Desktop Virtualization with Riverbed and VMware
Introduction: The trend toward desktop virtualization
Like other virtualization products, desktop virtualization holds the promise of a dramatically simplified IT infrastructure, cost effective IT utilization, and flexible management, all while providing greater user flexibility and increased security. Solution vendors claim to provide enterprises with a new model of enterprise computing, whereby any client device can be used to securely access company data from any location, without requiring an individual to have their own machine, data, and applications running locally. As with most distributed computing models, desktop virtualization faces a performance challenge when enterprises attempt to use this technology to support a globally distributed workforce. Many of the protocols used for desktop virtualization were not originally designed for the WAN and typically run into two fundamental challenges:
1.Bandwidth Constraints – Limiting the amount of data transferred or the number of users who can
access virtualized desktops
https://www.doczj.com/doc/3d12785068.html,tency – Preventing applications from having acceptable performance.
In addition, in the era of mobility and cloud computing it is essential to have a solution that can move with users without affecting their productivity or restricting their freedom.
What is Riverbed WAN optimization and why is it relevant to desktop virtualization? WAN Optimization has rapidly been adopted across enterprises in order to deal with the challenges of bandwidth limitations and latency over the WAN and enable LAN-like performance for remote users. The Steelhead family of products enables server virtualization and remote site consolidation. This paper discusses best practices for those areas as well as an extension of this value proposition to support desktop virtualization environments.
Desktop virtualization can today be typically classified into two areas:
1.Virtual Desktop Infrastructure
a.Virtualized client / Thick client / Mobile device front end
This model represents accessing centralized desktops using a remote display protocol like
RDP, ALP or RGS. The desktops could be assigned per user or could be shared desktops.
This process involves streaming desktops to end devices over the LAN or WAN.
b.Full OS virtualization with local execution (aka Offline Desktop)
In this model, the full virtual desktop resides physically with the user. All data access is
native over the WAN. VMware ACE and Offline Desktop with VMware View are examples
of this technology.
2.Application virtualization
Application virtualization (also known as application portability or application service virtualization) is the practice of encapsulating applications from the OS and other applications to help deliver and deploy these applications more efficiently, securely and cost-effectively. Using application
virtualization technologies like VMware ThinApp or Microsoft App-V, IT administrators no longer
need to install applications at each end point. With this model the application is “streamed” on
demand from a central location and is not installed on the end point.
This paper will explore the relationship between Steelhead appliances, Steelhead Mobile, and various models of desktop virtualization, and how they relate to the range of branch office scenarios.
Branch office today and tomorrow
Traditionally, branch offices consist of native thick clients with local infrastructure to overcome performance issues over the WAN. Often this model does not scale well in a large, distributed organization, especially in terms of cost, management and security.
Riverbed has changed the way organizations operate by enabling consolidation of applications and servers to the datacenter without affecting end user performance. In addition, with the Riverbed Services Platform (RSP), customers can choose to keep some key services locally and run them virtually on each branch office’s Steelhead appliance. With Riverbed, this consolidation strategy has enabled organizations to reduce their TCO, facilitate centralization and meet their application SLA’s without incurring additional network infrastructure costs.
This trend towards a consolidated architecture also enables easier adoption of newer technologies like desktop virtualization. As the adoption of desktop virtualization increases in organizations, the trend of increasing native and virtualized client traffic over the WAN between the branch office and the datacenter is expected to increase as well.
The latter half of the paper discusses the various branch office architectures, value propositions and the flexible deployment options the Steelhead family of products provides in virtual desktop environments.
Branch Architecture 1 - Thick clients at the branch (no virtualization at the remote office) The primary use case for virtualized desktops revolves around consolidation, manageability and security. Steelhead appliances can aide in the accomplishment of these use cases, without requiring virtualization of the remote end-user, by using native clients accessing the centralized applications via native protocols. In this section, we discuss this approach of staying native, while achieving your IT goals. In this architecture, all applications and data reside centrally at the datacenter with Steelhead appliances accelerating remote worker client access to this centralized infrastructure over the WAN.
Key solution benefits
1. Application and data secured, consolidated and/or virtualized at the datacenter.
2. All central data access accelerated by Steelhead appliances without additional branch server infrastructure.
3. RSP on Steelhead appliances enables local services, such as print, to run directly on the appliance without additional branch servers.
4. Steelhead appliances enhance desktop management for IT admins by enabling centralized patch management.
5. No major re-architecture necessary to enable a desktop virtualization solution.
6. Accelerated access to data for mobile workers with Steelhead Mobile.
Branch Architecture 2 - Hybrid environment of thick and virtualized clients at the branch
This is the most common branch infrastructure that is seen in the real world. Organizations will typically have a combination of thick and virtualized clients at the branch accessing centralized resources. By using Riverbed, native and virtualized clients are simultaneously accelerated in a consolidated and secure environment.
