EMC VSPEX END-USER COMPUTING

(1)

VSPEX Proven Infrastructure

EMC VSPEX

Abstract

This document describes the EMC VSPEX End-User Computing solution with VMware vSphere and EMC VNXe for up 250 virtual desktops.

January, 2013

EMC

^®

VSPEX

^™

END-USER COMPUTING

VMware^® View™ 5.1 and VMware^® vSphere^® 5.1 for up to 250 Virtual Desktops

Enabled by EMC VNXe, and EMC Next-Generation Backup

(2)

Published January 2013

EMC believes the information in this publication is accurate of its publication date.

The information is subject to change without notice.

The information in this publication is provided as is. EMC Corporation makes no representations or warranties of any kind with respect to the information in this publication, and specifically disclaims implied warranties of merchantability or fitness for a particular purpose. Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.

EMC², EMC, and the EMC logo are registered trademarks or trademarks of EMC Corporation in the United States and other countries. All other trademarks used herein are the property of their respective owners.

For the most up-to-date regulatory document for your product line, go to the technical documentation and advisories section on the EMC online support website.

EMC End-User Computing

VMware View 5.1 and VMware vSphere 5.1 for up to 250 Virtual Desktops Enabled by EMC VNXe and EMC Next-Generation Backup

VSPEX Proven Infrastructure Part Number H11331.1

(3)

VMware View 5.1 and VMware vSphere 5.1 for up to 250 Virtual Desktops

Enabled by EMC VNXe and EMC Next-Generation Backup 3

Contents

Chapter 1 Executive Summary 13

Introduction ... 14

Target audience ... 14

Document purpose ... 14

Business needs ... 15

Chapter 2 Solution Overview 17 Solution overview ... 18

Desktop broker ... 18

Virtualization ... 18

Compute ... 18

Network ... 19

Storage ... 19

Chapter 3 Solution Technology Overview 21 The technology solution ... 22

Summary of key components ... 23

Desktop virtualization ... 24

Overview ... 24

VMware View 5.1 ... 24

View Composer 3.0 ... 24

View Persona Management ... 25

View Storage Accelerator ... 25

VMware vSphere 5.1 ... 25

EMC Virtual Storage Integrator for VMware ... 26

VNXe VMware vStorage API for Array Integration support ... 26

VMware vCenter ... 26

VMware vSphere High Availability ... 26

(4)

Contents

Compute ... 27

Network ... 29

Storage ... 30

Overview ... 30

EMC VNXe series ... 31

Backup and recovery ... 32

Overview ... 32

EMC Avamar ... 32

Security ... 32

RSA SecurID two-factor authentication ... 32

SecurID authentication in the VSPEX End-User Computing for VMware View environment ... 33

Required components ... 33

Compute, memory and storage resources ... 34

Other sections ... 35

VMware vShield Endpoint ... 35

VMware vCenter Operations Manager for View ... 35

Chapter 4 Solution Stack Architectural Overview 37 Solution Overview ... 38

Solution architecture ... 38

Overview ... 38

Architecture for up to 250 virtual desktops ... 38

Key components ... 39

Hardware resources ... 41

Software resources ... 42

Sizing for validated configuration ... 43

Server configuration guidelines ... 44

Overview ... 44

VMware vSphere memory virtualization for VSPEX... 45

Memory configuration guidelines ... 47

Network configuration guidelines ... 47

Overview ... 47

VLAN ... 48

Enable jumbo frames ... 49

Link aggregation ... 49

Storage configuration guidelines ... 49

Overview ... 49

(5)

Contents

VMware View 5.1 and VMware vSphere 5.1 for up to 250 Virtual Desktops Enabled by EMC VNXe and EMC Next-Generation Backup 5

High availability and failover ... 52

Introduction ... 52

Virtualization layer ... 52

Compute layer ... 53

Network layer ... 53

Storage layer ... 54

Validation test profile ... 55

Profile characteristics... 55

Antivirus and antimalware platform profile ... 55

Platform characteristics ... 55

vShield architecture ... 56

vCenter Operations Manager for View platform profile ... 56

Platform characteristics ... 56

vCenter Operations Manager for View architecture ... 57

Backup and Recovery configuration guidelines ... 57

Backup characteristics ... 57

Backup layout ... 57

Sizing guidelines ... 58

Reference workload ... 58

Defining the reference workload ... 58

Applying the reference workload ... 59

Concurrency ... 59

Heavier desktop workloads ... 59

Implementing the reference architectures ... 59

Overview ... 59

Resource types ... 59

CPU resources ... 59

Memory resources... 60

Network resources ... 60

Storage resources ... 61

Backup resources ... 61

Implementation summary ... 62

Quick assessment ... 62

Overview ... 62

CPU requirements ... 62

Memory requirements ... 62

Storage performance requirements ... 63

Storage capacity requirements ... 63

Determining equivalent reference virtual desktops ... 63

(6)

