IBM Notes in the Cloud
IBM Notes in the CloudDeploying Notes on Zero Clients within VMware View and Streamed via Microsoft RemoteApp
MWLUG 2014
- Thank attendees for making their way to this early session
1
Stephen BeaglesProminic.NET
Systems [email protected] Certified Advanced System Administrator Notes and Domino 9.0
Microsoft Certified Professional
Avid Craft Beer Brewer
- Senior Systems Administrator for Prominic.NETProud staff member of Prominic.NET since 2013In charge of daily administration of IBM infrastructuresA lucky husband and beer brewer
2
Founded in 1998, we are celebrating 18 years of serviceAn original champion of Lotus and IBM technologiesA proud sponsor of MWLUG and other IBM conferences
3
Solutions and a Team You Can Trust
Prominic.NET OfferingsOur business has been built on supporting IBM technologies, but we are committed to meeting customer needs whatever the vendor or platform Feel free to check out the blog section of our site Microsofts Exchange, Dynamics, and ASP.NETProficiency in all flavors of NIX
4
Goals for this presentation:
Outline the benefits of deploying Notes in VMware View and Microsoft RemoteApp environments
Provide a 10,000 foot view of the infrastructures needed to deploy and support both technologies
Provide guidance on Notes client installation and tips for ensuring optimal performance on both platforms
Objectives to make this all worth your while:
5
Two Different ApproachesVMware View Workstations on Zero ClientsFull virtualized workstations Good approach if your Notes use is part of a documented workflow that depends upon multiple pieces of softwareSecure access accomplished through Zero client deploymentMicrosoft RemoteAppIndividual streamed applicationsGood approach if your needs are limited to the Notes client and one or two other applicationsSecure access to the Notes client from multiple platforms and OSs
Who this presentation can benefit most:
Administrators looking for new ways to deliver the Notes client and reduce support overhead
Managers looking to reduce infrastructure complexity or total cost of ownership (TCO)
Security personnel looking to centrally manage and safeguard company data
Administrative benefits
Consistent Notes versioning
Remotely troubleshoot Notes clients with ease
Critical Notes client DBs are stored on redundant file systems
Consistent Software versioningMaintain software standards in your workplace to reduce complexity for staff and ITAnecdote about supporting an R6 client and getting it to function correctly with a 9.0.1 server
Remote Troubleshoot Notes clientsBoth technologies provide easy methods for remotely accessing staff desktops and streamed applicationsMore details to come during presentationEliminates need to purchase additional remote software (GoToMeeting, etc)
Staff Notes client resources are stored on redundant file systemsEvery staff members computer isnt air conditioned and monitored 24/7. They will fail!Keeping databases on the servers ensures retention and availability
8
Investment Management benefits
Reduced Support hours needed to support the Notes deployment on individual physical machines
Workstation Hardware refresh cycle lengthened
Workstation power use greatly reduced as load is on the server, not the local PC.
All of these drive lower TCO and improve ROI, return on investment.
Reduced Staff: Whether your end users are far flung or local, a standardized method for accessing the Notes client will
Workstation power use greatly reduced as load is on the server, not the local PC. 97% savings!!
9
Security Benefits
Minimizes the risk of devices with critical business data from walking off site
Centrally managed servers, virtual machines, and software greatly reduces overall attack surface
Remote session protocols are encrypted and minimize man-in-the-middle attacks
Minimize risk of devices with user credentials or business data from walking off site:Any workstation operating system can be compromised and user credentials stolenThis is especially true with physical access to the machineIn either tech, data and user credentials are not stored locally
Centrally managed servers, virtual machines, and software clients greatly reduces overall attack surface:AV options specific to virtualization are out there to ensure your staff dont introduce malicious viruses into your environment while not hampering performance!Sophos / Kaspersky
Remote sessions are encrypted and not vulnerable to man-in-the-middle attack- Network Level Authentication can be enabled for RDP to minimize brute force attacks
10
VMware View Environment
This approach utilizes virtualized workstations that can be served up by VMwares View platform and accessed by Zero clients.
One item of note is that the majority of the servers visible here can be virtualized
11
vSphere View Infrastructure and Client VMs
12
View Server Roles
Composer: Server responsible for preparing workstation VMs for end user use. Tracks linked clone usage.
Connection: Brokers sessions between an end point (zero client) and the workstation VM host
Transfer: Facilitates the transfer of a workstation VM from the primary Host to a local PC great for offline work
Security: Handles connections from the public Internet to the Connection server
Composer: Server responsible for preparing workstation VMs for end user use. Tracks linked clone usage.
