Virtualizing the desktop

Power and maintenance costs of desktop computing have become an unbearable albatross for IT. Desktop virtualization provides a large-scale solution

Everyone wants to escape the horror of rising energy costs. So why not run fewer servers? That’s the no-brainer benefit of server virtualization and consolidation, which is already saving forward-looking companies big bucks in kilowatt hours of electricity, not to mention in hardware and server administration. No wonder so many enterprises are eying fresh virtualization territory: the humble desktop.

[See also: VDI in the OR ]

You don’t have to be a genius to realize that collapsing a dozen desktop systems with 500-watt power supplies into a single server with a 2000-watt power supply saves power and cooling costs. It’s also obvious that collapsing a few hundred workstations into just a few physical servers would slash the power bill much further, while reducing the overhead of desktop system repairs and replacement parts. With cheap desktop terminals, total power consumption per seat drops dramatically, as does the heat generated by hardware, resulting in lower air conditioning costs.

This idea isn’t new. Thin clients coupled with Citrix and Microsoft Terminal Services have provided the traditional method of pushing desktop sessions from the back office to the front room, but those solutions don’t fit everywhere. Application incompatibilities abound and the relative fragility of a single Windows server instance running dozens of desktop sessions has always been a concern.

Hence the sudden proliferation of VDI (Virtual Desktop Infrastructure) solutions. Riding the virtualization wave, everybody and his brother are offering VDI products that deliver a full desktop (or virtual system) to a thin client. “We’re seeing customers who really want to move away from terminal services for application incompatibility issues, among other things, and this is a clear alternative,” says Mason Uyeda, Sun Microsystems marketing manager for desktop virtualization. “VDI is like putting gasoline on the virtualization fire.”

VDI report card
The basics of these solutions are very similar. A thin client boots on the network and makes a connection to a desktop session broker. This broker is a piece of middleware that handles session requests on one side and pairs that request with an available virtual system. The details of how this works vary greatly from vendor to vendor, with some offering SSL connections from the client, while others do not. Protocol support to the desktop session is generally Microsoft’s RDP (Remote Display Protocol) or Citrix’s ICA (Independent Computing Architecture).

VDI changes the way sessions are delivered to the clients. Rather than a single system hosting multiple sessions on a single OS, each client connects to a separate, independent virtual system running under VMware, VirtualIron, or some another hypervisor. In this way, each system is isolated from the others and feels just like a “real” desktop.

This VDI approach has numerous benefits, beginning with almost complete application compatibility, because single-user applications don’t need to be modified to run in a multiuser environment. Moreover, desktop isolation means that problems arising in a single desktop instance do not affect other instances and that virtual desktop systems can be automatically built from templates as the need arises. Furthermore, desktop VMs can be pooled; when VMs are combined with Windows roaming profiles, it doesn’t matter what VM a user connects to because they’re all the same.

But VDI has its downsides, too. Virtual desktops lose out on all the administration benefits of terminal services. Applications must be installed in each virtual desktop individually, as must patches. And the management tools for virtual desktop systems are very new -- when they exist at all -- so standard tools such as Windows Server Update Services need to be called into play to manage all the moving parts. As Chris Barclay, director of product management at VirtualIron, notes: “We’re starting to see adoption, mostly in the state and local government space, and lots of financial market pilots. It’s being viewed as an alternative to ClearCube for floor traders.”

In time some of these drawbacks will melt away as vendors introduce complete, robust management frameworks for VDI. But it’s still in the early days, according to Jerry Chen, director of enterprise desktop platforms and solutions at VMware. “We’ve had some customers who’ve been running VDI for several years after writing their own brokers, but it’s only been in the last year or so that the space has really taken off.”

Share and share alike
The only fair way to evaluate VDI is to compare it to the status quo of thin-client computing. One of the major benefits of terminal services and Citrix installations has been desktop density. Since these solutions rely on multiuser platforms, they gain from the fact that a single system is running multiple sessions. This means that the underlying OS runs many core processes only once, and there’s only one kernel and memory footprint to worry about. Each session will spawn duplicate processes to maintain the unique session, but the core of the system is largely unchanged.

VDI is essentially the opposite of that. Each session runs a full instance of Windows XP, with all associated processes, and that equals less density per server. VMware has a leg up here, since under ESX Server, multiple static processes and libraries can be shared among VMs. This means that some core services and libraries are loaded into RAM once and shared among other identical VM instances, so some of those lost resources are regained. Yet if one session bombs, it still won’t affect the others.

