EMC VSPEX
Abstract
This document describes the EMC VSPEX End-User Computing solution with Citrix XenDesktop and EMC VNX for up to 2,000 virtual desktops.
January 2013
EMC ® VSPEX ™ END-USER COMPUTING
Citrix ® XenDesktop™ 5.6 and VMware vSphere ® 5.1 for up to 2,000 Virtual Desktops
Enabled by EMC VNX
®and EMC Next-Generation Backup
Copyright © 2013 EMC Corporation. All rights reserved. Published in the USA.
Published January 2013
EMC believes the information in this publication is accurate of its publication date.
The information is subject to change without notice.
The information in this publication is provided as is. EMC Corporation makes no representations or warranties of any kind with respect to the information in this publication, and specifically disclaims implied warranties of merchantability or fitness for a particular purpose. Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.
EMC
2, EMC, and the EMC logo are registered trademarks or trademarks of EMC Corporation in the United States and other countries. All other trademarks used herein are the property of their respective owners.
For the most up-to-date regulatory document for your product line, go to the technical documentation and advisories section on the EMC Online Support website.
Citrix XenDesktop 5.6 and VMware vSphere 5.1 for up to 2,000 Virtual Desktops Enabled by EMC VNX and EMC Next-Generation Backup
Part Number H11334.1
Citrix XenDesktop 5.6 and VMware vSphere 5.1 for up to 2,000 Virtual Desktops 3
Enabled by EMC VNX and EMC Next-Generation Backup
Citrix XenDesktop 5.6 and VMware vSphere 5.1 for up to 2,000 Virtual Desktops Enabled by EMC VNX and EMC Next-Generation Backup
5
Contents
Chapter 1 Executive Summary 15
Introduction ... 16
Target audience ... 16
Document purpose ... 16
Business needs... 17
Chapter 2 Solution Overview 19 Solution overview ... 20
Desktop broker ... 20
Virtualization ... 20
Storage ... 20
Network ... 21
Compute ... 21
Chapter 3 Solution Technology Overview 23 Solution technology ... 24
Summary of key components ... 25
Desktop broker ... 26
Overview ... 26
Citrix XenDesktop 5.6 ... 26
Machine Creation Services ... 26
Citrix Personal vDisk ... 26
Citrix Profile Manager 4.1 ... 27
Virtualization ... 27
Overview ... 27
VMware vSphere 5.1 ... 27
VMware vCenter ... 27
VMware vSphere High Availability ... 27
EMC Virtual Storage Integrator for VMware ... 28
VNX VMware vStorage API for Array Integration support... 28
Compute ... 29
Network ... 31
Storage ... 33
Overview ... 33
EMC VNX series ... 33
Backup and recovery ... 34
Overview ... 34
EMC Avamar ... 34
Security ... 35
RSA SecurID two-factor authentication ... 35
SecurID authentication in the VSPEX End-User Computing for Citrix XenDesktop environment... 35
Required components ... 36
Compute, memory and storage resources ... 37
Chapter 4 Solution Architectural Overview 41 Solution overview ... 42
Solution architecture... 42
Architecture for up to 500 virtual desktops... 42
Architecture for up to 1,000 virtual desktops ... 45
Architecture for up to 2,000 virtual desktops ... 47
Key components ... 48
Hardware resources ... 51
Software resources ... 53
Sizing for validated configuration ... 54
Server configuration guidelines ... 56
Overview ... 56
VMware vSphere memory virtualization for VSPEX ... 57
Memory configuration guidelines ... 58
Network configuration guidelines ... 58
Overview ... 58
VLAN ... 59
Enable jumbo frames ... 60
Link aggregation ... 60
Storage configuration guidelines ... 60
Overview ... 60
VMware vSphere storage virtualization for VSPEX... 61
Storage layout for 500 virtual desktops ... 62
Storage layout for 1,000 virtual desktops ... 64
Storage layout for 2,000 virtual desktops ... 67
High availability and failover ... 69
Citrix XenDesktop 5.6 and VMware vSphere 5.1 for up to 2,000 Virtual Desktops 7 Enabled by EMC VNX and EMC Next-Generation Backup
Introduction ... 69
Virtualization layer ... 69
Compute layer ... 69
Network layer ... 70
Storage layer ... 71
Validation test profile... 71
Profile characteristics ... 71
Backup environment configuration guidelines ... 72
Overview ... 72
Backup characteristics ... 72
Backup layout ... 73
Sizing guidelines... 73
Reference workload ... 73
Defining the reference workload ... 73
Applying the reference workload ... 74
Implementing the reference architectures ... 75
Resource types ... 75
CPU resources ... 75
Memory resources ... 75
Network resources ... 76
Storage resources ... 76
Implementation summary ... 77
Quick assessment ... 77
CPU requirements ... 78
Memory requirements ... 78
Storage performance requirements ... 78
Storage capacity requirements ... 78
Determining equivalent reference virtual desktops... 78
Fine-tuning hardware resources ... 80
Chapter 5 VSPEX Configuration Guidelines 83 Overview ... 84
Pre-deployment tasks ... 84
Overview ... 84
Deployment prerequisites ... 85
Customer configuration data ... 87
Prepare switches, connect network, and configure switches ... 87
Overview ... 87
Prepare network switches ... 88
Configure infrastructure network ... 88
Configure VLANs ... 91
Complete network cabling ... 91
Prepare and configure storage array ... 91
VNX configuration ... 91
Provision core data storage ... 93
Provision optional storage for user data ... 99
Provision optional storage for infrastructure virtual machines ... 101
