Vdi as art
Our path to the virtual desktop infrastructure from the experiment to the product of the creative activity of engineers. We approached the project with enthusiasm, thanks to which we enjoyed the process of implementation and aesthetic enjoyment of the result. Want a roadmap? Welcome under cat.
The word “ Art ” historically has several meanings that best describe our experience in introducing and implementing VDI technology: to the satisfaction of customers and to the benefit of our own business. The first value goes back to the Latin “experimentum” - experience, trial. It all starts with the experiment. Our VDI hike is no exception.
The second meaning is more applied: torture (from the Old Slavonic "iskous"). And this, of course, refers to the implementation phase. But the main thing is that art understands the form of artistic activity. And it succinctly describes the stage of creating and launching a product on the market. So, our way to VDI: from experiment, through suffering - to the product of the creative activity of engineers.
')
In our case, the transition to cloud infrastructure was due to a number of objective factors. And the process itself was step-by-step, from simple to complex, which made it possible to implement it painlessly and obtain the necessary experience, which formed the basis of this article. And we started by calculating the need for the VDI itself.
VDI is actively introducing companies that talk about farms for thousands of jobs. This is due to the high cost of implementation and a long payback period (the cost of renting one virtual station is from $ 25 per month for the basic package). Mainly, the implementation decision is made in a situation where it becomes more difficult to manage the infrastructure of user workstations than to implement and administer a VDI solution. Security issues come to the fore.
When the company employs hundreds (and even more than a thousand people), it becomes very difficult to control them. Especially if people are dispersed like ours (administrative and technical offices in Moscow, two partner sites in the Czech Republic, dozens of minor remote workplaces from the taiga to the British seas, where you can use your own equipment. The number of potential threats increases many times. And this was for We are the decisive factor: with a population of less than two thousand people, it was the geographical distribution and the requirements of the security service that served as a powerful incentive for the VDI experiments.
Additionally, we took into account the following VDI benefits:
After a careful analysis of our tasks and possible risks, we decided to transfer all employees to work with VDI, access is carried out through corporate thin clients.
Despite the fact that VDI allows you to use personal equipment safely (BYO practice - “bring your own”), we did not save money, were reinsured and only allowed corporate devices.
Our company is constantly expanding (during this time we increased the presence of our employees with partners in the Czech Republic, opened a new representative office in Moscow, which houses the newly created sales department, financial services), so this scheme allowed us to scale quickly and economically. Thin client is cheaper to maintain than a PC or laptop. And the storage of data on corporate servers provides not only data security, but also better protection of the working infrastructure, since it is more securely isolated.
Thin clients we bought our European partner for 150 euros per piece. Then at the general gathering (the conference “Clouds without Borders” ) we distributed them to the employees. And it started ...
In such projects, the implementation process takes relatively little time. The most risky and time-consuming is the stage of task analysis and solution planning. It can take from a month to a year. On average, Russian practice shows that the project is fully implemented in three to six months: data is collected, a prototype is implemented, and the production starts. Europeans only spend 6-9 months for analytics, it is logical assuming that nature is not mistaken and it will not be possible to endure a full-fledged idea faster.
But to introduce a qualitatively described project is quite possible in a month. But before that you need to answer many questions:
Why, for example, 15 percent sit on Windows 7, and the rest - on Windows 10? We need to understand what prevents everyone from switching to the top ten: can there be an application that is not adapted for this version of the OS?
We approached the project creatively, thanks to which we enjoyed the process of implementation and aesthetic enjoyment of the result. In our case, the PoC was created in the order of "experiment on the subject of rationalization proposal."
With a limited budget and a week allocated for implementation, we did it in four days: Popular EU server in a standard configuration (139 euros per month), Windows Server Edition licenses (from 130 to 150 euros per month), RDP license (about 6 euro per user per month), thin clients themselves (150 euro per piece). Total price of the workplace is about 160 euros per person. Plus office suite and antivirus.
The experiment was justified, no one and nothing was hurt. But with further analysis, we decided that we needed a more reliable, secure and scalable solution, so we transferred the whole location (100 workstations, SIP-telephony) to VDI, using VMware.
The main advantages of this solution:
So, after PoC “on the knee”, we implemented a complete system using one of the best off-the-shelf solutions on the market. Then no one imagined that our work would grow into a full-fledged commercial project without the use of WMware products.
VDI usually involves server virtualization, access to office equipment, mobile device management, so today experts prefer to use the more comprehensive term EUC ( end-user computing ), which describes everything from virtual workstations, printer control protocols to corporate mobile phones and tablets management.
