Desktop Virtualization &
End-User Computing
May 16, 2013 Ryan Henyard Information & Technology Services
Overview
•
Introduction
•
Desktop Virtualization @ U-M
•
VDI Use Cases
Computing @ U-M
Decentralized IT on campus
– Academic units have their own IT staff
Information & Technology Services
– Central IT provider
– Maintains many instances of shared infrastructure
(e.g. Active Directory) that makes sense
Shared Service Model
– New services are not guaranteed to be run by ITS,
Why VDI?
Provide a campus service to:
- Access applications and/or
customized desktops remotely
- Increased security
- Manage desktops more
efficiently
- Potentially save on energy,
equipment, and physical space
- Develop distributed
administration model which allows admins to manage their own desktop images and settings.
…
and other incentives
Reducing redundancy
–
Momentum on campus towards VDI; various
units already considering/piloting VDI
technologies
–
Centrally provided service saves University
money and avoids silos
–
Saving effort by providing shared
Choosing VMWare
•
Previous expertise on campus with their
products
•
Existing VMWare ESX infrastructure
•
Relatively compact server architecture
required
•
Wide compatibility with thin client devices
•
Active Directory integrated access
Choosing VMWare
•
Significant disk savings using Linked
Clone technology
•
Connection software available for
Windows, OSX and Linux
Project Summary
•
Asked in September 2009 to create VDI
service for campus by June 2010; entering
our third year of full production
•
Included vendor selection, technical
design, pilot & complete product
development (docs, websites,
provisioning, etc.)
Part of a number of intersecting efforts
…
Flexible Desktop Model
Server Virtuali-zation
MiWorkspace
Enterprise & Cloud Storage Virtual Sites
VDI
Campus Adoption
•
15+ campus units
with ~35 pools in
production
•
600-800 VMs
•
Vast majority of
customers using
non-persistent
linked clones
Virtual Desktop Hosting
Unit-managed environment
–
Allows campus units to make their custom
images available through VDI
–
Units can use existing resources (images,
deployment systems, group policy, network
shares, etc.)
–
Units control availability and access to pools
of VMs
Enterprise Storage
Remote Access
Desktop Virtualization
ICPSR
Inter-university Consortium for Political and Social Research
– Deploys 11 different pools of non-persistent desktops to allow
secure access to sensitive datasets
– Limits access to desktops based on IP, some pools with 2FA
– Provides strictly licensed applications on VMs to reduce potential
costs
– Uses roaming profiles & network shares to store user data
– 80-100+ machines
User Data Redirection Remote Access Application Virtualization Desktop
Virtual Sites
• ITS-managed environment
• Provides remote access to
common and course-related software
• 140+ Applications served
• Gives Mac users a way to
use Windows-only software • Available to all students,
faculty & full-time staff
Virtual Classroom
Remote
Access Virtualization Application Shared
Desktop Image Desktop
Virtualization
ITS Desktop Support
–
Provides remote access to common loadset
for all ITS staff
–
Uses roaming profiles & CIFS Storage to
store user data
–
Aids in transition to Windows 7
–
75+ Machines
Enterprise Storage
User Data Redirection
Shared Desktop
Image Desktop
Virtual Classrooms
Instructional Services Support – College of
Literature, Science & Arts
– Homegrown scheduling program entitles a class of
students to reserved virtual desktops
– Allows multiple classes to take advantage of a single
desktop pool, keeping overall costs low
– Opened up to more users during off hours
Virtual Classroom
User Data
WES Admin Consoles
Windows Enterprise Services – ITS
– Four pools of VDI desktops, each serving different
applications / audiences:
• Active Directory tools and utilities
• vCenter access for Server & Desktop Virtualization admins
• Specialty active-x web app access for Mac users
• Consolidated functions spread across a variety of terminal
servers
Remote Access
Desktop
School of Social Work
•
70 Dell Latitude E5520 laptops with SSD hard
drives and extended batteries
•
Homegrown software thin-client, configured with
automatic logins and pool connections
•
Connects to a Virtual Classroom pool of
customized Virtual Sites machines
Virtual
Classroom Thin Client Virtualization Application Shared