Laptops/Desktops
Virtualized client
WAN
DATA CENTER
ESX Servers
View Manager Mail Servers
Web Servers
NAS/SAN
Offline Desktop for mobile users with Steelhead Mobile
BRANCH OFFICE
Laptops/Desktops Desktop
WAN
DATA CENTER
Virtualized Servers
App Server
Servers
Web Servers NAS/SAN
Mobile users with Steelhead Mobile
BRANCH OFFICE
Solution Results
Figure 1 below shows user response time improvements of 10-40% with Steelhead appliances without turning off RDP compression and encryption. The testing was performed over a T1 link with 10 msec RTT with multiple users. Details of the testing are covered in Appendix II.
Fig 1
Figure 2a below shows user response time improvements for a single user performing standard desktop operations un-optimized (RDP compression and encryption enabled) versus Steelhead optimized (RDP compression and encryption disabled). Figure 2b shows the bandwidth reduction that Steelhead appliances provide in the same environment. Details of the testing are covered in Appendix II
Fig 2a
Un-optimized w/o Steelhead with RDP compression and encryption (1.9 sec)
Optimized with Steelhead w/o RDP compression and encryption (1.25 sec)
Figure 2a
0.129 mbps w/o Steelheads
0.051 mbps with Steelheads
Fig 2b
Key solution takeaways
1.Application and data secured, consolidated and virtualized at the datacenter.
Figure 2b
Key solution benefits
1.All data access (native and virtual) is accelerated by Steelhead appliances without additional
branch server infrastructure.
2.RSP on Steelhead appliances enables local services, such as print, to run directly on the appliance
without additional branch servers
3.More bandwidth available for virtual client traffic by reducing the impact of native clients,
4.Optimize bandwidth and user response times for virtual client traffic by 30% or greater.
5.Accelerated access to data for mobile users with Offline Desktop and Steelhead family of products
6.Enables more users to access data without the need for bandwidth upgrades
Branch Architecture 3A -Virtualized clients at the branch
In this architecture, all the clients at the branch office are connecting to virtual desktops at the datacenter. All traffic traversing the WAN is typically virtualized client traffic. The Steelhead appliance provides
optimization for virtualized client traffic, while also providing services, such as print, on the RSP locally. In addition, Offline Desktop users will experience acceleration for check-out/check-in, as well as, on going application acceleration using Steelhead Mobile on the road.
Solution Results
Fig 2c
Virtualized client
Virtualized client
WAN
DATA CENTER
ESX Servers
View Manager Mail Servers
Web Servers
NAS/SAN
Offline Desktop for mobile users with Steelhead Mobile
Unoptimized w/o Steelhead with RDP compression and encryption (1.577 sec)
Optimized with Steelhead
w/o RDP compression
and encryption (0.97 sec)
Figure 2c
Figure 2c above demonstrates user response time improvements for multiple users performing standard desktop operations un-optimized (RDP compression and encryption enabled) versus Steelhead optimized (RDP compression and encryption disabled). Figure 2d below shows the bandwidth reduction that Steelhead appliances provide in the same environment. Details of the testing are covered in Appendix II
0.249 mbps without Steelheads
with View compression and
encryption enables
0.149 mbps with Steelheads
with RDP/View compression
and encryption disabled
Fig 2d
Key solution benefits
1.Decrease IT budget through consolidation and virtualization of applications and hardware at the
datacenter.
2.Optimize bandwidth and user response times for virtualized client traffic by 30% or greater.
3.Accelerated access to data for mobile users with Offline Desktop and Steelhead family of products
4.Enables more users to access data without the need for bandwidth upgrades
Branch Architecture 3B - Virtualized clients only at branch with local ESX delivering LAN RDP
Solution Results
Fig 3 below shows the results of Steelhead appliances with local ESX and RDP performance on the LAN and native application traffic over the WAN. The applications remain centralized at the datacenter while, at the branch, ESX is hosting a basic desktop using Linked Clone technology from VMware View. Testing was done over a T1 link with 100 msec RTT.
Fig 3
Virtualized client Virtualized client
WAN
DATA CENTER
ESX Servers
View Manager Mail Servers
Web Servers
NAS/SAN
Offline Desktop for mobile users with Steelhead Mobile
BRANCH OFFICE
ESX Server
Open Explorer
1
2
3
45
6
7
8
No Steelhead
Steelhead Cold Run
Steelhead Warm Run Seconds
Open Pow erpoint
2
4
6
8
10
No Steelhead
Steelhead Cold Run
Steelhead Warm Run Seconds
LAN-like performance!