Install and configure VMware vSphere hosts ... 101
Overview ... 101
Install ESXi ... 102
Configure ESXi networking ... 102
Jumbo frames ... 103
Connect VMware datastores ... 103
Plan virtual machine memory allocations ... 103
Install and configure SQL Server database ... 105
Overview ... 105
Create a virtual machine for Microsoft SQL Server ... 106
Install Microsoft Windows on the virtual machine ... 106
Install SQL Server ... 106
Configure database for VMware vCenter ... 107
Configure database for VMware Update Manager ... 107
Install and configure VMware vCenter Server ... 107
Overview ... 107
Create the vCenter host virtual machine ... 109
Install vCenter guest operating system ... 109
Create vCenter ODBC connections ... 109
Install vCenter Server ... 109
Apply vSphere license keys ... 109
Deploy the VNX VAAI for NFS plug-in (NFS variant) ... 109
Install the EMC VSI Unified Storage Management feature ... 110
Install and configure XenDesktop controller ... 110
Overview ... 110
Install server-side components of XenDesktop ... 111
Configure a site ... 111
Add a second controller ... 111
Install Desktop Studio ... 111
Prepare master virtual machine ... 111
Provision virtual desktops ... 112
Summary ... 112
Citrix XenDesktop 5.6 and VMware vSphere 5.1 for up to 2,000 Virtual Desktops 9 Enabled by EMC VNX and EMC Next-Generation Backup
Chapter 6 Validating the Solution 113
Overview ... 114
Post-install checklist ... 114
Deploy and test a single virtual desktop ... 115
Verify the redundancy of the solution components ... 115
Appendix A Bills of Materials 117 Bill of materials for 500 virtual desktops ... 118
Bill of materials for 1,000 virtual desktops ... 119
Bill of materials for 2,000 virtual desktops ... 120
Appendix B Customer Configuration Data Sheet 123 Customer configuration data sheets ... 124
Appendix C References 127 References ... 128
EMC documentation ... 128
Other documentation ... 129
Appendix D About VSPEX 131
About VSPEX ... 132
Figures
Figure 1. Solution components ... 24
Figure 2. Compute layer flexibility ... 30
Figure 3. Example of highly-available network design ... 32
Figure 4. Authentication control flow for XenDesktop access requests originating on an external network ... 36
Figure 5. Authentication control flow for XenDesktop requests originating on local network ... 36
Figure 6. Logical architecture: VSPEX End-User Computing for Citrix XenDesktop with RSA ... 38
Figure 7. Logical architecture for 500 virtual desktops – NFS variant ... 43
Figure 8. Logical architecture for 500 virtual desktops – FC variant ... 44
Figure 9. Logical architecture for 1,000 virtual desktops – NFS variant ... 45
Figure 10. Logical architecture for 1,000 virtual desktops – FC variant ... 46
Figure 11. Logical architecture for 2,000 virtual desktops – NFS variant ... 47
Figure 12. Logical architecture for 2,000 virtual desktops – FC variant ... 48
Figure 13. Hypervisor memory consumption ... 57
Figure 14. Required networks ... 59
Figure 15. VMware virtual disk types ... 62
Figure 16. Core storage layout for 500 virtual desktops ... 63
Figure 17. Optional storage layout for 500 virtual desktops ... 64
Figure 18. Core storage layout for 1,000 virtual desktops... 65
Figure 19. Optional storage layout for 1,000 virtual desktops ... 66
Figure 20. Core storage layout for 2,000 virtual desktops... 67
Figure 21. Optional storage layout for 2,000 virtual desktops ... 68
Figure 22. High availability at the virtualization layer ... 69
Figure 23. Redundant power supplies ... 70
Figure 24. Network layer high availability ... 70
Figure 25. VNX series high availability ... 71
Figure 26. Sample Ethernet network architecture for 500 and 1,000 virtual desktops ... 89
Figure 27. Sample Ethernet network architecture for 2,000 virtual desktops ... 90
Figure 28. Set Direct Writes Enabled checkbox ... 95
Figure 29. View all Data Mover parameters ... 96
Figure 30. Set nthread parameter ... 96
Figure 31. Storage System Properties dialog box... 97
Figure 32. Create FAST Cache dialog box ... 97
Figure 33. Advanced tab in the Create Storage Pool dialog box ... 98
Figure 34. Advanced tab in the Storage Pool Properties dialog box ... 98
Figure 35. Storage Pool Properties window ... 99
Citrix XenDesktop 5.6 and VMware vSphere 5.1 for up to 2,000 Virtual Desktops 11
Enabled by EMC VNX and EMC Next-Generation Backup
Figure 36. Manage Auto-Tiering window ... 100
Figure 37. LUN Properties window ... 101
Figure 38. Virtual machine memory settings ... 105
Tables
Table 1. VNX customer benefits ... 33
Table 2. Minimum hardware resources to support SecurID ... 39
Table 3. Solution hardware ... 51
Table 4. Solution software ... 53
Table 5. Configurations that support this solution ... 55
Table 6. Server hardware ... 56
Table 7. Storage hardware ... 60
Table 8. Validated environment profile ... 71
Table 9. Backup profile characteristics ... 72
Table 10. Virtual desktop characteristics ... 74
Table 11. Blank worksheet row ... 77
Table 12. Reference virtual desktop resources ... 78
Table 13. Example worksheet row ... 79
Table 14. Example applications ... 79
Table 15. Server resource component totals ... 81
Table 16. Blank customer worksheet ... 82
Table 17. Deployment process overview ... 84
Table 18. Tasks for pre-deployment ... 85
