Xen and the Art of Hosted Desktops
Citrix Systems' XenDesktop is a state-of-the-art product for hosted desktop virtualization and may be the gold standard by which other products are judged in a feature-for-feature comparison. Here's a look at the capabilities, options and feature sets available with this product, as well as how to install, set up and configure it in the data center.
Desktops have been the bane of the administrator's existence ever since they first appeared on the market. With users in control, bad things can-and do-happen. Access to the Internet only compounds the problem, because it becomes ridiculously easy to unintentionally download worms and viruses.
What if you could centralize all your desktops and control them with just a few clicks? Users would access them from any connected location, including home. All your desktops would be completely locked down. You'd no longer have to worry about distributed endpoints because all you'd need would be a Remote Desktop Connection (RDC).
This is the promise of hosted desktop virtualization, also known as virtual desktop infrastructure (VDI). VDI products are available from a variety of suppliers, but the leading-edge vendors in this market segment are clearly VMware's VDI and Citrix Systems' XenDesktop. XenDesktop is an outgrowth of the 2007 acquisition by Citrix Systems Inc. of XenSource Inc., an open source hypervisor developer. Let's go under the hood and see if VDI is something you should consider for a hosted desktop environment.
XenDesktop offers a capability that brings together all aspects of Citrix virtualization and remote desktop products. It's a solution that provides virtual desktop provisioning on an as-needed basis to users. By default, XenDesktop relies on a single base image. All desktops are provisioned from a single image through the XenDesktop software engine. This core image is not duplicated at any time. This feature alone can save 40 percent or more of storage space, which often offsets the original cost of the XenDesktop solution (see Figure 1).
[Click on image for larger view.]
|Figure 1. By default, XenDesktop uses a single source image with differential files, saving tons of disk space.
XenDesktop was formed by combining the features of the XenServer virtualization engine, those of the Citrix XenApp delivery mechanism and the feature set from the acquisition of Ardence Inc. Ardence's technology generates differential files from the core desktop image. This allows XenDesktop to use a database to automatically redirect Registry queries for critical PC items such as computer name, computer security ID (SID), Active Directory domain Relative ID (RID) and so on. This enables XenDesktop to manage hundreds, even thousands, of differential images based on a single core image.
This is a critical feature because normally you need to customize each PC image through the Windows System Preparation Tool (SysPrep.exe). SysPrep automatically depersonalizes a PC image so that it may be reproduced as many times as required. When the PC image is opened, the SysPrep process automatically re-personalizes the image, giving it the right SID, RID, computer name and so on.
When you use XenDesktop, you don't need to perform this task. However, you do need to create a reference computer image and prepare it according to your organizational standards. Then, instead of depersonalizing the image through SysPrep to generate a source image, you create a second, Read-only copy of your golden image. This second copy becomes the core image used by XenDesktop. It's always maintained in Read-only mode. User changes and customizations are captured in the differential file and either discarded when the user logs off (stateless PC image) or saved to a personal user file (stateful PC image). Differential files are block-level files that capture only the changes made to the core image.
|What Are the Benefits of VDI?
The basic virtual desktop infrastructure model is fairly simple. Desktops are run as virtual machines (VMs) on host servers located in the data center. This makes a lot of sense, as they're easier to manage. But there are many more reasons why hosted desktop virtualization makes more sense than managing physical desktops:
- Centrally managed desktops can be provided to users on any endpoint device-PCs, thin clients, Web clients and more.
- Service level agreements (SLAs) can be provided only for the central desktop and not for the endpoint itself. Users can be administrators on the endpoints but locked down on the virtual desktop. This lets them do what they want to the endpoints but remain controlled within the corporate PC environment.
- Virtual desktop images can be created that can be configured to meet time-sensitive requirements. For example, if you have a staff influx to meet a seasonal business need, you can generate time-controlled PC images for the duration of the effort, and wipe them out once the requirement is met.
- Information can be secured by keeping the virtual desktop inside the data center. This can give IT more control over intellectual property by locking down the image so that it doesn't have access to external devices.
- Complex or sensitive applications can be encapsulated and isolated into specific PC VMs to ensure proper operation. This way the application doesn't need to interact or coexist with any others.
- New operating system migrations can be easier to perform because resources are only required centrally, not locally. There's considerably less impact on hardware refresh because endpoints don't need to be upgraded.
- Custom virtual desktops can easily be provided to contractors with secured, encrypted machines to work in your environment.
-- D.R., N.R.
Remote Desktop Delivery
Thus far, we've been discussing perhaps the most impressive feature of XenDesktop. However, because Citrix has years of experience in remote Windows computing, XenDesktop also provides an edge in terms of remote desktop delivery. It relies on the Citrix Independent Computing Architecture (ICA) protocol instead of Microsoft's Remote Desktop Protocol (RDP). ICA provides a considerable improvement over RDP, especially in terms of graphics rendering, which makes the end user experience richer and more lifelike. This technology is called SpeedScreen in XenDesktop. The difference can be easily verified by checking out the difference between the RDP and the ICA experience on YouTube. Notably, ICA provides better 3-D animation and renders complex graphics more smoothly.
