Citrix XenDesktop 2.0 leverages streaming applications, server virtualization, and swift tools for a scalable and manageable virtual desktop infrastructure solution
It seems that the whole world has been talking about VDI (Virtual Desktop Infrastructure), with very different views of what VDI actually means. If virtualization itself is an adolescent, VDI is still an infant, and thus there are still plenty of growing pains to come.
The major issues with VDI at this stage are deployment, management, and allocation of compute and storage resources. These are the same issues that face traditional desktops, but encapsulated within a single infrastructure component, where their effects are magnified.
[ Read InfoWorld Test Center reviews of Microsoft's Windows Hyper-V and Virtual Machine Manager and VMware's VI3 with ESX Server 3.5 and VirtualCenter 2.5. ]
Desktop workloads are necessarily very different things to different users. Data entry use cases are wildly different than power user or engineering use cases, for instance. When addressing different use cases within the same organization, it's far simpler to point and click to add resources where needed than it is to buy and install desktop systems for individual users, especially when those users will not require the horsepower afforded them every second of the day.
This is where VDI comes in. At first blush, it seems that all you'd need to have a functioning VDI implementation is a hypervisor, some desktop images, and an RDP (Remote Desktop Protocol) client. At the base level, that's true. However, that ideal quickly fades when the realities of management and resource constraints hit home. This is where Citrix has been focusing its efforts.
Historically, Citrix has been associated with thin client desktop and application delivery, bringing to mind large farms of Windows servers running Citrix MetaFrame and delivering applications and desktop sessions to users via Citrix's ICA protocol. Each server was a member of a farm, but sessions could not migrate from server to server, and resources associated with a specific session were tied to that server for better or for worse.
VDI, on the other hand, is built with a specific desktop VM assigned to each user, not simply one of several dozen terminal services connections to the same server. Coupled with VM migration technologies, VDI prevents heavier users from impacting the rest of the users on a specific server, since their VM can seamlessly move to a less-busy host server.
|Test Center Scorecard|
|Citrix XenDesktop 2.0 Enterprise Edition||9||7||8||9||9|
That's all well and good, but other problems crop up in a VDI environment, such as the cost of storing all those VM images. A 16GB footprint may not seem like much, but that's the absolute minimum for a Windows Vista desktop with Office 2007 installed. If you have a few hundred of those (you'll need one for each concurrent user), suddenly you're talking real storage requirements and real I/O.
This would seem to be the primary reason Citrix acquired XenSource. The company clearly saw the opportunity to tie its application streaming and hosting technologies to a virtualized infrastructure to reduce these problems. So far, Citrix has done pretty well.
Pieces and parts
To picture how Citrix XenDesktop works, you need to understand the various components. Obviously, there's a hypervisor that handles the VMs themselves. Citrix XenDesktop is built around XenServer, but can play with VMware VI3 as well as Microsoft's Hyper-V. Then there are the management tools, provided by XenDesktop Provisioning Server and XenDesktop Desktop Delivery Controller.
[ Solutions from Vizioncore, DataCore, Scalent, Stratus, and Marathon Technologies bring high availability and fast disaster recovery to server virtualization environments. See the Test Center review: "Always-on virtualization." ]
The Provisioning Server is a major component within XenDesktop. It serves as the central proxy for all desktop VM vdisks (virtual disks) and allows administrators to build, configure, and manage all the desktop VMs. The wizard-based approach to building and managing those VMs is well appointed, and handles nearly everything fairly seamlessly. Building large groups of VMs is simple: Create a "gold" VM disk that contains the OS, all supporting applications, and settings, and is joined to an Active Directory domain, and then create a VM template that sets the RAM requirements, I/O devices, and so forth. Once that's done, you can easily create one or more VMs from that image to be served to users as desktops. In this way, it takes no more time to create 20 VMs than it does to create a single VM.
The Provisioning Server is also the key to managing all the write caching that occurs during user sessions. Write caching is an important aspect of Citrix's VDI infrastructure. When a user logs into a session on a VM, changes made to the OS itself are not written to the VM, but to a write cache that lives on a shared LUN or other shared storage medium. This allows the user to make changes that are not retained when the VM is rebooted. This maintains the integrity of the VM and is also helpful in reducing the chances of malware infiltrating the infrastructure. If something is amiss, simply reboot the VM to a known-good state. The Provisioning Server is relatively smart, and is capable of not only provisioning new desktop VMs but also adding them to the AD domain on the fly.
Citrix estimates that a single physical Provisioning Server can handle between 350 and 500 simultaneous XenDesktop users.
The Desktop Delivery Controller is just like it sounds – it manages user access to desktop VMs. Pools of desktops can be defined and linked to specific Active Directory groups. In this way, you could give all HR users a desktop VM with 512MB of RAM and a specific CPU share, while all Engineering users get a desktop with 1,024MB of RAM and a more powerful CPU. Obviously, you could also deliver Windows XP to one group and Vista to another.
The DDC is also where time-based resource management is handled. It's possible to create rules that will keep a minimum number of desktop VMs ready and waiting for a login between 8:30 a.m. and 9:30 a.m., and then reduce the number of idle VMs throughout the rest of the day, finally keeping a small number active after business hours. This reduces the load on the VM infrastructure and helps handle the morning ramp-up. It's also possible to assign desktop VMs to specific users, rather than pooling them for a group of users.
The transient nature of VDI requires some method of delivering per-user profiles to the desktops, which is generally handled via roaming profiles, much like in the traditional terminal server world. Windows administrators have typically weathered bristly relationships with roaming profiles, but the reality is that they're not going away, and their benefits outweigh their detriments, at least for now.
However, Citrix is heading toward a better world after licensing code from Sepago to address profile management issues. Citrix will be leveraging sepagoPROFILE to hopefully ease this particular burden in the future.
