Since the creation of the traditional desktop computer, administrators and end users alike have appreciated the computing power but have been frustrated by the associated expense, complexity, and security issues that result from desktops used in the enterprise. These issues are caused not from lack of investment by the business or lack of effort by administrators but simply by how desktop computers are designed. With traditional desktops:
This design is inefficient and everyone pays the price. Organizations end up with:
There is a better way! The solution is desktop virtualization.
With desktop virtualization, administrators deliver end user desktops as a managed service from the company data center. For those in IT, the thought of offering controlled and reliable services from the data center is a comforting feeling and a solution to the problems with traditional desktops.
How does it work? With desktop virtualization (specifically VDI, or virtual desktop infrastructure), your end user desktop computers are virtualized and run as virtual machines, on your servers, in the data center. For those familiar with server virtualization, the end user desktops run on the hypervisor just like virtualized servers. The end user virtual machines contain the user's OS, applications, personalizations, and data, as Figure 1 shows.
Figure 1: Desktop virtualization.
What makes desktop virtualization different from server virtualization is that the end user virtual machines (desktops) are accessed remotely, over the network, using a remote access protocol such as Remote Desktop Protocol (RDP) or PC Over IP (PCoIP), as Figure 2 shows.
Figure 2: In VDI, end user virtual machines (desktops) are accessed remotely, over the network.
Something else that makes VDI different from server virtualization is the VDI connection broker. This specialized piece of software is what controls what user or device will access what virtual desktop (the virtual machine running on the hypervisor) or pool of desktops.
Desktop, laptop, or thin client devices can all be used to access the virtual desktops, running as virtual machines, on top of the hypervisor, in the data center. Those devices could be very close, on a local area network (LAN), or around the world, connected via the Internet, virtual private network (VPN), or private wide area network (WAN).
There is a lot of confusion about VDI versus session virtualization. With VDI, each user or device has its own virtual machine that contains an OS, applications, data, and persona/user customizations.
With session virtualization, a physical server is loaded with an OS, session virtualization software, and end user applications. The OS and applications are then shared by the users connected to that host (see Figure 3).
Figure 3: Comparison of session virtualization and VDI.
This sharing of the OS and applications (which is typically unsupported by application vendors) can cause problems, as the applications were never designed to be shared. In addition, one end user can cause performance issues or even crash an entire physical server that is being shared with session virtualization.
Despite this, virtualization is popular for specific use cases. Namely for a large group of task‐based users that need access only to the same few applications. If there is no customization of applications for end users, and a very short list of applications can be delivered to a large group of similar end users, session virtualization can be a good fit. Also, because all users are sharing the same host OS and applications, you can get more session virtualization user connections per host than with you can with VDI.
The problem that most companies run into with session virtualization (and the same problems I have experienced) is that, initially, end users start off being task‐oriented and, later, you find out that they need many more custom applications than originally indicated. Unexpected actions by end users can slow down other users (or all users on a server), and even, in some cases, bring down the server. I know first hand that tracking down and troubleshooting these types of issues is a very painful process for admins and end users alike.
Although VDI will use more server resources than session virtualization will use, by each user getting their own connection (OS and applications), there is no chance of them making trouble for other VDI users. It's easy to install and offer custom application. For these reasons (and more), VDI is a much more reliable, robust, and secure solution than is session virtualization.
You might be wondering what makes up a desktop virtualization implementation. Chances are that you have many of the pieces already in your data center. Consider the illustration in Figure 4.
Figure 4: Example VDI.
A VDI setup includes:
By using desktop virtualization, administrators, end users, and organizations will gain many benefits. The following sections explore how desktop virtualization benefits organizations.
Daily, IT admins struggle with patching, updating, securing, and tracking end user desktops. The solution to these struggles isn't a new desktop management tool. The remedy is to change the design of desktop infrastructure to a more intelligent design.
The following list highlights ways that desktop virtualization can help IT desktop admins:
Not only will IT benefit from desktop virtualization but so will end users. Although end users might not know to ask for "desktop virtualization" by name, they will enjoy the benefits once they try it. End user benefits include:
With IT desktop admins and end users enjoying the benefits of desktop virtualization, the organization as a whole gains:
Every business choice must consider the good and bad. Desktop virtualization is no different. The following list highlights pros and cons of desktop virtualization:
Unlike a traditional desktop where the display, keyboard, and mouse are all local, a VDI requires a special display protocol. The job of the display protocol is to send the virtual desktop's display to the end user device (whatever that might be) and to receive (from the end user device) back on the virtual desktop computer in the data center.
