provisioning hosted desktops for centralized access, management, improved security...

Provisioning Hosted Desktops for Centralized Access, Management, Improved Security, Compliance, and Disaster Recovery

Peter Ghostine

CTO and Co-Founder

What it is…

An emerging desktop management paradigm.

Leverage VMware virtualization technology.

Delivers increased levels of desktop manageability and security.

Virtual Desktop Infrastructure

Increased levels of manageability and Security…

Desktop as a service

Centrally managed by the underlying VMware virtual infrastructure residing in the data center.

Provisioned within minutes from a predefined library of templates.

Upgraded, patched, and backed up without user intervention.

Accessed as a service using a presentation layer protocol (i.e., Microsoft RDP)

The desktop OS (i.e., Windows XP) and applications are encapsulated inside virtual machines (VM) that are:

VDI Benefits

Strict compliance with corporate security guidelines

Fact!!! Companies are decentralizing and outsourcing critical business functions to reduce operational costs and remain competitive

OUTSOURCING should NOT necessitate DECENTRALIZATION!

VDI Benefits

VDI enables companies to…

Bring back previously decentralized applications and data into the corporate data center.

Centrally control and manage all off-site access to these sensitive applications and data.

Extend their corporate network security levels to off-site facilities.

Strict compliance with corporate security guidelines (continued)

VDI Benefits

Tight adherence to regulatory compliance requirements

Sensitive applications and data are no longer stored on off-site computers.

Data integrity is more easily maintained.

Regulatory compliance requirements are more easily adhered to.

HIPAA

Sarbanes-Oxley

Gramm-Leach-Bliley

VDI Benefits

Standard desktop environment

A server-based solution that uses standard desktop operating systems (i.e., Windows XP, Linux, etc).

A potential alternative to other server-based solutions.

Does not require additional (complex) IT training.

Applications are installed and executed without modifications.

Managed using standard desktop management tools.

The hosted OS can be accessed in the form of a full desktop (familiar to end users) or individual published applications.

VDI Benefits

Total isolation and disaster recovery

Each desktop environment is encapsulated inside a separate VM, completely independently of other VMs.

If one user’s VM crashes due to a faulty OS or application, other VMs remain fully operational.

There are no “application servers” to be rebooted in the event of an anomaly.

Virtual machines are hardware-independent; they are image files that can be instantly recovered and redeployed.

VDI Benefits

Additional benefits

Not just for off-shore users and contractors, but for mobile workers and branch office employees, too.

VDI Benefits

Difficult to manage

PC management is difficult to centralize due to the broadly distributed nature of PC hardware.

Users often require access to their desktop environment from anywhere.

PC desktop standardization is difficult in the face of hardware discrepancies and the wide variety of brands and models.

End users often require customized desktop environments.

Physical Desktop Challenges

High total cost of ownership

Ongoing PC management is costly and labor-intensive.

Multiple PC hardware configurations need to be tested and validated prior to deployment.

Support costs are further exacerbated by the need to support a geographically dispersed PC infrastructure.


Data security challenges

Backing up and restoring PC-based data in the face of a hardware failure or data loss is a challenging task.

When PCs are stolen, so are the data assets stored on them.


Squandered computing resources

PCs are severely under-utilized. PC resource usage is typically around 5 percent.

Pooling of PC computing resources to improve utilization and reduce costs is difficult, if not impossible.

Mobile workers require additional solutions to satisfy their remote access needs.


Desktop Management Solutions

Provision Virtual Access Suite for VMware

What it is…

A broker-based management platform for VMware Virtual Desktop Infrastructure.

A set of last-mile features delivering an enhanced end-user experience.

Virtual Access Suite

User Experience


Broker Anatomy

Highly scalable Windows service.

Interacts with the VMware VirtualCenter to perform all VM pool management tasks.

For high availability, up to three brokers are allowed per virtual infrastructure.

Can be installed inside a virtual machine appliance.

Responds to client connectivity requests and redirects the client to the appropriate VM.


VM pool management tasks

Wizard-based VM pool creation allowing the VDI Administrator to specify the following parameters:

Number of VMs in the pool.

Number of VMs to create at once.

Target VMware ESX host or resource pool for creating VMs.

Auto-answer file.

Date and time to start the VM pool creation process.


VM status reporting:

VM pool management tasks (continued)

VM pool deletion

VM pool suspension / un-suspension

VM pool power-up / power-down

Powered up / down

Suspended / Un-suspended

Resource utilization


VM pool management tasks (continued)

VM session status reporting:

Logged-on user

Logon time

Running processes


VM pool policies

VM Assignment Type:

Temporary

Permanent


VM pool policies (continued)

Grant the user special privileges to the VM:

Power User

Administrator



Allow the user to take and revert to VM snapshot.



Conserve resources by performing one of the following actions when the user logs off:

Suspend VM

Power down VM



When the VM pool expires, perform the following action:

Suspend VMs

Power off VMs

Delete VMs



Specify allowable access hours (by day and hour):


VM policies

VM Pool policies may be overridden on a per VM basis.

Example:


Virtual channel policies

Grant access to the following client resources:

Drives

Printers

Handhelds

Serial Ports

Smart cards

Audio


Application publishing

Full desktops and/or individual applications may be published.

Desktops and applications are published to VM pools.

Access is granted or denied to applications via ACLs.


Access control lists

Containers of user accounts, groups, and organizational units.

Used to grant or deny access to VM pools and published resources.


Resource management and high availability

The Virtual Access Suite leverages the resource pooling and highavailability foundations of the VMware virtual infrastructure.


Fault management

If for any reason the user’s permanent VM fails to start, the user is temporarily assigned a free VM from the same pool. Should the original VM become available again, the user is redirected to it on subsequent logons.


Client connectivity

Remote Desktop Protocol (RDP)

RDP-over-SSL


Client device support

Windows 9x/Me/2000/XP

Windows CE

Java client (Q1 2007)

Linux-based PXE client (Q1 2007)


Additional Features

Full-featured Desktops

Published Applications

Seamless Windows

4096 x 2048 resolution

Multi-Monitor Support

Universal Print Driver

USB PDA Redirection

Environment Lockdown

Web Interface

SSL Connectivity

Remote Password Reset


Launching VDI-Based Published Applications from the Local Desktop

Connecting to the Full Desktop of a Hosted VM

Launching VDI-Based Published Applications Using AppPortal

Launching VDI-Based Published Applications Using the Web Interface

Short Demo Movies


http://www.provisionnetworks.com/demos/vdi_appportal_di/demo_flash.htm

http://www.provisionnetworks.com/demos/vdi_appportal_full_desktop/demo_flash.htm

http://www.provisionnetworks.com/demos/vdi_appportal/demo_flash.htm

http://www.provisionnetworks.com/demos/vdi_web-it/demo_flash.htm

Thank you!

www.ProvisionNetworks.com

Presentation Download

Please remember to complete yoursession evaluation form

and return it to the room monitorsas you exit the session

The presentation for this session can be downloaded at http://www.vmware.com/vmtn/vmworld/sessions/

Enter the following to download (case-sensitive):

Username: cbv_repPassword: cbvfor9v9r

provisioning hosted desktops for centralized access, management, improved security...

Documents