Contents

Fine tuning hardware resources ... 65

Chapter 5 VSPEX Configuration Guidelines 69 Configuration overview ... 70

Pre-deployment tasks ... 71

Overview ... 71

Deployment prerequisites ... 71

Customer configuration data ... 74

Prepare switches, connect network, and configure switches ... 74

Overview ... 74

Configure infrastructure network ... 74

Configure VLANs ... 75

Complete network cabling ... 76

Prepare and configure storage array ... 76

Overview ... 76

Prepare VNXe ... 76

Set up the initial VNXe configuration ... 76

Setup VNXe networking ... 77

Provision storage for NFS datastores ... 77

Provision optional storage for user data ... 78

Provision optional storage for infrastructure virtual machines ... 78

Install and configure vSphere hosts ... 78

Overview ... 78

Install vSphere ... 79

Configure vSphere networking ... 79

Jumbo frames ... 80

Connect VMware datastores ... 80

Plan virtual machine memory allocations ... 80

Install and configure SQL server database ... 83

Overview ... 83

Create a virtual machine for Microsoft SQL server... 84

Install Microsoft Windows on the virtual machine ... 84

Install SQL server ... 84

Configure database for VMware vCenter ... 84

Configure database for VMware Update Manager ... 85

Configure database for VMware View Composer ... 85

Configure database for VMware View Manager ... 85

Configure the VMware View and View Composer database permissions ... 85

(7)

Contents

Create the vCenter host virtual machine ... 86

Install vCenter guest OS ... 87

Create vCenter ODBC connections ... 87

Install vCenter Server ... 87

Apply vSphere license keys ... 87

Deploy the vStorage APIs for Array Integration (VAAI) plug-in... 87

Install the EMC VSI plug-in ... 87

Set up VMware View Connection Server ... 88

Overview ... 88

Install the VMware View Connection Server ... 89

Configure the View Event Log database connection ... 89

Add a Second View Connection Server ... 89

Configure the View Composer ODBC connection ... 89

Install View Composer ... 89

Link VMware View to vCenter and View Composer ... 89

Prepare master virtual machine ... 89

Configure View Persona Management group policies ... 90

Configure folder redirection group policies for Avamar ... 90

Configure View PCoIP group policies ... 90

Set up EMC Avamar ... 90

Avamar configuration overview ... 90

GPO modifications for EMC Avamar ... 91

GPO additions for EMC Avamar ... 92

Master image preparation for EMC Avamar ... 96

Defining datasets ... 97

Defining schedules ... 102

Adjust maintenance Window schedule ... 102

Defining retention policies ... 103

Group and group policy creation ... 104

EMC Avamar Enterprise Manager – activate clients ... 106

Set up VMware vShield Endpoint ... 114

Overview ... 114

Verify desktop vShield Endpoint driver installation ... 115

Deploy vShield Manager appliance ... 115

Install the vSphere vShield Endpoint service ... 115

Deploy an antivirus solution management server ... 115

Deploy vSphere Security Virtual Machines ... 115

Verify vShield Endpoint functionality ... 115

Set up VMware vCenter Operations Manager for View ... 116

Overview ... 116

(8)

Contents

Create vSphere IP Pool for vC Ops ... 117

Deploy vCenter Operations Manager vApp ... 117

Specify the vCenter server to monitor ... 117

Update virtual desktop settings ... 117

Create the virtual machine for the vC Ops for View Adapter server ... 117

Install the vC Ops for View Adapter software ... 118

Import the vC Ops for View PAKFile ... 118

Verify vC Ops for View functionality ... 118

Summary ... 118

Chapter 6 Validating the Solution 119 Overview ... 120

Post-install checklist ... 121

Deploy and test a single virtual desktop ... 121

Verify the redundancy of the solution components ... 121

Provision remaining virtual desktops ... 122

Appendix A Bills of Materials 125 Bill of material for 250 virtual desktops ... 126

Appendix B Customer Configuration Data Sheet 127 Overview of customer configuration data sheets... 128

Appendix C References 131 References ... 132

EMC documentation ... 132

Other documentation ... 133

Appendix D About VSPEX 135 About VSPEX ... 136

(9)

Figures

Figure 1. Solution components ... 22

Figure 2. Compute Layer Flexibility ... 28

Figure 3. Example of Highly-Available network design ... 30

Figure 4. Authentication control flow for View access requests originating on an external network ... 33

Figure 5. Logical architecture: VSPEX End-User Computing for VMware View with RSA ... 34

Figure 6. Logical architecture for 250 virtual desktops ... 39

Figure 7. Hypervisor memory consumption ... 46

Figure 8. Required networks ... 48

Figure 9. VMware Virtual Disk Types... 50

Figure 10. Core storage layout ... 51

Figure 11. Optional storage layout ... 51

Figure 12. High Availability at the Virtualization layer ... 52

Figure 13. Redundant Power Supplies... 53

Figure 14. Network Layer High Availability ... 54

Figure 15. VNXe series high availability ... 54

Figure 16. Sample Ethernet network architecture ... 75

Figure 17. Virtual Machine memory settings ... 82

Figure 18. Persona Management modifications for Avamar ... 92

Figure 19. Configuring Windows folder redirection ... 93

Figure 20. Create a Windows network drive mapping for user files ... 94

Figure 21. Configure drive mapping settings ... 95

Figure 22. Configure drive mapping common settings ... 95

Figure 23. Create a Windows network drive mapping for user profile data ... 96

Figure 24. Avamar Tools menu ... 97

Figure 25. Avamar Manage All Datasets window ... 98

Figure 26. Avamar New Dataset window... 98

Figure 27. Configure Avamar Dataset settings ... 99

Figure 28. User Profile data dataset ... 99

Figure 29. User Profile data dataset Exclusion settings ... 100

Figure 30. User Profile data dataset Options settings ... 100

Figure 31. User Profile data dataset Advanced Options settings ... 101

Figure 32. Avamar default backup/maintenance Windows schedule ... 102

Figure 33. Avamar modified Backup/Maintenance Windows schedule ... 103

Figure 34. Create new Avamar backup group ... 104

Figure 35. New backup group settings ... 105

Figure 36. Select backup group dataset ... 105

Figure 37. Select backup group schedule... 106

(10)

