Secure, cost-effective alternatives
to repurposing PCs for
Virtual Desktop Deployments
Table of Contents
Introduction . . . .3
The Perils of Repurposing PCs . . . .4
The Return of theTerminal . . . .6
TheTeradici Difference . . . .8
Introduction
For the last three decades, the PC or personal computer has been a dominant fea-ture in the corporate information technology (IT) landscape. Inexpensive to acquire, powerful PCs have provided the ability to customize the end-user’s environment and the capacity to install a rich array of software to meet diverse business needs.
Countless studieshave shown that, although PCs have low, initial prices, they fre-quently ended up costing a lot more to manage and maintain. As such, they have represented a significant hidden total cost of ownership.
As enterprises move towards a centralized computing model and deploy virtual desktops, one important consideration is whether to continue using desktop PCs as the client access device or move towards a leaner desktop client. Although the challenges of the PC are most noticeable when changing desktop operating systems, an on-going cost of ownership is ever present. Customers face significant costs whenever they buy, use, or replace an existing PC. The PC platform offers an environment that allows for a great deal of flexibility, but this flexibility comes at a price.
The Perils of Repurposing PCs
It understandable, given the money ploughed into the PC over the years, that many organizations do attempt to “sweat the asset” by reusing and repurposing PCs in a virtual desktop environment. A variety of both commercially available and
open-source software exists that claims to help customers reuse PCs as if they were terminals or thin client devices.
The goal then is to save money; therefore, many businesses are initially attracted to free and open-source software that attempts to strip the PC down to its barebones to reduce its management footprint. Unfortunately, this open-source software often lacks the centralized management tools required to do this task efficiently. It
involves the administrator to wipe a target PC and replace it with a new operating system, in most cases a free distribution of Linux. Next, it is up to the administrator to test this configuration across a range of different PC hardware platforms and to develop a methodology for deploying across a range of PCs. Frequently these systems offer the opportunity to deploy this Linux image via a process called pre-boot execution environment (PXE) pre-booting, and this means additional services may need to be deployed alongside the business dynamic host configuration protocol (DHCP) framework such as a trivial file transfer protocol (TFTP) service.The business then needs to invest in an availability model for this approach because, if the
PXE/TFTP environment goes down, the repurposed PC would simply not boot correctly, leaving the end-user unproductive. It is worth appreciating that this approach to repurposing introduces a brand new operating system to the
environment, albeit one that is just used to boot the device and gain access to the virtual desktop. Finally, because of licensing and development restrictions, open source solutions frequently lack the full driver support and performance
enhancements that newer generations of remote display protocols demand.
Microsoft Windows shell (the start menu, toolbar, and desktop) with a single application.This single application could be the software used to connect to the virtual desktop.The appearance is that the user is connecting to one system, when in fact there are two systems: the local Windows installed and the virtual desktop. This “background” Windows operating system from which the legacy PC boots still requires patch management in addition to the management of any anti-virus software locally installed. As such, it is not free of cost! Critically, this approach requires that the software that enables the connection to the virtual desktop also be maintained, as well as the software that repurposes the PC for its “single use” status.The organization will also need to engineer a means to mass deploy the repurposing software to potentially a large number of devices.This could require a visit by the PC technician to the desktop itself, or this could demand custom packaging of the repurposing software for deployment through the network. Despite the installation of software that facilitates the repurposing process, it is worth noting that, fundamentally, the repurposed PC still represents a similar attack surface area from a hacker’s perspective.This means that in government
environments where security is paramount, the repurposed PC does not
represent a significant improvement in security standards and requires the same level of “hardening” as a conventional PC.
The Return of theTerminal
Some decades ago, the PC revolutionized the world, replacing the numerous green text/black background client device’s associated with the mainframe era. At that time, businesses lost the power of the client device to centralize all operations at the datacenter by distributing end-user compute power onto individual desktops. Virtual desktops, together with terminals or client devices, represent an opportunity to wrest control away from the periphery and back to the way it should be—
centralized management with centralized control.