XenDesktop requires a XenServer (Citrix Systems' hypervisor) back-end to store virtual machines (VMs); the XenDesktop engine, which acts as the desktop delivery controller or broker-and-image provisioning engine; and a XenApp delivery server to provide remote desktop connectivity to the desktop images through the ICA protocol (see Figure 2).
[Click on image for larger view.]
|Figure 2. The components of the Citrix XenDesktop solution.
However, because XenDesktop was augmented by the Ardence acquisition, and Ardence supported VMware's ESX Server (VMware's hypervisor) first, it also supports a full VMware back-end. In addition, because of its strong partnership with Microsoft, XenDesktop has been adapted to support a Windows Server 2008 Hyper-V back-end. This means that you can use the XenDesktop solution with any of the major server virtualization engines.
This is a boon for many organizations, because early adopters of server virtualization will often already have in place both Citrix Presentation Server (now named XenApp but used for presentation virtualization only) and ESX or Microsoft Virtual Server (which will likely be upgraded to Hyper-V). With a server virtualization infrastructure and Citrix already in place, adding XenDesktop is often a very low-cost solution for the introduction of VDI.
Installing and Running XenDesktop
As with any major IT change, you'll want to test VDI extensively before putting it into production. Here are the steps:
- Set up your host server(s), then install the host server management interface. Once this is done, you can move on to creating the VMs you'll need for the environment. You'll need at least a few server VMs before creating the desktop VMs. Required server VMs include at least one domain controller to create an Active Directory structure, as it's required for any VDI solution. This server should also run the Domain Name Service (DNS) and the Dynamic Host Configuration Protocol (DHCP). Additionally, you'll need one VM to run the Desktop Delivery Controller and one to run the Provisioning Server, which generates desktop VMs from the central image.
- Once the server images are ready, you move on to your desktop VM. Create a source desktop VM and, for the purpose of expediency, install base applications within it. Then generate the base desktop VM template from this original machine. This process basically creates a clone of your original desktop VM. This leaves the original desktop VM pristine, easily updatable and able to replace the clone used to generate the virtual desktops your users run.
- Next, prepare an endpoint device. If the endpoint already has an OS, you only need to install the XenDesktop client and configure it to run in full screen mode. Finally, you generate multiple XenDesktop images and connect to them (see Figure 3).
[Click on image for larger view.]
|Figure 3. You can pre-provision desktops with XenDesktop, having them ready when needed.
While the process is relatively simple, it takes time and requires a comprehensive skill set that includes domain administration, DNS and DHCP configuration, server and desktop OS installation, XenDesktop component installation and configuration and so on. Do not take these tasks lightly.
When the time comes to implement XenDesktop in a live environment, you'll probably want to bring together a team of experts from your internal staff, including domain administrators, network administrators (for DNS, DHCP and wide-area network [WAN] communications), desktop technicians, application packagers, end user subject matter experts and more, to ensure you have all the skill sets required to implement an efficient VDI solution.
XenDesktop comes in several editions, each of which includes its own feature set.
|The Many Flavors of XenDesktop
Citrix XenDesktop comes in several flavors. Express Edition is a free, starter version of the product that supports 10 free desktops on a single host server. All other editions sell on a per-concurrent-user basis:
- Standard Edition: $75
- Advanced Edition: $195
- Enterprise Edition: $295
- Platinum Edition: $395
While each edition includes the corresponding XenServer licenses to run a complete Citrix end-to-end solution, you can replace it with either VMware Virtual Infrastructure or Windows Server 2008 Hyper-V, a great choice for Windows shops with the infrastructure already in place.
Note, however, that there's no rebate if you choose not to use the enclosed XenServer licenses. Currently, Citrix Systems Inc. is offering a promotion that enables customers to purchase XenDesktop Advanced for $95 along with XenApp Platinum licenses. Existing XenApp Platinum customers also have access to this promotion, which runs through 2008.
Desktops can either be persistent or pooled (see Figure 4, and "VDI Deployment Models"). Persistent desktops retain the differential information generated by each user, who is then connected to this particular differential file each time he or she reconnects. Pooled images are stateless images that are reset to a standard state each time a user logs off. Obviously, pooled images take up less storage space, as differential data is discarded at log off.
Each image mode-persistent versus pooled-applies to a different user type. Persistent images would most likely apply to permanent users, while pooled images are best for temporary or task-based employees who don't need to retain customizations and preferences. Pooled or persistent images can either be x86 or x64 versions of the desktop OS, as the supported virtualization engines support both 32-bit and 64-bit VMs.
[Click on image for larger view.]
|Figure 4. You can determine whether to create persistent or pooled desktop VMs in XenDesktop.