Table 19. Deployment prerequisites checklist ... 85
Table 20. Tasks for switch and network configuration ... 88
Table 21. Tasks for storage configuration ... 92
Table 22. Tasks for server installation ... 101
Table 23. Tasks for SQL Server database setup ... 106
Table 24. Tasks for vCenter configuration ... 107
Table 25. Tasks for XenDesktop controller setup ... 110
Table 26. Tasks for testing the installation ... 114
Table 27. List of components used in the VSPEX solution for 500 virtual desktops ... 118
Table 28. List of components used in the VSPEX solution for 1,000 virtual desktops ... 119
Table 29. List of components used in the VSPEX solution for 2,000 virtual desktops ... 120
Table 30. Common server information ... 124
Table 31. ESXi server information ... 124
Table 32. Array information ... 125
Table 33. Network infrastructure information ... 125
Citrix XenDesktop 5.6 and VMware vSphere 5.1 for up to 2,000 Virtual Desktops 13
Enabled by EMC VNX and EMC Next-Generation Backup
Table 34. VLAN information ... 125
Table 35. Service accounts ... 125
Citrix XenDesktop 5.6 and VMware vSphere 5.1 for up to 2,000 Virtual Desktops Enabled by EMC VNX and EMC Next-Generation Backup
15
Chapter 1 Executive Summary
This chapter presents the following topics:
Introduction... 16
Target audience ... 16
Document purpose ... 16
Business needs ... 17
Introduction
VSPEX™ validated and modular architectures are built with proven best-of-breed technologies to create complete virtualization solutions that enable you to make an informed decision in the hypervisor, compute, and networking layers. VSPEX eliminates server virtualization planning and configuration burdens. When you are embarking on server virtualization, virtual desktop deployment, or IT consolidation, VSPEX accelerates your IT transformation by enabling faster deployments, choice, greater efficiency, and lower risk.
This document is intended to be a comprehensive guide to the technical aspects of this solution. Server capacity is provided in generic terms for required minimums of CPU, memory, and network interfaces; customers are free to select the server and networking hardware of their choice that meet or exceed the stated minimums.
Target audience
The reader of this document is expected to have the necessary training and
background to install and configure an end-user computing solution based on Citrix
®XenDesktop™ with VMware vSphere
®as a hypervisor, EMC VNX
®series storage systems, and associated infrastructure as required by this implementation. External references are provided where applicable, and EMC recommends that the reader be familiar with these documents.
Readers are also expected to be familiar with the infrastructure and database security policies of the customer installation.
Individuals focused on selling and sizing a VSPEX End-User Computing solution for Citrix XenDesktop should pay particular attention to the first four chapters of this document. Implementers of the solution should focus on the configuration guidelines in Chapter 5, the solution validation in Chapter 6, and the appropriate references and appendices.
Document purpose
This document presents an initial introduction to the VSPEX End-User Computing architecture, an explanation of how to modify the architecture for specific
engagements, and instructions on how to effectively deploy the system.
The VSPEX End-User Computing architecture provides the customer with a modern system capable of hosting a large number of virtual desktops at a consistent performance level. This solution executes on VMware’s vSphere virtualization layer backed by the highly available VNX storage family for storage and Citrix’s XenDesktop desktop broker. The compute and network components, while vendor-definable, are laid out to be redundant and sufficiently powerful to handle the processing and data needs of a large virtual machine environment.
The 500, 1,000, and 2,000 virtual desktop environments discussed are based on a defined desktop workload. While not every virtual desktop has the same
requirements, this document contains methods and guidance to adjust your system
to be cost effective when deployed. A smaller 250 virtual desktop environment based
Citrix XenDesktop 5.6 and VMware vSphere 5.1 for up to 2,000 Virtual Desktops 17 Enabled by EMC VNX and EMC Next-Generation Backup on the VNXe3300 is described in EMC VSPEX End-User Computing Citrix
XenDesktop 5.6 with VMware vSphere 5.1 for up to 250 Virtual Desktops .
An end-user computing or virtual desktop architecture is a complex system offering.
This document will facilitate its setup by providing up front software and hardware material lists, step-by-step sizing guidance and worksheets, and verified deployment steps. Validation tests are provided to ensure that your system is up and running properly after the last component has been installed. Following the guidance
provided by this document will ensure an efficient and painless desktop deployment.
Business needs
VSPEX solutions are built with proven best-of-breed technologies to create complete virtualization solutions that enable you to make an informed decision in the
hypervisor, server, and networking layers. VSPEX solutions accelerate your IT transformation by enabling faster deployments, choice, efficiency, and lower risk.