Most of the problems associated with insufficient analysis of user needs. We implemented VDI gradually, from small control groups of users to entire locations, so the main problems were clarified in the early stages. Key questions that have arisen:
The problems were local in nature and were solved manually with the subsequent transmission to other machines. In general, the functionality and capabilities of WMware left a good impression. But we decided not to stop and follow the precepts of the classic:
Everything, everything that threatens death,
For the heart of the mortal conceals
Inexplicable delights -
Immortality, maybe a pledge,
And happy is he who is in the midst of agitation
They could find and know.
After all existing employees were transferred to VDI, we analyzed growth prospects and came to a disappointing conclusion that ready-made solutions are too expensive for us. One workstation came out at about $ 350, including the cost of support for a year (the cost of a thin client, VMware vSphere 6 Standard licenses, server rental, software licenses). The next step was to reduce costs by switching to Open Source.
Due to the general distrust of large players to cloud storage , on-site solutions dominate in Russia.
On-premises are offers from Citrix or VMware, quest solutions (HP), Dell EMC, 2X, and standard terminal server Windows. The last scenario - if you need to save and if there are relevant experts in the team.
The choice between Citrix and VMware is a religious matter. VMware has the ability to quickly deploy applications, and if the speed of application deployment is not critical, but a large farm is needed, then Citrix is ​​preferable. The speed of deployment of virtual workstations between these two monsters is parity.
Prices for turnkey solutions are suitable only for major market players or government agencies. If we are talking about a small commercial company, it is better to buy cloud virtual machines and rent workstations until the vector of business development is clearly defined and an understanding is reached that it is possible (expedient) to deploy a hybrid solution: the core is on its hardware, and the extension is - at the expense of cloud resources. The advantages of this solution:
The hybrid solution can be implemented on VMware, unlike Citrix, which evolve towards security and mobile device management. There is a solution from Amazon, but they use the same protocol as VMware.
Many protocols hardly perform non-obvious tasks (using webcams, microphones and other devices). HDx from Citrix and PCoIP from VMware partners of Terra Dici have proven to be reliable .
In turn, the open source solutions had an unhealthy attitude based on rumors and a prejudice about similar projects. Over the past few years, large companies such as Intel, IBM have invested millions of dollars in them. Open Source solutions are successfully implemented by many well-known brands: Volkswagen, Walmart, AT & T, PayPal, Bloomberg and significant objects of the CERN level. As a result, over the past few years, Open Source has experienced a qualitative leap in terms of security, functionality, and stability.
A large number of different protocols: Spice, VNC, RDP - create a field for technical creativity, which attracts us with an abundance of options, opportunities ... Well, in addition, we have gathered a strong OpenStack team, developers who know and love their work. This is important because this solution requires considerable competence within the company, and it is not rational to allocate individual employees for the maintenance and maintenance of VDI.
Over OpenStack functionality on par with on-premises solutions.
There are many modules, hands-on work are even more, but this is far from “not horror-horror-horror!” , As it may seem.
To get rid of VMware, we chose Leostream as a connection broker, entered into a partnership agreement with them, and with the help of the Hystax Acura platform, we will transfer the VMware infrastructure to OpenStack, thus completing the experiment on VDI implementation in the company. This migration technology, which we mentioned in the previous paragraph, has been the subject of discussion in the global OpenStack community. Its description was presented to Russian IT specialists at the recent Data Center World Forum, and in November we will show it with partners in Sydney, Australia. When the move is completed successfully, we will get the system at an affordable price. And we have drawn the received experience and available practices as a commercial product , whose process of creation we presented to your attention.
The material was prepared with the participation of Roman Verbitsky, Khamzet Shogenov and Vsevolod Weiner.
In scientific language, the basis of life - Aristotle would call it the energy of life - this is just a desire for self-expression, and Art constantly presents new forms for its achievement.
Oscar wilde
The word “ Art ” historically has several meanings that best describe our experience in introducing and implementing VDI technology: to the satisfaction of customers and to the benefit of our own business. The first value goes back to the Latin “experimentum” - experience, trial. It all starts with the experiment. Our VDI hike is no exception.
The second meaning is more applied: torture (from the Old Slavonic "iskous"). And this, of course, refers to the implementation phase. But the main thing is that art understands the form of artistic activity. And it succinctly describes the stage of creating and launching a product on the market. So, our way to VDI: from experiment, through suffering - to the product of the creative activity of engineers.
')
In our case, the transition to cloud infrastructure was due to a number of objective factors. And the process itself was step-by-step, from simple to complex, which made it possible to implement it painlessly and obtain the necessary experience, which formed the basis of this article. And we started by calculating the need for the VDI itself.
