Desktop in the cloud

In which case it is necessary to give preference to one or another solution for the organization of "virtual desktops" and how to find the conditions optimal for their work?

The developers of virtualization tools have been promoting various solutions for workstations for several years; however, unlike server virtualization, they have not gained widespread acceptance in the mass segment.

The cheapening and expansion of Internet access channels, the proliferation of mobile Internet, the progress in processor and graphics technologies, and the development of virtualization tools - all this makes it necessary to take a fresh look at VDI. In some cases, this long-known model of organization of calculations can be very profitable and convenient. And it is possible that the technology of "virtual desktops» Virtual Desktop Infrastructure (VDI) will be distributed in the mass segment.

It is not by chance that client computing becomes one of the main priorities in the development of software and hardware vendors. Suppliers of client systems offer all new hardware solutions - thin and zero clients, cloud displays and other innovations. But first, let's define the terminology.

Virtualization "desktop" and VDI - what's the difference?

VDI is a virtual desktop infrastructure, which in essence means replacing distributed PCs with centralized data center resources that end users access from various devices — thin clients, laptops, desktops, or even tablets and smartphones. Among the advantages of a virtual workstation is the security and convenience of user access to their work environment.

Desktop Virtualization (DV) and VDI should not be confused, although the names are very similar. DV assumes local virtualization on the desktop. VDI, on the other hand, is a data center technology that involves the delivery of desktop images to remote users.

DV is considered to be the simplest form of virtualization in the sense that a computer runs one virtual machine with a Linux operating system, a server or desktop version of Windows, FreeBSD, DOS, Mac OS X, or some other. With this type of virtualization, it is easier to run another operating system on a computer than to organize “dual boot” with the choice of several alternative operating systems.

In both cases, software developers have the opportunity to test new software on virtual machines instead of using separate computers for this purpose. If something goes wrong, it will not be difficult to make changes to the virtual machine configuration in a matter of minutes, without losing time to restore the physical PC.

And if something happens to an employee’s workplace, for example, will he pour coffee on a laptop keyboard? In the case of VDI this is not a problem - you can quickly restore his workplace, because all the data, applications and settings are stored on the server. And in the case of DV, the virtual machine will fail along with the PC on which it was deployed.

Meanwhile, many myths and fears have developed around VDI, mainly related to the loss of control over the local OS and cloud security.

At the hardware level, VDI uses servers that provide their computing power to virtualized desktop systems. For example, these can be servers with VMware vSphere running Windows 10, Windows 8, Windows XP, or Linux operating systems. You can access these operating systems remotely - from various devices via a corporate network or via the Internet.

When using the Internet for security, such access is usually provided via a VPN (Virtual Private Network), that is, with channel encryption. Contrary to popular belief, in terms of software, VDI systems are not inferior in security to desktop systems. They also use antivirus software, firewalls, DDoS protection and other information security tools. In addition, the possibility of theft or loss of data with the device is excluded.

As is often the case, cloud providers themselves “run in” the services provided to customers. For example, the majority of Inoventica employees already use VDI .

VDI is often deployed in organizations with high security requirements. A thin or zero client can become the basis of a secure solution for processing confidential information and personal data of various levels. Today, many such solutions are being produced in Russia, including those certified for information security requirements by the FSTEC of Russia. Supply them and many foreign vendors.

A certified thin client does not have access to external storage devices, with the exception of electronic token keys, in whose memory configuration parameters and data for two-factor authentication can be stored. All main applications are launched and executed on the server, and the user terminal serves only for input-output information.

The lack of access control to data and programs, support for encryption of network traffic in accordance with GOST 28147-89 allows you to achieve the maximum level of protection. At the same time, the hardware requirements are minimal - the Linux client-based thin client distribution kit takes up very little space and is not picky about the processor.

What to choose?

A simple recommendation is to be guided by common sense and proceed from the problems to be solved. It would not be superfluous to divide users according to their resource needs, analyze the applications used and the possibilities of their use in the new infrastructure, assess what licenses will be needed to build a full-featured solution.

To build an optimal VDI environment, you will need server-side caching solutions, VM storage software optimization and OS optimization.

By the way, why, instead of VDI, simply do not start the required number of virtual machines on the server to work with them remotely? It is a worthy option, especially with a small number of users (several dozen), when deploying a VDI is simply not profitable (about economics - below). It is necessary to consider the cost of software licensing, the cost of equipment (clients, servers, storage, etc.), take into account the requirements of information security, administrative convenience (and the presence of the sysadmin provider).

There are different options for VDI. For example, it is sometimes required that users, having enabled the “thin client”, see all the previously made changes in their workplace. In other cases, the work begins every time "from scratch" - the virtual machine is restarted from the configured image.

In Microsoft, for example, there are two connection scenarios:

And list their features:

When is it advantageous to use VDI? The ideal scenario for the deployment of such an infrastructure is a large number of users with the same client systems who, upon completion of the work, should be “reset” to their original state. These can be offices with standard workplaces (Call-centers, warehouses, trade), organization of work of traveling employees (consultants, auditors, sales managers), remote access (work from home) or environments with high security requirements.

Other examples are research institutes, libraries, student audiences and medical institutions. In this case, the PC can be completely replaced with “thin” and even “zero” ones, and for hosting use a private or public cloud, having obtained an easily administered environment. Another example is testing and development. In the VDI environment, it is very convenient to test new applications and software platforms without allocating separate hardware resources, which is expensive and inefficient.

Sometimes on the basis of VDI it is convenient to organize work with contractors, giving them access rights through Active Directory. As a result, contractors, consultants and auditors will be able to work directly from their laptop. And upon completion of the work, you can delete the corresponding VM. The same scheme will help in the deployment of a controlled BYOD environment.

