1 Introduction:VM Desktop Delivery
1.1 Research Objectives
Wipro, a Global Information Technology, Consulting, and Outsourcing business, recently collaborated with Intel® to conduct a research project to understand the best approaches for utilizing local virtual machine (VM) desktop delivery for desktop and laptop users. The research team undertook an in-depth analysis of the software and hardware technology that enables such a virtualization model. The objective of the research was to understand the features and capabilities of the technology and identify a set of practical usage scenarios for enterprises. This document provides a summary of the research findings and conclusions.
1.2 Desktop Virtualization
Traditionally, every personal computer (PC ) requires an individual operating system (OS). The desktop image, also referred to as “desktop”, contains the OS , applications, user settings, and data. Every PC requires the IT staff to install each application and perform application patching in a distributed manner. Because of the time and effort required in such scenarios, more and more companies today adopt desktop virtualization in order to simplify management of their end-user computing infrastructure, improve security, enhance scalability, and provide users remote access to corporate data and applications.
Figure 1: Desktop Virtualization Models
There are four main approaches to deliver virtual desktops:
These four virtual desktop approaches fall under two categories: client-based computing and server-based computing. The differences between the two types of computing are as follows:
1.2 Desktop Virtualization
This whitepaper focuses on the local VM desktop delivery approach in desktop virtualization. The research utilized Citrix® XenClient and Citrix Synchronizer that work in tandem to complete the local VM desktop solution. The user experiences XenClient as a small software component loaded on the client hardware, with a simple user interface (UI) for creating multiple VMs and uploading the master image from the server. XenClient enables users to fully take advantage of desktop virtualization whether they are online or offline. With XenClient, multiple virtual machines can run side by side on a single client device.
2 Technology:Blending Citrix with Intel Virtualization
2.1 Citrix XenClient and Synchronizer
2.1.1 Architecture The XenClient and Synchronizer architecture includes the following components:
Additional details about key technology components are provided below:
Figure 2: Citrix XenClient and Synchronizer Archit
2.2 Intel Virtualization Technology
XenClient is designed to take full advantage of the hardware-assisted virtualisation capabilities in Intel vPro technology. These capabilities include the following:
PCs powered by Intel Core vPro processors provide essential hardware enabled virtualization, security, and isolation functionality and provide direct access to the full graphics capabilities of the device.
3 Product Capabilities: IT Management and Other Usage Scenarios
3.1 IT Management
3.1.1 Desktop Administration
XenClient enables fast deployment of new virtual desktops with standard desktop images to employees or contractors. For temporary staff such as contractors, part-timers, and interns, IT can use XenClient to provide time-limited virtual desktops that expire automatically.
XenClient offers the same desktop administration methods as in a VDI:
3.1.2 Image Management
Desktop images can be categorized into the following types of images
3.1.3 Device Independence
XenClient can run in a mode that isolates and virtualizes all the underlying hardware for the virtual machines running on top of the platform. In this case, the drivers all run in the control domain. This model of operation enables the creation of truly hardware-independent virtual machines that can be moved between different PCs and even between different vendors’ PCs.
IT departments can reduce their management burden through the use of a Client Hypervisor that abstracts the OS and application environment from the underlying platform hardware, using as few image derivatives as possible. The hardware needs to be compatible with XenClient. XenClient can also run in a mode of operation where the Xen Hypervisor enables a pass-through for certain devices, such as the graphics hardware, directly to a virtual machine. In this case, the regular Windows drivers would run and provide the fastest graphics performance possible. This pass-through technology makes use of hardware virtualization provided by Intel vPro technology.
3.1.4 Self-Service Capabilities
The self-service capabilities in XenClient further increase employee productivity while reducing help desk calls. Users can download for themselves, the preconfigured corporate desktops to their client device. They can also create new local virtual machines and install desktops with different OS or application configurations.
3.1.5 Backup and Restore
Whenever users connect to the Internet, XenClient creates a secure connection to the datacenter to back up the system. In the event that a laptop is lost, stolen, or fails, users can restore the entire virtual desktop to another XenClient-enabled computer. The user simply procures any compatible laptop and then downloads and installs XenClient software. The user then configures the Synchronizer IP address. XenClient automatically downloads and restores the VM from the last backup. The recovery process can happen in a single day. The ability to pick a point in time to backup also enables users to roll back changes and even restore test environments to their previous state without involving IT staff, improving the time to recovery and decreasing the load on IT.
3.1.6 Security
The ability to pick a point in time to backup also enables users to roll back changes and even restore test environments to their previous state without involving IT staff, improving the time to recovery and decreasing the load on IT.
Additional security features include:
3.2 Usage Scenarios
3.2.1 Managed and Unmanaged Corporate Images
IT desires to maintain a standard image that delivers specific applications to a wide variety of users in an enterprise.
