This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
All other marks are property of their respective owners
Enterprise Desktop Strategy – White Paper
Application and Desktop Virtualization Page ii
Contents
Executive Overview .............................................................................................................................................. 1 Decoupling the Desktop ....................................................................................................................................... 2
Hardware ............................................................................................................................................................ 2 Operating systems and Infrastructure ................................................................................................................. 4 Applications ........................................................................................................................................................ 5 User Data ........................................................................................................................................................... 6 Maintenance and Support ................................................................................................................................... 7
Application and Desktop Options ....................................................................................................................... 9 Physical Desktop with traditionally installed applications .................................................................................... 9 Physical Desktop with Streamed Applications .................................................................................................. 10 Physical Desktop with Isolated / Virtualized Applications ................................................................................. 11 Presentation Virtualization ................................................................................................................................ 12 Virtual Desktop Technology .............................................................................................................................. 13 Operating System Streaming ............................................................................................................................ 14
Solution Selection Process ................................................................................................................................ 15 Mapping Available Technologies ...................................................................................................................... 15 Defining Use Case Scenarios and Requirements ............................................................................................. 17 Match technologies with Use Cases ................................................................................................................. 20 User Profile Virtualization ................................................................................................................................. 24
Next Steps – Enterprise Desktop Product ........................................................................................................ 25 About Gotham .................................................................................................................................................. 26
Enterprise Desktop Strategy – White Paper
Application and Desktop Virtualization Page 1
Executive Overview
Distributed computing continues to challenge large organizations, exponentially increasing in
complexity with the growth of portfolios of applications and devices. Today’s work environment is
both global and agile, with employees working in any number of environments, including homes,
client sites, even the local coffee shop. As this diversity increases, so do the challenges of compliance
and risk requirements regarding distributed data.
Current state of the art solutions look to blend and balance the controlled stability of a centralized
computing environment with the rich application portfolio of the personal computing platform. Two
complimentary technical movements are making this possible, virtualization and centralization.
Virtualization creates distinct areas for applications and data to reside, removing dependencies on
hardware and the environment. Centralization pulls data and the program code operating against it
into data center environments, leaving only interface issues to end user devices.
Virtual Desktop Infrastructure (VDI) solutions are now presenting organizations with an alternative to
deploying traditional PC desktops. VDI follows the trend of server consolidation and virtualization
where workloads are moved from physical devices to virtual instances hosted in the corporate data
center. Implementing a managed desktop solution that incorporates traditional and virtual desktops,
an organization should expect to gain greater flexibility in delivering workspaces to users while
reducing hardware, software, and maintenance costs of supporting this new infrastructure.
An organization’s typical position on application and desktop virtualization revolves around
implementing a process to identify user profile characteristics to map the ideal desktop solution.
Typically they will have multiple options available to ensure the user experience is optimized for any
given user. This document details the process and plan to reduce the total cost of ownership while
providing the best possible user desktop experience.
Enterprise Desktop Strategy – White Paper
Application and Desktop Virtualization Page 2
Decoupling the Desktop
As consultants we have had the opportunity to assist in the planning and implementation of strategic
technology solutions at many firms. The most challenging solutions, not surprisingly, involve the
deployment of a corporate desktop.
As the primary interface, the desktop typically consumes over one third of companies’ IT budgets and
resource allocations, to ensure that users can complete their required business tasks. We have seen
many organizations spend countless hours performing system image rebuilds, and application and
operating system upgrades, with the goal of standardizing the environment, without ever achieving
the reduction in maintenance and support (hidden or soft costs) they expected.
These organizations will continually fail to achieve their TCO goals as long as they continue the
legacy approach to desktop management. There must be a complete shift in thinking about the end
point computing device, how it’s built, and how it’s managed.
The challenge before us is how to assist organizations in creating a more dynamic and scalable end
point computing environment that maintains the power and personalization of today’s desktop
environment combined with all of the controls once experienced with mainframe computing.
In the next section, we present six models organizations can use to deploy desktop services to users.
Getting to one of these models, the individual elements that make up the desktop computing
environment need to be decoupled and managed as unique items. These elements include: hardware,
operating systems, applications, user data and maintenance and support.