On the other hand, terminal services and Citrix buildouts generally utilize lots of smaller-spec servers to reduce the number of eggs in each basket. In those instances, the loss of a single server due to memory corruption, disk failure, or human error results in only a few dropped sessions.

With VDI, larger-spec servers can be used, resulting in more desktops per server. Because each desktop is largely autonomous, the likelihood of human error, application crashes, or hardware failures is reduced. Also, most desktop sessions deployed with VDI do not require significant resources; a user spending all day in an Excel spreadsheet with Outlook running in the background consumes surprisingly little CPU, and 256MB of RAM should be about right.

“We can get around 75 users on a dual-CPU, quad-core blade, but the sweet spot is around 60,” claims Shawn Scott, network specialist at Huntsville Hospital in Huntsville, Ala. VirtualIron's Barclay notes that most VDI host servers aren't exactly big iron: “The typical VDI server is a two-way quad-core with iSCSI, which is dirt cheap, and the terminals are $200 thin clients that round out the package.”

Brokering connections

The VDI field is wide open at the moment, with dozens of vendors selling fresh solutions. Citrix has released a functional broker package and is working on improving its architecture to fully integrate VDI into its offering. Leostream has released a solution that works with VMware called Hosted Desktop Connection Broker, which functions in much the same way, offering VDI connectivity to selected thin clients (though it borrows third-party hardware to provide SSL support). Dunes’ VD-O offering is similar, whereas Sun’s Sun Ray-based broker and the workSpace product developed by Propero (recently acquired by VMware) offer integrated SSL plus an array of other features.

VMware is in the game, too, with its VDM broker, which shares most of the above features. All of these brokers provide such features as single sign-on and shared pools; some also offer automated pool provisioning and application publishing. These products are still in their infancy, and are definitely VMware-centric, designed to be used in environments specifically built around VMware’s VI3 virtualization framework.

Some of the more advanced brokers come from Provision Networks and 2X. These tools can serve as VDI brokers, but can also extend beyond the virtual realm, offering desktop session connections to VMware clients, VirtualIron clients, Microsoft Virtual Server clients, as well as physical hardware, such as blade systems. Some even have the capability of connecting to Citrix MetaFrame, Microsoft Terminal Services, or TN3270 sessions. In this fashion, they serve as a general clearinghouse for all thin-client computing.

With these tools, it’s possible to create a heterogeneous thin-client computing environment built around whatever technology is the best fit for the user. This is a very attractive proposition for infrastructures with existing thin-client computing installations.

With a global connection broker, it’s possible to build policies that dictate different frameworks for different user sessions. Heavier users that require more robust and responsive sessions can be directed to a session running on a dedicated blade in a blade chassis, while lighter users are directed to a VDI session running under VMware. A specific user class may be already built into a Citrix MetaFrame farm, and thus, those users are connected to a Citrix server for their desktop session. This approach can be an invaluable tool to bring the promise of a complete thin-client infrastructure to reality.

Virtual dawn
For many companies, virtualization has barely begun. Perhaps there’s a single box running VMware Server as a proof of concept, or a pilot project involving a commercial or open source hypervisor. But as virtualization proliferates on the server side, the desktop side will open up. According to VMWare’s Chen, “We’re starting to see our customers becoming comfortable with their virtualized back end, and they’re looking to do the same on the desktops with VDI.”

Moreover, some of the benefits intrinsic to server virtualization are transportable to the desktop. VM migration between servers, for instance, can be used in a VDI sense to move active desktop sessions from one spot to another in order to bring a server down for maintenance. This equals zero downtime for the end-user and eases administration complexity. Also in the mix are the high-availability features found in VMware and VirtualIron. Should a physical server go down unexpectedly, the desktop VMs running on that server can be restarted automatically on another server.

Superior load balancing is another VDI bonus. Traditional Citrix MetaFrame and terminal services farms can use any of several load-balancing methods, but once a client is connected to a specific server, that connection stays put. In a VDI implementation, that user’s session can move around among different physical servers without affecting the session, resulting in much more fluid load balancing.

Right now, any customer who rolls out VDI in a production environment is the very definition of an early adopter.  There are many missing or incomplete pieces to this puzzle, but the companies with a stake in this game are moving at a fast clip. Several broker and hypervisor vendors are looking at the last quarter of 2007 to release brand-new VDI frameworks, and so are the thin-client vendors. The heyday of the virtual desktop is just a glimmer on the horizon, but the future definitely looks bright.

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Join the discussion
Be the first to comment on this article. Our Commenting Policies