1 / 30

VMware User Group March 25, 2008 San Diego, CA

Patrick Rouse. VMware User Group March 25, 2008 San Diego, CA. Agenda – Desktop Virtualization. Desktop Virtualization (VDI) Benefits Desktop Virtualization Best Practices & Tutorials Provision Networks Virtual Access Suite Live Demo. Who We Are – Pinnacle Technologies.

chi
Download Presentation

VMware User Group March 25, 2008 San Diego, CA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Patrick Rouse VMware User Group March 25, 2008 San Diego, CA

  2. Agenda – Desktop Virtualization • Desktop Virtualization (VDI) Benefits • Desktop Virtualization Best Practices & Tutorials • Provision Networks Virtual Access Suite • Live Demo

  3. Who We Are – Pinnacle Technologies

  4. Who We Are – Quest Software – ESX vRanger Pro, vConverter, vOptmizer – Foglight – Root Cause Analysis for VMware – Desktop Authority – Virtual Access Suite

  5. Who We Are – Provision Networks Provision Networks, a division of Quest Software, produces and markets the award-winning Virtual Access Suite – an enterprise-grade application delivery, virtual desktop provisioning, management and brokering solution.The Virtual Access Suite is available in three editions: Standard Edition: Enhances manageability, stability and usability of Citrix and Terminal Services Desktop Services Edition: Enables blade PC and virtual client connections from any virtual infrastructure, including VMware, Virtual Iron, Microsoft and SWsoft. Enterprise Edition: Encompasses the Desktop Services & Standard Editions and adds support to Provision-enabled terminal server platforms • Virtual Access Suite Introduced • Acquired by Quest Software - Provision Management Framework Launched - Virtual Desktop Solution Introduced - Universal Print Driver for ICA and RDP - Emergent Online founded 2007 2001 2006 1996 2004

  6. Authenticate and receive back the address of the hosted desktop • Connect to the hosted desktop using some type of remote display protocol (for example, RDP) VDI Connection Broker Basics What is a Connection Broker? A basic connection broker is a service that authenticates a client, retrieves a list of Virtual Desktops and directs the client to its’ destination.

  7. Benefits of Desktop Virtualization • Centrally control and manage all off-site access to sensitive applications and data. Extend corporate network security policies to off-site facilities. • Contain desktop proliferation and build standardized, centrally managed desktop environments. Meet HIPAA, SOX, GLBA compliance. • Quickly recover, re-provision, and re-establish user access to complete desktop environments to ensure business continuity. • Contingency plans in place to accommodate work-from-home users and employees quarantined due to a pandemic. Telecommuting! • Each desktop environment is encapsulated in a VM, completely independently of other VMs. If anything goes wrong with one VM, other VMs remain unaffected. • No lack of support from ISVs. No complex IT training (desktop administrators). No application code modifications and/or repackaging. • Eliminate squandering of precious computing resources. Eliminate loss/theft of corporate data stored on stolen PCs. • Branch Office Connectivity. Mergers and Acquisitions. Distributed computing environments can be integrated without major investments in remote IT infrastructures.

  8. Physical desktop TCO Source: Gartner Research Source: Gartner Research Benefits of Desktop Virtualization

  9. Best Practices – VDI Host Planning • No more than 1500 Virtual Desktops per VMware Virtual Center • Dedicate specific VI Hosts or Data Centers for VDI • Use Dual Processor, Quad Core, Blade or 1U Servers for VI Hosts • Use iSCSI SAN instead of Fiber Channel to reduce cost per user.

  10. Best Practices – VDI Host Planning • Utilize iSCSI HBA to reduce CPU usage on ESX Hosts. • 4-10 Virtual Desktops per CPU Core • 16-32GB of RAM per ESX Server (unless allocating > 640MB per VM)

  11. Best Practices – Component Placement • Deploy SSL Gateway in DMZ • Web Interface on the same machine, or on the Private Network. • Deploy two Connection Broker Servers (for redundancy and load balancing). • Do NOT allow DRS to move Connection Brokers to the same ESX Host. • All infrastructure servers can be virtualized

  12. Best Practices – Virtual Desktop OS • >= 384MB for each XP Pro Virtual Desktop • Keep VM Disk Files as small as possible • Utilize a Universal Printer Driver (reduced Mgmt, CPU & Bandwidth)

  13. Best Practices – Virtual Desktop OS • Disable screen savers on VMs (utilize client screensaver) • Schedule Shutdown/Reboot of Virtual Desktops • Enable Remote Control of Desktops (via Terminal Services Manager, Shadow or Remote Assistance)

  14. Configuring Remote Control

  15. Configuring Remote Control Classic is the default setting when XP Pro & 2003 are domain members

  16. Configuring Remote Control Allows tsadmin.exe (Terminal Services Manager) or shadow.exe to connect from a remote RDP Session.