In many respects, client devices are the diametric opposite of the desktop PCs they seek to replace. Client devices offer a much higher level of security because they either have no operating system at all or are shipped from the factory with just enough software to make them functional. As such, they present a much lower surface area to be attacked by hackers. Consequently, they are an ideal choice for locations that demand high-security, such as in government bodies or in locations where legacy PCs may be vulnerable to theft. Client devices store no end-user data and, once unable to connect to a virtual desktop, have a nominal commercial value. Therefore, if a customer should be unfortunate enough to have a client device fail, the client device can be easily swapped out for a similar device in a matter of seconds.
Client devices, by design, are also much easier to patch and manage with updates (if even required) being sent out over the network using centralized management tools.These patch bundles are a fraction of the size of the bulky updates required for conventional PC-based operating systems. Client devices are simple to deploy as they often require no customization by the customer. All they need are the details of the connection broker used to initialize the connection to the virtual desktop.
who does not have working conditions degraded by the ambient noise associated with a PC or laptop.The low operating temperatures of client devices show signifi-cant cost advantages in large end-user computing environments such as call centers or in geographical locations where the outside temperatures demand the extensive use of air-conditioning systems internally. Used with other measures, client devices can contribute to the business’ plans to reduce its overall C02 emissions in line with regional targets. In fact, the use of client devices may be a requirement in future new building that are increasingly designed without office air-conditioning, and which are kept cool using eco-friendly methods such as photo-reactive glass and blinds.
Client devices currently ship in two formats: thin clients and zero clients.Thin clients will often ship with a stripped down Windows or Linux operating system image that is used to launch the client application with connections to the virtual desktop.This software image compares favourably to a modern PC operating system that will require several gigabytes of disk space. In contrast, zero clients have no operating system and have the potential for the longest life of all client devices because they do not require driver, patches, or other application software updates to keep current.They merely present an interface for the mouse, screen, and keyboard for users to interact with their virtual desktops.The most that zero clients might need in terms of management is centralized software to update the firmware built into the hardware processor.
and mobile devices). Security challenges will become increasingly significant as businesses move to a cloud model for delivering both applications and data.Virtual desktop, together with secure endpoints such as a zero client, offer one method amongst many to stop data from leaving the organization, from damaging the reputation of the business, and from exposing it to the risk of litigation.
TheTeradici Difference
Teradici has set the benchmark for high-end graphics support and user experience through a range of different devices. Founded in 2004, they have moved quickly to dominate the remote desktop field with the development of hardware and software accelerated solutions for both virtual desktop and remote workstation scenarios. Users expect the same graphics performance from a zero client connected to a workstation host that they have enjoyed with PCs with built-in graphic processing units (GPUs). Teradici’s goal has always been to provide a true PC experience that matches the capabilities of a dedicated local PC without the negative downsides. Teradici has developed the PC-over-IP (PCoIP) protocol implemented in a wide range of zero client devices that ship withTeradici PCoIP chipsets.
The PCoIP protocol works by compressing all graphics locally on the host server, (a technique called “host side rendering”), eliminating any compatibility issues with new applications or operating systems, and allowing for simple, stateless clients with reduced power consumption demands.
At the heart of the system, they possess patent-protected algorithms that analyze a user’s display and separate out each of the different components: text, graphics, and video.This permitsTeradici to apply the most efficient codecs (compression/ decompression algorithms) to each portion of the screen.The result is that the user experiences an optimized graphic environment that is as rich in resolution as any high-end PC, but that is also friendly to the network, both on the local area network (LAN) and on the wide area network (WAN). Unique toTeradici is a “build to
the most part, end-users cannot see the difference in user experience between Teradici enabled zero clients and their legacy PCs.
