Webinar: Make VDI Personal – How State of Wisconsin

DCF is Virtualizing its 1,200 Desktops

Maytee AspuroChief

InformationOfficer

Ron OglesbyVMware vExpertMicrosoft MVP

Chief Solution Architect

Chris FoxSenior

Software Engineer

Desktop Virtualization Bureau of Milwaukee Child Welfare

The Challenge

Wave One / Phase One & Two:

To transition 250+ staff to an efficient, agile, responsive, secure, accessible/mobile, recoverable, and comprehensive desktop that can be reasonably customized and centrally supported with limited financial and labor resources.

dcf.wisconsin.gov

The Business Case• Meeting Operational Requirements

° Scalability

° Flexibility and Agility

° Longevity

• Customer Service

• Total Cost of Ownership

• Highly Mobile Workforce (internal & external)

• COOP Solution

dcf.wisconsin.gov

Success Measures

• User Personao Meet or beat previous desktop experience

• Manageabilityo Enable fewer IT staff to accomplish more

• Storageo Conserve space while maximizing performance

• Mobilityo Anytime / Anywhere

dcf.wisconsin.gov

The Customer

Bureau of Milwaukee Child Welfare

• 1/4 of the total DCF population• Highly Mobile

• Externally: Staff operate in a wide variety of environments• Internally: Staff regularly moves among locations based on tactical needs• High turnover rate (~20% annually)

• Access to sensitive data• Task oriented• High risk of equipment theft • Undergoing substantial strategic restructuring and reorganization

dcf.wisconsin.gov

The Partnership• Department of Children & Families

o Bureau of Information Technology Services (BITS)o Bureau of Milwaukee Child Welfare (BMCW)

• Department of AdministrationoDivision of Enterprise Technology

• Vendors (Listed Chronologically by Engagement)

•HP/PDS•Cisco/AT&T•VMware•InSight•Lenovo•CDW-G•Riverbed/A&E Business Solutions•Unidesk•SolarWinds•Microsoft•Symantec

dcf.wisconsin.gov

The Timeline

dcf.wisconsin.gov

Wave 1 – Phase 1

Infrastructure Foundation and Services Layer Implementation

June 2010 – September 2010

Wave 1 – Phase 2

BMCW Network and Workstation Migration October 2010 – December 2010

LAN, WAN, Datacenter Network Management Transition from DOA/DET to DCF

June 2010 – December 2010

Service Desk/HelpDesk Implementation November 2010 – December 2010

eWISACWIS Modernization October 2010 – July 2011

Wave 2

Transition of Workstation, file/print services from DWD

March 2011 – December 2011

Transition of DWD hosted KIDS & CARES web-based applications

January 2012 – December 2012

Wave 3

Optimization & Consolidation January 2013 – June 2013

DCF Technology Selection

dcf.wisconsin.gov

Hardware

Server Platform HP BladeCenter C7000 w/ BL460c Blades

Storage Platform Primary and Secondary: HP EVA 8000 Series

Backup and Archival: Symantec NetBackup

Network

Data-center Networking Cisco Nexus 7000/5000 Series Switches, ASA Firewall & VPN

WAN Optimization/Acceleration Riverbed

Virtualization

Server Virtualization VMware vSphere 4.1 Enterprise Plus

Desktop Virtualization VMware View 4.5 / Unidesk

Management and Monitoring

PC, Server Lifecycle Management Microsoft Systems Center Configuration Manager (SCCM)

Infrastructure Monitoring Microsoft Systems Center Operations Manager (SCOM), HP Systems Insight Management, HP Storage Essentials

Network Monitoring Orion Solarwinds Network Performance Monitor

Service Desk Microsoft Systems Center Service Manager 2010

Why Virtualize The Desktop?

• Separation of the OS, applications and hardware. This separation will increase agility while decreasing support costs (firms commonly report 50% decreases in desktop support costs while improving service delivery).

• Windows 7 Support

• Simplified Desktop Management

• Automated Desktop Provisioning

• Built-in Security

• Availability and Scalability

• Streamlined Application Management

• Advanced Virtual Desktop Image Management

• And the topic we all love to hate…COOP

dcf.wisconsin.gov

DCF VDI Architecture

dcf.wisconsin.gov

Unidesk

• Allows us to effectively personalize,

package, and provision desktops,

improve overall manageability, and

provide significant storage savings, all

without compromising the underlying

solution.