VDI implementation

Deploying a VDI infrastructure typically involves the following steps: identifying business needs, costing, testing and evaluating, choosing a hypervisor and VDI software (VMware, Microsoft, Citrix, etc.), choosing the OS and data separation scheme (that is, VDI type), optimizing guest OS and VDI core, pilot project and load testing. You should not lose sight of adjacent backup, monitoring and security systems.

What can there be "pitfalls"? Of course, problems with software are its incompatibility with the VDI environment, unsupported by the OS.

This is not the case. A critical element of the VDI infrastructure is data storage. It must withstand the so-called storm, when at the beginning of the working day employees turn on their client systems, which leads to the launch of dozens or hundreds of VMs at once.

You need to take into account the risks - the criticality of VDI downtime for business. If one PC in the office fails, this is usually not a problem. But server failure or storage in the VDI infrastructure can stop the organization. Therefore you should not save on reservations. Another problem is insufficient bandwidth of communication channels. In addition, the introduction of VDI - a change in the approach to the administration and training of specialists.

The advantages of VDI are process automation, fast creation of a workplace and application delivery, centralized administration and support of workstations, secure access to a workplace from any device and data storage in a secure data center, fast recovery of a workstation, easy migration to new OS versions, scalability. Plus savings on hardware, software licenses, electricity, maintenance and support.

A little about the economy

What are the main expenses on VDI? Software (OS, office suite) - terminal licenses, equipment in the data center (servers and storage), thin clients, administration and support for VDI and hardware. Below is a rough comparison of the cost of the workplace when using a PC and VDI, but these figures are quite conditional. It is only worth noting that in recent years the cost of the VDI infrastructure has decreased and the prices of computers and components have almost doubled. If earlier it was expedient to deploy it only in large organizations - from 200 jobs, now this threshold has dropped to 50.

A very important role in VDI projects is played by the storage system. The problem of 10-year-old installations was poor performance: with an increase in the number of users, the response time increased noticeably and became unacceptable. Storage on desktop disks simply could not cope with the load.

Modern VDI systems typically use RAID arrays with a capacity of tens and hundreds of thousands of IOPS (I / O operations per second). So, according to IDC, 90% of VDI intals in the world and 67% of VSI (Virtual Server Infrastructure) environments are deployed today using SAS and SSD drives. This solves a performance problem, but costs money. For example, VDI for 1000 desktops should serve a RAID array with a capacity of about 200,000 IOPS, and for 10,000 desktops - 2 million IOPS.

Nevertheless, according to VMware, VDI infrastructure based on Horizon 6 Enterprise with App Volumes will cost an average of $ 36 per month (in installations for 2,500 jobs, where the virtual machine image takes 30 GB and user data is 5 GB) . Physical desktop at the same time will cost $ 64 per month.

Characteristically, the total cost of VDI (infrastructure, software, operating expenses) is gradually reduced, and VMware intends to continue this trend.

And here is the approximate distribution of costs in the VDI project for 500 jobs. In this case, in the first case, the cost of the workplace was $ 686 per year, in the second - $ 941.

An important point is the licensing of the client OS in the VDI environment. For example, for thin clients and devices without a Windows Software Assurance subscription, you need a license to use Windows 8/10 in the VDI environment - Virtual Desktop Access (VDA). For Windows software with a valid Windows Software Assurance subscription, it is not required. The cost of VDA is $ 100 per device per year.

VDI Examples

In conclusion, we will consider several cases - the VDI projects publicly announced in 2014–2015 and see what it has given to Russian customers from different industries.

One of the major banks transferred over two hundred offices to VDI. In two data centers in Moscow (primary and backup) data warehouses are deployed. The result was improved reliability and lower costs. It became easier to ensure the availability of banking services and data. The deployment of new branches accelerated, the costs of their operation decreased.

According to bank estimates, the cost of equipment for end-users for the five-year period decreased by 15%, the application response time improved by 40%, the cost of support decreased by 56%, the number of applications for support - by 18%.

A large retail chain has transferred 350 specialists from the central office to VDI. In its data center, a virtual fault-tolerant IT infrastructure is built, and zero clients are installed in the field. Due to the consolidation of user and server computing resources, on average, the power consumption has decreased fivefold, and the costs of administration and modernization of workplaces have decreased. Software installation, application updates and other changes are made centrally. Enhanced protection of personal data from unauthorized access.

The company, which owns several airports in the south of Russia, has deployed VDI (zero clients) for employees of two airports - 150 jobs each. She estimates that VDI costs pay off in about 22 months. Moreover, investments in software and equipment in this project were about the same. For communications, a reserved channel of 2 Mbps is used. Clients are served by three sysadmins.

VDI helped the company solve software update problems on every PC, ongoing service to extend the life cycle of the standard architecture. Now, equipment and data are concentrated in a secure data center, the number of workplaces can be flexibly scaled, user virtual space is accessible from anywhere, maintenance and support costs have decreased, but infrastructure data center costs and communication channel requirements have increased.

And a few more interesting figures for this project: the labor costs for the preparation of the workplace decreased five times, the time of administration of the workplace was reduced three times. On this company saves from 2 million rubles a year. Each job consumes 500 kW less per year. By increasing the life cycle of the workplace, savings of 1 million rubles per year are achieved. The same amount is in the repair and maintenance of workplaces.

As you can see, this technology has already proved its advantages by examples of successful deployment. However, a lot depends on the tasks to be solved and the economic justification for the use of specific systems. A VDI project will succeed if it is deployed in the right environment.