«

»

Nov 07 2009

Your Organization’s Desktop Virtualization Project – Part 2

UPDATE: Part 3 of this article is already online here

In the first part of this article I discussed the Business Drivers and Operational Benefits, Technology Savings and Operational Improvements of a properly deployed Desktop Virtualization project.

  • Lower Cost of Desktop PC Management
  • Quickly and Easily provision Desktops to Clients Anytime, Anywhere
  • Satisfy Different Regulatory Security Requirements e.g. HIPAA, SOX, PCI
  • Reliable Desktop Disaster Recovery Plan
    In this second part I will focus my attention on technology and how to architect a successful Desktop Virtualization infrastructure.
    Interestingly, this week I have been asked about the VDI design that awarded me the VMware Virtual Desktop Ingenuity Award. I won’t be able to disclose the full extent of the design but the main ideas will be discussed here.
    Basic understanding of the Technology
    The objective of this article is not to explain how each Desktop Virtualization product works but if you are new to Desktop Virtualization you are probably also new to VMware View. Despite using different technologies different products work in similar ways. The products from deferent vendors can also mixed in your design in order to achieve different goals .I’ll borrow a VMware View high level design overview to explain what happens in the background.

VMware View 3.0 uses RDP protocol to establish connection and stream screen packets to your Desktop, Notebook or Think Client. (VMware View 4 yet to be released in November’09 uses a new protocol called PCoIP from Teradici). The connection is handled by Connection Brokers (View Manager) that might or might not be responsible for the connection to the remote VM. Once the authentication is complete the connection broker initiates the session with the remote VM.

The VMs (Windows XP or Windows 7) are hosted in ESX 3.5 hosts that are controlled by a Virtual Infrastructure server. The VI Server is responsible for handling VM operations (creation, deletion, recompose etc..) and works integrated to the Connection Broker. The VM’s are usually hosted in shared storage but I have seen deployments using local SATA disks if the VMs are non persistent.

Optionally Application Packaging solutions such as ThinApp can be utilized to streamline the VM image.

VMware View 3 Infra

lan_design_thumb95

If you need more information about how VMware View works I recommend this series of 3 posts from Roland van der Kruk.

An introduction to VMware View 3 features and best practices, Part 1 of 3
An introduction to VMware View 3, Part 2 of 3 – Linked Clones
An introduction to VMware View 3, Part 3 of 3 – Special Considerations and Best Practices

Back to the design….

Design Considerations

A critical piece of the design is the understanding of the operational requirements. What do your users require on a day-to-day basis to get their work complete? This might be an exhaustive task as you might have to create a matrix of users, roles and applications – and if you work for a large organization this might be even more difficult.

I believe that the Departmental approach is the best and fastest one but you might go down to every single employee if you like.

Also think about bandwidth, latency, jittering, DMZ, firewalls and other aspects from your environment that may affect the design.

For the sake of this article I will simplify the design and do some assumptions.

There are NO requirements for:

  • Offline desktop
  • Multimedia (e.g. playing video)
  • No external access (from outside firewalls), such as work from home
  • Documents will be on file server on LAN (No documents are stored locally)
  • 1 golden image (standard desktop) for all users
  • Users in 1 single site will run similar applications
  • No user has dual-monitor
  • Local printing (all printers are network printers, accessed via LAN)
  • Internal WAN connections are secured, or at least the security solution is transparent

Assumptions/Requirements:

  • Bandwidth
    • 100 Kbps per user
    • 100 Mb per 1000 users (concurrent)
    • Latency requirements: < 150 ms round trip
    • Simple tasks such as keyboard input, cursor motion and mouse selection, system response time should be less than 150ms

    At 200ms, the end-user experience degrades.
    At 250ms, the end-user experience will degrade past the point of viable desktop interaction

  • Complementary solution for WAN
    • Use protocol that is optimised for WAN, such as Sun ALP (Appliance Link Protocol) – Just as a note PCoIP yet to be released in VMware View 4 promises to handle WAN latencies better than current availably technologies.
    • Use WAN compression

The Design

    The architecture design presented here assumes that each site will host their own ESX 3.5 hosts and VMs whilst the management components for the overall infrastructure will be hosted in a central management site. That could you your datacenter.
    I have also designed and deployed different solutions with centralized hosting however due to protocol limitations this specific reference design tries to guarantee VM availability and performance.

The objective is to host around 1000 VM’s per site with spare resources for a host failure.

There are few different solutions for the requirements and there is no right or wrong. Each design should cater for business objectives and technical constraints.

Site-Wide Architecture

For this design we have created two clusters per site with High Availability (HA) and DRS (Distributed Resource Scheduler) enable, but perhaps you may also should think about DPM (only supported on vSphere 4). Each cluster with 6 and 5 physical hosts and each host with 120 VM’s.