Business applications are moving into the consolidated compute, network, and storage environment. EMC VSPEX End-User Computing using Citrix reduces the complexity of configuring every component of a traditional deployment model. The complexity of integration management is reduced while maintaining the application design and implementation options. Administration is unified, while process separation can be adequately controlled and monitored. The following are the business needs addressed by the VSPEX End-User Computing solution for Citrix architecture:
Provides an end-to-end virtualization solution to utilize the capabilities of the unified infrastructure components
Provides a solution for efficiently virtualizing 500, 1,000, or 2,000 virtual desktops for varied customer use cases
Provides a reliable, flexible, and scalable reference design
Citrix XenDesktop 5.6 and VMware vSphere 5.1 for up to 2,000 Virtual Desktops Enabled by EMC VNX and EMC Next-Generation Backup
19
Chapter 2 Solution Overview
This chapter presents the following topic:
Solution overview ... 20
Solution overview
The EMC VSPEX End-User Computing solution for Citrix XenDesktop on VMware vSphere 5.1 provides a complete system architecture capable of supporting up to 2,000 virtual desktops with a redundant server/network topology and highly available storage. The core components that make up this particular solution are desktop broker, virtualization, storage, network, and compute.
XenDesktop is the virtual desktop solution from Citrix that allows virtual desktops to be run on the VMware vSphere virtualization environment. It allows for the
centralization of desktop management and provides increased control for IT organizations. XenDesktop allows end users to connect to their desktops from multiple devices across a network connection.
VMware vSphere is the leading virtualization platform in the industry, providing flexibility and cost savings to end users by enabling the consolidation of large, inefficient server farms into nimble, reliable cloud infrastructures. The core VMware vSphere components are the VMware vSphere hypervisor and the VMware vCenter control server for system management.
The VMware hypervisor runs on a dedicated server and allows multiple operating systems to execute on the system simultaneously as virtual machines. Connect these hypervisor systems to operate in a clustered configuration. Manage these clustered configuration as a larger resource pool through the vCenter product and allow dynamic allocation of CPU, memory, and storage across the cluster.
Features like vMotion, which allows a virtual machine to move among different servers with no disruption to the operating system, and Distributed Resource Scheduler (DRS), which performs vMotion automatically to balance load, make vSphere a solid business choice.
With the release of vSphere 5.1, a VMware virtualized environment can host virtual machines with up to 64 virtual CPUs and 1 TB of virtual RAM.
The EMC VNX storage family is the number one shared storage platform in the industry. Its ability to provide both file and block access with a broad feature set make it an ideal choice for any end-user computing implementation.
The VNX storage includes the following components, which are sized for the stated architecture workloads:
Host adapter ports – Provide host connectivity via fabric into the array
Data Movers – Front-end components that provide file services to hosts (optional if providing CIFS/SMB, NFS services)
Storage Processors – Compute components of the storage array, responsible for all aspects of data moving into, out of, and between arrays
Disk Array Enclosures – Contain the actual disk drives that record the host/application data
Desktop broker
Virtualization
Storage
Citrix XenDesktop 5.6 and VMware vSphere 5.1 for up to 2,000 Virtual Desktops 21 Enabled by EMC VNX and EMC Next-Generation Backup The End-User Computing solutions for Citrix XenDesktop discussed in this document are based on the VNX5300 (500, 1,000 desktops) and VNX5500
™(2,000 desktops) storage arrays. The VNX5300
™can support a maximum of 125 drives, while the VNX5500 can host up to 250 drives.
The EMC VNX series supports a wide range of business-class features ideal for the end-user computing environment, including:
Fully Automated Storage Tiering for Virtual Pools (FAST VP)
FAST Cache
Data deduplication
Thin provisioning
Replication
Snapshots/checkpoints
File-level retention
Quota management
VSPEX allows the flexibility of designing and implementing the vendor’s choice of network components. The infrastructure must conform to the following attributes:
Redundant network links for the hosts, switches, and storage
Support for link aggregation
Traffic isolation based on industry-accepted best practices
VSPEX allows the flexibility of designing and implementing the vendor’s choice of server components. The infrastructure must conform to the following attributes:
Sufficient RAM, CPU cores, and memory to support the required number and types of virtual machines
Sufficient network connections to enable redundant connectivity to the system switches
Excess capacity to support failover after a server failure in the environment Network
Compute
Citrix XenDesktop 5.6 and VMware vSphere 5.1 for up to 2,000 Virtual Desktops Enabled by EMC VNX and EMC Next-Generation Backup
23
Chapter 3 Solution Technology Overview
This chapter presents the following topics:
Solution technology ... 24
Summary of key components ... 25
Desktop broker ... 26
Virtualization ... 27
Compute ... 29
Network ... 31
Storage ... 33
Backup and recovery ... 34
Security ... 35
Solution technology
This VSPEX solution uses EMC VNX5300 (for up to 1,000 virtual desktops) or VNX5500 (for up to 2,000 virtual desktops) storage arrays and VMware vSphere 5.1 to provide the storage and computer resources for a Citrix XenDesktop 5.6
environment of Windows 7 virtual desktops provisioned by Machine Creation Services (MCS). Figure 1 shows the components of the solution.
Figure 1. Solution components
In particular, planning and designing the storage infrastructure for the Citrix
XenDesktop environment is a critical step because the shared storage must be able to absorb large bursts of input/output (I/O) that occur over the course of a workday.
These bursts can lead to periods of erratic and unpredictable virtual desktop
performance. Users may adapt to slow performance, but unpredictable performance causes frustration and reduces efficiency.
To provide predictable performance for end-user computing, the storage system must
be able to handle peak I/O load from the clients while keeping response time to a
minimum. Designing for this workload involves the deployment of many disks to
handle brief periods of extreme I/O pressure, which is expensive to implement. This
solution uses EMC VNX FAST Cache to reduce the number of disks required.
