Provisioning Hosted Desktops for Centralized Access, Management, Improved Security, Compliance, and Disaster Recovery
Peter Ghostine
CTO and Co-Founder
What it is…
An emerging desktop management paradigm.
Leverage VMware virtualization technology.
Delivers increased levels of desktop manageability and security.
Virtual Desktop Infrastructure
Increased levels of manageability and Security…
Desktop as a service
Centrally managed by the underlying VMware virtual infrastructure residing in the data center.
Provisioned within minutes from a predefined library of templates.
Upgraded, patched, and backed up without user intervention.
Accessed as a service using a presentation layer protocol (i.e., Microsoft RDP)
The desktop OS (i.e., Windows XP) and applications are encapsulated inside virtual machines (VM) that are:
VDI Benefits
Strict compliance with corporate security guidelines
Fact!!! Companies are decentralizing and outsourcing critical business functions to reduce operational costs and remain competitive
OUTSOURCING should NOT necessitate DECENTRALIZATION!
VDI Benefits
VDI enables companies to…
Bring back previously decentralized applications and data into the corporate data center.
Centrally control and manage all off-site access to these sensitive applications and data.
Extend their corporate network security levels to off-site facilities.
Strict compliance with corporate security guidelines (continued)
VDI Benefits
Tight adherence to regulatory compliance requirements
Sensitive applications and data are no longer stored on off-site computers.
Data integrity is more easily maintained.
Regulatory compliance requirements are more easily adhered to.
HIPAA
Sarbanes-Oxley
Gramm-Leach-Bliley
VDI Benefits
Standard desktop environment
A server-based solution that uses standard desktop operating systems (i.e., Windows XP, Linux, etc).
A potential alternative to other server-based solutions.
Does not require additional (complex) IT training.
Applications are installed and executed without modifications.
Managed using standard desktop management tools.
The hosted OS can be accessed in the form of a full desktop (familiar to end users) or individual published applications.
VDI Benefits
Total isolation and disaster recovery
Each desktop environment is encapsulated inside a separate VM, completely independently of other VMs.
If one user’s VM crashes due to a faulty OS or application, other VMs remain fully operational.
There are no “application servers” to be rebooted in the event of an anomaly.
Virtual machines are hardware-independent; they are image files that can be instantly recovered and redeployed.
VDI Benefits
Additional benefits
Not just for off-shore users and contractors, but for mobile workers and branch office employees, too.
VDI Benefits
Difficult to manage
PC management is difficult to centralize due to the broadly distributed nature of PC hardware.
Users often require access to their desktop environment from anywhere.
PC desktop standardization is difficult in the face of hardware discrepancies and the wide variety of brands and models.
End users often require customized desktop environments.
Physical Desktop Challenges
High total cost of ownership
Ongoing PC management is costly and labor-intensive.
Multiple PC hardware configurations need to be tested and validated prior to deployment.
Support costs are further exacerbated by the need to support a geographically dispersed PC infrastructure.
Physical Desktop Challenges
Data security challenges
Backing up and restoring PC-based data in the face of a hardware failure or data loss is a challenging task.
When PCs are stolen, so are the data assets stored on them.
Physical Desktop Challenges
Squandered computing resources
PCs are severely under-utilized. PC resource usage is typically around 5 percent.
Pooling of PC computing resources to improve utilization and reduce costs is difficult, if not impossible.
Mobile workers require additional solutions to satisfy their remote access needs.
Physical Desktop Challenges
Desktop Management Solutions
Desktop Management Solutions
Desktop Management Solutions
Provision Virtual Access Suite for VMware
What it is…
A broker-based management platform for VMware Virtual Desktop Infrastructure.
A set of last-mile features delivering an enhanced end-user experience.
Virtual Access Suite
User Experience
Virtual Access Suite
Broker Anatomy
Highly scalable Windows service.
Interacts with the VMware VirtualCenter to perform all VM pool management tasks.
For high availability, up to three brokers are allowed per virtual infrastructure.
Can be installed inside a virtual machine appliance.
Responds to client connectivity requests and redirects the client to the appropriate VM.
Virtual Access Suite
VM pool management tasks
Wizard-based VM pool creation allowing the VDI Administrator to specify the following parameters:
Number of VMs in the pool.
Number of VMs to create at once.
Target VMware ESX host or resource pool for creating VMs.
Auto-answer file.
Date and time to start the VM pool creation process.
Virtual Access Suite
VM status reporting:
VM pool management tasks (continued)
VM pool deletion
VM pool suspension / un-suspension
VM pool power-up / power-down
Powered up / down
Suspended / Un-suspended
Resource utilization
Virtual Access Suite
VM pool management tasks (continued)
VM session status reporting:
Logged-on user
Logon time
Running processes
Virtual Access Suite
VM pool policies
VM Assignment Type:
Temporary
Permanent
Virtual Access Suite
VM pool policies (continued)
Grant the user special privileges to the VM:
Power User
Administrator
Virtual Access Suite
VM pool policies (continued)
Allow the user to take and revert to VM snapshot.
Virtual Access Suite
VM pool policies (continued)
Conserve resources by performing one of the following actions when the user logs off:
Suspend VM
Power down VM
Virtual Access Suite
VM pool policies (continued)
When the VM pool expires, perform the following action:
Suspend VMs
Power off VMs
Delete VMs
Virtual Access Suite
VM pool policies (continued)
Specify allowable access hours (by day and hour):
Virtual Access Suite
VM policies
VM Pool policies may be overridden on a per VM basis.
Example:
Virtual Access Suite
Virtual channel policies
Grant access to the following client resources:
Drives
Printers
Handhelds
Serial Ports
Smart cards
Audio
Virtual Access Suite
Application publishing
Full desktops and/or individual applications may be published.
Desktops and applications are published to VM pools.
Access is granted or denied to applications via ACLs.
Virtual Access Suite
Access control lists
Containers of user accounts, groups, and organizational units.
Used to grant or deny access to VM pools and published resources.
Virtual Access Suite
Resource management and high availability
The Virtual Access Suite leverages the resource pooling and highavailability foundations of the VMware virtual infrastructure.
Virtual Access Suite
Fault management
If for any reason the user’s permanent VM fails to start, the user is temporarily assigned a free VM from the same pool. Should the original VM become available again, the user is redirected to it on subsequent logons.
Virtual Access Suite
Client connectivity
Remote Desktop Protocol (RDP)
RDP-over-SSL
Virtual Access Suite
Client device support
Windows 9x/Me/2000/XP
Windows CE
Java client (Q1 2007)
Linux-based PXE client (Q1 2007)
Virtual Access Suite
Additional Features
Full-featured Desktops
Published Applications
Seamless Windows
4096 x 2048 resolution
Multi-Monitor Support
Universal Print Driver
USB PDA Redirection
Environment Lockdown
Web Interface
SSL Connectivity
Remote Password Reset
Virtual Access Suite
Launching VDI-Based Published Applications from the Local Desktop
Connecting to the Full Desktop of a Hosted VM
Launching VDI-Based Published Applications Using AppPortal
Launching VDI-Based Published Applications Using the Web Interface
Short Demo Movies
Virtual Access Suite
Thank you!
www.ProvisionNetworks.com
Presentation Download
Please remember to complete yoursession evaluation form
and return it to the room monitorsas you exit the session
The presentation for this session can be downloaded at http://www.vmware.com/vmtn/vmworld/sessions/
Enter the following to download (case-sensitive):
Username: cbv_repPassword: cbvfor9v9r