Figure 3: Desktop Image options with Citrix XenClient
Delivering such an image precludes providing the user with any ability to add additional personal tools or other application services including their favorite browser (Firefox or Chrome vs. IE), local backup tools, widgets, and so on. XenClient can provide a mechanism for IT to deliver a highlystructured image and in parallel a second image where the usage rules are more relaxed. If the second image breaks, only a fresh OS image is delivered. The user is then responsible for reloading any applications into the image. Basic patching and security services are provided to maintain a base level of management.
3.2.2 Multiple OS Images
IT departments often need to support longstanding enterprise applications that only work on certain older OS versions. In such cases, XenClient can be configured with multiple corporate images such as Windows XP and Windows 7.
3.2.3 Application Container
Certain corporate applications require isolation from other applications due to compatibility or security reasons. XenClient enables a mode of operation where one application can be accessible in one VM while running in a separate VMs with a separate OS. Accordingly, some special applications can be delivered in a self-contained container to users. This can include short-term application loaners or limited application sign-out services.
3.2.4 Multiple Environments
IT engineers in software development and testing often work with multiple environments. XenClient can create independent environments on a single PC , supporting different use cases such as a multi-machine sales demos or a temporary computing environment for testing.
3.2.5 Corporate and Personal
Organizations can provide their employees a separate desktop image for personal use that’s strictly isolated from the corporate image. The corporate applications are located on the corporate-managed VMs, limiting the exposure of corporate data to viruses, introduced in the personal environment.
4. Summary
Desktop Administration: Local VMs desktop technology enables desktop virtualisation on the client device. This offers an alternative method for desktop administration - managing desktop images through incremental image synchronization to the golden image rather than a traditional route of patching and updating to multiple individual desktops. IT departments can easily roll out standardized corporate desktop images while maintaining a central point of management.
Multiple desktop images: Most of the usage scenarios with a local VMs desktop concern using one device for multiple desktop images, each for a separate specific purpose:
Self-service: A local VMs desktop introduces alternative methods for managing corporate images and self-service desktop backup and recovery. This functionality greatly reduces the maintenance burden on IT and simplifies disaster recovery for laptop users.
Security: A local VMs desktop introduces additional security layers and increases the ability of administrators to control the desktop. Laptops and desktops can be seamlessly managed by setting enforceable data protection and data movement policies. Offering a separate desktop image for personal use enables separation of corporate and personal data and further improves data protection. XenClient XT provides advanced endpoint security features, delivering an ideal solution for mobile users with high security requirements.
Intel vPro technology enables hardware-assisted virtualisation and direct access to the full graphics capabilities of the device, improving the overall system performance and security. A local VMs desktop takes advantage of virtual computing technology. It also offers new possibilities in terms of user flexibility by providing anywhere, anytime access to virtual desktops. At the same time, a local VMs desktop gives the desktop administrator additional means for solving many key desktop management and security issues faced by IT departments today.
Andrey Zhulenev, Client Partner – Cloud Computing Strategy and Incubation
Andrey Zhulenev has 20 years of experience in management consulting and IT services. Over the past 8 years with Wipro, he has worked with customers in different industries, including Education, Banking, Financial Services, Manufacturing, Aerospace, Retail, and Healthcare. Andrey brings a deep understanding of technology and practical expertise in IT services, BPO , and Product Engineering. He is an expert in advanced delivery models and quality systems such as Lean and Six Sigma. Andrey is responsible for identifying and incubating next generation Wipro cloud solutions. The conceptualization of the cloud solutions starts with understanding a particular industry’s needs, identifying core and non-core business processes, analyzing the most recent technology trends, and studying the IT ecosystem of Independent Software Vendors (ISVs) and cloud providers. He is currently leading the incubation of the Wipro Desktop as a Service (WDaaS) solution. Prior to Wipro, Andrey worked in a variety of roles within IT services provider LUXOFT, AIG private equity fund, and AT Kearney management consulting. He is based in Seattle, WA.
Stevan Arychuk, Solution Architect – Cloud Computing Services and Solutions
Stevan Arychuk has 12 years of experience in datacenters, IT operations, infrastructure, network, and Internet technologies, designing and implementing complex technical infrastructure solutions. Stevan has a strong knowledge of content delivery and digital video technologies. At Wipro, Stevan is currently responsible for hardware architecture of the Wipro application and desktop virtualization solutions and technology Research and Development (R&D). He has also worked at Wipro as Vice President of Technology & CTO , Sr. Technologist for Digital Entertainment Services, Infrastructure Solutions Architect, and Network Architect. Prior to Wipro, Stevan worked at Nextactive Networks, Hewlett Packard, Yipes Communications, AvantGo, and Telus. He is based in Portland, OR.