Citrix XenDesktop 5.6 and VMware vSphere 5.1 for up to 2,000 Virtual Desktops 25 Enabled by EMC VNX and EMC Next-Generation Backup EMC next-generation backup enables protection of user data and end-user
recoverability. This is accomplished by leveraging EMC Avamar
®and its desktop client within the desktop image.
Summary of key components
This section describes the key components of this solution.
• Desktop broker
The desktop virtualization broker manages the provisioning, allocation, maintenance, and eventual removal of the virtual desktop images that are provided to users of the system. This software is critical to enable on-demand creation of desktop images, to allow maintenance to the image without affecting user productivity, and to prevent the environment from growing in an unconstrained way.
• Virtualization
The virtualization layer allows the physical implementation of resources to be
decoupled from the applications that use them. In other words, the application’s view of the resources available to it is no longer directly tied to the hardware. This enables many key features in the end-user computing concept.
• Compute
The compute layer provides memory and processing resources for the virtualization layer software as well as the needs of the applications running in the infrastructure.
The VSPEX program defines the minimum amount of compute layer resource required, but allows the customer to implement the requirements using any compute hardware that meets these requirements.
• Network
The network layer connects the users of the environment to the resources they need, as well as connecting the storage layer to the compute layer. The VSPEX program defines the minimum number of network ports required for the solution and provides general guidance on network architecture, but allows the customer to implement the requirements using any network hardware that meets these requirements.
• Storage
The storage layer is a critical resource for the implementation of the end-user computing environment. Because of the way desktops are used, the storage layer must be able to absorb large bursts of transient activity without having an unduly impact on the user experience. This solution uses EMC VNX FAST Cache to handle this workload efficiently.
• Backup and recovery
The optional backup and recovery component of the solution provide data protection
in the event that the data in the primary system is deleted, damaged, or otherwise
becomes unusable.
• Security
Security components from RSA provide customers with additional options to control access to the environment and ensure that only authorized users are permitted to use the system.
Solution architecture provides details on all the components that make up the reference architecture.
Desktop broker
Desktop virtualization encapsulates and delivers the user desktop to a remote client device, which can be thin clients, zero clients, smartphones, or tablets. It allows subscribers from different locations to access virtual desktops hosted on centralized computing resources at remote data centers.
In this solution, Citrix XenDesktop is used to provision, manage, broker, and monitor the desktop virtualization environment.
Citrix XenDesktop transforms Windows desktops as an on-demand service to any user, any device, anywhere. XenDesktop quickly and securely delivers any type of virtual desktop, or any type of Windows, web, or SaaS application, to all the latest PCs, Macs, tablets, smartphones, laptops, and thin clients—and does so with a high- definition HDX user experience.
Citrix FlexCast delivery technology enables IT to optimize the performance, security, and cost of virtual desktops for any type of user, including task workers, mobile workers, power users, and contractors. XenDesktop helps IT rapidly adapt to business initiatives by simplifying desktop delivery and enabling user self-service. The open, scalable, and proven architecture simplifies management, support, and integration.
Machine Creation Services (MCS) is a provisioning mechanism introduced in
XenDesktop 5.0. It is integrated with the XenDesktop management interface, Desktop Studio, to provision, manage, and decommission desktops throughout the desktop lifecycle from a centralized point of management.
MCS allows several types of machines, including dedicated and pooled machines, to be managed within a catalog in Desktop Studio. Desktop customization is persistent for dedicated machines, while a pooled machine is required if a non-persistent desktop is appropriate.
In this solution, persistent virtual desktops running Windows 7 are provisioned using MCS.
Desktops provisioned using MCS share a common base image within a catalog.
Because of this, the base image typically is accessed with sufficient frequency to naturally leverage EMC VNX FAST Cache, where frequently accessed data is promoted to flash drives to provide optimal I/O response time with fewer physical disks.
The Citrix Personal vDisk feature is introduced in Citrix XenDesktop 5.6. With Personal vDisk, users can preserve customization settings and user-installed applications in a Overview
Citrix
XenDesktop 5.6
Machine Creation Services
Citrix Personal
vDisk
Citrix XenDesktop 5.6 and VMware vSphere 5.1 for up to 2,000 Virtual Desktops 27 Enabled by EMC VNX and EMC Next-Generation Backup pooled desktop. This capability is accomplished by redirecting the changes from the user’s pooled virtual machine to a separate disk called Personal vDisk. During runtime, the content of the Personal vDisk is blended with the content from the base virtual machine to provide a unified experience to the end user. The Personal vDisk data is preserved during reboot/refresh operations.
Citrix Profile Manager 4.1 preserves user profiles and dynamically synchronizes them with a remote profile repository. Citrix Profile Manager ensures that personal settings are applied to desktops and applications regardless of the user’s login location or client device.
The combination of Citrix Profile Manager and pooled desktops provides the experience of a dedicated desktop while potentially minimizing the amount of storage required in an organization.
With Citrix Profile Manager, a user’s remote profile is downloaded dynamically when the user logs in to a Citrix XenDesktop. Profile Manager downloads user profile information only when the user needs it.
Virtualization
The virtualization layer is a key component of any end-user computing solution. It allows the application resource requirements to be decoupled from the underlying physical resources that serve them. This enables greater flexibility in the application layer by eliminating hardware downtime for maintenance, and even allowing the physical capability of the system to change without affecting the hosted applications.
VMware vSphere 5.1 is used to build the virtualization layer for this solution. VMware vSphere 5.1 transforms a computer’s physical resources, by virtualizing the CPU, memory, storage, and network. This transformation creates fully functional virtual machines that run isolated and encapsulated operating systems and applications just like physical computers.