VDI: to be or not to be?
VDI is actively introducing companies that talk about farms for thousands of jobs. This is due to the high cost of implementation and a long payback period (the cost of renting one virtual station is from $ 25 per month for the basic package). Mainly, the implementation decision is made in a situation where it becomes more difficult to manage the infrastructure of user workstations than to implement and administer a VDI solution. Security issues come to the fore.
When the company employs hundreds (and even more than a thousand people), it becomes very difficult to control them. Especially if people are dispersed like ours (administrative and technical offices in Moscow, two partner sites in the Czech Republic, dozens of minor remote workplaces from the taiga to the British seas, where you can use your own equipment. The number of potential threats increases many times. And this was for We are the decisive factor: with a population of less than two thousand people, it was the geographical distribution and the requirements of the security service that served as a powerful incentive for the VDI experiments.
Additionally, we took into account the following VDI benefits:
- increasing infrastructure manageability (centralized software upgrade without taking into account the specifics of various workstations). With a sharp growth of the company, it can be problematic to configure all workstations in accordance with the requirements of information security. Such situations arise when merging / acquiring companies, temporarily hiring a large number of remote employees and / or volunteers (at various mass events), if the company has hard-to-reach facilities (geologists, oilmen, etc.) or simply a wide network of small-scale regional representative offices .
- the ability to configure uniform policies - ban external drives, disable screenshots and unauthorized copying. Technical support works with billing, helpdesk and office packages, so we need to protect them by restricting access only from office locations.
After a careful analysis of our tasks and possible risks, we decided to transfer all employees to work with VDI, access is carried out through corporate thin clients.
Despite the fact that VDI allows you to use personal equipment safely (BYO practice - “bring your own”), we did not save money, were reinsured and only allowed corporate devices.
Our company is constantly expanding (during this time we increased the presence of our employees with partners in the Czech Republic, opened a new representative office in Moscow, which houses the newly created sales department, financial services), so this scheme allowed us to scale quickly and economically. Thin client is cheaper to maintain than a PC or laptop. And the storage of data on corporate servers provides not only data security, but also better protection of the working infrastructure, since it is more securely isolated.
Thin clients we bought our European partner for 150 euros per piece. Then at the general gathering (the conference “Clouds without Borders” ) we distributed them to the employees. And it started ...
Measure seven times and measure again ...
In such projects, the implementation process takes relatively little time. The most risky and time-consuming is the stage of task analysis and solution planning. It can take from a month to a year. On average, Russian practice shows that the project is fully implemented in three to six months: data is collected, a prototype is implemented, and the production starts. Europeans only spend 6-9 months for analytics, it is logical assuming that nature is not mistaken and it will not be possible to endure a full-fledged idea faster.
But to introduce a qualitatively described project is quite possible in a month. But before that you need to answer many questions:
- What applications are used?
- What are the roles of access?
- How much RAM to allocate to users?
- How much disk space?
- What speed is needed?
- Which OS or OS - in percentage terms - do your users use? Why is this percentage exactly?
Why, for example, 15 percent sit on Windows 7, and the rest - on Windows 10? We need to understand what prevents everyone from switching to the top ten: can there be an application that is not adapted for this version of the OS?
We approached the project creatively, thanks to which we enjoyed the process of implementation and aesthetic enjoyment of the result. In our case, the PoC was created in the order of "experiment on the subject of rationalization proposal."
With a limited budget and a week allocated for implementation, we did it in four days: Popular EU server in a standard configuration (139 euros per month), Windows Server Edition licenses (from 130 to 150 euros per month), RDP license (about 6 euro per user per month), thin clients themselves (150 euro per piece). Total price of the workplace is about 160 euros per person. Plus office suite and antivirus.
There are no boundaries for perfection
The experiment was justified, no one and nothing was hurt. But with further analysis, we decided that we needed a more reliable, secure and scalable solution, so we transferred the whole location (100 workstations, SIP-telephony) to VDI, using VMware.
The main advantages of this solution:
- Horizon 7 Access Point provides secure external access without VPN;
- A single portal for all applications on VMware Identity Manager and, together with True SSO , a platform for accessing all applications;
- Efficiency and ease of deployment of a large number of personal computers using Instant Clone technology ;
- A simple mechanism for providing user access to desktops using User Environment Manager ;
- High level of security due to the fact that the data does not leave the data center;
- The ease of managing and deploying applications using App Volumes (once deployed, the application is available to any users);
- Convenient and functional monitoring tool - VMware vRealize Operations Manager ;
So, after PoC “on the knee”, we implemented a complete system using one of the best off-the-shelf solutions on the market. Then no one imagined that our work would grow into a full-fledged commercial project without the use of WMware products.