Figures

Figure 38. Select backup group retention policy... 106

Figure 39. Avamar Enterprise Manager ... 107

Figure 40. Avamar Client Manager ... 107

Figure 41. Avamar activate client window ... 108

Figure 42. Avamar activate client menu... 108

Figure 43. Avamar Directory Service configuration ... 109

Figure 44. Avamar Client Manager – post configuration ... 109

Figure 45. Avamar Client Manager – Virtual desktop clients ... 110

Figure 46. Select virtual desktop clients in Avamar Client Manager ... 110

Figure 47. Select Avamar groups to add virtual desktops ... 111

Figure 48. Activate Avamar clients ... 111

Figure 49. Commit Avamar client activation ... 112

Figure 50. The first informational prompt in Avamar client activation ... 112

Figure 51. The second informational prompt in Avamar client activation ... 113

Figure 52. Avamar Client Manager – Activated clients ... 113

Figure 53. View Composer Disks page... 122

(11)

Tables

Table 1. VNXe customer benefits ... 31

Table 2. Minimum hardware resources to support SecurID ... 34

Table 3. Solution hardware ... 41

Table 4. Solution software ... 42

Table 5. Server hardware ... 45

Table 6. Storage hardware ... 49

Table 7. Validated environment profile ... 55

Table 8. Platform characteristics ... 55

Table 9. Platform characteristics ... 56

Table 10. Profile characteristics ... 57

Table 11. Virtual desktop characteristics ... 58

Table 12. Blank worksheet row ... 62

Table 13. Reference virtual desktop resources ... 63

Table 14. Example worksheet row ... 64

Table 15. Example applications ... 64

Table 16. Server resource component totals ... 65

Table 17. Blank customer worksheet ... 67

Table 18. Deployment process overview ... 70

Table 19. Tasks for pre-deployment ... 71

Table 20. Deployment prerequisites checklist ... 72

Table 21. Tasks for switch and network configuration ... 74

Table 22. Tasks for storage configuration ... 76

Table 23. Tasks for server installation ... 79

Table 24. Tasks for SQL server database setup ... 83

Table 25. Tasks for vCenter configuration ... 85

Table 26. Tasks for VMware View Connection Server setup ... 88

Table 27. Tasks for Avamar integration ... 91

Table 28. Tasks required to install and configure vShield Endpoint ... 114

Table 29. Tasks required to install and configure vC Ops ... 116

Table 30. Tasks for testing the installation ... 120

Table 31. Common server information ... 128

Table 32. vSphere server information... 129

Table 33. Array information ... 129

Table 34. Network infrastructure information ... 129

Table 35. VLAN information ... 129

Table 36. Service accounts ... 130

(12)

Tables

(13)

Chapter 1 Executive Summary

This chapter presents the following topics:

Introduction... 14

Target audience ... 14

Document purpose ... 14

Business needs ... 15

(14)

Executive Summary

Introduction

VSPEX^™ validated and modular architectures are built with proven best-of-breed technologies to create complete virtualization solutions that enable you to make an informed decision in the hypervisor, compute, and networking layers. VSPEX

eliminates server virtualization planning and configuration burdens. When embarking on server virtualization, virtual desktop deployment or IT consolidation, VSPEX

accelerates your IT Transformation by enabling faster deployments, choice, greater efficiency, and lower risk.

This document is intended to be a comprehensive guide to the technical aspects of this solution. Server capacity is provided in generic terms for required minimums of CPU, memory, and network interfaces; the customer is free to select the server and networking hardware of their choice that meet or exceed the stated minimums.

Target audience

The readers of this document are expected to have the necessary training and background to install and configure an End-User Computing solution based on VMware View with VMware vSphere as a hypervisor, EMC VNXe series storage systems, and associated infrastructure as required by this implementation. External references are provided where applicable and it is recommended that the readers be familiar with these documents.

Readers are also expected to be familiar with the infrastructure and database security policies of the customer installation.

Individuals focused on selling and sizing a VSPEX End-User Computing for VMware View solution should pay particular attention to the first four chapters of this

document. After the purchase, implementers of the solution will want to focus on the configuration guidelines in Chapter 5, the solution validation in Chapter 6 and the appropriate references and appendices.

Document purpose

This document is an initial introduction to the VSPEX End-User Computing architecture, an explanation on how to modify the architecture for specific engagements and instructions on how to effectively deploy the system.