Connection: Brokers sessions between an end point (zero client) and the workstation VM host
Transfer: Facilitates the transfer of a workstation VM from the primary Host to a local PC great for offline work
Not utilized as much as connectivity has become ubiquitous. However, still a useful tool if a staff member will be working from a very remote location or a highly-secured network such as those in Hospitals or government sites
Security: Handles connections from the public Internet to the Connection server
This may or may not be utilized depending on whether or not work sites utilize a VPN or MPLS link.
NOTE: These servers / roles can be virtualized and housed on ESXi Hosts, as is visible in the next slide displaying a demo setup
13
vCenter Server Powerful management tool Allows you to manage VMs residing on multiple ESXi Hosts. Also facilitates deployment of Windows VMs and ESXi Host maintenance tasks.Can be run within a Windows Server OS or as a virtual appliance (as in our demo environment pictured previously minimal SUSE OS).
vCloud Usage MeterNecessary for VMware to accurately track usage statistics to be used in billing and licensing
Windows Active DirectoryOther Components
Mention KMS as well
14
Resource Use and Allocation per Server
ESXi Virtualization Hosts - 4GB RAM per 64-bit Windows Workstation recommended at a minimum - 15MB to 60MB extra RAM per Workstation necessary if using PCoIP @ 1080p - 2 vCPUs are recommended for each 64-bit Workstations using PCoIP - Between 10 and 20 IOPS generated by each Workstation / Notes use
Connection Server - 4GB of RAM minimum / 10GB for 50+ Workstations Recommended - 1 Gbps Network Connectivity Recommended - IE7-9 / Firefox 3-3.5 to Utilize local View Administrator portal
vCenter / View Composer Servers - 4GB of RAM / 2 vCPU recommended for environments between 1 - 2000 VMs - 1 Gbps Network Connectivity Recommended
Vmware typically states 1:4 ratio of physical:virtual CPU core allocation
15
PCoIP Zero Clients
USB can be disabled for security considerations
Enhanced Fiber connected models available for ultimate throughput
16
Benefits of thin / zero client and streamed application use
http://www.jdsupra.com/legalnews/benefits-of-using-thin-and-zero-client-69497/
http://www.devonit.com/thin-client-education/benefits-of-using-thin-clients
http://www.computerweekly.com/feature/The-return-of-the-thin-client
http://breakingdefense.com/2015/04/thin-clients-persistent-threats-coping-with-the-new-cyber-dangers/
17
Protocol Route Differences PCoIP / RDP / HTTPS
PCoIP protocol transfers images only, in the form of pixel location information, no business information ever leaves the data center.
The PCoIP security module leverages the AES 256 encrption and NSA Suite B cyphers, which meet the highest level of security required by governments.
PCoIP accelerates back-end and front-end hardware performance to provide high resolution, full frame-rate 3D graphics and high definition streaming media.
18
Preparing the View Virtual Workstations
Create a new Virtual Machine with required specifications
Install the Enterprise version of Windows that you want to utilize
Install the Notes client using the typical Single-user install method along with any other mission-critical software
Make sure the Networking for the workstation is set to use DHCP
Install the View Agent this allows the vCenter and Connection servers to use this template and communicate with any VMs created from it
Install the Notes client using the typical Single-user install method along with any other mission-critical softwareNOTE: This provides you with the ability to install the Data directory on a secondary disk, attached previously, which can be served up from a separate Data store, effectively splitting the IO loadWorkstation OS / Software load on one virtual disk / datastoreNotes Data directory and contained databases on another disk / datastore
19
View Administrator Web Based Management
View Administrator Web Based ManagementAvailable VM Pools
View Administrator Web Based ManagementVirtualized Workstations
View Administrator Web Based ManagementView Composer Refresh, Recompose, and Rebalance
Refresh This option resets the delta disks back to the original state.
Recompose In this process, thelinked clonesare attached to a new replica. The net effect is that all the changes accrued in the delta disk are lost, and users get a brand new virtual desktop. The Recompose command can be used to roll out new software or a new service pack
Rebalance This option is there if you have selected differentstorage locations for your virtual desktops. It could be the case that you have more virtual desktops in one datastore than another.
23
Zero Client End User ExperienceZero Client Boot
- Mention capability to centrally manage Zero client settings via Management device / VM
24
Zero Client End User ExperiencePost-Connection to View
25
Zero Client End User ExperienceAvailable Virtual Workstations Listed
26
Zero Client End User ExperienceSuccessful Authentication - Connecting to VM
27
Zero Client End User ExperienceMoments later Notes Open and Working!
28
Great tool for ensuring data redundancy and quick return to production after a workstation refresh or recomposeEasily deployable link library and settings via Domino policyAllows users to backup and roam critical databases from a centralized source -- file system or Domino server databaseAlso enables you to configure a nearly endless amount of Notes and Eclipse settings, even those resistant to Domino policy
Check out our video demonstrating MarvelClient in action:https://vimeo.com/prominic/marvelclientdemo
Note that we do not have a partnership or are being compensated by Panagenda, but rather we are promoting their product due to its effectiveness and how helpful they have been in the past!