The VDI display protocol needs to be fast and efficient. If a user is watching a video or making updates to a presentation, the user expects the display to perform as well as it did on a physical desktop, even if the user is working across the country, thousands of miles from the actual virtual desktop. Additionally, as there could be very limited bandwidth at remote locations (like a coffee shop or hotel), the display protocol must be efficient on the bandwidth that it uses and what it sends across the network.
"Personas" are end user desktop customizations such as a change to the desktop background or the speed that the mouse moves. Traditionally, these types of changes were stored in the OS and then, wherever the user logged in, these changes were downloaded and applied. However, as users move around to different devices or work remotely, it is common to have trouble with this legacy method.
By having "persona management" built into a desktop virtualization solution, IT admins no longer have to rely on the OS to preserve and apply these important end user customizations. Persona management preserves user profiles and dynamically synchronizes them with a remote profile repository.
As desktop virtualization implementations grow, intelligent management of virtual desktop storage is crucial. Virtual machine disk files must be linked to a single golden image so that your disk utilization doesn't grow proportionately to the number of virtual machines you add. Also, efficient caching, virtual disk reclamation, and coordination with hardware storage all become critical to ensuring that something like a mass power‐on or antivirus storm doesn't slow the performance of your desktop virtual infrastructure.
VDI desktops are stored in shared storage used by the virtual infrastructure; thus, shared storage needs to be taken into account. Although it's possible to store VDI desktops on local storage, such as virtualized servers, VDI desktops are typically stored on SAN or NAS storage.
With VDI having greater I/O demands than traditional do virtualized servers, new specialized VDI solutions have come to market. They include solid state drives(SSDs) only storage and tiered SSD storage, both of which offer the much better I/O performance than dedicated SS or tiered SSD storage.
I was working in virtualization back when most people had never heard of it. Prior to the creation of virtual desktop infrastructure (VDI), I started by piloting session virtualization for a group of 10 users sharing their desktop and applications—all running on a single server. Back then, application vendors wouldn't support an application if the vendors found out the application was running with virtualization. Many applications weren't designed to be "multi‐user" and there were application incompatibilities.
Over time, virtualization software advanced and so did applications. We expanded our user base, at one point, to as many as 400 users accessing their virtual desktop over a wide area network (WAN) connected to 75 locations across four US states. Session virtualization was a huge success for most of our task‐based end users.
However, for "power users" and users with specialized applications, session virtualization just didn't provide what they needed. We had a poor display protocol. Graphical applications ran slowly. Some applications were still incompatible, and some users still had to run some applications on desktop computers.
These limitations of session virtualization pushed us to look for a new solution. The best solution for our problems was VDI. With desktop virtualization/VDI, every end user had their own virtual desktop. Each user had their operating system (OS), applications, and data. Application incompatibilities were immediately solved. Power users were even allowed to perform their own application upgrades or installations (something never possible with session virtualization).
Additionally, the new VDI solution came with a more robust display protocol that allowed us to use multiple monitors on thin client devices and even to gain greater graphics performance for graphically intensive applications. The new display protocol allowed us to be more efficient with our VDI desktop bandwidth utilization on the wide‐area network.
Over time, all users whose daily job wasn't limited to a few very specific applications were moved to VDI. Virtualization allowed us to do more with less, be more efficient, and provide end users capabilities that just weren't possible before.
What will the scope be of this new desktop virtual infrastructure? How will you size it?
What applications will it offer? Who will use it? Is it for everyone?
As part of any desktop virtualization implementation, you'll need to perform application inventory. You need to find out what applications are running on your existing desktop computers. Those same applications will need to be available in the virtualized desktops.
To ensure those applications are available in the virtual infrastructure, you'll first have to inventory, or discover, what applications are in use at your company today on physical desktops. This process doesn't have to be manual. Assessment tools can automate the process.
At enterprises with hundreds or thousands of end user desktops, perhaps spread across many locations, using an assessment tool is crucial. By employing an assessment tool, you'll be able to save time and make smart decisions regarding VDI. Assessment tools will:
Every company needs to perform an assessment to determine whether desktop virtualization is right for them. Most companies will find that desktop virtualization offers huge benefits. However, there is a possibility that desktop virtualization isn't the right solution. For example, desktop virtualization might not work for video editors (due to the heavy graphic requirement) or for locations where there is very limited or unreliable bandwidth back to a central data center.
We have explored how desktop virtualization can help in so many ways, but what about the financial benefits? As most enterprises are in the business of making money, most in IT will be pressured or even required to show that desktop virtualization will offer the company financial benefits. There are two common ways to determine those benefits: total cost of ownership (TCO) and return on investment (ROI).
TCO and ROI are both used to determine whether a particular technology will provide the company financial benefits, but they do so from different directions.
TCO is used to determine the direct and indirect costs of a solution. In this case, the solution being considered is desktop virtualization. To make this determination, you compare the total cost of desktop virtualization to the total cost of your existing solution— traditional physical desktops. If desktop virtualization has a lower TCO than does traditional desktops, your company will save money by implementing it, as Figure 1 illustrates.
