Cisco Virtual Experience Infrastructure

Cisco Virtual Experience

Infrastructure

Erik Lenten

Overview

The Network Is the Desktop



Personal Computer is disaggregated



Keyboard, Video, and Mouse stay with user



Compute and storage move to the data center



Network availability is required for all application access



Broker

Compute

Storage

Keyboard, Video, Mouse

Network

Thin

Terminal Services

Application Streaming

Virtual Desktop Streaming

_{Remote Virtual Desktop}

Server Hosted Computing

Client Hosted Computing

O/S

De

skt

op

Application

Presentation

Server

Display Data

OS

App

App

Server

App

OS

App

Main OS

Guest OS

Guest App

Hypervisor

Apps

OS

Apps

OS

Apps

OS

App

Server

Synchronized

Desktop

OS

OS

Apps

OS

Apps

OS

Apps

OS

Apps

OS

Overview Virtual Desktop Models

Reasons for Desktop Virtualization:

Real-world example of large European bank



Lifecycle management cycle for desktop computing



Session portability



Free Seating -> save on office space



Risk free migration to Windows 7



Faster application access



Working from Home



Lower Operational Costs



Security / Data Leakage concerns



Bring Your Own Device

Moving Through VDI Rather Than To VDI

2010

Distributed

Client/Server

2005

2015+

Distributed Client

Centralized Server

Centralized

Client/Server

Pervasive

Hypervisor

Pervasive

Network, Flash,

Ajax, JS, HTML5

Limited

Networks

WAN

Acceleration

Virtual

Desktop

Distributed Client

Efficient Server

Presentation

Desktop

Distributed

Creation/Data

Distributed Creation

Centralized Data

Centralized

Creation/Data

Distributed Creation

Centralized Data

Centralized Creation

Integrated Data

Overview Virtual Desktop Components



Client Devices (~25%)



Network



Software (~25%)

Broker

Virtualization (OS, application, profile)

Display protocol client/server



UCS Compute (~25%)



Storage (~25%)

Virtual Machine Storage

User Data Storage

Broker

UCS

Storage

Desktop

Profile

Data

Display Protocol

Clients

Network

Web Access

Lower Operational costs => non-persistent



Non-Persistent or Pooled

Generic virtual desktop assigned to users on a per session

first come first server basis and then returned to the pool

(possibly with profile removed) or destroyed



Persistent or Assigned

Permanently assigned to a user statically or by first to connect

Users and

Groups

Desktops

Pool of Virtual

Machines

Entitle Group

to Desktop

Assign

Pool

Entitle User to

Desktop

Assign

Individual

Template

Display Protocol Channels



Display protocols operate at the

session layer



Channels provide a means to extend

remote virtual desktop services



Channels cannot leverage network

services like QoS, security, media

bridging, stream splitting, or multicast



New developments:

Multi-channel ICA

Image rendering adjusted based on

available bandwidth

Display

Protocol

TCP

USB

Video

Sound

Print

VXI Network Design considerations

Security

Optimization

Availability

Display protocol

over the Network

Branch Office

Datacenter

Load balancing of connection

brokers

Global Site Selection (GSS) for DC

redundancy

Virtualization-Aware

Borderless Network

Virtualized Data Center

Virtualized

Collaborative Workspace

Survivability using Network

redundancy

Bandwidth issues:

Printing

USB flash drives

Driver issues:

Point of Sale devices

Scanners

Power over Ethernet

Bandwidth Voice/Video

# Concurrent users

Multicast support

Caching

What is Cisco VXI?