LAN-like performance! Open IE
2
468
No Steelhead
Steelhead Cold Run
Steelhead Warm Run Seconds
Copy 9 MB document to a USB
020406080
No Steelhead
Steelhead Cold Run
Steelhead Warm Run Seconds
Key solution benefits
1.Simplify access with local RDP for your desktop using Linked Clone technology at the edge, and
accelerate native application traffic over the WAN with Steelhead appliances
2.Decrease IT budget through consolidation and virtualization of applications and hardware at the
datacenter.
3.Accelerate individual desktop user profiles using CIFS over the WAN with Steelhead appliances
4.Accelerated access to data for mobile users with Offline Desktop and Steelhead family of products
5.RSP on Steelhead appliances enables local services, such as print, to run directly on the appliance
without additional branch servers
Mobility, desktop virtualization and WAN optimization
While VMware View provides flexibility in delivering virtual desktop environments, it wasn’t until recently that a new feature allowed offline usage to users. VMware Offline Desktop lets end users “check out” personalized virtual desktops on a laptop for use offline and then “check in” any changes when they return online. The Steelhead family of products can accelerate the check-out/check-in process as users access the VMware View environment over the WAN. In addition, Steelhead Mobile deployed within the checked out virtual desktop can provide accelerated access to centralized data and applications while the end user is mobile.
Fig 4a Check-out with Steelhead appliance of a View desktop over T1-100msec RTT
Time to checkout a 2.5GB VM
Steelhead MobileWarm Run
No Steelhead Mobile
0100200300400500600700
Minutes
Fig 4b Check-out with Steelhead Mobile of a View desktop over T1-100msec RTT
Tim e to download 5MB ppt (secs)
Steelhead Mobile
Warm Run
Steelhead Mobile
Cold Run
No Steelhead
Mobile
020*********
Seconds
Fig 4c Time to download a 5MB PowerPoint in an Offline Desktop environment over a T1-100 msec RTT. The use case
simulates a user accessing central documents while on the road.
Key solution benefits
1.Easily access VMware View while on the road with Steelhead Mobile
2.Accelerate access to applications anytime, anywhere with Offline Desktop and the Steelhead
family of products
3.Migrate to offline mode at LAN-like speeds with the Steelhead family of products
4.Handle incremental syncs seamlessly while at home, in the office, or on the road
5.Offline Desktop with Steelhead Mobile makes desktop mobility a reality and overcoming the
performance issues caused by WAN latency and bandwidth
WAN optimization and application virtualization
Application virtualization (also known as application portability or application service virtualization) is the practice of encapsulating applications from the OS and other applications in order to simplify deployments and minimize application conflicts. With this model, the application can be “streamed” from a central location to the user, and is executed at the remote site with zero foot-print on the client device. This scalable and efficient approach enables companies to move to a virtualized desktop strategy, and works well in native environments, traditional VDI deployments, and with new features like Offline Desktop. Fig 5a and 5b showcases the LAN-like performance of using Steelhead Mobile with application virtualization technologies by showing the speed of downloading the virtualized application, as well as the data onto the mobile workers laptop.
Downloading a ThinA pp Powe rpoint application
Steelhead Mobile
Warm Run
Steelhead Mobile
Cold Run
N o Steelhead
Mobile
0510152025
M inute s
Figure 5a: ThinApp PowerPoint on a user desktop using Steelhead Mobile over T1-100msec RTT
Dow nloading a 10 MB Pow erpoint presentation from a central share over CIFS in a
ThinApp environment
Steelhead Mobile Warm Run
Steelhead Mobile Cold Run
No Steelhead Mobile
020406080100120140
Seconds
Conclusion
The Steelhead family of products enables all virtualized environments, including those deployed for server consolidation and migration, disaster recovery or desktop virtualization. Focusing on the area of desktop virtualization, Riverbed products:
Securely optimize virtualized client traffic from the perspective of user response time and bandwidth
Accelerate native and virtualized client traffic
Greatly improve check in times with Offline Desktop
Accelerate data access in ThinApp environments
Utilize VMware View’s new architecture to provide a highly optimizable environment that enables:
o LAN-like RDP performance over the WAN
o All critical data to be secured at the data center
o Enhanced security by allowing desktops to be provisioned easily in the case of a failure
For any virtual desktop environment, the Steelhead product family can be used to accelerate applications and reduce bandwidth consumption to enable successful deployment over the WAN.
