Linda Hui (Global) - Leverage VDI for Total Ease of Desktop Management

In this blog post, Linda Hui explores the sibject of the mobile desktop and discusses the benefits of a virtual desktop infrastructure (VDI).

The modern workplace is changing. The office is now wherever we go: at home, on the train, at the airport or in the coffee shop across the road. The convenience of working anywhere and anytime is a result of the soaring popularity of mobile devices. It also makes desktop virtualization one of the most sought-after solutions for IT managers, and enterprises are always on the lookout for easier management of client desktops. A new generation of virtual desktop infrastructure (VDI) is providing not only flexibility but also greater remote capabilities and independence.

The CIO Technology Priorities Study conducted by IDG in July 2010 indicated that the number one interest—cited by 45 percent of respondents—of CIOs was “Virtualization, Desktop PC”, otherwise known as VDI. However, increasing deployment of VDI across a variety of organizations also means a number of different challenges as those organizations try to implement a reliable and scalable VDI.

VDI Challenges – Delivery capability

Initial rollouts of VDI encountered numerous difficulties, the majority of which turned out to be delivery issues. High on the list was the stickiness of VDI sessions, requiring a more intelligent and aware delivery infrastructure capable of maintaining persistent connections to specific VDI servers, while simultaneously managing load in a way that did not incur significant performance penalties.

Compounding the performance issue was the introduction of a new protocol, PCoIP (PC over IP). Although PCoIP improved performance, wrapping a connectionless protocol in a connection-oriented security protocol proved to be an impediment, slowing delivery and making virtual desktop usage highly frustrating for end users. The DTLS (Datagram Transport Layer Security) protocol solved this issue neatly, but was nearly thwarted by the issue of support (or rather lack thereof) from secure remote access vendors.

VDI Challenges – Security

When an organization deploys VDI with an external client element, for instance the ability to access applications from home or on the road, the security mechanism is exposed on the public Internet. This can have serious consequences for remote access if the authentication server is the target of a DDoS attack. It also places VDI outside the normal realm of security policy and protocol. This creates a scenario in which desktop images and physical desktops are not necessarily policed.

VDI Challenges – Scalability

Just as server virtualization led inevitably to virtualization sprawl, so too can desktop virtualization. When an employee leaves the organization, there is no longer the assumption that their computer needs to be wiped. The virtual desktop can be saved indefinitely. VDI is scalable, but there are serious issues that must be overcome to scale successfully, from network saturation to systems management, and ROI must be examined.

Collaborative and Centralized Architecture is the Key to Solving Emerging Challenges

Almost all of the truly challenging issues arising from deployment of VDI have been solved using a collaborative, architectural approach comprising virtualization technology and traditional infrastructure. Limitations imposed by the virtualization infrastructure, either purposefully or incidentally, have successfully been addressed by leveraging capabilities in its supporting infrastructure.

Application delivery infrastructure needs to provide persistence-based application routing to ensure end users, once connected to their virtual desktops, continue to be connected. Hardware-assisted cryptography in application delivery infrastructure ensures optimal performance for the secure transport of virtual desktops inside and outside the data center.

As we look to the future and consider what new challenges may arise for VDI, consumerization looms large. The increasing adoption – official and not-so-official –of consumer grade mobile devices by end-users is a potential source of grief for IT organizations. Whether tablet or phone, Android or RIM, these devices will soon participate in VDI and thus pose a very serious risk to the stability, scalability, and performance of VDI deployments.

Policy decisions will need to be made with respect to which devices are allowed, from where, and to do what. The combinatory possibilities are mind-boggling, and pose a significant challenge from the perspective of those responsible for enforcing such policies.

Besides moving large portions of network and application security to an application delivery controller means that security policy can be centralized across all systems, whether virtual or physical. Enabling organizations to offload encryption for connections going out over the public Internet is one of the many ways that some VDI products offer to increase VM density, like F5’s BIG-IP.

In terms of scalability, the overall architecture required for a VDI deployment is complex, but some ADCs, such as F5  BIG-IP can simplify it by significantly reducing the number of servers required. This reduction results in CapEx savings, while network optimizations that reduce the number of man-hours required to operate the network provide OpEx savings.

In general, when facing issues regarding access, performance, and scalability it behooves organizations to carefully consider an architectural approach capable of supporting all VDI environments, not simply those that exist today. Relying on client-specific end-point solutions may inhibit efforts when the client landscape radically changes, as it is poised to do with the recent and near-future introduction of so many mobile yet enterprise-capable devices.

A flexible, dynamic architecture that provides multiple options for securing, scaling, and addressing performance will ultimately provide the means to more rapidly address future challenges with VDI.

By Linda Hui, Managing Director - HK, Taiwan & GCG Strategic Products Development, F5 Networks Hong Kong