Applications /Desktop OS

MS Office

Virtualized Data Center

ACE

Unified

CM

Quad

ASA

Nexus

1000v

WAAS

Cisco Collaboration

Applications

Hypervisor

Desktop Virtualization Software

Storage

Compute

UCS

AnyConnect

Virtualized

Collaborative Workspace

Cisco VXC 6215

Thin Client

Cisco Virtualization

Experience Clients

Cius

Business

Tablet

Cisco VXC 4000

PC Client

Cisco VXC

22xx &

21xx Zero

Client

AnyConnect

WAAS

Virtualization-Aware

Borderless Network

Routing

PoE

Switching

CDN

Cisco

Identity

Services

Engine

End-to-End, Management and Optimization

Cisco Validated Design (CVD) Benefits



Cisco Validated Designs, validated through System Level Testing, enable

customers to:

• Lower risk of deploying technology solutions

• Increase speed of technology solution deployment

• Deploy a scalable, reliable, predictable foundation

• Ease technology solution integration

• Ease deployment of business critical applications

• Utilize Cisco Advanced Services to customize a CVD to meet specific

requirements



Detailed system design and/or implementation guidance are available to

provide:

• Customer use examples

• Products, Software and Configurations used in design testing

• Design limitations uncovered during testing

Globally

Available

Q4 2011

New

Strategic Alliance to Drive

Desktop Virtualization

Adoption

•

Enable Cisco Networks to

become Citrix HDX-aware

•

Commitment for joint technology

development reaching from data

center to network to endpoints

•

Broad go-to-market partnership

to deliver desktop virtualization

solutions to customers

Cisco WAAS

optimized for Citrix

XenDesktop

•

Single solution for virtual

and physical desktops

over the WAN

•

Validated, supported and

certified Citrix Ready at

availability

Cisco WAAS offers WAN Performance at Scale for Citrix XenDesktop

Before

Cisco

WAAS

After

Cisco

WAAS

0

10

20

30

40

50

60

Seconds (

s)

70%

faster

Up to 70%

Faster

Response Time

80ms T1

WAN

80ms T1

WAN +

WAAS

0

20

40

60

80

100

120

140

60%

Savings

2X+

Users

Kbp

s

Bandwidth Consumption

Up to 3X

More Users

80ms T1

WAN

80ms T1

WAN +

WAAS

0

5

10

15

20

25

30

Frame per

second

HD Quality

Pixelated

Choppy

Out of Sync

Video Quality

HD Quality

User Experience

LAN 80ms T1

WAN

80ms T1

WAN +

WAAS

Solving UC hairpinning problem with VDI

Uncompromised user

experience

Routes voice and video

point-to-point

Optimized resources

Bandwidth reduction from

megabytes to kilobytes

Reduced processing in data

center

• Enterprise-grade voice and

video based on Cisco UC

VM-User 1

VM-User 2

CUCM

VXI Cloud

Desktop

Virtualization Protocol

Desktop

Virtualization Protocol

Media

Flow

Media Flow

Data Center

Signalling

(SIP)

Signalling

(SIP)

Signalling

(SIP)

Signalling

(SIP)

Media

Flow

VXC 4000

VXC 6215

Zero Clients

Zero Clients

Software

Appliance

Thin Client

Enterprise

Tablet

VXC 2100

Series

VXC 2200

Series

VXC 4000

VXC 6215

Cisco Cius

Shipping

Shipping

Q4 2011

Q4 2011/

Q1 2012

Shipping

New

New

Cisco Cius for the Knowledge Worker



External display with unique Android keyboard/mouse control



Native desktop content creation when docked



Mobile content consumption and presentation



Anywhere business phone and email



Disconnected access with QuickOffice

Display Port

Virtual

Desktop

HDMI

Administrator

User

Administrator

User

Cisco Applications

Partner Applications

_{Market Applications}

Customer Applications

Android Mkt Place

“Admin Controlled Access “

Cius Enterprise Application Head Quarters

AppHQ

CUSTOMER

#1

CUSTOMER

Developed

Apps

CUSTOMER

#2

https://marketplace.cisco.com/apphq/store

Data Center Optimizations for Virtual Desktops

Validated Designs and Reference Architectures

End-to-end reference architectures reduce risk for optimized stack

Flexibility and Bandwidth for Converged Multiple Networks

Unified ports and 80G burst b/w allow for convergence with performance

Prioritization of Desktop Pools

UCS QoS and bandwidth controls deliver prioritization to desktop pools

Rapid Provisioning of Desktops

Service profile templates for rapid provisioning of desktop pools

Desktop Density and Scalability

Great virtual desktop density with linear performance scalability

Networking Visibility and Security to the Desktops

Scaling considerations for UCS



Per Windows XP/ Windows 7 Virtual Machine:

300 Mhz per VM (absolute minimum)

2GB of RAM per VM -> 1.5GB physical memory



Example:

A UCS B200 blade with 96 GB of RAM with 2 Intel 5640:

Memory: 96 / 1.5 = 64 Virtual Machines

CPU: 2 x 4 cores x 2.53Ghz = 20.24Ghz x 1000 =

20240Mhz / 300 = 67 Virtual Machines



Conclusion: 64 VM per blade



More cores is always better

Optimizing Memory for Desktop Virtualization

Xeon 5600

Xeon 5600

Xeon 5600

Xeon 5600

12 DIMMs, Max 96GB

Higher Performance

18 DIMMs, Max 144GB

Lower Performance

OR

48 DIMMs

Max 384GB

Cl

as

s

ic

Ci

s

c

o

UCS

w

ith

Extended

Mem

ory

UCS Compute Options

Bla

de

Ra

ck

Mou

nt

B230 M2

2-Socket Intel E7-2800, 2 SSD, 32 DIMM

B200 M2

2-Socket Intel 5600, 2 SFF Disk, 12 DIMM

B250 M2

2-Socket Intel 5600, 2 SFF Disk, 48 DIMM

B440 M2

4-Socket Intel E7-4800, 4 SFF Disk, 32 DIMM

C200 M2

2-Socket Intel 5600, 4 Disks, 12 DIMM, 2 PCIe 1U

C210 M2

2-Socket Intel 5600, 16 Disks, 12 DIMM, 5 PCIe 2U

C250 M2

2-Socket Intel 5600, 8 Disks, 48 DIMM, 5 PCIe 2U

C460 M2

4-Socket Intel E7-4800, 12 Disks, 64 DIMM, 10 PCIe 4U

C260 M2

2-Socket Intel E7-2800, 16 Disks, 64 DIMM, 6 PCIe 2U

*UPDATED*

*UPDATED*

*UPDATED*

*UPDATED*

View 4.5 Validation Results

Server

Profile Summary

Workload Profile

CPU Util # of Desktops

Cisco UCS B250-M2

Proc: 5680 @3.33 GHz

Mem: 192 GB

View 4.5 on ESXi 4.1

W7 32b (1.5G memory/20G disk)

NOTE; No HIMP,

No memory balloning

Knowledge Worker

Profile

83.7%

110

Cisco UCS B250-M2

Proc: 5680 @3.33 GHz

Mem: 192 GB

View 4.5 on ESXi 4.1

W7 32b (1.5G memory/20G disk)

NOTE; HIMP

with no memory balloning

Knowledge Worker

Profile

90+%

130

Cisco UCS B250-M2

Proc: 5680 @3.33 GHz

Mem: 192 GB

View 4.5 on ESXi 4.1

W7 32b (1.5G memory/20G disk)