The VSPEX End-User Computing architecture provides the customer with a modern system capable of hosting a large number of virtual desktops at a consistent performance level. This solution executes on VMware’s vSphere virtualization layer backed by the highly available VNX storage family for storage and VMware’s View desktop broker. The Compute and Network components are vendor definable, redundant, and sufficiently powerful to handle the processing and data needs of a large virtual desktop environment.

The 250 virtual desktop environments discussed are based on a defined desktop workload. While not every virtual desktop has the same requirements, this document

(15)

Executive Summary

VMware View 5.1 and VMware vSphere 5.1 for up to 250 Virtual Desktops Enabled by EMC VNXe and EMC Next-Generation Backup 15 described in the document: EMC® VSPEX™ END-USER COMPUTING VMware View 5.1

and VMware vSphere 5.1 for up to 2000 Virtual Desktops.

An End-User Computing or Virtual Desktop architecture is a complex system offering.

This document will facilitate its setup by providing up front software and hardware material lists, step by step sizing guidance and worksheets, and verified deployment steps. After installing the last component, there are validation tests to ensure that your system is up and running properly. Following this document will ensure an efficient and painless desktop deployment.

Business needs

VSPEX solutions are built with proven best-of-breed technologies to create complete virtualization solutions that enable you to make an informed decision in the

hypervisor, server, and networking layers. VSPEX solutions accelerate your IT transformation by enabling faster deployments, choice, efficiency, and lower risk.

Business applications are moving into the consolidated compute, network, and storage environment. EMC VSPEX End-User Computing using VMware reduces the complexity of configuring every component of a traditional deployment model. The challenge of integration management is reduced while maintaining the application design and implementation options. Administration is unified, while process separation can be adequately controlled and monitored. The following are the business needs for the VSPEX End-User Computing for VMware architectures:

 Provide an end-to-end virtualization solution to utilize the capabilities of the unified infrastructure components.

 Provide a VSPEX End-User Computing for VMware View solution for efficiently virtualizing 250 virtual desktops for varied customer use cases.

 Provide a reliable, flexible and scalable reference design.

(16)

Executive Summary

(17)

Chapter 2 Solution Overview

Solution overview ... 18

Desktop broker ... 18

Compute ... 18

Network ... 19

Storage ... 19

(18)

Solution Overview

Solution overview

The EMC VSPEX End-User Computing for VMware View on VMware vSphere 5.1 provides a complete systems architecture capable of supporting up to 250 virtual desktops with a redundant server/network topology and highly available storage.

The core components that make up this particular solution are desktop broker, virtualization, storage, server computer and networking.

Desktop broker

View is the virtual desktop solution from VMware that allows virtual desktops to run on the VMware vSphere virtualization environment. It enables the centralization of desktop management and provides increased control for IT organizations. View allows end users to connect to their desktop from multiple devices across a network connection.

Virtualization

VMware vSphere is the leading virtualization platform in the industry. For years, it has provided flexibility and cost savings to end users by enabling the consolidation of large, inefficient server farms into nimble, reliable cloud infrastructures. The core VMware vSphere components are the VMware vSphere Hypervisor and the VMware vCenter Server for system management.

The VMware hypervisor runs on a dedicated server and allows multiple operating systems to execute on the system at one time as virtual machines. These hypervisor systems can then be connected to operate in a clustered configuration. These clustered configurations are then managed as a larger resource pool through the vCenter product and allow for dynamic allocation of CPU, memory, and storage across the cluster.

Features like vMotion, which allows a virtual machine to move between different servers with no disruption to the operating system, and Distributed Resource Scheduler (DRS) which perform vMotions automatically to balance load, make vSphere a solid business choice.

With the release of vSphere 5.1, a VMware virtualized environment can host virtual machines with up to 64 virtual CPUs and 1TB of virtual RAM.

Compute

VSPEX enables the flexibility of designing and implementing the vendor’s choice of server components. The infrastructure has to conform to the following attributes:

 Sufficient RAM, cores and memory to support the required number and types of virtual desktops

 Sufficient network connections to enable redundant connectivity to the system switches

(19)

Solution Overview

Network

VSPEX allows the flexibility of designing and implementing the vendor’s choice of network components. The infrastructure has to conform to the following attributes:

 Redundant network links for the hosts, switches and storage

 Support for Link Aggregation

 Traffic isolation based on industry accepted best practices

Storage

The EMC VNX storage family is the number one shared storage platform in the industry. Its ability to provide both file and block access with a broad feature set make it an ideal choice for any End-User Computing implementation.

The VNXe storage components include the following, which are sized for the stated reference architecture workload:

 Host adapter ports – Provide host connectivity via fabric into the array.

 Storage processors (SPs) – The compute component of the storage array, responsible for all aspects of data moving into, out of, and between arrays and protocol support.

 Disk drives – actual spindles that contain the host/application data and their enclosures

The 250 Virtual Desktop solution discussed in this document is based on the VNXe3300 storage array. The VNXe3300 can host up to 150 drives.