PCoIP zero clients do not include Windows/Linux operating systems, local applications or data because they only receive and decode host-rendered pixels. Similarly, since no client computing is performed, PCoIP hardware zero clients do not have a general purpose CPU, random access memory (RAM), graphics processor unit (GPU) disk or fan. Instead, hardware-based zero clients have a single, highly integrated, purpose-built processor that performs image decompression and decoding, and which is powerful enough to support a rich, multimedia experience— even for power users—well into the future.
The simplicity of PCoIP zero clients results in a greatly reduced need for manage-ment and maintenance at the desktop. No operating system, application, driver, anti-virus, or codec updates are required, thereby freeing IT from the need to change out and provision new desktop machines as new operating systems and applications are implemented.The stateless architecture of PCoIP zero clients, and the absence of data at the desktop, enables PCoIP zero clients to maintain the most secure client endpoint available.The client is immune to virus invasion, and PCoIP technology provides extensive universal serial bus (USB) security and authentication features.
Teradici’s PCoIP protocol uses the user datagram protocol (UDP) to allow for real-time updates similar to those used forVoice-over-IP (VoIP) and other real-real-time streamed audio and video. Adaptive networking is built into the PCoIP protocol to ensure that stale and unwanted packets are not re-sent across the network if they fail to reach their destinations, and that frame rate and image quality are
dynamically adjusted for the best possible user experience in a bandwidth constrained environment.This cuts down the bandwidth required to run virtual desktop sessions across the WAN.
who deliver different levels of performance to the end-user dependent on customer requirements.These include rack-mounted workstations and blade-PCs housed within the datacenter, as well as zero clients supporting BOTH these one-to-one remote workstations AND virtual desktop environments.This means that the customer is not solely limited to virtual desktop-based solutions.This partnership model allows for a rich-array of form factors and competes will with solutions that a restricted in supply from a single OEM.
Teradici chip technology enables PCoIP clients in varieties of form factors from standalone desktop devices, integrated monitors, touchscreen displays, and IP phones from popular vendors (such as Wyse, Dell, HP, Cisco, Samsung, LG) as well as PCoIP software clients for mobile devices.
Teradici has worked closely withVMware to integrate the PCoIP protocol with the virtualization vendor’s virtual desktop solution calledVMwareView.TheVMware View solution also includes connection server and security server capabilities that permit secure traversal of the corporate firewall.This functionality allows PCoIP sessions to be established across the WAN without the need for other technologies such as a virtual private network (VPN).
Dedicated protocol processing hardware,Teradici APEX 2800 server offload card also protects the experience of all virtual desktop users in a peak workload scenario where one or more demanding users consume more than their typical share of CPU resources. Freeing the main server CPUs from this processing overhead significantly reduces the CPU overhead in a virtual desktop environment and allows for the possibility of increasing the number of virtual desktops per server.
Early thin clients represented merely a revision of the PC design. In contrast, PCoIP zero client devices signify an architectural line in the sand, a line that leaves behind the legacy restrictions encoded in the past to deliver a twenty-first century system designed for the purpose of delivering a rich, multimedia desktop across any network.
In Summary
As an alternative to the repurposed legacy desktop PC, PCoIP zero clients are ultra-secure, easily managed devices offering the richest user experience in a VMwareView environment. With no hard drive and no x86 or Linux operating system, PCoIP zero clients are stateless hardware devices that require the least amount of management since there are no virus or new video codecs to update. The PCoIP zero clients are available in a variety of form factors, which include stand-alone desktop devices, integrated monitors, touchscreen displays, and IP phones. Using the PCoIP Management Console fromTeradici to configure and manage large zero client deployments can further simplify those deployments. All of these benefits add up to a significantly lower cost of ownership with PCoIP zero clients when compared with the repurposed legacy PC.
About the Author
Mike Laverick is a formerVMware instructor with 17 years of experience in technologies such as Novell, Windows, Citrix andVMware. Since 2003, has been
involved with theVMware community. Laverick is aVMware forum moderator and member of the LondonVMware User Group. He is also the man behind the