HARDWARE
The computing hardware is the layer on which most organizations have historically standardized.
Procurement of one machine type from a single vendor for all users reduces the complexity of
Enterprise Desktop Strategy – White Paper
Application and Desktop Virtualization Page 3
supporting the device once it has been deployed. System lifecycles vary, especially in large enterprise
environments, so inevitably, multiple machine types, with similar but not exact images of the
operating system, are supported.
PC vs. Thin Clients
Many organizations that have adopted server-based computing models (i.e., Terminal Services,
Citrix) to deliver user applications have also chosen to deploy thin client devices where no local
application processing is required. These organizations have benefited from the reduced support
required to maintain these devices and the working environment lends itself to being accessed from
multiple locations, including, potentially from the user’s home. The apparent downside to this model
is that the user must always be connected to the corporate network to get their applications and data.
PCs and laptops are the only options for organizations that have either not adopted a server based
computing model or have a large population of users who work disconnected from the corporate
network. In these scenarios it is best to establish a standard configuration specification from a single
vendor, ensuring the specifications meet the organization and application needs, for example:
Graphical display
Memory
Network connectivity
Operating System
Peripherals
Server based computing (SbC), Virtual Desktop Infrastructure (VDI), and Application Streaming and
Virtualization are all technologies that enable thin client devices to look and feel just like standard
PCs and laptops. Thin client devices significantly reduce the hidden costs of supporting the end point
computing device, such as shadow support staff (i.e., co-worker support), floor space, power and
cooling costs, transportation, travel, turnover, and time off for training. Organizations should
consider replacing PCs with thin clients wherever the applications and user data can be accessed
through server based computing solutions (Citrix and Terminal Server) or through a Virtual Desktop
infrastructure.
Organizations can realize some of the following benefits when implementing thin clients:
Centralized support – Support of the device is done through native remote control utilities,
reducing the need to send help desk engineers to visit the end user. Failed devices can be replaced
by a non-technical user in locations where no technical staff exists.
Centrally Managed Device Images– Embedded operating systems (Linux or Windows) are
deployed and managed from a centralized console.
Easier Patch Management – Patches are provided by the hardware vendor, usually within 48
hours of release from the operating system vendor, and are centrally deployed.
Increased Device Lifespan – The lifespan of thin clients is typically six to eight years, which
reduces the number of devices that need to be refreshed annually.
Increased Security – With no local hard disks, no data lives on the physical device. Deployment
of these devices to remote or public locations can be done with less concern of intellectual
property or patient data loss.
Protected Operating Environment – The operating systems are protected from the user making
any changes and are typically read-only, reducing the likelihood of the device becoming infected
by malware or viruses.
Enterprise Desktop Strategy – White Paper
Application and Desktop Virtualization Page 4
Reduced power consumption – Thin clients use less than 10% of the power of standard PCs.
WYSE provides the following sample of a comparison between 1,000 PCs and 1,000 thin client
users connected to a centralized server environment over a one year period.
1,000 PCs Number of Devices 1,000 Thin Clients + Servers
70.51 Kilowatts consumed per hour 7.14
146,660.80 Kilowatts consumed per year 14,851.20
$13,111.48 Energy costs per year $1,327.70
OPERATING SYSTEMS AND INFRASTRUCTURE
Since its earliest adoption in the business environment, IT has made significant strides to deploy and
maintain a standard PC operating system image that suits the needs of the organization. Users are
initially given little or no ability to customize the interface of the machine which is in complete
opposition to the concept of personal computing. As a result, IT is overwhelmed with requests to
grant users additional access to their desktops. With these additional privileges, the possibility of
local system and network corruption increases significantly. Creating and maintaining a centrally
managed operating system environment that is also flexible to meet the user’s needs is what is
required.
Operating System Images
Creating a single operating system image that is separated from any applications or hardware
specifics reduces the amount of maintenance and storage of such images. Additionally, a single
application- and hardware-agnostic image can be used on nearly all physical and virtual platforms.
Microsoft has an extensive set of guidelines (http://technet.microsoft.com/en-
us/library/bb456439.aspx) for developing operating system images, which Gotham recommends
following. These guidelines also include integration with Active Directory Services, and Group
Policy Objects (GPOs).
