600 likes | 712 Views
Virtual Experience Infrastructure. Richard Dodsworth , Lai KwaiSeng. Desktop Virtualization: XP EOL. Desktop Virtualization : Intellectual Property Protection. Gartner Press Release.
E N D
Virtual Experience Infrastructure Richard Dodsworth, Lai KwaiSeng
Gartner Press Release • "The worldwide hosted virtual desktop (HVD) market will accelerate through 2013 to reach 49 million units, up from more than 500,000 units in 2009, according to Gartner Inc. • Worldwide HVD revenue will grow from about $1.3 billion to $1.5 billion in 2009, which is less than 1 percent of the worldwide professional PC market, to $65.7 billion in 2013, which will be equal to more than 40 percent of the worldwide professional PC market." • - Gartner, Inc. • http://www.gartner.com/it/page.jsp?id=920814
Challenges of Traditional PC Environment Transition Opportunities Microsoft Windows 7 Migration Remote Office and Branch Office Contractors and Employee-Owned IT Business Continuity Remote and Mobile Users • Reduce migration costs • Reduce application incompatibility • Extend life of existing desktop software Data Security Compliance Lost Agility & Productivity • Reduce costs by single point of management • Centrally control sensitive data High TCO and Lifecycle Costs • Manage desktop image on employee-owned assets • Provide separation between corporate and personal desktops • Endpoint Independence • Rapid Provisioning Heavy Administration User End point and Application Demands • Enable desktop access regardless of network connection type • Extend security and control • Centrally control sensitive data
Desktop Virtualization Refers to the separation of the physical endpoint from the logical desktop Endpoints may be variety of devices; applications are hosted where ever the best user experience is offered (locally at endpoint or data center) Access from the endpoint to the logical desktop is delivered through the network
slot 1 slot 1 slot 2 slot 2 slot 3 slot 3 slot 4 slot 4 slot 5 slot 5 slot 6 slot 6 slot 7 slot 7 slot 8 slot Building Blocks for Virtual Desktop CentralizedVirtual Desktops Datastore(s) Display Brokers DMZ End Station HTTPS Secure Tunnel vCenter AD • Desktop Client • Internet • Security • Desktop Brokers • Core Compute • (Virtual Desktop) • HTTPS Load • High Availability • Scalability • High Availability • Scalability • Edge Security • Desktop Mobility • Any Device • Media Rich • Security • Bandwidth & Latency • Secure Access and Accessibility
What Cisco Does with VXI… VXI Delivers an enhanced user experience Leverages the network as a platform Integrates with 3rd party technology in open ecosystem Drives ROI in the DC Validated Integrated Open Optimized Video / Audio Streaming Interactive Scalable Data Center UCS Compute Bundles Borderless Network Services Security Power Mgmt Branch Survivability
Virtualization Experience Infrastructure (VXI) End-to-End System Virtualized Data Center Virtualized Collaboration Workspace CUPC MS Office Video Virtualization Aware Network VirtualizationEndpoints Microsoft OS Branch Data Center Network Desktop Virtualization Software ACNS/ WAAS Hypervisor Cisco WAN Nexus Desktop Virtualization Client Broker Virtual QUAD VirtualCUCM ISR Endpoint Ecosystem Compute UCS ACE WAAS FC FC Wyse, Devon IT, iGEL End-to-End Security, Management and Automation
Cisco Desktop Virtualization Solution • Removes VDI deployment barriers • Combined joint partner solutions with industry leaders • Cisco Validated Designs & Services to accelerate customer success Partner Solution Elements Data App App Hypervisor Desktop O/S Desktop Virtualization S/W VMWare/Citrix Hypervisor VMWare/Citrix VDI Broker Storage Cisco UCS Platform CiscoMDS9000Family CiscoNexus Cisco ASA Cisco ACE CiscoWAAS Unified Fabric Unified Network Services Unified Computing Clients Cisco Data Center Business Advantage Framework WAN Virtualized Data Center
Current = VXI Technology Partners In Progress = Endpoints Desktop Virtualization Software Hypervisor Management Storage Optimization Storage HW Acceleration Virus Scan Offload Monitoring Tools Monitoring Tools
Cisco Validated Design • Cisco Validated Designs, validated through System Level Testing, enable customers to: • Lower risk of deploying technology solutions • Increase speed of technology solution deployment • Deploy a scalable, reliable, predictable foundation • Ease technology solution integration • Ease deployment of business critical applications • Utilize Cisco Advanced Services to customize a CVD to meet specific requirements • Detailed system design and/or implementation guidance are available to provide: • Customer use examples • Products, Software and Configurations used in design testing • Design limitations uncovered during testing www.cisco.com/go/vxi http://iwe.cisco.com/html/index.html#url=/web/cisco-vxi
