Desktop virtualization promises easier management for IT and an optimal experience for users.
Spurred by the business benefits gained from server virtualization, enterprises now are embracing desktop virtualization for many of the same reasons: flexibility, lower costs and ease of management.
The latter has been huge for the University of Maryland in College Park, says Jim Maloney, network applications manager at the school, which has been using desktop virtualization since November 2007. The university hosts 50 -- soon to be 250 -- virtual PC images on two VMware ESX servers running the Sun Ray Server Software and Sun's virtual desktop software. Users access the images from Sun Ray terminals. "Overall, we've saved 30 hours a week in management time -- practically one full-time employee," he says.
Others look to desktop virtualization as a hedge against the cost of future PC upgrades. "Compared with traditional desktops, virtualization is a no-brainer," says Kunal Patel, IT manager at Nina Plastics, a packaging manufacturer in Orlando. Nina hosts 50 virtual PC images on two ESX servers using Pano Logic's Virtual Desktop Solution software. Users access the hosted images from a specialized hardware-only device into which they plug their mice, keyboards, displays and network connections.
"We were spending between $700 and $1,000 per desktop, whereas the Pano device costs just $300. And an actual PC eventually becomes obsolete and has to be replaced. With the Pano, if we want to upgrade the entire company's desktops, we just upgrade the few servers we have and we allot more memory or faster speeds to the images. It's a concrete dollar savings," Patel says.
Plus, users get unprecedented flexibility: They can access their desktops from virtually any device residing anywhere, as long as they have good network connections. Instead of sharing centrally hosted applications, they access their full desktop images complete with familiar applications and customized wallpaper -- the final fulfillment of the thin-client ideal.
One, two, three approaches
Desktop virtualization requires a hypervisor, such as VMware ESX, Citrix Systems XenServer or Microsoft Hyper-V, running on a data-center server to host the desktop images. Vendors differentiate themselves by the overlying desktop virtualization-management software that brokers the connection between the virtual PC image and the actual client, be that a Macintosh, Linux or Windows PC; thin client; RDP
Web browser; or specialized device such as the Pano. While many vendors rely on Microsoft's Remote Data Protocol (RDP) to handle the server-client communications (think Microsoft, VMware), others use proprietary protocols to apply compression and other optimization techniques. For example, Citrix uses its well-known Independent Computing Architecture (ICA) communications protocol, while Qumranet has a rendering protocol, called Simple Protocol for Independent Computing Environments, aimed at supporting multimedia applications.
13 desktop-virtualization tools. View slideshow
Vendors are addressing different use cases and pain points. The most well-known approach, called VDI (after VMware's pioneering Virtual Desktop Infrastructure), lets IT host a virtual desktop image on a data center server. The virtual desktop, which users access via an always-on network connection, remains secure, backed up and easy to manage.
VDI also offers good disaster recovery, because backing up a single server to a disaster-recovery site is easier than recovering multiple distributed desktops. "If you were in the Midwest flood zone and some office received damage and couldn't open, those employees could work remotely from home or from somewhere else in the country," says Mitchell Ashley, CEO of Converging Network and a Network World Microsoft Subnet blogger.
VDI also handles day-to-day disasters more easily than a physical desktop infrastructure can. When PCs fail, users lose work, time and, usually, data. A virtual PC is not tied to hardware, however, so fixing what's gone awry usually means just restarting the session. Data should be current because it sits on a server.
Likewise, virtual PC users shouldn't be affected when a host server fails. At Nina Plastics, for example, Patel uses two servers for failover protection. He describes how effective that approach has been for business users: "One day, something happened with one of the servers and it stopped running. I only noticed because I was walking through the data center and I saw the light was off. I went around the office and asked if anybody noticed anything slow or wrong, and nobody mentioned anything."
That situation was a far cry from the past, when Patel continually chased down desktop problems. "In the past, a server failure would have been a nightmare. I would have had 1,000 calls. But with this setup . . . everyone continued to do business."
VDI also is easier to secure than a physical desktop infrastructure because security updates and patches can be made to the image template once, and users get the changes the next time they access their desktops. In addition, user access to USB, thumb, CD and DVD drives and other peripherals can be restricted centrally and, because VDI's images are full desktops, they include such corporate security features as VPN support.
On the downside, a centrally hosted VDI requires an always-on network connection. While this kind of connection is becoming more ubiquitous in these days of wireless and broadband, it still is not a given. "You can't use VDI on a plane or in a subway tunnel," Converging Network's Ashley notes.