Desktop Image Desktop
Traditional
Desktop
User Data & Application Settings
Applications Operating System
PC Hardware
Flexible Virtual
Desktop
Separate User Data Application Virtualization /
Remote Presentation Desktop Virtualization Any capable hardware
• Windows / Mac PC
• iOS & Android Tablets
• Thin Clients
• User-owned devices
Hardware
• Can be tweaked for
different purposes or settings
• Easily managed virtually
via snapshots Operating System
• Automated MSI & App-V
package creation
• Remote app presentation
via Ericom AccessNow & Targeted VDI pools
Applications
• Roaming Profiles & Folder
Redirection (eventually UE-V)
• CIFS-based storage for
departments and teams • Cloud storage via Box /
Drive User Data
Benefits of a flexible desktop
Many of these components (along with their competitors) are platform agnostic, so they can work equally well with physical desktop labs or virtual machines
Users are able to access their
desktops,
applications, and data from a variety of endpoints
Benefits of Flex
•
By using a combination of these components,
we can provide machines that are adaptable to
the task at hand
•
Separating out each of these layers makes
migrations of the individual components less
painful
• Windows migrations can be primarily about the OS and
hardware compatibility
• Application Virtualization sandboxing gives a better chance
for successful legacy app deployments
VDI vs. Remote Apps
• Each technology shines in different use cases
– Single remote application presentation helps provide uncommon
& difficult to license applications to managed machines easily – VDI machines allow full secure workspaces to be used from
unmanaged machines and remote locations
• Both will have strong roles to play in our future BYOD
strategies
• Using the best tool for the job
– It’s easy to try and force square pegs into round holes; using
both sets of technologies allows us to choose where each use case should live based on performance and fit
Connection Devices
Users want a solution that works on a wide
variety of devices
– Our users have connected via traditional desktops,
laptops, Macs, netbooks, thin clients, iPads and iPhones
– USB Redirection grants the possibility of using
location-specific peripherals in conjunction with remote desktops
Storage
•
One of the biggest components that
determines performance for end users
•
Desktop Virtualization requires more
robust storage than Server
•
Optimize your architecture for IOPS & not
raw capacity
•
Use assessment tools, not generic
Unexpected Constraints
•
Many components rely on stability in
infrastructure. A network outage can take
down more than just
•
Monitoring components from different
vendors can be difficult
•
Need a plan in place to manage rollout of
Think of the Possibilities
• The strongest cases for using
these virtualization
technologies is expanded usability
• Saving money is highly unlikely
if you’re comparing costs to traditional infrastructure
• Savings come into play when
comparing simplified and centralized management, combined with added value
Projects underway @ U-M
•
Remote App Presentation via Ericom
AccessNow
• HTML5 based client works on most modern
devices.
• Capable of working with either Terminal Servers or
VMWare View
•
MiWorkspace Managed Desktop
• Managed via SCCM 2012
• Eventually will include centralized application
Contact
Project Website:
http://mydesktop.umich.edu
More questions?
[email protected]
[email protected]
Laudes atque carmina, Nec hodie nec cras, Sed omnia per tempora, Dum locum habeas,
Tibi sint dulcissima, O Universitas; At hostes Pol, perniciter
Eant eis korakas.
O Gloria, Victoria, O decus omnium, O salve Universitas Michiganensium.
Rates
1 Base Virtual Machine
Includes 1 CPU, 2GB RAM, 40GB Disk
$21.35/month ($256.20 annually)
Additional 1GB storage space $0.28/month ($3.36 annually) Additional 1GB RAM $3.11/month ($37.32 annually) Additional 1 CPU $3.11/month ($37.32 annually)
VDI machines are ‘fully costed’ – includes staff time, hardware, power, etc.
The biggest impetus for moving to VDI is not that virtual machines are cheaper than physical hardware; the savings come from easier management,
VDI App-V Enter-prise Storage Virtual Classroom Enterprise Storage User Data Redirection Remote Access Application Virtualization Thin Client Shared Desktop Image Desktop Virtualization 2-factor Auth