Signalling WAN Signalling • Voice/Video embedded in the display protocol • Media flow goes all the way back to data center and back • Heavy processing on virtual desktop in data center • Bandwidth explosion • Latency and jitter • Display protocol and possible endpoint become unstable Data Center Virtual Desktop Display Protocol Media Flow Thin Client Cisco Unified CM Display Protocol Media Flow Thin Client Virtual Desktop
VXC Data App App Desktop O/S End User Unified CM and Unified Presence Server Media Flow Outside of Display Protocol ConnectionBroker Data Center Data Center Signalling PCoIP, ICA/RDP PCoIP, ICA/RDP Signalling
Data App App Desktop O/S ConnectionBroker Media Flow outside of Display Protocol Data Center • Video & Voice Support • Linux based endpoint • MonitorsSingle:2560x1600Dual:1920x1200 • No PoE VXC 6215 Signalling Unified CM and Unified Presence Server End User ICA VXC 4000 • Software Appliance on XP and Windows 7 • Voice Support only • Enables VXI Collaboration for refurbished PCs Signalling PCoIP, ICA/RDP
Zero client endpoints • Integrated form factor for Cisco Unified IP Phone 8961, 9951*, 9971 • VXC-2212 supports HDX/ICA, RDP • VXC-2211 supports PCoIP • Powered via Phone – Leverages existing Power over Ethernet (PoE+), or PWR-CUBE-4 • Works with Cisco IP Phones to deliver voice, video, virtual desktop * NOTE: 9951 IP Phone must have Serial Number FCH153681E0 and above, OR VID V05 and above
Zero client endpoints • Standalone form factor • VXC-2212 supports HDX/ICA, RDP • VXC-2211 supports PCoIP • Powered with Power over Ethernet (PoE+ - 30W) or with PWR-CUBE-4 • Works with Cisco IP Phones to deliver voice, video, virtual desktop
Enterprise tablet that combines voice, video, collaboration, and VDI • Supports external Bluetooth/USB mouse & keyboard when docked • Supports external display in“mirror mode” • Supports Citrix Receiver, VMware View Client and Wyse PocketCloud
Recent additions to the Virtualization Experience Clients (VXC) portfolio
Enables UC voice capabilities for repurposed windows PCs for virtual desktops • Introduces unique voice processing capabilities that efficiently use network and data center CPU resources, eliminating the hairpin effect • Supports Citrix XenDesktop and VMware View • Based on CIPC (Cisco IP Communicator) • Endpoint support: WinXP, Win7 • Target Availability: Q4CY11
A thin client that unifies voice, video and virtual desktop in one device • Supports high quality, scalable voice and video, delivering optimal user experience • Introduces unique voice, video processing capabilities to eliminate the hairpin effect • Linux based platform supports HDX/ICA, PCoIP/RDP • Target Availability: Q1CY12
Innovative form factor that reduces real estate and simplifies management Power over Ethernet (POE) delivering energy savings and compliance to green initiatives Thin Client endpoint that provides a single converged desktop asset for rich media, voice and video collaboration in a hosted virtual desktop (HVD) environment Software appliance option that leverages existing PC investments Collaborative mobile virtual workspace on an enterprise tablet Cisco Validated Design (CVD) that provides blueprint for successful deployments and lower TCO Cisco Technical Assistance Center (TAC) support for end to end solution
Borderless Network • What happens to the network services? • Bandwidth Reduction • Protocol Optimization • File caching • Security • QoS • Print • Gateway • Call control • Compute • Network services depend on client • Zero – Minimal local services • Hybrid – Local UC and Web applications and services • Thick – Traditional local applications and services
Video processed on HVD causing bandwidth and server compute overload End-users see pixelization and bad UE without WAN Optimization/Acceleration T1 Increasing bandwidth might not help Routing Protocol Text Display Protocol Video End-users experience no pixelization on LAN • Hairpinning • WAN’s effects on Users Experience • Display Protocol Opaque to the Network Video Source Branch Office Branch Router Data Center Campus
Borderless NetworkNetwork Strategy • Display protocols are proprietary • Display protocols attempt to deliver media streams, text, and bulk transfer in a single or set of connections • WAAS increases WAN user density from 2X to 8X • Network Intelligence to disaggregate data types so the network can appropriately differentiate • Offer a seamless migration to web