In addition, many graphics- or processor-intensive desktop applications don't work as well via a VDI as they do over a physical infrastructure. Bottlenecks occur when all the desktops share the host server's processor and memory. The performance of such interactive applications as video also tends to suffer with VDI, primarily because all execution happens on the server and is presented to the user via a remote presentation protocol -- RDP, for example -- that's not optimized for streaming.
"Sometimes we stream video, and right now, video is not optimized. It can display, but there is a bit of disconnect and the audio doesn't sync up well," Nina Plastics' Patel says.
Storage also poses a challenge in VDI environments, says Brad Novak, managing director of end-user platforms for Credit Suisse in London. Once desktop data is moved to the data center, it needs not only to be hosted but also to be stored and backed up. "This becomes a challenge, particularly if you're trying to use virtualized desktops to lower your costs," he says, noting that many users automatically put virtualized desktops on expensive SAN storage. "You have to make sure you're storing them on storage that has a reasonable price point. When they're running, they're usually in memory. There is some paging, but you don't necessarily need to run it on your fastest storage," he adds.
With a second option, locally hosted desktop virtualization, an always-on network connection isn't necessary. The host -- an Apple, Microsoft or Linux PC -- is configured with a local hypervisor. Users then spin up different desktop images to run atop that hypervisor.
Local virtualization products, such as VMware's ACE and Sun's VirtualBox, work well for testers and developers needing to run various desktops side by side from the same workstation. The local option also easily handles interactive or graphics-intensive applications, because the local graphics card is available, as are other resources. Storage becomes a non-issue, too, since data is saved locally.
The rub? Once the image is local, it stays there. There's no centralized control, manageability or backup.
The good news is that you don't necessarily have to choose between central management and local control and performance. Some desktop virtualization tools, like MokaFive's Live PC, are meant to combine the best of the VDI and locally hosted worlds.
With Live PC, IT stores and manages images centrally. Users stream the images to local Apple, Microsoft or Linux desktops. Performance is less of an issue than with VDI because everything is stored in cache and runs locally using local resources.
Once the desktop image has been downloaded, users can disconnect and take it with them. Downloading an image for the first time takes about two hours over a typical cable modem connection, but, once the initial files arrive, users can work while they wait. Alternatively, IT can distribute the central image on encrypted USB sticks. When a user links to the network, the local and central image sync up, ensuring that security files are updated and data is centrally managed.
Similarly, Ceedo Technologies' Ceedo Enterprise software and SanDisk's upcoming Secure Virtual Workspace tackle the offline/online problem by optimizing virtual desktop images to run directly from a USB or portable hard drive. Because the USB stick or hard drive uses full AES encryption, the device's data stays safe if it's lost or stolen. A big plus is the ease of distribution.
For example, one insurance company used to give its nearly 400 agents computer notebooks configured with several industry-specific applications. Now it just sends out Ceedo USB sticks with a fully configured desktop image, says Lothar von Kornatzki, managing director of Mobility-Office Solutions, a Munich, Germany Ceedo reseller.
"The cost to support the notebooks went down 90%," von Kornatzki says. "And we did a survey of the agents, and in terms of application installation, disaster recovery and using the environment, they save more than four hours a week. That's a real advantage."
The downside is that some images require costly USB sticks. "If you have a standard USB stick with 3MB of writing speed and 12MB of reading speed, you could have a performance problem," von Kornatzki says. "You really need more like 22MB of writing speed and 32MB of reading speed."
For those who like the control of VDI but need better performance for video and CAD applications, Qumranet offers Solid ICE. This tool requires an always-on connection, but it has an optimized rendering protocol to support high-definition video, VoIP and even videoconferencing within the VDI scenario.
If storage and performance are concerns, Citrix has optimized its version of VDI to shore up both, using the ICA protocol expertise gained through its MetaFrame offering. Citrix isolates not only the hardware from the operating system but also the applications and the user preferences, storing all data separately and delivering only what an individual user requires. "There is no need to store a full virtual image of Windows for every PC," says Raj Dhingra, general manager of desktop delivery at the company. "We can separate the applications from the operating system, so the image requires less storage."
So, the options are out there. "What flavor will win? Nobody knows," blogger Ashley says. "There are a variety of uses here, and I think we'll see some forms of all of them hanging around. We'll need them."
Cummings is a freelance writer in North Andover, Mass. She can be reached at firstname.lastname@example.org.
< Previous story: What to watch for during a virtual machine's life cycle | Next story: Three caveats for desktop virtualization >