Black swans
VDI usually involves server virtualization, access to office equipment, mobile device management, so today experts prefer to use the more comprehensive term EUC ( end-user computing ), which describes everything from virtual workstations, printer control protocols to corporate mobile phones and tablets management.
Most of the problems associated with insufficient analysis of user needs. We implemented VDI gradually, from small control groups of users to entire locations, so the main problems were clarified in the early stages. Key questions that have arisen:
- Does not print a local printer;
- Do not overlook the webcam;
- The end client does not connect to the virtual workstation.
The problems were local in nature and were solved manually with the subsequent transmission to other machines. In general, the functionality and capabilities of WMware left a good impression. But we decided not to stop and follow the precepts of the classic:
Everything, everything that threatens death,
For the heart of the mortal conceals
Inexplicable delights -
Immortality, maybe a pledge,
And happy is he who is in the midst of agitation
They could find and know.
Per aspera ad ... aspera
After all existing employees were transferred to VDI, we analyzed growth prospects and came to a disappointing conclusion that ready-made solutions are too expensive for us. One workstation came out at about $ 350, including the cost of support for a year (the cost of a thin client, VMware vSphere 6 Standard licenses, server rental, software licenses). The next step was to reduce costs by switching to Open Source.
Due to the general distrust of large players to cloud storage , on-site solutions dominate in Russia.
On-premises are offers from Citrix or VMware, quest solutions (HP), Dell EMC, 2X, and standard terminal server Windows. The last scenario - if you need to save and if there are relevant experts in the team.
The choice between Citrix and VMware is a religious matter. VMware has the ability to quickly deploy applications, and if the speed of application deployment is not critical, but a large farm is needed, then Citrix is ​​preferable. The speed of deployment of virtual workstations between these two monsters is parity.
Prices for turnkey solutions are suitable only for major market players or government agencies. If we are talking about a small commercial company, it is better to buy cloud virtual machines and rent workstations until the vector of business development is clearly defined and an understanding is reached that it is possible (expedient) to deploy a hybrid solution: the core is on its hardware, and the extension is - at the expense of cloud resources. The advantages of this solution:
- Scalability with bursts of "personnel activity";
- Security issues are flexibly resolved: from https to two-factor authentication;
- Ability to deploy any SaaS application using containers.
The hybrid solution can be implemented on VMware, unlike Citrix, which evolve towards security and mobile device management. There is a solution from Amazon, but they use the same protocol as VMware.
Many protocols hardly perform non-obvious tasks (using webcams, microphones and other devices). HDx from Citrix and PCoIP from VMware partners of Terra Dici have proven to be reliable .
In turn, the open source solutions had an unhealthy attitude based on rumors and a prejudice about similar projects. Over the past few years, large companies such as Intel, IBM have invested millions of dollars in them. Open Source solutions are successfully implemented by many well-known brands: Volkswagen, Walmart, AT & T, PayPal, Bloomberg and significant objects of the CERN level. As a result, over the past few years, Open Source has experienced a qualitative leap in terms of security, functionality, and stability.
Migration
A large number of different protocols: Spice, VNC, RDP - create a field for technical creativity, which attracts us with an abundance of options, opportunities ... Well, in addition, we have gathered a strong OpenStack team, developers who know and love their work. This is important because this solution requires considerable competence within the company, and it is not rational to allocate individual employees for the maintenance and maintenance of VDI.
Over OpenStack functionality on par with on-premises solutions.
There are many modules, hands-on work are even more, but this is far from “not horror-horror-horror!” , As it may seem.
To get rid of VMware, we chose Leostream as a connection broker, entered into a partnership agreement with them, and with the help of the Hystax Acura platform, we will transfer the VMware infrastructure to OpenStack, thus completing the experiment on VDI implementation in the company. This migration technology, which we mentioned in the previous paragraph, has been the subject of discussion in the global OpenStack community. Its description was presented to Russian IT specialists at the recent Data Center World Forum, and in November we will show it with partners in Sydney, Australia. When the move is completed successfully, we will get the system at an affordable price. And we have drawn the received experience and available practices as a commercial product , whose process of creation we presented to your attention.
The material was prepared with the participation of Roman Verbitsky, Khamzet Shogenov and Vsevolod Weiner.
Source: https://habr.com/ru/post/340488/
All Articles