Borderless NetworkDisplay Protocol Channels Display Protocol TCP USB Video Sound • Display protocols operate at the session layer • Display protocols were intended to remote applications and not desktops • Desktop interactions require that some local client services be extended to the remote virtual desktop • Channels provide a means to extend remote virtual desktop services • Channels cannot leverage network services like QoS, security, stream splitting, or multicast Print
Citrix XenDesktop and ICA/HDX • Latest release: XenDestion 5.5 – Improved HDX for WAN, better management • HDX MediaStream and Adaptive Orchestration • Leverage client-side resources • Better server scalability • More simultaneous users over WAN (Controlling Bandwidth Explosion) • Handle changing network conditions • HDX Flash Redirection • Now can handle 300 ms RTL • Linux now supported • Fallback to Server-side rendering adaptively • HDX VoIP-Over-ICA • Inline with Cisco VXI approach of separating media • SDKs for VOIP providers • Multi-Stream ICA for QoS • Larger Audio Jitter buffers • Basic Characteristics • 64 Virtual Channels • TCP based protocol • Encryption/Compression
Benefits Description WIN7 Aero & Win 8 Metro Interfaces View 5.0 All use cases = UDP, Secure, future proof, OS & application independent, session resilience All video codecs Network latency independent PCoIP Optimizations – View 5.0 • Up to 75% reduction in bandwidth usage • Improve scalability on WAN links • Increase user density on WAN • Configure by user case, user expectation and network requirements • New optimization controls to reduce bandwidth • Client Side Caching • Lossless CODEC • Build to Lossless GPO • Customize to reduce bandwidth usage on both the LAN and WAN • Optimization Controls available in GPO Power User • Build to lossless (default) • Direct CPU/GPU to endpoint mapping • Superior image quality Task Worker • Disable build to lossless • Client side caching • Best performance on constrained WAN Office Worker • Dynamic network management • Correct codec for each media type • Best image quality on available network bandwidth
WAAS optimize encrypted and compressed ICA desktop session traffic ( no changes required on ICA client, HVD, or DC infrastructure) for all versions of XenDesktop and XenApp Includes WAAS 4.4 Application aware DRE feature for unidirectional caching of desktop session traffic which improves the scalability and Application performance Citrix HVD WAAS 4.5 Optimization with Citrix ICA AO Head quarters Edge Router Branch Office Display Protocol WAN Acceleration for Display Protocol ICA client Branch WAE Data Center WAE Note: Multi-Session ICA (MSI) in XenDesktop 5.5 is not supported in the current release. If MSI is used only one initial session (port 1498) will be optimized automatically. Other flows will be treated as regular TCP flows
Interoperate w/native ICA encryption Without requiring manual registry changes or changes to XenDesktop and XenApp settings 3 flavors of RC5 (40b,56b,128b keys) with DH key exchange SSL deployments with Citrix Access Gateway + Secure Gateway Target Bandwidth reduction of 40% - 60% (mileage will vary) Supports XenDesktop (4.0/5.0/5.5) XenApp (6.0/6.5) and ICA Supports HDX Mediastream redirection for client multimedia rendering Fully supported by Citrix and Cisco Citrix ICA AO Capabilities
WAAS Acceleration for vmViewConnection Status • RDP-in-HTTPS session • WAAS performs optimization of HTTPS flow from View Client to Cisco ACE VIP • Multiple RDP direct mode sessions running MMR streams • The byte counts give an indication of where the bulk of the data is coming from flow-wise
WAAS can optimize both VDI (ICA, RDP, MMR, USB) and non-VDI traffic and represents more comprehensive solution WAAS can be deployed in different form factors : hardware appliance, network module in ISR, IOS feature in ISR, as a software aplication running on SRE module, as a virtual appliance in vSphere. and as an application running on laptop. WAAS compression ratio and performance is better than most competitor offerings WAAS licensing is also more favorable and reduces TCO of large scale deployment. Value of WAAS in VDI environment
Visibility into Display Protocol • Customer Benefits: • Hosted Desktop Architecture fix-up for rich media applications • No change needed at end-points for deployment • Display protocol agnostic • Leverage existing Cisco network services VM Agent
Borderless NetworkQuality of Service in a Cisco VXI Network • Display protocols obscure multiple traffic types in a single TCP connection