The EMX VNXe series supports a wide range of business class features ideal for the End-User Computing environment including:

 Thin Provisioning

 Replication

 Snapshots

 File Deduplication and Compression

 Quota Management and many more

(20)

Solution Overview

(21)

Chapter 3 Solution Technology Overview

The technology solution ... 22

Summary of key components ... 23

Desktop virtualization ... 24

Compute ... 27

Network ... 29

Storage ... 30

Backup and recovery ... 32

Security ... 32

Other sections ... 35

(22)

Solution Technology Overview

The technology solution

This solution uses EMC VNXe3300^™ and VMware vSphere 5.1 to provide the storage and computing resources for a VMware View 5.1 environment of Microsoft Windows 7 virtual desktops provisioned by VMware View Composer 3.0.

Figure 1. Solution components

In particular, planning and designing the storage infrastructure for VMware View environment is a critical step because the shared storage must be able to absorb large bursts of input/output (I/O) that occur over the course of a workday. These bursts can lead to periods of erratic and unpredictable virtual desktop performance.

Users might adapt to slow performance, but unpredictable performance is frustrating and reduces efficiency.

To provide predictable performance for End-User Computing, the storage system must be able to handle the peak I/O load from the clients while keeping response time to a minimum. Designing for this workload involves the deployment of many disks to handle brief periods of extreme I/O pressure, which is expensive to implement.

EMC Avamar enables protection of user data and end-user recoverability. This is accomplished by leveraging EMC Avamar^® and its desktop client within the desktop image.

(23)

Summary of key components

This section briefly describes the key components of this solution.

 Desktop broker

The Desktop Virtualization broker manages the provisioning, allocation, maintenance, and eventual removal of the virtual desktop images that are provided to users of the system. This software is critical to enable on-demand creation of desktop images, to allow maintenance to the image without impacting user productivity, and prevent the environment from growing in an unconstrained way.

 Virtualization

The virtualization layer allows the physical implementation of resources to be decoupled from the applications that use them. In other words, the

application’s view of the resources available to it is no longer directly tied to the hardware. This enables many key features in the End-User Computing concept.

 Compute

The compute layer provides memory and processing resources for the virtualization layer software as well as the needs of the applications running in the infrastructure. The VSPEX program defines the minimum amount of compute layer resources required, but allows the customer to implement using any server hardware, which meets these requirements.

 Network

The compute layer provides memory and processing resources for the virtualization layer software as well as the needs of the applications running in the infrastructure. The VSPEX program defines the minimum amount of network layer resources required, but allows the customer to implement using any network hardware, which meets these requirements.

 Storage

The storage layer is a critical resource for the implementation of the End-User Computing environment. Due to the way desktops are used, the storage layer must be able to absorb large bursts of activity as they occur, without unduly affecting the user experience.

 Backup and recovery

The optional Backup and recovery components of the solution provide data protection in the event that the data in the primary system is deleted, damaged, or otherwise unusable.

 Security

The optional Security components of the solution from RSA provides

consumers with additional options to control access to the environment and ensure that only authorized users are permitted to use the system.

(24)

 Other sections

There are additional, optional, components, which may improve the functionality of the solution depending on the specifics of the environment.

Solution architecture provides details on all the components that make up the reference architecture.

Desktop virtualization

Desktop virtualization is a technology encapsulating and delivering desktops to a remote client device, which can be thin clients, zero clients, smart phones, or tablets.

It allows subscribers from different locations access to virtual desktops hosted on centralized computing resources at remote data centers.

In this solution, VMware View is used to provision, manage, broker and monitor desktop virtualization environments.

VMware View 5.1 is a leading desktop virtualization solution that enables desktops to deliver cloud-computing services to users. VMware View 5.1 integrates effectively with vSphere 5.1 to provide:

 Performance optimization and tiered storage support—View Composer 3.0 optimizes storage utilization and performance by reducing the footprint of virtual desktops. It also supports the use of different tiers of storage to maximize performance and reduce cost.

 Thin provisioning support—VMware View 5.1 enables efficient allocation of storage resources when virtual desktops are provisioned. This results in better utilization of storage infrastructure and reduced capital expenditure (CAPEX)/operating expenditure (OPEX).

 This solution requires VMware View 5.1 Premier edition. VMware View Premier includes access to all View features including vSphere Desktop, vCenter^™ Server, View Manager, View Composer, View Persona Management^™, vShield Endpoint^™, VMware ThinApp^®, and VMware View Client with Local Mode.

View Composer 3.0 works directly with vCenter Server to deploy, customize, and maintain the state of the virtual desktops when using linked clones. Desktops provisioned as linked clones share a common base image within a desktop pool and as such have a minimal storage footprint. View Composer 3.0 also enables the following capabilities:

 Tiered storage support to enable the use of dedicated storage resources for the placement of both the read-only replica and linked clone disk images.

 An optional standalone View Composer server used to minimize the impact of virtual desktop provisioning and maintenance operations on the vCenter server.

Overview

VMware View 5.1

View Composer 3.0

(25)

VMware View 5.1 and VMware vSphere 5.1 for up to 250 Virtual Desktops Enabled by EMC VNXe and EMC Next-Generation Backup 25 View Persona Management preserves user profiles and dynamically synchronizes

them with a remote profile repository. View Persona Management does not require the configuration of Windows roaming profiles, eliminating the need to use Active Directory to manage View user profiles.

