VMware: Delivering Desktops and Apps as a Service

© 2014 VMware Inc. All rights reserved.

VMware: Delivering Desktops and Apps as a Service (DaaS)Technical Decision Maker Presentation for Service Provider

1

Agenda

• Platform Overview

• Architectural Overview

• Solution Design & Planning

• Use Cases

• Additional Information

2

Platform Overview

3

VMware Horizon DaaS Platform Workspace Models for All Use Cases, All User Types

4

Economically balanced Business & Personal objectives

80% 15% 5%• Replace XenApp Farm

• Terminal Services – “just an app”

• Published Apps – via an icon

• Students, Virtual Labs

• Shared Desktop

• Shift Workers

• Desktop Replacement –“My Desktop”

• Thick to Thin Client “flip”

+ + 100%=

Provision & Manage

Entitlements – single console

RDS Desktops

RemoteApp

RDS

Win 7/8/XP, Win Server Dedicated

VDI DesktopsPersistent or Non-persistentDesktop

Shared Desktops

Published ApplicationsFrom VDI or RDS Pools

*sample

VMware Horizon DaaS Platform Inside

Provisions

Tenant

Network Storage

Manage

Entitlements

ComputeDedicated Shared

Tenant 1 Tenant N

Provisions

Tenant

Manage

Entitlements

Broker

Desktop Management:Client Managed

Service Provider

3rd Party Resource

Broker

Desktop Management:Client Managed

Service Provider

3rd Party Resource

VMware Resource Manager

View Client (PCoIP)View Client (PCoIP)

Unified

Management

Console

1

2

3

5

5

4

6

Multi-tenancy Scalability Lower Cost

VMware Horizon DaaS Platform Differentiators

Multi-tenancy ModelService Provider

TenantsUsers

VMware Horizon

DaaS Platform

7

Scalability Model

8

Geographic ScaleNumerical Scale

Grid Based Architecture

High Availability by Default

Tested to Millions of Desktops

Spans Multiple Data Centers

Lower Cost Model

9

Grid-based architecture

Multi-geo without database

replication

No License Costs

All open source – No

MSFT license costs

Broker AllocatorInventory

Manager

Session

Manager

Virtual Desktops,

RDS and Apps

RDS

Unified Platform

Unified platform for all

workloads, locations,

customers

Sample Business Case (5,000 desktops)

10

Margin, 28%

Compute Svrs, 9%

Storage, 8%

VSPP, 29%

Mgmt Svrs, 0%

Labor, 7%

Build out, 1%

HW Maint & supp, 6%

Sales & Mkting, 3%

Power/Cooling, 5%

Bandwidth, 2% Misc DC Infra, 2%

Capital Expenses:Amortized over 3 years with a

half year ramp

Operational Expenses:Monthly costs for fees

associated with DaaS offering

MSRP:

$30/desktop/month

Architectural Overview

11

Broker

Allocator

Session Manager

Inventory Manager

Tenant Appliance(s)

Broker

Allocator

Session Manager

Inventory Manager

Tenant Appliance(s)

Software Components

12

Virtual desktops

RDS

Apps

Virtual desktops

RDS

Apps

Resource Manager(s)

Compute API Storage API

API

Service Grid Architecture

13

Service Provider

Datacenter(s)

Tenant A Tenant B

Horizon Daas PlatformMgmt Host

ServiceProviderAppliance

ResourceManagerAppliance

TenantAppliance

TenantAppliance

Backbone Link Local Network

Service Provider Network

DedicatedDesktop

Hosts

DedicatedDesktop

Hosts

NetworkServices:DNS, DHCP,AD

NetworkServices:DNS, AD

SharedDesktop

Hosts(optional)

Tenant B Network

Tenant B CorpNetwork: DNS,

DHCP, AD

100 VirtualDesktops

200 VirtualDesktops

Tenant A Network

NAS Storage

HA Physical HA Virtual

Infrastructure LegendVPN

Tunnel

Role-based Management

14

Service Provider

IT Administration

End-Users

Web Service APIs

Best-Fit Broker DaaS® Agent Remote Access PreferencesDisplay

ProtocolsAuthentication

Web Portal DaaS® MobileDaaS® ClientThin Clients

Tenant SDK APIs – integrate with other self-service systems

Gold Pattern

Management

Pool

Management

User

Entitlements

Workload

ManagementVM Provisioning Authorization SLA Reports

IT Management Dashboard

– integrate with NSM, OSS, BSS

Service Grid

ManagementAuthorization

SLA & Price Plan

ManagementMonitoring

DaaS Appliance

Management

Resource

Optimization

Multi-Tenant

Management

Administration Portal

Security Overview

Network Separation

Resource Separation

Secured Access

Minimal Node Functionality

Secure Software Development

In our opinion, the VMware DaaS Platform

has been reasonably assessed and it is

unlikely that there exists any significant

security issues that could compromise the

software confidentiality, integrity or

availability. - THIRD PARTY SECURITY AUDIT

“ “

Enterprise Integration

16

Continue to use all of your existing assets and management platforms with cloud hosted desktops.