Broker Data Center Network Central Policy Engine Differentiated Access Campus Controlled Access • VXI service only • Internet only • Full access Internet • Policy Based Device/User Network Access • Enable differentiated network access to Device/User type • Utilize existing network access control infrastructure • Allow controlled access only to VXI infrastructure for Employee owned assets, Temporary workers etc. • Policy Based DC resource access from HVD • Common VDI infrastructure for different user groups for cost and flexibility reasons • Controlled access to sensitive resources in Data Center • Using Security Group Access • Goal: Extend existing SGA based access control to VDI (SMB) • Using Virtual Switch and Virtual Firewall • Goal: Provide access level security closest to HVD (including east-west traffic Control) • Open to separate policy management using virtual firewalls
Data CenterConsiderations • Compute • Scale • Cost • Performance • Power/Cooling • Space • Storage Scale • Scale capacity (Linked and Flex Clones) • Scale IOPS • Client Network Services • Separation • Monitoring • IP address management
WAAS Quad ASA UCS Nexus 1000v ACE Unified CM Virtual Security Gateway Compute Objective: Maximize User Density and Improve ROI by Scaling the Data Center Strategies Increase HVD Density by Optimizing Hypervisor Resource Usage Increase HVD Density with Cisco UCS Extended Memory; preserve user experience with PCoIP Offload Increase availability and load-balance connection brokers with Cisco ACE Extend Investment in Shared Storage with Caching Technologies to Reduce IOPS
ComputeCisco UCS – Do More with Less! How do you achieve a 30% savings Distribution Layer Ports x86 Servers Infrastructure Elements In Rack Cabling Power Consumption VDI Instances per Server Rack Space 50% 30% 100% 30% 24+% 50% 75%
Cisco UCS With Extended Memory Xeon 5600 Xeon 5600 Increase performance and capacity for demanding virtualization workloads = > HigherHVDDensity Cisco UCS Servers 48 DIMMs Max 384GB Higher Performance
slot 1 slot 1 slot 1 slot 1 slot 2 slot 2 slot 2 slot 2 slot 3 slot 3 slot 3 slot 3 slot 4 slot 4 slot 4 slot 4 slot 5 slot 5 slot 5 slot 5 slot 6 slot 6 slot 6 slot 6 slot 7 slot 7 slot 7 slot 7 slot 8 slot 8 slot 8 slot 8 ComputeUCS Virtual Desktop Densities
Offloads PCoIP image processing to reduce CPU load, enable more users per server APEX 2800PCoIP Offload Card Cisco UCS C Series • Insures consistent, reliable user experience regardless of server demand • Reduces server CPU utilization up to 50%; adapts to fluctuating workloads • Supports up to 64 displays • Validated with Cisco UCS C Series Rack Mount Servers • Offload card plugs directly into server • Can increase user density, enable existing users to run intensive apps
StorageScaling IOPS With UCS and Atlantis iLio Desktop images (vmdk) on top of cache memory Desktops Virtual Storage Appliance APP APP APP OS OS OS iSCSI/NFS Hypervisor ESX server The desktop vmx/vmdk file is actually created in the vmfs namespace NAS SAN DAS
StorageAtlantis UCS Storage IOPS Offload • Storage IOPS are critical to scaleable VDI • Win7 with AV requires around 80 IOPS • ILIO appliance with UCS Extended Memory Technology helps in reducing IOPS over network and to disk • ILIO on UCS benefits • Storage Optimization • Performance acceleration • Support for Stateless or Persistent desktop models • Cut storage cost • Improves overall user experience
NetworkNexus 1000v Per VM Network Services • Client LAN Features • DHCP Snooping • Dynamic ARP Inspection • IP Source Guard • Virtual Ethernet Module (VEM) • Networking capabilities at the hypervisor level • L2 switching, CDP, Netflow, ACLs, QoS, SNMP, etc • Local Switching • Port Profile to simplify Network Policy • Virtual Supervisor Module (VSM) • Mgmt, monitoring and config of VEM instances • Sees each VEM as a virtual chassis module • Configuration done through port-profiles • Tight integration with Virtual Center • Runs on dedicated appliance or virtual machine • Virtual Chassis Concept • Redundant Supervisors (VSMs) • Currently up to 64 VEM instances (64 ESX hosts) • Presents a network view of the virtual access layer
NetworkVM Segmentation and Zoning Nexus 5000 VSN Zone 1 VM #1 VM #2 Internet VM #3 VM #4 Zone 2 VM #6 VM #5 • VMs can form logical groups (aka. Zones) based on VM attributes for easing policy writing and reducing policy scope • VSN (Virtual Service Node) provides enforcement policy to control network traffic flowing between VM zones. • VSN will also provide a subset of firewall inspection functions such as FTP stateful fix-up VM #8 VM #7