View Persona Management provides the following benefits over traditional Windows roaming profiles:

 With View Persona Management, a user’s remote profile is dynamically downloaded when the user logs in to a View desktop. View downloads persona information only when the user needs it.

 During login, View downloads only the files that Windows requires, such as user registry files. Other files are copied to the local desktop when the user or an application opens them from the local profile folder.

 View copies recent changes in the local profile to the remote repository at a configurable interval.

 During logout, only files that are updated since the last replication are copied back to the remote repository.

 Configure View Persona Management to store user profiles in a secure, centralized repository.

View Storage Accelerator reduces the storage load associated with virtual desktops by caching the common blocks of desktop images into local vSphere host memory.

The Accelerator leverages one of a VMware vSphere 5.1 features called Content Based Read Cache (CBRC) implemented inside the vSphere hypervisor.

When enabled for the View virtual desktop pools, the host hypervisor scans the storage disk blocks to generate digests of the block contents. When these blocks are read into the hypervisor, they are cached in the host based CBRC. Subsequent reads of blocks with the same digest are served from the in-memory cache directly. This significantly improves the performance of the virtual desktops, especially during boot storms, user login storms, or antivirus scanning storms when reading a large number of blocks with identical content.

Virtualization

VMware vSphere 5.1 is the market-leading virtualization platform that is used across thousands of IT environments around the world. VMware vSphere 5.1 transforms a computer’s physical resources by virtualizing the Memory, Storage, and Network. This transformation creates fully functional virtual desktops that run isolated and

encapsulated operating systems and applications just like physical computers.

The high-availability features of VMware vSphere 5.1 are coupled with Distributed Resource Scheduler (DRS) and VMware vMotion^™ which enables the seamless migration of virtual desktops from one vSphere server to another with minimal or no impact to the customer’s usage.

View Persona Management

View Storage Accelerator

VMware vSphere 5.1

(26)

This solution leverages VMware vSphere Desktop Edition for deploying desktop virtualization. It provides the full range of features and functionalities of the vSphere Enterprise Plus edition, allowing customers to achieve scalability, high availability, and optimal performance for all of their desktop workloads. vSphere Desktop also comes with unlimited vRAM entitlement. vSphere Desktop edition is intended for customers who want to purchase only vSphere licenses to deploy desktop virtualization.

EMC Virtual Storage Integrator (VSI) for VMware vSphere is a plug-in to the vSphere client that provides a single management interface that is used for managing EMC storage within the vSphere environment. Features can be added and removed from VSI independently, which provides flexibility for customizing VSI user environments.

Features are managed with the VSI Feature Manager. VSI provides a unified user experience, which allows new features to be introduced rapidly in response to changing customer requirements.

Apply the following features during the validation testing:

 Storage Viewer (SV) — Extends the vSphere client to facilitate the discovery and identification of EMC VNXe storage devices that are allocated to VMware vSphere hosts and virtual machines. SV presents the underlying storage details to the virtual datacenter administrator, merging the data of several different storage mapping tools into a few seamless vSphere client views.

 Unified Storage Management — Simplifies storage administration of the EMC VNX unified storage platform. It enables VMware administrators to provision new Network File System (NFS) and Virtual Machine File System (VMFS) datastores, and Raw Device Mapping (RDM) volumes seamlessly within vSphere client.

Refer to the EMC VSI for VMware vSphere product guides on EMC Online Support for more information.

Hardware acceleration with VMware vStorage API for Array Integration (VAAI) is a storage enhancement in vSphere that enables vSphere to offload specific storage operations to compatible storage hardware such as the VNXe series platforms. With storage hardware assistance, vSphere performs these operations faster and

consumes less CPU, memory, and storage fabric bandwidth.

VMware vCenter is a centralized management platform for the VMware Virtual Infrastructure. It provides administrators with a single interface for all aspects of monitoring, managing, and maintaining of the virtual infrastructure and can be accessed from multiple devices.

VMware vCenter is also responsible for managing some of the more advanced features of the VMware virtual infrastructure, such as VMware vSphere High Availability and Distributed Resource Scheduling (DRS), along with vMotion and Update Manager.

The VMware vSphere High Availability feature allows the virtualization layer to restart EMC Virtual

Storage Integrator for VMware

VNXe VMware vStorage API for Array Integration support

VMware vCenter

VMware vSphere

(27)

 If the Virtual Machine operating system has an error, the Virtual Machine can be automatically restarted on the same hardware.

 If the physical hardware has an error, the impacted virtual machines can be automatically restarted on other servers in the cluster.

Note In order to restart virtual machines on different hardware those servers will need to have resources available.

VMware vSphere High Availability allows you to configure policies to determine which machines are restarted automatically, and under what conditions these operations should be attempted.

Compute

The choice of a server platform for an EMC VSPEX infrastructure is not only based on the technical requirements of the environment, but on the supportability of the platform, existing relationships with the server provider, advanced performance and management features, and many other factors. For this reason, EMC VSPEX solutions are designed to run on a wide variety of server platforms. Instead of requiring a given number of servers with a specific set of requirements, VSPEX documents a number of processor cores and an amount of RAM that must be achieved. This can be

implemented with two servers – or twenty – and still be considered the same VSPEX solution.