High-availability features of VMware vSphere 5.1 such as vMotion and Storage vMotion enable seamless migration of virtual machines and stored files from one vSphere server to another with minimal or no performance impact. Coupled with vSphere Distributed Resource Scheduling (DRS) and Storage DRS, virtual machines have access to the appropriate resources at any point in time through load balancing of compute and storage resources.
VMware vCenter is a centralized management platform for the VMware virtual
infrastructure. It provides administrators with a single interface that can be accessed from multiple devices for all aspects of monitoring, managing, and maintaining the virtual infrastructure.
VMware vCenter is also responsible for managing some of the more advanced features of the VMware virtual infrastructure like VMware vSphere High Availability and Distributed Resource Scheduling (DRS), along with vMotion and Update Manager.
The VMware vSphere High Availability feature allows the virtualization layer to restart virtual machines in various failure conditions automatically.
Citrix Profile Manager 4.1
Overview
VMware vSphere 5.1
VMware vCenter
VMware vSphere
High Availability
If the virtual machine operating system has an error, the virtual machine can be restarted automatically on the same hardware.
If the physical hardware has an error, the impacted virtual machines can be restarted automatically on other servers in the cluster.
Note For VMware vSphere High Availability to restart virtual machines on different hardware, those servers must have resources available. There are specific recommendations in the Compute section to enable this functionality.
VMware vSphere High Availability allows you to configure policies to determine which machines are restarted automatically and under what conditions these operations should be attempted.
EMC Virtual Storage Integrator (VSI) for VMware vSphere is a plug-in to the vSphere client that provides a single interface that is used for managing EMC storage within the vSphere environment. Features can be added and removed from VSI
independently, which provides flexibility for customizing VSI user environments.
Features are managed by using the VSI Feature Manager. VSI provides a unified user experience, which allows new features to be introduced rapidly in response to changing customer requirements.
The following VSI features were used during the validation testing:
Storage Viewer — Extends the vSphere client to facilitate the discovery and identification of EMC VNX storage devices that are allocated to VMware vSphere hosts and virtual machines. Storage Viewer presents the underlying storage details to the virtual datacenter administrator, merging the data of several different storage mapping tools into a few seamless vSphere client views.
Unified Storage Management — Simplifies storage administration of the EMC VNX unified storage platform. It enables VMware administrators to provision new Network File System (NFS) datastores, Virtual Machine File System (VMFS) datastores, and Raw Device Mapping (RDM) volumes seamlessly within vSphere client.
Refer to the product guides for EMC VSI for VMware vSphere, available on the EMC Online Support website, for more information.
Hardware acceleration with VMware vStorage API for Array Integration (VAAI) is a storage enhancement in vSphere 5.1 that enables vSphere to offload specific storage operations to compatible storage hardware such as the VNX series platforms. With storage hardware assistance, vSphere performs these operations faster and consumes less CPU, memory, and storage fabric bandwidth.
EMC Virtual Storage Integrator for VMware
VNX VMware
vStorage API for
Array Integration
support
Citrix XenDesktop 5.6 and VMware vSphere 5.1 for up to 2,000 Virtual Desktops 29 Enabled by EMC VNX and EMC Next-Generation Backup
Compute
The choice of a server platform for an EMC VSPEX infrastructure is based not only on the technical requirements of the environment, but on the supportability of the platform, existing relationships with the server provider, advanced performance and management features, and many other factors. For these reasons, EMC VSPEX solutions are designed to run on a wide variety of server platforms. Instead of requiring a given number of servers with a specific set of requirements, VSPEX documents a number of processor cores and an amount of RAM that must be
provided. This can be implemented with 2 servers—or 20—and still be considered the same VSPEX solution.
For example, let us assume that the compute layer requirements for a given
implementation are 25 processor cores and 200 GB of RAM. One customer might
want to use white-box servers containing 16 processor cores and 64 GB of RAM, while
a second customer might choose a higher-end server with 20 processor cores and
144 GB of RAM.
Figure 2. Compute layer flexibility
The first customer needs four of the servers while the second customer needs two, as shown in Figure 2.
Note To enable high availability at the compute layer, each customer will need one additional server with sufficient capacity to provide a failover platform in the event of a hardware outage.
The following best practices should be observed in the compute layer:
It is a best practice to use a number of identical or, at least, compatible servers. VSPEX implements hypervisor-level high-availability technologies that may require similar instruction sets on the underlying physical hardware.
By implementing VSPEX on identical server units, you can minimize
compatibility problems in this area.
Citrix XenDesktop 5.6 and VMware vSphere 5.1 for up to 2,000 Virtual Desktops 31 Enabled by EMC VNX and EMC Next-Generation Backup
If you are implementing hypervisor-layer high availability, then the largest virtual machine you can create is constrained by the smallest physical server in the environment.
Implementing the high-availability features available in the virtualization layer is recommended to ensure that the compute layer has sufficient resources to accommodate at least single-server failures. This allows you to implement minimal-downtime upgrades and tolerate single-unit failures.
Within the boundaries of these recommendations and best practices, the compute layer for EMC VSPEX can be quite flexible to meet your specific needs. The key constraint is provision of sufficient processor cores and RAM per core to meet the needs of the target environment.