Operating System Distribution
There are several solutions that can be leveraged for creating, deploying, and managing operating
system images. Depending on the size and complexity of the environment, organizations may find
one or a combination of solutions can meet their needs.
Scripted Install – A traditional method for operating system implementation, it utilizes local (CD)
or network-based source files of the operating system in conjunction with a setup script. This
method performs a native installation of the operating system but may require a technician to
interact with the installation for it to complete. This process may be used in environments where a
local operating system is required, but hardware and peripherals are unknown prior to the
deployment, allowing the install routine to automatically identify the hardware correctly.
Applications can be added to this process through additional automated scripts or software
distribution tools.
Image Install – Image installations are a method where a completely configured desktop machine,
including applications, is prepared for deployment by first removing the personalized information
(for example, machine name) and then creating a single file of that imaged machine. The image is
copied to the destination device locally or through the network where it is extracted on the local
hard disk. Personalization scripts are then run to finalize the installation.
OS Streaming – These solutions load a pre-configured image of the operating system from a
central network location to a LAN-attached PC, a thin client device, or a virtual desktop. The
operating system is never installed on the local device and uses RAM and the local disk (if any)
for temporary files. When the device is rebooted, the central image is reloaded, so any changes
made by the user are lost, unless they have been stored in their roaming profiles or network file
shares.
OS Virtualization – Leveraging hypervisor technology, OS Virtualization loads multiple
instances of the operating system on network servers from a single image source. The user
interface is delivered using a presentation protocol such as Citrix’s ICA or Microsoft’s RDP.
Users have the same user experience as a locally installed operating system, regardless of their
connectivity to the network or the configuration of the local device.
Server Based Desktops – Microsoft Terminal Server enables delivery of server-based desktops
and applications to end users using PCs or thin clients. Citrix XenApp (formerly Presentation
Server) provides added features and functionality that many enterprises take advantage of.
Citrix’s ICA protocol has clients that run on all Windows and non-Windows desktop operating
systems and has historically been used as the primary method of deploying applications to remote
users.
Desktop Policies and Security
Group Policies
Central to the desktop design is the method by which the operating environment is configured and
controlled. Machines that are members of the Active Directory domain can leverage security policies
defined in Group Policy Objects (GPOs) and login scripts. Implemented in a hierarchical manner, the
top GPOs should provide the most stringent lockdowns with subsequent policies allowing additional
functionality as necessary.
Organizational Units (OU) within Active Directory can be used to group common machine types or
user types to ensure that proper security policies are implemented. It is recommended to limit the
number of OUs and Security groups that control the configuration of the desktop so as to keep the
complexity of supporting the environment to a minimum.
Active Directory tools can also be implemented to assist in creating and managing Group Policies.
Many of them have the capability of testing the effects of policies before they are implemented into
production.
Privilege by Application, not by User
To ensure the integrity of the working environment, desktop policies should restrict users from
making permanent system configuration changes. Changing the privilege state of the user or
configuring the Run As feature in Windows XP and above should be done to allow the specific
application to run. This method will maintain the system integrity while ensuring applications will
function.
APPLICATIONS
Access to applications and data is the core purpose of IT infrastructures and the desktop has
traditionally been tasked with hosting the application executables. Keeping the operating environment
performing at its peak, while hosting a complete application set has been one of the greatest
challenges IT has had to face. Traditional desktop deployments classify applications as core or line-
of-business (LOB). The core applications are those that all users require access to, whereas LOB
applications are only utilized by specific users or groups of users. Installing LOB applications locally
Enterprise Desktop Strategy – White Paper
Application and Desktop Virtualization Page 6
limits those users to working only on specific machines, preventing them from roaming or accessing
the applications remotely.
Once an application has been deployed to the desktop, the next challenge for IT is the maintenance of
the application. Code updates and patches are sometimes difficult to deploy and can possibly affect
other applications installed on the machine. For instance, some applications use commonly named
DLL files, which are expected to be on the local machine. One application may overwrite an existing
version during installation or update, causing a conflict with another application. (This is commonly
known as DLL-Hell.)