For example, assume that the compute layer requirements for a given implementation are 25 processor cores, and 200GB of RAM. One customer might want to implement these using white-box servers containing 16 processor cores, and 64 GB of RAM;

while a second customer chooses a higher-end server with 20 processor cores and 144 GB of RAM. Figure 2 on page 28 shows this example.

(28)

Figure 2. Compute Layer Flexibility

The first customer will need four of the servers they chose, while the second customer needs two.

Note To enable high availability at the compute layer each customer will need one additional server so if a server fails the system has enough capability to maintain business operations.

The following best practices should be observed in the compute layer:

 Use a number of identical or at least compatible servers. By implementing VSPEX on identical server units, you can minimize compatibility problems in this area.

(29)

 If you are implementing hypervisor layer high availability, then the largest virtual machine you can create is constrained by the smallest physical server in the environment.

 It is recommended to implement the high availability features available in the virtualization layer, and to ensure that the compute layer has sufficient resources to accommodate at least single server failures. This allows you to implement minimal-downtime upgrades, and tolerate single unit failures.

Within the boundaries of these recommendations and best practices, the compute layer for EMC VSPEX can be very flexible to meet your specific needs. The key

constraint is that you provide sufficient processor cores and RAM per core to meet the needs of the target environment.

Network

The infrastructure network requires redundant network links for each vSphere host, the storage array, the switch interconnect ports, and the switch uplink ports. This configuration provides both redundancy and additional network bandwidth. This configuration is required regardless of whether the network infrastructure for the solution already exists, or is being deployed alongside other components of the solution. An example of this kind of highly available network topology is depicted in Figure 3 on page 30.

(30)

Figure 3. Example of Highly-Available network design

This validated solution uses virtual local area networks (VLANs) to segregate network traffic of various types to improve throughput, manageability, application separation, high availability and security.

EMC unified storage platforms provide network high availability or redundancy by using link aggregation. Link aggregation enables multiple active Ethernet connections to appear as a single link with a single MAC address, and potentially multiple IP addresses. In this solution, Link Aggregation Control Protocol (LACP) is configured on VNXe, combining multiple Ethernet ports into a single virtual device. If a link is lost in the Ethernet port, the link fails over to another port. All network traffic is distributed across the active links.

Storage

The storage layer is a key component of any Cloud Infrastructure solution that serves Overview

(31)

VMware View 5.1 and VMware vSphere 5.1 for up to 250 Virtual Desktops Enabled by EMC VNXe and EMC Next-Generation Backup 31 total cost of ownership. In this VSPEX solution, EMC VNXe Series arrays are used for

providing virtualization at storage layer.

The EMC VNX family is optimized for virtual applications delivering industry-leading innovation and enterprise capabilities for file, block, and object storage in a scalable, easy-to-use solution. This next-generation storage platform combines powerful and flexible hardware with advanced efficiency, management, and protection software to meet the demanding needs of today’s enterprises.

The VNXe series is powered by Intel^® Xeon processor for intelligent storage that automatically and efficiently scales in performance, while ensuring data integrity and security.

The VNXe series is purpose-built platform for IT managers in smaller environments and the VNX series is designed to meet the high-performance, high-scalability requirements of midsize and large enterprises.

Table 1 lists the VNXe customer benefits.

Table 1. VNXe customer benefits

Feature

Next-generation unified storage, optimized for virtualized applications



Capacity optimization features including compression,

deduplication, thin provisioning, and application-centric copies



High availability, designed to deliver five 9s availability 

Multiprotocol support for file and block 

Simplified management with EMC Unisphere^™ for a single management interface for all NAS, SAN, and replication needs



Software Suites Available

 Remote Protection Suite—Protects data against localized failures, outages, and disasters.

 Application Protection Suite—Automates application copies and proves compliance.

 Security and Compliance Suite—Keeps data safe from changes, deletions, and malicious activity.

Software Packs Available

 Total Value Pack—Includes all the protection software suites and the Security and Compliance Suite.

EMC VNXe series

(32)

Backup and recovery

Backup and recovery is another import component in this VSPEX solution, which provides data protection by backing up data files or volumes with defined schedule and restoring data from backup in case recovery is happening after disaster. In this VSPEX solution, EMC Avamar is used for backup/recovery, supporting up to 250 virtual desktops.

EMC Avamar provides methods to back up virtual desktops using either image-level or guest-based operations. Avamar runs the deduplication engine at the virtual machine disk (VMDK) level for image backups and at the file-level for guest-based backups.

Image-level protection enables backup clients to make a copy of all the virtual disks and configuration files associated with the particular virtual desktop, to be used in the event of hardware failure, corruption, or accidental deletion of a virtual desktop.

Avamar significantly reduces the backup and recovery time of the virtual desktop by leveraging change block tracking (CBT) on both backup and recovery.

Guest-based protection runs like traditional backup solutions. Guest-based backup can be used on any virtual machine running an operating system for which an Avamar backup client is available. It enables fine-grained control over the content and

inclusion and exclusion patterns. This can be leveraged to prevent data loss due to user errors, such as accidental file deletion. Installing the desktop/laptop agent on the system to be protected allows for the end-user self-service recoverability of their data.

This solution is tested with guest-based backups.