One natural VDI fear is slow log-on and setup performance, because each image is based on a central core desktop and generated at log-on. Although it does take some time, especially if thousands of users log on at the same time, Citrix minimizes this problem through image pre-provisioning.
|VDI Deployment Models
There are two main hosted desktop virtualization models. The first, stateful virtual desktops, focuses on virtual desktops that are tied to each specific user. In this model, each user connects to their own dedicated desktop virtual machine (VM). The VMs are stored in a central shared storage container, much as they are when you virtualize servers. Host servers running production hypervisors manage all the desktop VMs and make sure they're highly available. This model tends to require a significant amount of storage as each VM can easily take up dozens of megabytes or more. Users rely on a Remote Desktop Connection link to connect to their VM PCs.
The second model, stateless virtual desktops, focuses on the generation of VMs on an as-needed basis. VMs can either be generated when the user connects, or they can be pre-generated and linked to a user when a connection request occurs. The advantage of this model is that the VMs are completely volatile and built on the fly. The core desktop image is generated, and then, when the user is identified during the connection, the applications they require are applied to the desktop image.
The user's data and preferences are also applied at log-on. While you may think that this process is time-consuming and can cause user dissatisfaction, this is not actually the case. The ideal volatile desktop will also rely on application virtualization to profile apps only when the user actually requests them. And, because everything occurs on a back-end storage area network, applications and user profiles are provided through high-speed disk-to-disk exchanges that are practically transparent to even multiple users.
This last model is usually the most popular. Given that desktops are volatile and temporary, they only require storage space during use. Applications and user data are stored outside the desktop image, and, because of this, the organization has no need to maintain single images for each user. Because each desktop is generated from a single image, you only have a single target to update when patches are available. This greatly simplifies the virtual desktop management model.
-- D.R., N.R.
XenDesktop allows administrators to set image-generation policies that will pre-populate images before users begin to log on. For example, assume that a company has three main offices. Office A, in New York City, has 500 users. Office B, in Salt Lake City, has 200 users, and a San Francisco-based office C has 400 users. Each morning, users log on between 7 a.m. and 9 a.m.
By using pre-population policies, administrators can avoid lag times by using XenDesktop to generate images before log-ons occur. The policy would, for example, generate 500 machines in New York City at 6:30 a.m. EST (see Figure 5), 200 machines at 6:30 a.m. MST and 400 machines at 6:30 a.m. PST. Through XenDesktop's WAN-acceleration features, all the desktops can reside in the New York City data center and still provide users a rich virtual desktop experience.
[Click on image for larger view.]
|Figure 5. Desktops can be set to launch before work begins to make them available when users log on.
Advantages and Cautions
XenDesktop simplifies desktop management and reduces current issues with distributed desktops in a number of ways:
- Desktops can be delivered quickly and reliably to any linked location.
- You control which devices are linked to the VM, controlling the management of data and reducing the potential loss of intellectual property.
- You can significantly reduce the cost of each desktop -- sometimes by as much as 40 percent -- as well as reduce the number of images to manage, especially when working with volatile PC images.
- Machines are easier to patch and update because you only have one core image to deal with.
There are cautions, however. Using XenDesktop presents a challenge in terms of PC image construction and management. Ideally, organizations will rely on a single PC image, with the exception of differing 32- and 64-bit images. Using a single image to meet each user's needs requires devising a system that will automatically provision the image with the required applications and user data at log-on.
The best way to do this is through application virtualization and user profile-protection mechanisms. User profile data must absolutely be stored outside the PC image if it is to be protected. At the time of this writing, XenDesktop doesn't do this, but it may be available by the time you read this. Windows, however, already offers a profile-protection mechanism through the combination of roaming profiles and folder redirection; information on the mechanism can be found here.
Application provisioning is more complicated. Using traditional application-delivery methods likely won't work because they take time to install and deploy. This would leave your users completely dissatisfied, as they'll wait for long periods of time at log-in for the applications to be attached to the desktop image.
This is why VDI doesn't work on its own; it must absolutely be tied to application virtualization, and therefore application streaming, to make it work. Citrix includes its application virtualization engine, XenApp, along with the other XenDesktop components. However, you must convert your applications to the XenApp format to virtualize them. This can take time, unless you use a tool such as InstallShield AdminStudio from Accresso Software Inc. InstallShield AdminStudio can generate XenApp applications from existing Windows Installer packages in a batch process.
Put It on Your Short List
XenDesktop, unlike many other VDI tools on the market today, runs with any of the major three server virtualization technologies. This makes it a clear winner in our book.
That integration capacity -- plus its ability to work with differential images only; its use of the Citrix ICA protocol instead of Microsoft's RDP; and its ability to pre-provision images -- make it one of the very best VDI options on the market. XenDesktop is certainly off to a good start and should be part of the short list for any organization that wants to move to VDI.