• C:\ Drive is compiled at boot time,

consisting of independent OS, App, and

Personalization layers.• All layers are independent• OS and Application layers are

shared (storage savings)• User Persona persists through

updates• Snapshot/Restore individual

layers or the entire desktop

dcf.wisconsin.gov

Inside Unidesk Layering

It’s All About the Layers

dcf.wisconsin.gov

Planning & Design – Steps to VDI Success• Know your users

o Create a set of tiers that users fit into, and assign a weight to each tier

dcf.wisconsin.gov

Tier Weight Typical Workload

Information Workers

70% Child Welfare App (Web Based), Outlook, Excel, Word

Power Workers

20% Above, plus custom apps, development suites (i.e. IT Staff, Finance, Developers)

Admin Workers

10% Management and Directors, requiring basic applications, but lowest downtime

Sizing• Next, assign performance characteristics to each tier• Based on a number of users and this breakdown, we can reasonably plan hardware resources• For us, this was a journey from estimating to actual

dcf.wisconsin.gov

Tier vRAM vCPU Disk I/O (non-idle)

Information Workers

1.5 GB

1 ~12-15 IOPS

Power Workers

2-3 GB

1-2 ~18-22 IOPS

Admin Workers

2 GB 1 ~12-18 IOPS

Estimating Hardware• Conservative Numbers for Budgeting

o Don’t forget about: Virtualization overhead Infrastructure supporting VDI N+1 capacity, etc

dcf.wisconsin.gov

CPU Memory Disk Network

~2-4 Desktops per CPU core

~.5-1 Desktop per 1GB of Physical Memory

~7 Desktops per 15k RPM hard disk spindle

~3 Desktops per 1Mb of WAN bandwidth

Current Usage Statistics•~350 Desktops with over 65% user concurrency

•Plan to roll out an additional 600 desktops this year

•A single gold image•~50 Application layers•Average of 67 desktops per blade•Serious storage savings

• i.e. Savings for 53 desktops running on a single CachePoint

dcf.wisconsin.gov

Executing Desktop Virtualization• Research, research, research…• September had to be used for testing and optimization

• Over 600 staff and partners to be moved in November • DCF infrastructure had to be production ready by October 15th.

• Integrated design from the desktop to the data center

dcf.wisconsin.gov

VDI in a Mobile Client

• Roaming Thin Client is what we needed…

• How did we do it?

• Why did we choose to use this method?• Compressed timeline• Guaranteed success was required

• Post implementation included a large refresh project that allows opportunity to adjust

dcf.wisconsin.gov

Lessons Learned

• Extensive planning - Understand your users• Plan for some sort of persona management tool

• Unidesk packages the OS, Apps, and Persona• Take a holistic approach to Application Inventory

• Unidesk Layer• ThinApp• Installed on Gold Image

• Dedicate trained virtualization staff to your Helpdesk• Implement in small groups and monitor constantly on all levels• Use direct user training and interaction within the rollout• Ensure you have immediate triage ability with staff as they face change• Keep your user in mind

dcf.wisconsin.gov

The Achievement

•Meeting Operational Requirements•Scalability Highly scalable•Flexibility and Agility Quick provisioning and extensibility•Longevity Designed for the future

•Customer Service Customer-centric design•Total Cost of Ownership ROI driven •Highly connected workforce (internal and external) Anytime and anywhere access•Establishing COOP solutions Without costly redundant equipment & environments

dcf.wisconsin.gov

Thank you.