It is estimated that software product updating accounts for up to 55% of a desktop system's total cost,
whereas the initial purchase and support account for less than 45%. Electronic software distribution
(ESD) packages offer a cost-effective solution for automating the distribution and installation process.
In addition, ESD can provide capacity checking, auditing and management reports, and tools that ease
the initial installation of applications on the desktops. These solutions statistically achieve an 80%
success rate for first time installation of application packages and patches. The remaining failed
deployments usually require a desktop visit and possibly a manual installation by an engineer.
Application Streaming and Virtualization
Application Streaming and Virtualization solutions provide an alternative to the legacy ESD
solutions. These tools leverage the application packaging standards that were utilized with the ESD
solutions but instead of installing applications on the local machine, the application code is streamed
and then executed in protected memory space.
These solutions separate the application from the operating system as well as from other applications.
This application isolation eliminates the application conflicts that have been experienced in the past.
It also keeps the operating system clean, because the applications are never installed. Different
application and user security policies can be applied to individual packages, eliminating the need to
grant users elevated access on their desktops to ensure the applications will run.
Application updates and patches can be applied once to the centrally stored package and distributed
automatically to each user on their next launch of the application. In addition, previous versions of the
application can be stored for easy rollback in the event an application update causes an issue.
USER DATA
Management of users’ data is a daunting task for IT. Data lives anywhere a user has privileges – the
network, local hard drives, and portable devices (USB). A best practice is to keep all users’ data on
the network and allow nothing to be stored locally. Providing a dynamic desktop environment will
require the centralization of all application and user profile data. The user’s profile stores application
and user personalization and preferences. When configured, these preferences will load with every
user session regardless of the device they are logged into.
Roaming Profiles
A dynamic desktop environment should enable users to roam to any device, log on, and get access to
their applications and data. Roaming profiles, which allow users to save data that is typically saved in
their registry, along with profile folders that cannot be redirected (My Documents, Desktop,
Application Data, Start Menu), are one method for providing a consistent user experience for
Citrix\Terminal server environments.
A centralized user profile keeps application and user personalization in a central location and is
loaded upon logon. A roaming profile will be critical to those organizations implementing SbC and
Enterprise Desktop Strategy – White Paper
Application and Desktop Virtualization Page 7
VDI solutions, as these single image source solutions do not enable the user to make permanent
customizations to their working environment.
MAINTENANCE AND SUPPORT
Maintenance and support are the processes and tools organizations use to manage their desktop
environments. Determining the total cost of maintenance and support is difficult, as this area includes
most of the hidden costs of managing the desktop. Hidden costs, which can account for as much as
25% of the total cost of managing a desktop environment, typically include shadow (i.e., non-IT) staff
for support, floor space, power and cooling costs, transportation, travel, loss of user productivity, and
user time off for training.
Standards and guidelines establish organizational clarity on technology, business processes, and
procedures and are crucial to establishing a productive IT environment at a reasonable cost.
Technology standards include not only the technology itself, but also how that technology is
configured, managed, and supported. Standards must also be applied to the business processes and
procedures utilized in managing an organization's desktop environment, particularly if that
organization supports remote locations and users.
It is critical that an IT organization establishes consistent processes for diagnostics, maintenance,
backup/restore, disaster recovery, change and problem management and software distribution to make
the overall client/server environment more manageable and scalable.
The solutions in the IT department tool belt should include:
Automated Inventory and Software Metering – These tools help maintain the application and
license inventory of an organization
Data Backup and Disaster Recovery – Tools that maintain the integrity of the organization’s
data in the event of a system or storage failure, and the processes to recover from such a failure
End Point Monitoring – Implemented in either a proactive or reactive mode, data collected from
the endpoint can enable the help desk to address user issues in a more timely manner
Patch Management – Processes and tools for implementing application and system patches
Remote Assistance – Decreasing the time to resolution can be achieved without an engineer
leaving his desk; remote assistance tools allow the help desk to take control of the end point
device and begin troubleshooting quickly
Virus Protection and Repair – A requirement for local and network data protection
Support Levels
Defined support levels enable an IT organization to properly identify the resources required to
support an application or service and to ensure that all Service Level Agreements (SLAs) are being
met. Structured into three tiers; Help Desk, Operations Support, and Subject Matter Expert, these
resources represent a workflow on how and when an issue is escalated to the next tier.