VMware Reference Architecture guideline mentions a maximum of 64 VM’s per box however with new 8 cores processors (total of 24 cores) and high memory density (96GB-384GB) 100-120 VM’s is a feasible number. Cisco UCS platform with it’s 250b B-Series Intel Nehalem blades and Extended Memory Technology supports today 384GB RAM.

Note that the design also contemplates the file servers hosting ThinApp applications. Other application packaging solution such as XenApp or App-V could be integrated into the design.

    lan_design_thumb35

As per VMware guidelines there is requirement for 3 different VLANs (VMs, Management and VMKernel). In this design there are 6 VLANs for VMs but you may consider an additional VLAN for IP Storage if required.

VSphere and View 4.0 will allow iSCSI multi-pathing increasing bandwidth from 1GB to multiple 10GB Ethernet sessions. This change represent a big advantage when designing the solution with IP storages.

vswitch_lan_design_thumb75

san_design_thumb35

For large VDI implementations the high level multi-site design should look like the diagram bellow. The following also need to be considered:

  • High Availability to Virtual Infrastructure server trough MS Clustering
  • High Availability to View Manager with Load Balancers and Replica servers
  • Add more spindles to storage

countrywide_thumb29

From a technical perspective this could be a possible design for your organization’s Desktop Infrastructure. Don’t ever forget to whiteboard and document tour design as much as possible before starting an implementation or POC.

Other related contents:

Wyse TCX Extensions – Wyse has developed a suite of products to extend VDI capabilities
Scalability Study for Deploying VMware View on Cisco UCS and EMC Symmetrix V-Max Systems
vdi.com – Community forum specializing in all things VDI related

For the next and last part of this article I will discuss…

  • Infrastructure Maximums
  • Server and Storage sizing
Roland van der Kruk Hello Andre, only now I noticed your link to my articles on Brian Madden’s site. I would appreciate it if you would correct the statement that…

8 comments

Skip to comment form

  1. T.Rex

    I really like the way you present these concepts in a logical way! I would love to know your suggestions for scoping and assessing existing physical environments for translation into your designs. Thanks !!!

  2. Jeff

    Why do you need 10x View managers ? Seems like a lot. Also why cluster them ? Good to point out your decisions for clustering, as the LDAP replication should be enough HA, especially with LBs in front.

    Also, you’re going to need another vCenter, as there is a 2000 VM limit. Probably best to have a plan for that day 1, as it appears there could be 4000 desktops one day ?

    Also, what considerations for HA / DR do you have if the WAN goes down ?

    Good effort documenting a design blue print though. It is refreshing to see some opinions on a VDI design.

    T-Rex is asking you a rhetorical question there 🙂 as his product will do a great job of scoping and assessing any existing environment. Cheeky! But fair comment.

    Cheers,
    Jeff

  3. Andre Leibovici

    T-Rex, Thanks for your comments.

    The idea is to support up to 10,000 users therefore the 10 View Managers. Each View Manager hosts approximately 1000 VM sessions and if design goes over the 2000 VM mark another vCenter instance is required, you are right. This will be Part 3 of this article with Infrastructure Maximums.

    HA / DRS would have standard configuration applied at site level. If the WAN goes down users will not be able to initiate VM sessions. That’s a tricky scenario. How to transpose 10 connection brokers to the local site? Perhaps 10 replicas? Another WAN?

    For View Manager Clusters please understand them as replicas.

    I believe there is no right or wrong, just different ways to achieve the same desired outcomes. Anyway, good to see people challenging and put thoughts towards the design.

    Andre

  4. DAZ

    Hi Andre,

    For some reason the images on the page will not show up and when I click on the icon the middle of the image, it gets redirected to the wordpress.com

    Wonderful site. Thank you.

  5. Simon

    hi andre

    i can’t see any image in this blogpost, can you fix it please? i would like to see the designs 🙂

    thank you

  6. Andre Leibovici

    @Simon and @DAZ, I have fixed the images in the article. They got lost when the blog was migrated to the new domain.
    Regards,
    Andre

  7. krac

    Hi andre, i am completely new to VDI but very interested by your architecture. would you please give any clues of how this would look if the site does not have a LAN Mgmt and directly connects to the central management. what about the printing in that scenario?
    i am thinking of the possibility of having the entire VDI running outside the company (hosted). thank you

  8. Andre Leibovici

    @krac
    The lack of a Management VLAN does not affect the usability of your VDI environment. The Management VLAN is segmented only for security reasons and it is a VMware recommended practice. However, in some circumstances we see organizations combining Management and VM traffic.

    With your VDI hosted environment, as long you are able to maintain connectivity and minimal levels of bandwidth, jittering and latency you should have no problems. Actually, there are few hosted VDI providers popping into the market.

    Lastly, this design is not up-to-date with latest hardware and protocol innovations. I’ll be preparing a new design but in the meantime I recommend you look at VMware View Architecture Design document downloadable from VMware website.

Leave a Reply