Appendix I: Steelhead configuration for optimizing RDP/View Client
This section describes the configuration changes on Steelhead appliances to optimize thin client traffic. Assuming RDP compression and encryption is not turned off
1.Remove RDP from default pass through
2.Create In-path rule for destination port 3389 or View client port (80/443), with no nagle and no
optimization
3.Enable QoS on 3389 or View client port (80/443) with MxTCP
4.Results in figure 1 above
Assuming RDP compression and encryption (refer to Appendix II) is turned off
1.Remove RDP from default pass through
2.Change compression level to Lz1
3.Change the Adaptive Data Streamling setting to be in SDR-M mode
4.Create In-path rule for destination port 3389 or View client port (80/443), with no nagle and normal
optimization policy
5.Enable QoS on 3389 or View client port (80/443) with MxTCP
6.Results in fig 2a, 2b, 2c, 2d above
7.
Appendix II: Test environment details
Script: Automated scripts using AutoIT to simulate user actions (basic windows workflow) were used. In addition, a program to generate random screen movements was also run during the session to generate randomness and frequent screen updates during the test session
Network: T1-100 msec RTT, no loss
Desktop: Windows XP Professional w/SP2
Steelhead information: Steelhead appliance model 1020 running RiOS v5.5.0b(x86) with Riverbed Services Platform (RSP). Opnet Ace Live on RSP was used for measuring performance.
Appendix III Turning off RDP compression and encryption
Section 1: Turning Off RDP Encryption on Windows desktop
For Windows 32-Bit VMs –
?Follow instructions at : https://www.doczj.com/doc/3d12785068.html,/KB/956072
For Windows 64-Bit VMs –
?Perform just the registry edit changes at : https://www.doczj.com/doc/3d12785068.html,/KB/956072
Section 2: Turning Off RDP Compression
If using native Windows RDP –
?Save the RDP connection settings as a file (ex: Default.rdp) .
?Edit this file using an editor like notepad or wordpad
?Change the line compression:i:1 to compression:i:0
If using the VMware View Connection broker –
?Copy the file vdm_client.adm file from the VMware View connection server onto your thin client (remote office) machine. This file is located at C:\Program Files\VMware\VMware
VDM\Server\Extras\GroupPolicyFiles
?Import this file into your group-policy using gpedit.msc
?In this group policy object, go to User Configuration-->VMware VDI Client and disable the "Enable Compression" policy.
Section 3 – Turning off SSL for the VDM Client
To disable SSL for VDM Client ? Server
?Log on to the VDM Server Admin console, using http://
?Under the Configuration Tab, click Edit for Global Settings
?Disable the Check Box for “Require SSL for client connections”
?While setting up a connection from the VDM Client, ensure that the “User secure connection (SSL) option is not checked
Reference documents
All relevant VMware Documentation can be found at https://www.doczj.com/doc/3d12785068.html,/support/pubs/view_pubs.html
About Riverbed
Riverbed Technology is the IT infrastructure performance company. The Riverbed family of wide area network (WAN) optimization solutions liberates businesses from common IT constraints by increasing application performance, enabling consolidation, and providing enterprise-wide network and application visibility – all while eliminating the need to increase bandwidth, storage or servers. Thousands of companies with distributed operations use Riverbed to make their IT infrastructure faster, less expensive and more responsive. Additional information about Riverbed (NASDAQ: RVBD) is available at
https://www.doczj.com/doc/3d12785068.html,
Riverbed Technology, Inc. 199 Fremont Street
San Francisco, CA 94105 Tel: (415) 247-8800
https://www.doczj.com/doc/3d12785068.html,
Riverbed Technology Pte. Ltd. 391A Orchard Road #22-06/10 Ngee Ann City Tower A Singapore 238873
Tel: +65 6508-7400 Riverbed Technology Ltd.
No 1, The Courtyard, Eastern Road Bracknell, Berkshire RG12 2XB United Kingdom
Tel: +44 1344 354910
Riverbed Technology K.K. Shiba-Koen Plaza Building 9F
3-6-9, Shiba, Minato-ku Tokyo, Japan 105-0014
Tel: +81 3 5419 1990
About Riverbed
Riverbed Technology is the performance leader in WAN optimization solutions for companies
worldwide. By enabling application performance over the wide area network (WAN) that is orders of
magnitude faster than what users experience ordinarily, Riverbed is changing the way people work, and
enabling a distributed workforce that can collaborate as if they were local. Additional information about
Riverbed (Nasdaq: RVBD) is available at https://www.doczj.com/doc/3d12785068.html,.
? 2008 Riverbed Technology. All rights reserved. Riverbed Technology,
Riverbed, Steelhead, Interceptor, Atlas, Think fast, and the Riverbed logo
are trademarks or registered trademarks of Riverbed Technology.Portions
of Riverbed’s products are protected under Riverbed patents, as well as
patents pending. WP-DPG010909