Enterprise Desktop Strategy – White Paper
Application and Desktop Virtualization Page 8
Level 1: Help Desk support is the first tier of the support structure and provides first-line, client-
facing support to the end-user. Level 1 support responsibilities include initial issue analysis, problem
definition, problem ticket routing, and low level issue resolution. The appropriate skill set, in
conjunction with the right tools, will aid the Help Desk in successfully performing its role. Level 1
support should also include automated tools that perform event-driven issue identification and
automatic routing to Level 2 – Operations Support.
Level 2: Operations Support is the intermediate tier in the support structure and handles all issues
forwarded from the Help Desk or from automatically generated alerts. Level 2 Support rarely
interfaces directly with the end-user community, but has the authority to engage IT Technical
Management when addressing issues. Level 2 support responsibilities include core network
infrastructure, network server support, and advanced issue resolution. The appropriate skill set, in
conjunction with the right tools, will optimize these processes. Level 2 Support also implements any
new technology that directly interacts with the environment.
The Level 3: Subject Matter Expert (SME) is the highest level of expertise within the organization.
SMEs are responsible for engaging directly with IT Technical Management, and serve as technical
liaisons with vendors and the user community. The SME must possess advanced networking,
operating systems, and server hardware knowledge and highly developed troubleshooting skills.
SMEs will also be responsible for the development, testing, architecture of all designs. They are also
responsible for validating the proper implementation of any new technology that directly interacts
with the environment.
Level 3
Subject Matter
Expert
Level 2
Operations Support
Level 1
Help Desk
Es
ca
lati
on
Enterprise Desktop Strategy – White Paper
Application and Desktop Virtualization Page 9
Application and Desktop Options
Organizations have several options to deploy desktop services to their users. In this section we
identify six desktop models:
Physical desktop with traditionally installed applications
Physical desktop with streamed applications
Physical desktop with isolated / virtualized applications
Presentation virtualization
Desktop virtualization
Operating system streaming
Each solution has its own benefits to an organization, providing levels of flexibility, portability, and
security that meet the use case needs of its users.
As noted in the previous section, these models require exploring and managing the various
components of the desktop environment – hardware, operating systems, applications, user data, and
maintenance and support – individually.
PHYSICAL DESKTOP WITH TRADITIONALLY INSTALLED APPLICATIONS
In the physical desktop model, an operating system is installed on the hard drive of the device, and
applications are deployed using automated software distribution tools or manual installations.
Local applications connect directly to data on the backend.
Updates to the application require in place upgrades or complete redistribution of the application
package
This model provides the user the flexibility to work off-line (such as with a laptop), but requires
more rigorous policies to ensure the applications and data are secure.
Enterprise Desktop Strategy – White Paper
Application and Desktop Virtualization Page 10
PHYSICAL DESKTOP WITH STREAMED APPLICATIONS
In the Streamed Applications model, an operating system is installed on the hard drive of the device,
and the applications are deployed to the device from a central location on the network and are run
from a protected area on the local machine. The machine’s system files and registry are not modified,
and the application performs using local resources.
Applications connect directly to the data on the back end.
Updates to the application package are performed from a central location. Upon the next launch
the user receives the updated application.
Streamed applications can also be isolated from one another, allowing multiple versions of the
same application be run on a single device.
This model provides the user the flexibility to work off-line (such as with a laptop), but requires
more rigorous policies to ensure the applications and data are secure. Streamed applications will
require to be cached to the local device before offline execution is possible.
Enterprise Desktop Strategy – White Paper
Application and Desktop Virtualization Page 11
PHYSICAL DESKTOP WITH ISOLATED / VIRTUALIZED APPLICATIONS
In the Application Isolation with Virtualization, an operating system is installed on the hard disk of
the device and a software hypervisor is installed. Application packages are distributed and executed in
the local virtual environment.
Applications connect directly to the data on the back end.
In this model, applications are explicitly isolated from the operating system which will allow for
multiple versions of an application to run, even if one of the versions is installed on the local hard
disk.
