarydesktop and in Site B for Site B users as their primary desktop, thereby creating an Active/Active configuration. Additionally,multiplestandbyAFvirtualdesktoppoolswerecreatedineachsitetodeliverAlwaysOndesktops.
Figure 46: Site A - Pool Configuration
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 5 0
Figure 47: Site B- Pool Configuration
Test Harness #2 – Using a Proximity Card (Manual)
ThesecondtestharnesswasperformedmanuallyusingaproximitycardreaderattachedtoaWyseZ90terminal.Additionally,wetestedtheeffectsofdistancelatencybyacquiringavirtualdesktopoverawide-areanetwork.ACiscoVPNclientwasusedtoaccesstheRAresources.(ViewSecurityServerscouldalsohavebeenused.)CiscoACEwasconfiguredtosendallconnectionsfromtheVPN’sDHCPIPrange(assignedtoWyseterminal)toSiteBtoobtaintheirprimaryvirtualdesktop.ThesamegoldenimageanddesktoppoolconfigurationusedforHarness#1wasreusedforthisharness.
Validation Results
The most critical metric for this virtual desktop validation is the amount of time it took to obtain a new desktop afterasimulatedoutageoccurred.Inthisenvelopetesting,thesystemwasoptimizedsuchthatobtaininganewdesktopaftersitefailureoccurredwithin30seconds.Themajorityofthisdelay(~20seconds)wasspentwaiting for the View Client to give up trying to connect to the previous View Connection server.
Outsidethescopeofthiseffortisanextremelyimportantmetricforvirtualdesktopvalidation:theend-userapplication response time. Careful design considerations should be given to ensure the end-user response time foranyapplicationactivityislessthanthree(3)seconds.ResponsetimemetricswerecollectedduringtheRAWCharnesstestingtoillustrateloadontheenvironmentduringfailover.Theseresultsaredisplayedbelow.
Test Harness #1 – Validation
PriortostartingtheRAWCworkloadgeneration,screenshotsfromwithinViewManagerwerecapturedtoillustrate the number of current sessions and available desktops.
Figure 48: Site A Pre-Test Status
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 5 1
Figure 49: Site B Pre-Test Status
TheRAWCworkloadgenerationhasstartedandtheCiscoACEisprocessingtherequestsfordesktopsbydistributingtheloadacrossthetwo(2)HAProxieswithineachsite,basedonthesourceIPoftheRAWClauncher.
Figure 50: Cisco ACE Real Time Statistics for server farm
Mid-way through the test, the screenshots from within View Manager are captured to illustrate the number of remote/connected sessions.
Figure 51: Site A Mid-Test Status
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 5 2
Figure 52: Site B Mid-Test Status
Although application response time metrics were not critical to the success of this validation, the results were captured to illustrate load on the system.
Figure 53: Site A Application Response Time Metrics
ThenorthboundEthernetuplinksweredisabledonSiteBtosimulateanoutage.Almostimmediately,theRAWCsession launchers lose connection to their remote desktop sessions.
Figure 54: Simulate Outage causing remote sessions to end
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 5 3
SincetheremotedesktopsessionsforSiteBhavedisconnected,weusedRAWCtorestartthem.CiscoACEaccepted the View Server connection requests, determined that Site B was down, and automatically redirected the connections to Site A. Desktop sessions are restarted.
Figure 55: Site B workload restarted, on Site A
All 200 remote desktop sessions, originally connected to Site B, are now reestablished on Site A.
Figure 56: Site A - Sessions after outage
Once again, application response time metrics are captured to illustrate load on the system, but this time for the Site B workload running on Site A resources.
Figure 57: Site B workload running on Site A
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 5 4
Test Harness #2 – Validation
TheinitialphaseofthistestinvolvesloggingintotheenvironmentusingtheImprivataSSOmechanismwhichchainsintotheWindowsGINAandprovidesmanualorproximitycardmethodsofauthentication.
Figure 58: Imprivata Login Screen
Oncetheuserisauthenticated(inthiscase,viaMicrosoftADaccount),ImprivataSSOpolicesstarttheVMwareViewclientandpassthecredentialstoenableaseamlessloginexperiencetotheusers’virtualdesktopsinSiteA.
Figure 59: Successful login to Site A
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 5 5
Thenextseriesofscreenshotsillustratestheaccessingofcriticalapplicationsandfiles.FirstisVitreaCore’sVISand a three-dimensional knee scan that was accessed via a web browser and manufacture plug-in. The Vitrea back-end application was housed at a separate site and was not subjected to our simulated outage.
Figure 60: Vitrea VIS image
Next,weaccessedemailviatheMSOutlookclient.TheExchange2010instanceservinguptheemailislocatedataseparatesitewithVitreaCore’sVIS.
Figure 61: Email Access
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 5 6
FileswithinaDFS-basedsharearethelastitemstobeaccessed.Thefilesshareswerelocatedwithineachsite,andDFSR(replication)wasconfiguredtoensurecopiesoffilesweredistributedbetweenthesites.GPOredirectionwasusedtomaptheuser’sMyDocumentsorDocumentsfoldertotheDFSshare.
Figure 62: File Access
ThenorthboundEthernetuplinksweredisabledonSiteAtosimulateanoutage.Almostimmediately(3-10seconds),theViewclientdisconnects,andtheImprivataloginwindowappeared(asshownabove).Theuserthenmanuallyorusingaproximitycardre-authenticatedthemselvesandCiscoACEpoliciesdirectedthemtoastandby desktop in Site B.