Network
The infrastructure network requires redundant network links for each vSphere host, the storage array, the switch interconnect ports, and the switch uplink ports. This configuration provides both redundancy and additional network bandwidth. This configuration is required regardless of whether the network infrastructure for the solution already exists or is being deployed alongside other components of the solution. An example of this kind of highly available network topology is depicted in Figure 3.
Note The example is for IP-based networks, but the same underlying principles of
multiple connections and elimination of single points of failure also apply to
Fibre Channel-based networks.
Figure 3. Example of highly-available network design
This validated solution uses virtual local area networks (VLANs) to segregate network traffic of various types to improve throughput, manageability, application separation, high availability, and security.
EMC unified storage platforms provide network high availability or redundancy by
using link aggregation. Link aggregation enables multiple active Ethernet connections
to appear as a single link with a single MAC address, and potentially multiple IP
addresses. In this solution, Link Aggregation Control Protocol (LACP) is configured on
VNX, combining multiple Ethernet ports into a single virtual device. If a link is lost in
the Ethernet port, the link fails over to another port. All network traffic is distributed
across the active links.
Citrix XenDesktop 5.6 and VMware vSphere 5.1 for up to 2,000 Virtual Desktops 33 Enabled by EMC VNX and EMC Next-Generation Backup
Storage
The storage layer is also a key component of any cloud infrastructure solution, providing storage efficiency, management flexibility, and reduced total cost of ownership. This VSPEX solution uses the EMC VNX series for providing virtualization at the storage layer.
The EMC VNX family is optimized for virtual applications, delivering industry-leading innovation and enterprise capabilities for file, block, and object storage in a scalable, easy-to-use solution. This next-generation storage platform combines powerful and flexible hardware with advanced efficiency, management, and protection software to meet the demanding needs of today’s enterprises.
The VNX series is powered by Intel
®Xeon processors, for intelligent storage that automatically and efficiently scales in performance while ensuring data integrity and security. Table 1 identifies the VNX customer benefits.
Table 1. VNX customer benefits Feature
Next-generation unified storage, optimized for virtualized applications Capacity optimization features including compression, deduplication, thin provisioning, and application-centric copies
High availability, designed to deliver five 9s availability Automated tiering with FAST VP (Fully Automated Storage Tiering for Virtual Pools) and FAST Cache that can be optimized for the highest system performance and lowest storage cost simultaneously
Simplified management with EMC Unisphere™ for a single management interface for all NAS, SAN, and replication needs
Up to three times improvement in performance with the latest Intel Xeon multicore processor technology, optimized for Flash
Software suites available
FAST Suite — Automatically optimizes for the highest system performance and the lowest storage cost simultaneously
Local Protection Suite — Practices safe data protection and repurposing
Remote Protection Suite — Protects data against localized failures, outages, and disasters
Application Protection Suite — Automates application copies and proves compliance
Security and Compliance Suite — Keeps data safe from changes, deletions, and malicious activity
Software packs available
Total Efficiency Pack — Includes all five of the preceding software suites Overview
EMC VNX series
Total Protection Pack — Includes Local, Remote, and Application Protection Suites
VNX FAST Cache
VNX FAST Cache, a part of the VNX FAST Suite, enables Flash drives to be used as an expanded cache layer for the array.
FAST Cache is an array-wide feature available for both file and block storage. FAST Cache works by examining 64-KB chunks of data in FAST Cache-enabled objects on the array. Frequently accessed data is copied to the FAST Cache and subsequent accesses to the data chunk are serviced by FAST Cache. This enables immediate promotion of very active data to flash drives. This dramatically improves the response times for the active data and reduces data hot spots that can occur within the LUN.
FAST Cache enables XenDesktop to deliver consistent performance at flash drive speeds by absorbing read-heavy activities such as boot storms and antivirus scans, and write-heavy workloads such as operating system patches and application updates. This extended read/write cache is an ideal caching mechanism for MCS in XenDesktop because the base desktop image and other active user data are so frequently accessed that the data is serviced directly from the flash drives without having to access the slower drives at the lower storage tier.
VNX FAST VP (optional)
VNX FAST VP, a part of the VNX FAST Suite, enables you to automatically tier data across multiple types of drives to leverage differences in performance and capacity.
FAST VP is applied at the block storage pool level and automatically adjusts where data is stored based on how frequently it is accessed. Frequently accessed data is promoted to higher tiers of storage in 1 GB increments, while infrequently accessed data can be migrated to a lower tier for cost efficiency. This rebalancing of 1 GB data units, or slices, is done as part of a regularly scheduled maintenance operation.
Backup and recovery
Backup and recovery is another important component in this VSPEX solution, providing data protection by backing up data files or volumes on a defined schedule and restoring data lost by accident or disaster.
In this VSPEX solution, EMC Avamar
®software provides backup and recovery services for up to 2,000 virtual desktops.
Avamar software provides rapid backup and restoration capabilities in the virtualized environment. Performance is greatly enhanced by the Avamar software’s seamless integration of deduplication technology, which results in vastly less data traversing the network, and greatly reduced amounts of data being backed up and stored—
resulting in storage and bandwidth operational savings.
Two of the most common recovery requests made to backup administrators are the following:
File-level recovery — Object-level recoveries account for the vast majority of user support requests. Common actions requiring file-level recovery are Overview
EMC Avamar
Citrix XenDesktop 5.6 and VMware vSphere 5.1 for up to 2,000 Virtual Desktops 35 Enabled by EMC VNX and EMC Next-Generation Backup individual users deleting files, applications requiring recoveries, and batch process-related erasures.