NOTE; HIMP,

with ~5%memory balloning

Knowledge Worker

Profile

90+%

160

Innovating with Embedded Unified Mgmt

Reduced Points of Management

Single-click

configuration of

LAN, SAN and

firmware

parameters

Service Profile: HR-App1

Network: HR-VLAN

Network QoS: High

MAC: 08:00:69:02:01:FC

WWN: 20:65:32:25:B5:00:A4:28

BIOS: Version 1.03

Boot Order: SAN, LAN

•

Unified Management Domain

Automatic discovery

Dynamic Provisioning

•

Building Blocks of Resources for rapid

provisioning

•

Simplify infrastructure management for

datacenters

Tightly Coupled

Partner Mgmt. Tools

XML API

Existing Customer

Mgmt. Tools

Traditional APIs

•

Separate firmware, addresses, and parameter settings

•

Physical servers become interchangeable hardware

components

•

Service profile templates allow rapid provisioning of

new virtual desktops

Dynamic Platform Provisioning

with Service Profiles

Chassis-8/Blade-4

Chassis-1/Blade-2

Profile 1

UUID: 56 4d cd 3f 59 5b…

MAC: 08:00:69:02:01:FC

WWN: 5080020000075740

Boot Order: SAN, PXE

Profile 2

UUID: 56 4d cd 3f 59 5d…

MAC: 08:00:69:02:01:FF

WWN: 5080020000075742

Boot Order: SAN

Cisco UCS

Manager

Profile 3

UUID: 56 4d cd 3f 59 5f…

MAC: 08:00:69:02:01:FB

WWN: 5080020000075744

Boot Order: PXE, SAN

LAN

SAN

Desktop Profile 1

120 Knowledge | HVD Win 7

B-250 192GB

LAN Connectivity

SAN Connectivty

Boot Order

Desktop Profile 2

140 Task | ThinAppOLTP

B-200 48GB

LAN Connectivity

SAN Connectivity

Boot Order

Desktop Profile 3

100 Power | HVD Win 7

B-230 384GB

LAN Connectivity

SAN Connectivity

Boot Order

Virtual Security Gateway (VSG)

Server Zones

Assistant

IT Admin

Doctor

Guest

HVD Zones

Doctor

iT Admin

Guest

Records

Database

Application

Portal

VSG Deployment for VDI

Cisco Integrated Security Features

Feature

Capability

Prevents

Port Security

Restricting MAC addresses on a port

Rogue VM spoofing MAC

address

IP Source Guard

Maps IP address to MAC address

IP/MAC spoofing

DHCP Snooping

Monitors DHCP transactions

Rogue DHCP Server

Dynamic ARP Inspection

ARP: Maps IP address to MAC

Monitors ARP transactions, used in VMotion

ARP attacks

Nexus 1000v

Feature

Capability

Benefits

In-hypervisor

inter-VM security

Firewalling inter-VM communication based

on policy

Handling of East-West Security

policy enforcement

Secure Segmentation

Create secure segmentation of VMs

Policy enforcement independent

of Network segmentation

Context aware

security policies

Defined security policies based on context

Simplified security policy

On-demand Trust –zones

Enforcement of trust zones and

Dynamic provisioning

Automation Employee Onboarding

CUCM CUPS

vSphere

XenDesktop 5

NewScale

Tidal

AD

AXL

SOAP

Adapter

PS & Tidal

Adapter

PS & VMware

PowerShell

Golden Images

IT Service Catalog, Lifecycle Management

Portal, Request Management

Automation Delivering VXI Service – Faster

InfoSec Creates ID

Server Admin Clone VM

Citrix Admin Configure PVS & DDC

Desktop Admin

Install Applications

Communication Group

provision’s Phone

Secure it

Ready for use…

Multiple requests from user for:

ID, Desktop, Phone, Email, Applications etc.

Approved by Manager

Newscale order goes to TEO

TEO creates User ID

Configure Citrix PVS, DDC,

CUCM, VMware, CUPS

Install Applications

Secure it

Ready for use…

Single request from user, using service catalogue

Before:

After:

• Manual provisioning

• Hard to control utilization

• Self-service; automated provisioning

• Elasticity (capacity-on-demand)

• High provisioning & ops cost

• Extended provisioning time

• Configuration risk

• Optimized provisioning & ops cost

• Rapid provisioning

• Increased Resiliency and Availability

Manual Process

take several

days

Automated

Self-service

On-demand

within minutes…

With

Automation

New Services

Solution-level Technical Support and Optimization

•

Architecture review

•

Operations audit

•

Performance and validation

testing

•

Ongoing knowledge transfer

•

Change, design, and project

management support

• Single number for issue

resolution

• Multi-vendor support

• Complements point product

support

• Covers all technology partners

in Cisco Validated Design

s

Cisco Allied Services for VXI

Cisco Optimization for VXI Service

New

Globally

Available

Q4 2011

Globally

Available

Now

New