Figure 63: User redirected to Site B after Site A failure
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 5 7
Thenextseriesofscreenshotsillustratetheaccessingofapplicationsinitiallytested.Thistime,however,theywere accessed from the user desktop in Site B.
Figure 64: Vitrea Core VIS access from Site B
Figure 65: Outlook
Figure 66: Files
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 5 8
Additional Considerations
Inanyvirtualdesktopdeployment,datacenterservicessuchasbackup,recovery,security,andbusinesscontinuity need to be considered. These considerations may impose additional restrictions on scalability and performance.VCEprovidesin-depthdiscussionsonsolutionsthataddresstheseusecases.
ConclusionAscomputingdevicesreplacepaperchartsandphysicianprescriptionpads,theseendpoints(mobileandfixed),becomesafety-criticalITsystemsthatmustdeliverthehighestpossiblelevelsofreliabilityandavailabilitytoensurepatientsafety.Ifacaregiverhastomakeafastmedicaldecisionbutcan’taccessthepatient’srecordsbecause of a service outage or computer problem, the situation can escalate into a Severity-1 event and the consequences can be quite serious.
Unfortunately,theolddevice-centricapproachtoendpointmanagementmakesitextremelydifficult—ifnotimpossible—toprotecteverydesktop,laptop,hospitalcomputercart,andmobiledeviceinuse.Toovercomethis challenge, healthcare providers need a new approach to point-of-care delivery: one that will enable them tomodernizetheirITinfrastructuressotheycanimprovepatientoutcomesandgetthemostfromthemillionsof dollars they are investing in technology.
ThisreferencearchitectureforAlwaysOnPointofCare,acollaborationoftheVCEcompany,Imprivata,andVitalImages,detailedanewreferencedesignfordeliveringclinicaldesktopsandpatientcareapplicationsasnon-stopservices.Inafailoversituation,thisnewreferencedesignprovidesthebusinesscontinuityrequiredformission-critical desktop and application access within seconds.
AlwaysOn Point of Care offers:
•ConversiontoEHRcausingrapidincreaseindistributedlocationswherepoint-of-caredesktopsMUSTbeavailable.
•Tier-1criticaldesktop,providingfastrecoveryandapplicationcontinuityduringdisasters.
•Point-of-careaccessthatismorefluidthantraditionalPCexperience.
• Sessionmobility,arequiredfeaturetiedtopatientcareandclinicalproductivity.
• Theidealopportunitytorapidlyrolloutafullymanageddesktopplatform.
•Aneffectivewaytoimplementmanagedprintingservice.
The end-user experiences:
•Desktopsthatarealwaysonandthatenablefastlogon.
•Adesktopthatfollowsthemintheeventoffailover.
•Accessfromanyendpointdevicesfromanywhere.
•Afamiliarinterfacetosustainthesameapplicationworkflow.
Insummary,AlwaysOnPointofCareoffersasolutionthatisaccessibleasanon-stopserviceandavailabletoclinicians wherever and whenever they need patient information.
AlwaysOn Point of Care Desktop
R E F E R E N C E A R C H I T E C T U R E G U I D E / 5 9
Acknowledgements
Cisco,Imprivata,VitalImages,Wyse,EMCRTPLabs
ReferencesVMwareViewReferenceArchitecture http://www.vmware.com/resources/techresources/1084
VMwareWorkloadConsiderationsforVirtualDesktopReferenceArchitectures http://www.vmware.com/files/pdf/VMware-WP-WorkloadConsiderations-WP-EN.pdf
VMware View http://www.vmware.com/products/view/
VMware vSphere 4 http://www.vmware.com/products/vsphere/
Cisco UCS http://www.cisco.com/go/unifiedcomputing
Cisco Data Center Solutions http://www.cisco.com/go/datacenter
Cisco Validated Designs http://www.cisco.com/go/designzone
EMCCelerraFamily http://www.emc.com/products/family/celerra-family.htm
EMCPowerPath/VE http://www.emc.com/products/detail/software/powerpath-ve.htm
HAProxy http://haproxy.1wt.eu/
ImprivataOneSign http://www.imprivata.com/onesign_platform
WyseZ90 http://www.wyse.com/solutions/vmware/index.asp
AlwaysOn Point of Care Desktop
VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www .vmware .comCopyright © 2011 VMware, Inc . All rights reserved . This product is protected by U .S . and international copyright and intellectual property laws . VMware products are covered by one or more patents listed athttp://www .vmware .com/go/patents . VMware is a registered trademark or trademark of VMware, Inc . in the United States and/or other jurisdictions . All other marks and names mentioned herein may be trademarks of their respective companies . Item No: VMW-RAG-REFARCHPARTNER-USLET-WEB
About VCE VCE,theVirtualComputingEnvironmentCompanyformedbyCiscoandEMCwithinvestmentsfromVMwareandIntel,acceleratestheadoptionofconvergedinfrastructureandcloud-basedcomputingmodelsthatdramaticallyreducethecostofITwhileimprovingtimetomarketforourcustomers.VCE,throughtheVblockplatform,deliverstheindustry’sfirstcompletelyintegratedITofferingwithend-to-endvendoraccountability.VCEprepackagedsolutionsareavailablethroughanextensivepartnernetwork,andcoverhorizontalapplications,verticalindustryofferings,andapplicationdevelopmentenvironments,allowingcustomerstofocusonbusinessinnovationinsteadofintegrating,validating,andmanagingITinfrastructure.Formoreinformation, go to http://www.vce.com.
THE VIRTUAL COMPUTINGENVIRONMENT COMPANY