  17. Configuring Remote Control

  18. Best Practices – Virtual Desktop OS • Configure User GPO Settings for Folder Redirection (for My Documents, Desktop, Start Menu & Application Data) environment lockdown (for non-administrators) • Configure Computer GPO Settings, i.e. Loopback Policy Processing, RDP Connection Settings, Disabling of Offline Files, Deletion of Roaming Profile Cache… • Roaming Profile Path is defined in the properties of the User’s Active Directory Account

  19. Best Practices – Virtual Desktop OS • Install User Profile Hive Cleanup Service (UPHClean) • Alter the Default Explore Path when using Folder Redirection to redirect the Start Menu to a Network Share, so user’s Default Explore Path is their Home Folder. Unloads user profiles that might otherwise get hung unloading [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\explore\ddeexec] @="[ExploreFolder(\"%u:\\\\\\\", %u:\\\\, %S)]" • Prevent NTFS from tracking reads on the local file system [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem] "NtfsDisableLastAccessUpdate"=dword:00000001

  20. Best Practices – Virtual Desktop OS • Remove the Hgfs Registry Entry so user’s profiles will unload completely. Setting added by VMware Tools. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order] "ProviderOrder"="RDPNP,LanmanWorkstation,WebClient" • Lock down the System Drive’s NTFS Permissions so normal users can’t install software, spyware, malware… or save data on their Virtual Desktops. Recommended NTFS Permissions on New System Builds: %SystemDrive% - Authenticated Users = "Read and Execute" %SystemDrive% - Administrators = "Full Control" %SystemDrive% - System = "Full Control" %SystemDrive% - Creator Owner = "Full Control" %ProgramFiles% - Authenticated Users = "Read and Execute" %ProgramFiles% - Administrators = "Full Control" %ProgramFiles% - System = "Full Control" %ProgramFiles% - Creator Owner = "Full Control"

  21. Best Practices – Client Devices • Don't assume that everyone can use a thin client. (No DVD+R, CDR/RW, High-end Graphics) • Choose XPe based thin clients when needing to support USB peripheral devices (printers, scanners, handhelds, storage) • Consider devices with local Internet Browser, Windows Media Player, Adobe Flash Player… • Convert older PCs into diskless thin clients via PXE Boot

  22. Provision NetworksVirtual Access Suite

  23. Provision NetworksVirtual Access Suite VAS: more than just a “connection broker” In contrast, VAS is a comprehensive provisioning and delivery framework with a sophisticated brokering service at its core. Support for Standard Windows desktop OS (i.e., WinXP, Vista)…

  24. Provision NetworksVirtual Access Suite VAS: more than just a “connection broker” Support for Windows Terminal Server…

  25. Provision NetworksVirtual Access Suite New features for version 5.10 (April-May 2008)

  26. Provision NetworksVirtual Access Suite Available Clients Thin Client Vendors

  27. Provision NetworksVirtual Access Suite

  28. Desktop Virtualization Solution Calculator

  29. Provision NetworksVirtual Access SuiteDemo and Q&A • Provision Networks Demo • References: • VMware VDI Best Practices • How to configure Folder Redirection • VMware Infrastructure 3 Configuration Maximums • How to install, configure and administer Virtual Access Suite, Desktop Services. (VDI Connection Broker) • Using the Flex Profile Kit with VDI • Provision Networks Metaprofiles-IT • Memory Overcommitment in the Real World • RDP Audio - Hotfix • Idle session Group Policy settings do not work - Hotfix

  30. Questions and Answers Patrick Rouse Patrick.Rouse@quest.com 619.994.5507 www.provisionnetworks.com

More Related