Figure 1: TCO illustrated.
ROI, in contrast, is a financial calculation that determines the ratio of money gained or lost on an investment relative to the amount of money invested. In the case of desktop virtualization, you calculate the ROI of the amount of money invested for software, hardware, and effort (time to implement) to determine whether the return was greater than the investment. The return, in the case of desktop virtualization, is lower cost of hardware, lower cost of software, time saved on management, and efficiencies gained by end users.
In calculating TCO and ROI, you'll need to include both soft and hard costs. "Hard costs," or direct costs, are easy to calculate. In the case of desktop virtualization, hard costs are the software licenses, servers, storage, and thin client devices that will be used. These are real and tangible costs. "Soft costs" are less tangible and include factors such as the time saved by reducing administrative burden, the efficiency savings for end users, and the faster deployment for new devices. The following sample matrix highlights soft and hard dollar costs to help you visualize how these expenses can be broken down.
Hard Costs | Soft Costs |
Physical hosts | Improved productivity via better remote access for users |
Thin client devices | Less costly OS and app upgrades because they're easy |
VDI broker licenses | Fast application rollout means improved productivity |
Hypervisor licenses | Fast new user device rollout |
VDI performance / management tool | Reduced support calls lowers Help desk costs |
Additional storage for VDI desktops | Greater security and control |
Microsoft Windows Virtual Desktop Access (VDA) licenses |
Have you ever walked up to a kiosk computer in a store or public place and found that it didn't work? Have you ever had a call center desktop (or all desktops) running slow or become unavailable due to a user installing an application? These problems cause downtime and result in lost profits for companies.
For applications such as kiosks or call centers, stateless VDI desktops offer the best ROI. Every time they are powered on, the user gets the exact same reliable desktop and applications that they need to do their job. "Stateless" means that an application or OS doesn't maintain the what's‐been‐done‐in‐past‐sessions state.
The latest desktop virtualization software has the ability to take the stateless concept and apply it to all VDI OSs. By separating applications and user data from the OS, your OS virtual machine could be stateless with the apps and user data are just layered on top, every time you log in.
Consider the power of this setup when you need to do an OS upgrade. You could simply swap the old stateless OS disk with the latest OS disk and all virtual desktop users would be upgraded to the latest OS with their apps and user data still layered on top.
In addition to using stateless desktops when possible, there are a number of options available to drive down VDI implementation costs. For example, there is no requirement to start off with an enterprise‐wide deployment of VDI. To reduce startup costs, you could phase in VDI as employee's desktops are replaced on lease or as new employees are hired.
Another way to save on startup costs is to utilize local storage (SATA or SSD) for VDI virtual desktop storage instead of SAN/NAS storage. Most VDI desktops don't contain any data that needs high availability or that can't be easily reproduced.
You can also save money on startup costs by repurposing old desktops. In fact, you can add VDI software clients to your existing company desktops and never have to buy a single piece of end user hardware.
Desktop virtualization vendors, third‐party software companies, and even some bloggers have published desktop virtualization TCO and ROI calculators. These calculators are very useful, but you must be able to supply the calculators with the data they need and understand certain financial numbers such as ROI and net present value (NPV). Calculators can enable you to calculate not only ROI and TCO but also the expended cost to maintain and implement a desktop virtualization infrastructure. Still, calculators are only as accurate as the numbers that you provide them with.
When making the move to desktop virtualization, there are a number of considerations you need to take into account. This article starts with the top‐four considerations before delving into a step‐by‐step implementation plan.
The first consideration when making the move to desktop virtualization is what to do about end user applications. After all, the applications are the whole reason that the end users are employing their desktops and the reason the business is funding the desktop virtualization project.
As part of any desktop virtualization implementation, you'll need to perform application inventory. You need to find out what applications are running on your existing desktop computers. Those same applications will need to be available in the virtualized desktops.
However, you don't want to just perform a "physical to virtual" (P2V) conversion of physical desktops into virtual desktops. Although this approach might seem like a good idea at first, as it captures all the users' applications and customizations, it's the wrong approach. If you did a P2V conversion and then used that virtual machine as a golden image for multiple virtual desktops, potentially hundreds of virtual machines will include all the unnecessary configurations and applications converted from the physical desktop. For example, the desktop might include years' worth of registry changes for many applications, user customizations (which likely don't apply to others), and numerous applications that are unneeded or are just for the physical PC that the virtual machine came from. Instead, you'll want to perform fresh installations of all applications into a golden image desktop that all end user virtual desktops will be linked to.