Security

RSA SecurID two-factor authentication can provide enhanced security for the VSPEX End-User Computing environment by requiring the user to authenticate with two pieces of information, collectively called a passphrase, consisting of:

 Something the user knows: a PIN, which is used like any other PIN or password.

 Something the user has: A token code, provided by a physical or software

“token,” which changes every 60 seconds.

The typical use case deploys SecurID to authenticate users accessing protected resources from an external or public network. Access requests originating from within a secure network are authenticated by traditional mechanisms involving Active Directory or LDAP. A configuration description for implementing SecurID is available for the VSPEX End-User Computing infrastructures.

SecurID functionality is managed through RSA Authentication Manager, which also Overview

EMC Avamar

RSA SecurID two-factor authentication

(33)

VMware View 5.1 and VMware vSphere 5.1 for up to 250 Virtual Desktops Enabled by EMC VNXe and EMC Next-Generation Backup 33 SecurID support is built into VMware View, providing a simple activation process.

Users accessing a SecurID-protected View environment are initially authenticated with a SecurID passphrase, following by a normal authentication against Active Directory. In a typical deployment, one or more View Connection servers are configured with SecurID for secure access from external or public networks, with other Connection servers accessed within the local network retaining Active Directory- only authentication.

Figure 4 depicts placement of the Authentication Manager server(s) in the View environment.

Figure 4. Authentication control flow for View access requests originating on an external network

Enablement of SecurID for VSPEX VMware View End-User Computing architecture is described in Securing VSPEX VMware View 5.1 End-User Computing Solutions with RSA: Design Guide. The following components are required:

 RSA SecurID Authentication Manager (version 7.1 SP4)—Used to configure and manage the SecurID environment and assign tokens to users,

SecurID

authentication in the VSPEX End- User Computing for VMware View environment

Required components

(34)

Authentication Manager 7.1 SP4 is available as an appliance or as an installable on a Windows Server 2008 R2 instance. Future versions of

Authentication Manager are available as physical or virtual appliances only.

 SecurID tokens for all users—SecurID requires something the user knows (a PIN) with a constantly-changing code from a “token” the user has in

possession. SecurID tokens may be physical, displaying a new code every 60 seconds which the user must then enter with a PIN, or software-based, wherein the user supplies a PIN and the token code is supplied

programmatically. Hardware and software tokens are registered with Authentication Manager through “token records” supplied on a CD or other media.

Figure 5 depicts the VSPEX End-User Computing for VMware View environment with two infrastructure virtual machines added to support Authentication Manager. Table 2 shows server resources needed; virtual machine requirements are minimal and are drawn from the overall infrastructure resource pool.

Figure 5. Logical architecture: VSPEX End-User Computing for VMware View with RSA

Table 2. Minimum hardware resources to support SecurID CPU

(cores)

Memory (GB)

Disk

(GB) Reference

RSA Authentication Manager 2 2 60

RSA Authentication Manager 7.1 Performance and Scalability Guide Compute, memory

and storage resources

(35)

Other sections

VMware vShield Endpoint offloads virtual desktop antivirus and antimalware scanning operations to a dedicated secure virtual appliance delivered by VMware partners. Offloading scanning operations improves desktop consolidation ratios and performance by eliminating antivirus storms, while also streamlining antivirus and antimalware deployment and monitoring and satisfying compliance and audit requirements through detailed logging of antivirus and antimalware activities.

VMware vCenter™ Operations Manager™ for View provides end-to-end visibility into the health, performance and efficiency of virtual desktop infrastructure (VDI). It enables desktop administrators to proactively ensure the best end-user experience, avert incidents and eliminate bottlenecks. Designed for VMware View™, this

optimized version of vCenter Operations Manager improves IT productivity and lowers the cost of owning and operating VDI environments.

Traditional operations-management tools and processes are inadequate for managing large View deployments, because:

 The amount of monitoring data and quantity of alerts overwhelm desktop and infrastructure administrators.

 Traditional tools provide only a silo view and don’t adapt to the behavior of specific environments.

 End users are often first to report incidents, and troubleshooting performance problems leading to fire drills among infrastructure teams, helpless help-desk administrators and frustrated users.

 Lack of end-to-end visibility into the performance and health of the entire stack—including servers, storage and networking—stalls large VDI deployments.

 IT productivity suffers from reactive management and the inability to ensure quality of service proactively.

VMware vCenter Operations Manager for View addresses these challenges and delivers higher team productivity, lower operating expenses and improved infrastructure utilization.

Key features include:

 Patented self-learning analytics that adapt to your environment, continuously analyzing thousands of metrics for server, storage, networking and end-user performance.

 Comprehensive dashboards that simplify monitoring of health and

performance, identify bottlenecks, and improve infrastructure efficiency of your entire View environment.

 Dynamic thresholds and “smart alerts” that notify administrators earlier in the process and provide more-specific information about impending performance issues.

VMware vShield Endpoint

VMware vCenter Operations Manager for View

(36)

 Automated root-cause analysis, session lookup and event correlation for faster troubleshooting of end- user problems.

 Integrated approach to performance, capacity and configuration management that supports holistic management of VDI operations.

 Design and optimizations specifically for VMware View.

 Availability as a virtual appliance for faster time to value.