XenDesktop's management methods also allow for quick updating of VMs, as it's possible to modify the baseline VM image that will then be used to boot all new VMs. You can update that image in the middle of the day, and every VM will pick up those changes the next time it reboots.
As with any enterprise-scale virtualization infrastructure, shared storage is a must. In order to migrate running VMs from one host to another, especially with the write-cache nature of XenDesktop, all the hypervisor hosts need to be playing in the same sandbox.
Apps in the stream
But what about the applications? This is where Citrix brings its app streaming tech to the table. A baseline VM image can be built that links to any number of streamed applications, such as Microsoft Office apps. The user who logs into that VM sees normal application launch icons, but these icons link to an application stream from a Citrix XenApp server. Thus, the application isn't installed on the VM at all, but is pulled into the VM when needed from the network. This reduces the footprint of the VDI infrastructure significantly, since you only need a single installation of Office 2007, rather than one installation per desktop. The apps run like they were natively installed, and users won't notice a difference.
Streaming apps are different than hosted applications. Streaming apps execute on the VM itself, while hosted apps run from a terminal server. Terminal services are useful to VDI in a variety of ways. For instance, heavy apps that require more RAM are better off running as hosted applications, while most other apps, like the Office suite, perform better when deployed as streaming applications.
The downside of hosted apps in a VDI environment is that these apps are essentially double-hopped, since they're displayed via terminal services within an existing terminal services session.
By bringing VDI into this mix, the issue of applications that do not function in terminal-services infrastructures is essentially out of the picture. Every user is given an actual desktop system running in a VM, and recalcitrant apps can be locally installed on those VMs, rather than delivered via streaming or hosting.
Regardless of the application delivery method, access to desktops is presented through a Web interface. Thus, the user experience is identical, whether the user logs in from the company LAN or from their home PC using a Web browser.
Citrix has collected these various technologies in a single place, and offers a very simple and straightforward MMC-based management structure to make it all happen. An admin who has used Citrix products in the past will feel at home almost immediately, and even those without specific Citrix knowledge should be able to tackle the learning curve fairly quickly.
Choices, licensing, future
One issue with Citrix XenDesktop is XenServer itself. While there's no doubt that Citrix has put lots of work into XenServer, it's still not on par with VMware ESX. The selling point for XenServer in the VDI space is that it's tightly integrated with the rest of the package, but certain aspects of XenServer reduce its effectiveness in a VDI implementation – namely the lack of RAM oversubscription and RAM sharing.
If you have XenServer running on a box with 16GB of RAM and assign 512MB per VM, you will probably be able to run 25 VMs on that box. With VMware, you'll be able to get more out of the same hardware due to the RAM sharing and oversubscription. These technologies are especially useful in the VDI space, where users are generally running the same apps on every VM. This performance issue is somewhat mitigated with XenDesktop's VMware support – ostensibly, you can have your VMware ESX cake and eat it with a Citrix fork, but I didn't have a chance to test this integration to any significant degree. XenDesktop integrates with VMware's VirtualCenter to handle the behind-the-scenes VM management during normal operation.
Licenses for Citrix XenDesktop are based on concurrent user counts, not total user counts. The Enterprise license includes XenServer, the Provisioning Server, and the Desktop Delivery Controller, covering the VM infrastructure, secure remote access, desktop provisioning, resource pooling, and live VM migration (XenMotion) when using XenServer. The cost is $295 per concurrent user. The Platinum license is $395 per user, and includes all of the above, as well as session shadowing, performance monitoring, WAN optimization for remote-site deployments, and EasyCall, Citrix's method of connecting users and customers via the existing corporate phone services. Both editions come with XenServer, and there are presently no discounts when using another hypervisor technology.
The future is bright for VDI and, thus, for XenDesktop. Emerging technologies, such as the ability to push an OS image directly to a thin client, are quickly becoming reality. In that case, the thin client is still technically thin, but the OS executes on the client itself, not within a VM, and applications are delivered as streaming or hosted apps. This removes the need for the hypervisor, but requires a much beefier client. It would also allow for the same infrastructure to be employed for remote users running true VDI – the user wouldn't know the difference.
As with all VDI and terminal-services implementations, there are significant security benefits, as all the data and applications never leave the corporate environment. Security can be strengthened by using policies to determine whether a client is running on a local network or via a remote connection. These policies can then restrict access to USB devices, printing, and local drive sharing. In this way, it's possible to deploy remote access to users without allowing them to copy any information to their local system, or to temporary storage devices on that system.
Citrix has married VDI to its existing stable of application and desktop delivery mechanisms, and it continues to leverage the stellar ICA protocol to assist in speed, user experience, and manageability. If the company can continue to improve XenServer, XenDesktop could become the showcase VDI implementation. As it stands now, coupling XenDesktop with VMware VI3 is probably the best of both worlds.
Overall Score (100%)
|Citrix XenDesktop 2.0 Enterprise Edition||8.0||9.0||7.0||9.0||9.0|
Sponsored by Nuage Networks
Last Tuesday's MS14-066 causes some servers to inexplicably hang, AWS or IIS to break, and Microsoft...
Apple's iCloud Drive deployment was sure to mess up people's access to documents -- and it did
The larger design is very welcome, but there's much more to the iPhone 6 than a bigger screen
Sponsored by Rackspace
Sponsored by Nuage Networks
Sponsored by Fibre Channel Industry Association
Windows Feedback lets you prod Microsoft to change Windows 10 -- but you must vote now
Fast and feature-rich pfSense may be the best firewall bar none -- and it's free and open source ...
With new leadership and aggressive moves in cloud and open source, Microsoft is on a much better course...
Docker is becoming standard issue in PaaS offerings, but merely 'Docker-washing' a service is no longer...