This model provides the user the flexibility to work off-line (such as with a laptop), but requires
more rigorous policies to ensure the applications and data are secure.
Enterprise Desktop Strategy – White Paper
Application and Desktop Virtualization Page 12
PRESENTATION VIRTUALIZATION
With Presentation Virtualization, applications are installed and managed on centralized servers in the
data center; screen images are delivered to the users, and the users' client machines, in turn, send
keystrokes and mouse movements back to the server
Applications can be installed locally or leverage application streaming and isolation solutions
Multiple servers can act as a single resource (i.e., a server farm) to deliver applications and
desktops to client devices
Common protocols ICA and RDP are used to connect to the back end servers. Both clients and
their protocols are available from traditional desktops and from thin clients
Applications execute on the server so the client never communicates directly with the data on the
back end
This model provides only connected user access to applications; there is no offline access
capability of this solution
Enterprise Desktop Strategy – White Paper
Application and Desktop Virtualization Page 13
VIRTUAL DESKTOP TECHNOLOGY
With Virtual Desktops, servers in the data center running a hypervisor host multiple instances of a
desktop operating system. Screen images are delivered to the users, and the users' client machines, in
turn, send keystrokes and mouse movements back to the server
Desktop images are located on a central NAS/SAN
Applications can be installed within the desktop image or leverage application streaming and
isolation solutions
Multiple servers can act as a resource pool to deliver desktops to client devices
Common protocols ICA and RDP are used to connect to the back end servers; both clients and
their protocols are available from traditional desktops and from thin clients
Application execution is on the virtualized desktop instance so the client never communicates
directly with the data on the back end
This model provides connected user access to desktops; there is limited offline access capability
of this solution
Enterprise Desktop Strategy – White Paper
Application and Desktop Virtualization Page 14
OPERATING SYSTEM STREAMING
In an Operating System Streaming solution, the desktop is stored as an image on a central NAS/SAN.
During the boot of the client device, a desktop image is provisioned to it and is streamed from the
data center to the endpoint device.
The user experiences the same look and feel as a locally installed operating system, enabling
greater interaction with the underlining hardware
Applications can be installed within the desktop image or leverage application streaming and
isolation solutions
Applications connect directly with data on the back end
This model provides connected users access to desktops; there is limited offline access capability
of this solution
Enterprise Desktop Strategy – White Paper
Application and Desktop Virtualization Page 15
Solution Selection Process
There are many desktop options and possible combinations, physical and virtual alike, and therefore
the development of a desktop strategy requires three distinct steps:
Mapping the available technologies
Define use case scenarios and their requirements
Matching technologies with use cases
This section details the three steps in the process.
MAPPING AVAILABLE TECHNOLOGIES
Organizations may find that they will require the use of multiple solutions to satisfy the different use
case requirements. There are numerous options for application, desktop and presentation
virtualization. The following is a list of many the current solutions.
Technology Area/ Vendor-Product
Vendor Website Reference
Server Virtualization refers to uncoupling server operating systems from hardware hosts, allowing multiple isolated operating system environments to share the same physical server
Sun VirtualBox http://www.sun.com/software/products/virtualbox/get.jsp?intcmp=2945
VMware ESX
VMware vSphere
http://www.vmware.com/products/vi/
http://www.vmware.com/products/vsphere/
Desktop Virtualization refers to uncoupling a client operating system environment from underlying hardware, allowing end-user workspaces to be hosted on servers and accessed remotely, or for corporate workspaces to be isolated from personal workspaces on client machines.
Presentation Virtualization refers to the delivery of applications and desktops over a common protocol that displays application user interface on a client machine, but whose code is executed on a multi-user Windows server
Application Virtualization refers to the uncoupling of applications from host operating systems, dramatically easing deployment and allowing the virtualized application to run in its own isolated sandbox
Operating System Streaming refers to uncoupling a client operating system environment from underlying hardware, allowing end-user workspaces to be dynamically streamed from a central repository to local client machines.
Profile (Personalization) Virtualization refers to the isolation of the user’s application and environment settings, storing them in a central location and applying them upon login to a physical or virtual desktop environment
AppSense EM http://www.appsense.com/products/environment_manager.aspx