System recovery — Although complete system recovery requests occur less frequently than do file-level recovery requests, this bare-metal restore capability is vital to the enterprise. Common root causes for full system recovery requests include viral infestation, registry corruption, and unidentifiable unrecoverable issues.
In both of these scenarios, Avamar functionality in conjunction with VMware implementations adds new capabilities for backup and recovery. Key capabilities added in VMware, such as the vStorage API integration and change block tracking (CBT), enable the Avamar software to protect the virtual environment more efficiently.
Leveraging CBT for both backup and recovery with virtual proxy server pools, this functionality minimizes management needs. Coupling that with Data Domain as the storage platform for image data, this solution enables the most efficient integration with two of the industry-leading next-generation backup appliances.
Security
RSA SecurID two-factor authentication can provide enhanced security for the VSPEX end-user computing environment by requiring the user to authenticate with two pieces of information, collectively called a passphrase, consisting of:
Something the user knows: A PIN, which is used like any other PIN or password
Something the user has: A token code, provided by a physical or software
“token,” which changes every 60 seconds
The typical use case deploys SecurID to authenticate users accessing protected resources from an external or public network. Access requests originating from within a secure network are authenticated by traditional mechanisms involving Active Directory or LDAP.
SecurID functionality is managed through RSA Authentication Manager, which also controls administrative functions such as token assignment to users, user
management, and high availability. The Citrix NetScaler network appliance and Citrix Storefront enable streamlined integration of SecurID into the XenDesktop
environment (as well as XenApp and other Citrix virtualization product environments).
For external access requests into the VSPEX End-User Computing with Citrix XenDesktop environment, the user is challenged for a userid, SecurID passphrase, and Active Directory password on a single dialog. Upon successful authentication, the user is logged in directly to his or her virtual desktop. Internal request
authentication is carried out against Active Directory only.
Figure 4 describes authentication flow for an external access request to the XenDesktop environment.
RSA SecurID two-factor authentication
SecurID
authentication in the VSPEX End- User Computing for Citrix
XenDesktop
environment
Figure 4. Authentication control flow for XenDesktop access requests originating on an external network
Note Authentication policies set on NetScaler’s Access Gateway Enterprise Edition (AGEE) control authentication against SecurID and Active Directory.
Figure 5 depicts internal access authentication flow. Active Directory authentication is initiated from within Citrix Storefront.
Figure 5. Authentication control flow for XenDesktop requests originating on local network
Note Users are authenticated against Active Directory only.
Enablement of SecurID for VSPEX solutions is described in Securing VSPEX Citrix XenDesktop 5.6 End-User Computing Solutions with RSA Design Guide. The following components are required:
Required
components
Citrix XenDesktop 5.6 and VMware vSphere 5.1 for up to 2,000 Virtual Desktops 37 Enabled by EMC VNX and EMC Next-Generation Backup
RSA SecurID Authentication Manager (version 7.1 SP4)
Used to configure and manage the SecurID environment and assign tokens to users, Authentication Manager 7.1 SP4 is available as an appliance or as an installable on a Windows Server 2008 R2 instance. Future versions of Authentication Manager will be available as a physical or virtual appliance only.
SecurID tokens for all users
SecurID requires something the user knows (a PIN) combined with a
constantly changing code from a “token” the user possesses. SecurID tokens may be physical, displaying at 60-second intervals a new code that the user must then enter with a PIN, or software-based, wherein the user supplies a PIN and the token code is supplied programmatically. Hardware and software tokens are registered with Authentication Manager through “token records”
supplied on a CD or other media.
Citrix NetScaler network appliance (version 10 or higher)
NetScaler’s Access Gateway functionality manages RSA SecurID (primary) and Active Directory (secondary) authentication of access requests originating on public or external networks. NetScaler also provides load balancer capability supporting high availability of Authentication Manager and Citrix Storefront servers.
Citrix Storefront (version 1.2 or higher)
Storefront, also known as CloudGateway Express, provides authentication and other services and presents users’ desktops to browser-based or mobile Citrix clients.
Citrix Receiver
Receiver provides an interface through which the user interacts with the virtual desktop or other Citrix virtual environment such as XenApp or XenServer. In the context of this solution, the user client is considered a generic user endpoint, so versions of the Receiver client, and options and optimizations for them, are not addressed.
Figure 6 depicts the VSPEX End-User Computing for Citrix XenDesktop environment with added infrastructure to support SecurID. All necessary components can run in a redundant, high-availability configuration on 2 or more VMware ESXi™ hosts with a minimum of 12 CPU cores (16 recommended) and 16 GB of RAM. Table 2 on page 39 summarizes these requirements.
Compute, memory
and storage
resources
Figure 6. Logical architecture: VSPEX End-User Computing for Citrix XenDesktop
with RSA
Citrix XenDesktop 5.6 and VMware vSphere 5.1 for up to 2,000 Virtual Desktops 39 Enabled by EMC VNX and EMC Next-Generation Backup Table 2. Minimum hardware resources to support SecurID
CPU (cores)
Memory (GB)
Storage (GB)
SQL
database* Reference
RSA
Authentication Manager
2 8** 60 n/a
RSA Authenticat ion Manager 7.1 Performanc e and Scalability Guide
Citrix
NetScaler VPX 2 4 40 n/a
Citrix NetScaler VPX Getting Started Guide Citrix
Storefront 2 2 20 3.5 MB per
100 users