Layering: The Keyto VDI Success

Unidesk: Desktop Layering Innovation

C:

The Best of Persistent & Non-Persistent VDI

Persistent:custom foreach user

Non-persistent:stateless and managed by IT

UnideskManagement

ApplianceVirtual appliance serves GUI, maintains policy &

configurationAdministrator

UnideskMaster CachePoint

Virtual appliance stores common layers

UnideskCachePoint

Virtual appliance stores only the layers need by

desktops it hosts

End Users

Unidesk Topology

Personalization Layer Backups

Regular backups of desktop personalization layers for

recovery purposesUnidesk Virtual Desktops

Unidesk-composited desktops hosted on

existing VMware infrastructure

Demo: Unidesk and VMware View in Action

Copyright © 2010 Unidesk Corporation. All Rights Reserved. www.unidesk.com

© 2009 VMware Inc. All rights reserved

Confidential

VMware View – Enabling manageability and mobility like never before

29

Modernizing the Desktop – A Managed Service Model

Persona

Applications

Operating System

Centralized Management

DesktopDelivery

ModernDesktop

30

Modernizing the Desktop – VMware Vision

Mobile Desktop Mac Thin Client Offline iPad

Desktop Cloud

Cloud Desktop Management •Image Management •SLA•Provisioning•Maintenance•Policy•Security

Cloud Desktop Infrastructure •On Demand Resources

•Availability

•Scalability

•Performance

vCenter – Policy-based Management & Automation

vSphere – Platform for Cloud Infrastructure

View – Desktop Computing via Cloud

OS Apps Persona

Personalized Access across Devices

Desktop Application Portal

31

VMware Partner Unidesk Shares the Same Vision

“Dynamic desktop composition represents an advance in client management technology and can accelerate growth for virtual desktops where the ability to personalize the user experience is needed. Unidesk’s layering technology is an innovative example and we look forward to collaborating to modernize the desktop experience for VMware View and VMware vSphere customers.”

- Scott Davis, CTO, Desktop Virtualization, VMware

32

Customers Modernizing More Desktops with View and Unidesk

33

Key Components

Built on reliable vSphere platform

vCenter Server

View Connection Server

View Security Server

Now supports PCoIP!

View Client

Offline Client available for special use cases

Overview of the View Architecture

vCenter

CentralizedVirtual Desktops

MicrosoftActive Directory

View Connection Server

View Security Server

View Client

DMZ

PCoIP

34

View Security Server Security Features

• Native support for PCoIP added in View 4.6

• Recommended for DMZ deployment or environments with separated networks

• Only authenticated users can gain access through it

• Can ensure that virtual desktop access is only possible for authenticated users. The only desktop protocol that can enter the data center is on behalf of authenticated users

• Ensures users can only access resources (virtual desktops) they are authorized to access

• Zero administration

• Offloads the HTTPS processing and all desktop protocol traffic away from the View Connection Server

• Multiple View Security Servers are used for scalability and HA with loadbalancers

• Support for RSA SecurID and smartcards

View Security Server

35

Operating System

ThinApp – application virtualization

Features

• Decouple applications and data from OS

• Agent-less architecture

• Wide platform and application support

• Plug into existing application management tools

• Deliver ThinApp virtual applications asUnidesk layers for automated deployment,version control, and rollback

Benefits

• Simplify Windows 7 migration

• Enable application mobility and easier access

• Minimize the number of OS images managed

• Eliminate application conflicts

• Enable the use of multiple versions of thesame applications

Application Application

Operating System

VOS VOS

Application

sandbox

Application

sandbox

App Files App Files

36

vShield Endpoint Integration

Improve performance and effectiveness of existing endpoint security solutions

Offload AV activity to Security VM (SVM)

Eliminate desktop agents and AV storms

Enable comprehensive desktop VM protection

Centrally manage AV service across VMs with detailed logging of AV activity

Partner Integration through EPSEC API

vShield Endpoint Included with the VMware View 4.5 Premier bundle

VMPersonaAPP

OSKernelBIOS

VMPersonaAPP

OSKernelBIOS

VMPersonaAPP

OSKernelBIOS

SVM

OS

VMware vSphere

AV

Hardened

Introspection

37

Thank You!

Q&A

Please feel free to contact the speakers directly :

• Maytee Aspuro, State of Wisconsin, maytee1.aspuro@wisconsin.gov

• Christopher Luter, State of Wisconsin, christopher.luter@wisconsin.gov

• Timothy Curless, State of Wisconsin, timothy.curless@wisconsin.gov, Twitter:@timcurless

• Ron Oglesby, Unidesk, roglesby@unidesk.com, Twitter:@RonOglesby

• Chris Fox, VMware, cfox@vmware.com