29
Mixing Folder Redirection with VMwares Persistent Disks can present issues
Some editions of VMwares Horizon View offer Persona Management, another alternative
Remote Assistance can be configured within Active Directory GP to ensure your IT support can quickly access each workstation
A KMS server should be virtualized and configured to provide adequate Windows licensing for each workstation VM
Other ConsiderationsNext up, Microsofts RemoteApp
To maximize data redundancy and ensure quick RTP, additional technologies such as Panagendas MarvelClient can be utilized - Refresh / Recomposing a VM off of the base image can be done in minutes. MC can restore those important DBs
Transition to a tech better suited for deploying single applications
30
Microsoft RemoteApp Infrastructure
For smaller clients, the servers can be condensed
If you are interested in testing this out, a Quick Start option is available when installing the Server roles
31
Gateway: Public-facing, negotiates sessions
Broker: Maintains user / Session Host sessions
Session Host: Houses published applications
File Server: Primary storage for user profile disks
SQL Server: Necessary for High-availability clusteringMicrosoft Server Roles
Resource Use and Allocation per ServerSession Hosts - Each Notes user utilizes a minimum of 170MB of RAM - Maximum of 10 users per physical CPU core - Minimum of 500 kb/s of networking utilization (SH FS) per user
File Servers - Each user session generates 10 IOPS at a minimum - Initiating a users session generates at least 200 IOPS
Gateway - 1000 connections / second feasible with at least 6 Mb/s connectivity - Network throughput is key
Broker - Similar network requirements to Gateway - Solid connectivity to SQL servers key in HA environments
Broker: around 60 SQL transactions per logon
33
Installing and Publishing Notes
Step 1: Execute the Notes 9.0.1 installer and unpack the installation resources to a local directory on each Session Host
Installing and Publishing NotesStep 2: Open up a Command Prompt in the directory with the Notes installation resources and enter the following string:
setup.exe /s /vSETMULTIUSER=1 MULTIUSERBASEDIR=!USERPROFILE! MULTIUSERCOMMONDIR=\C:\\Program Files (x86)\\IBM\\Notes\ CITRIX=1
This instructs the IBM Notes installer to utilize Multi-User installs (SETMULTIUSER=1 and CITRIX=1)
The install is then based on a common Notes data directory template (MULTIUSERCOMMONDIR=\C:\\Program Files (x86)\\IBM\\Notes\)
Additionally,MULTIUSERBASEDIR=!USERPROFILE!will install the users personal Notes data directory to their user profile path (typicallyC:\Users\).
Especially meaningful when you also configure the RDS system to use the newer feature User Profile Disk.
35
Installing and Publishing NotesStep 3: Complete the Notes installation wizard as usual
NOTE: If the options took hold, you should not see any reference to the location of the Data directory at this step!
36
Installing and Publishing NotesStep 4: Use Server Manager to Create an App collection and Publish
37
Installing and Publishing NotesStep 5: Validate the Published Applications are Visible in RD Web Access
38
Methods for accessing streamed applications:
RDWeb Gateway Site
Work Resources integration (Windows workstation)
Official Microsoft Remote Desktop app (OS X and Mobile)
Web Accesshttps://gateway.domain.tld/RDWeb
Web Gateway
Can be branded to be in step with company styleSelecting one of the applications downloads an .rdp file that initiates the remote connectionFunctional method for operating systems with local RDP support (including mobile devices)
40
Web Access on MacOSAdmin on MacOS!
Admin on OS X!
41
Web Access on MacOS
Web Gateway
Can be branded to be in step with company styleSelecting one of the applications downloads an .rdp file that initiates the remote connectionFunctional method for operating systems with local RDP support (including mobile devices)
42
Work Resource Integration
Accessible within the RemoteApp and Desktop Connections area of the Control Panel in Window OsWithin the setup, you input the gateway URL Requires AD authentication as do the other methods
43
Work Resource Integration
Successfully authenticating with
44
Work Resource Integration
Work resources appear local to your users, despite being on the serverUsers can click on the icon to launch the remote program as with any other
45
MacOS Remote Desktop App
46
Administration via Server Manager
An all-in-one tool to monitor and administrate
Shadow user sessions under Connections by right-clicking
47
Simplified Notes Client Patching
Simplified Notes Client Patching
10 to 10,000 User Clients Patched in as long as it takes to apply the Fix Pack!
Thank You!
If you have questions or interest in utilizing either technology, please contact us!
-