Users

Service Provider

VPN

MPLS

Data Center

• Corporate applications

• Group file share

• User document storage

• User profile storage

• Collaboration server

• Source revision control

• Patch management

Enterprise IT Resources

Active Directory

Solution Design & Planning

17

Enabling the Business of VMware Horizon DaaS

18

VM

ware

Horiz

on D

aaS

Sta

ck

Data Center

Service Provider

Hardware Options

Go to Market

Business Operations

SW Operations

Horizon DaaS Platform

Hardware

+1 Value-addsBLUEprint

VMware Horizon DaaS Solution Components

19

VMware Horizon DaaS Bundles

Horizon DaaS Bundle – VDI Edition

Horizon DaaS Bundle – RDSH Edition

Compute

Rack Mount or Blades

Storage

NFS

Network

VLAN and VRF Support

The only multi-tenant desktop

virtualization platform in the

market with many DaaS specific

features including:

Unique Architecture:Multi-tenant, Multi Data Center

Mgmt, Multi-desktop Model, Role

Separation, Grid-Scale, Security, etc.

Technology

Front to back services blueprint

for quick time to market

Tested and highly optimized

Solution Blueprint

Best practices for building,

operating and monitoring

VMware DaaS Platform

100% Channel Model

vCAN Usage ModelPer user/per month pricing

Sales, Marketing & Prod

ManagementPricing, Packaging, Positioning, Lead

Gen, etc.

Built from Day 1 for Service Providers and as a Service Delivery

Operational Expertise GTM Model

20

Use Cases

21

DaaS Use Cases

General DesktopReplacement

DisasterRecovery

Remote Offices/Field Workers

Seasonal and Contract

Employees

MobileEmployees

Reduce Management Effort & TCO

Include Desktops

in DR Plans

Centralize Desktop

Management

Improve Data Security & Load

Changes

Full Desktop to Any Device

Special Desktop Needs

FlexibleConfiguration

Access to

desktops

applications and

data across

locations and

devices-including

BYOD without data

residing on

endpoint

Flexibility to

increase or

decrease

workforce based

on seasonal needs

- may have their

own end-point

devices (e.g.

M&As)

Central image

management and

for remote, branch

offices and call

centers

Central image

management and

for remote, branch

offices and call

centers

Central image

management and

for remote, branch

offices and call

centers

Access to

desktops

applications and

data across

locations and

devices-including

BYOD without data

residing on

endpoint

22

DaaS Use Case for Disaster Recovery

Desktop

• Enables partners to deliver a secure corporate desktop that can be accessed by customers from any device, anywhere.

Desktop DR

• Enables partners to ensure workforce continuity with a secure corporate desktop that can be accessed by customers from any device, anywhere.

23

Horizon

DaaS

Bundles*

Partner delivers virtual desktop as a service (DaaS) from cloud

HOT

Desktop

Reservation

Capacity

Horizon

DaaS

Bundles*

or

Partner reserves

desktop capacity in cloud

for the number of users

the customer wants to

have “insurance” for

Partner “turns on”

desktops sitting in

reserve in case of

disaster event

COLD HOT

New

* VMware Horizon DaaS Bundle – VDI Edition, VMware Horizon DaaS Bundle – RDSH Edition

Additional Information

• VMware Horizon DaaS Platform and FREE TRIAL

– http://www.vmware.com/products/daas

• VMware Service Provider Program

– http://www.vmware.com/partners/service-provider.html

• VMware Products

– http://www.vmware.com

– [email protected]

– +1-877-4-VMWARE (North America)

– +1-650-427-5000 (Outside North America)

24

Thank You

25

Supplementary Slides

26

Security - Network Separation

27

Serv

ice P

rovid

er

Backbone N

etw

ork

vLAN A

VRF Enabled

Router

VRF B

Client A Tenant

Client B Tenant

VRF A

vLAN B

Service Provider has network access to this

area only and no access to desktops

Service Provider has network access to this

area only and no access to desktops

Security - Resource Separation

28

Each client has their own dedicated resources for compliance and security reasons.

Hypervisor Virtual

Network

Virtual Filer

Management

DB

Access

Gateway

Directory

Services

Client A Tenant

Client A Tenant

Client B Tenant

Security - Secured Access

29

Customer Domain

Controller

Service Provider

Domain

• Authentication against customer

Domain Controller

• Leverage existing GPOs and

policies

• No trust required between customer

domain and service provider

Security - Minimal Node Functionality

30

Hardened Linux

Appliances - No

Windows Patching

Required

Only Accepts

Communication

from Designated

Peers

Designed with

Least Privileges

Principles

Security - Software Development

31

Secure Design

• Architectural risk analysis

• Threat modeling

• Security requirements

Secure Development

• Common development process

• Developer security tools

• QE security analysis

Secure Delivery

• Release archive

• Validated architectural design