Ideally, you'll want to virtualize these new applications when installed. Application virtualization essentially "packages" the installed applications, making them independent from the underlying operating system (OS). With virtualized applications, the underlying OS can be patched or replaced at any time without affecting applications. When selecting a desktop virtualization package, look for one that also offers application virtualization and integrated management between virtual desktops and virtual applications.
Security and compliance are a concern for every company, and desktop virtualization helps to ease those processes. With traditional physical desktops, company data is downloaded across end user desktops and mobile devices. Properly securing and ensuring compliance for that data is a daunting and often futile task.
Desktop virtualization makes security and compliance easier by:
Another way that desktop virtualization improves security is by offering the ability to utilize host‐based antivirus and anti‐malware. Host‐based means that antivirus/antimalware applications can run on the hypervisor host instead of on each virtual machine (end user desktop). This setup not only saves you the time of installing all those agents but also the time to maintain those agents and the processing overhead of running one agent per host instead of one agent per desktop (as you could have 50+ desktops per host). Hostbased antivirus and anti‐malware tools offer centralized control, efficient design, reduced resource utilization, and simplified administration.
The centralized setup of desktop virtualization means the ability to access your desktop remotely is just part of the design. You are already using a remote display protocol to access your desktop on a daily basis. When you need to access your desktop remotely, you can easily use a software client on a laptop, desktop, or tablet device. Most VDI solutions include an Internet gateway that allows you to access your virtual desktop without the need for a virtual private network (VPN) connection; just a Web browser is required.
Two‐factor authentication requires two of the three formats of authentication; typically the "something you know" and "something you have" factors are used. Two‐factor authentication can easily be integrated into desktop virtualization solutions to provide a higher level of security. Thus, an end user would need not only a username/password but also a password or number from a security token or security keychain fob to access their VDI instance.
With the consolidation of end users into the data center, managing performance for the applications running in the virtual desktops is paramount. You must ensure not only that you have capacity for all the virtual desktops but also that those desktops perform as well as (or better than) the physical desktop applications.
The virtual infrastructure that VDI runs upon will have basic performance monitoring software. However, when implementing VDI, you really need a performance tool that understands VDI and associated applications. End user applications running inside virtual machines can periodically suffer slow performance. When that happens, you need to be able to quickly identify whether the problem is related to CPU, memory, disk I/O, or networking. A tool that can measure application response (see Figure 2) is ideal and can be employed by IT to create a service level agreement (SLA) with the business.
Figure 2: An example VDI performance monitoring solution interface.
One of the core features of VDI is that it can be accessed anywhere, at any time, from just about any device. Once connected, end users will receive a consistent user experience.
At first, it might seem logical to have one virtual disk for each virtual machine. However, this model just doesn't scale well. Sooner or later, you'll have way too many virtual disks, taking up way too much storage capacity; updating them will become a huge undertaking.
Creating a single golden master virtual machine template and then linking all virtual machines to it means that the changes made from the golden image are all that will be stored on the virtual desktop shared storage. By using a disk linking technology, you'll save time and tremendous disk capacity.
With persona management, user customizations are separated from the applications. This setup allows you to utilize a shared virtual disk for the OS and another for the apps, while keeping the user persona separate. This separation, with a shared OS and applications disk, allows you to not only save money on the disk capacity required but also enjoy greater administrative efficiency in terms of faster upgrades for virtual machines and many fewer virtual disks to administer.
Desktop virtualization is a serious solution that requires methodical planning for implementation. The following steps take you from assessment to utilizing advanced features:
Implementing desktop virtualization is one of the best moves an organization can make, as it offers so many benefits for desktop admins, end users, and companies as a whole. Built on top of a solid virtual infrastructure and hypervisor, a VDI setup utilizes a VDI broker to connect end user devices to their virtualized desktops. As not all VDI solutions are equal, you'll want to make sure that the solution you choose offers advanced features such as a robust display protocol, persona management, and advanced storage features. Additionally, keep in mind that VDI is not only a technology solution but also a business solution. As part of your VDI proof of concept, you'll want to ensure that you achieve business buy‐in. That business buy‐in will be crucial as you deploy VDI across your organization.
Everyone's experience with desktop virtualization will be different. Your experience will begin by assessing your current infrastructure and then, very likely, using an assessment tool. It's not enough just to understand the efficiency benefits of desktop virtualization. You must also analyze the potential financial gain for your company using ROI and TCO calculations.
When implementing desktop virtualization, there are numerous considerations, including the migration of existing applications, awareness of security features, ability to manage performance, and virtual disk storage. To ensure the best chance of success, take the process step by step and follow an implementation plan that starts with assessment and pilot. With the ever‐growing popularity of desktop virtualization, you'll find excellent resources to simplify the process thanks to the virtualization community, book authors, video trainers, and vendors.