There's a BIG problem with Microsoft's VDI rules If you’re talking virtual desktop infrastructure (or VDI) there are a few options – VMware Horizon View, Microsoft Remote Desktop Services, even smaller players like 2X Software – but chances are you’re going to plump for the biggest hitter, the company which has been doing it for the longest. You guessed it, I’m talking about …
As a small business, you buy windows professional with the laptop/desktop. A one off purchase of between £40 to £80.
For a remote desktop you end up paying an extra £80 one off for a remote desktop services license for windows server and hope, the £100 a year per user for a VDA license is very difficult to justify.
You need a VDA to connect to any remote VIRTUAL Windows computer regardless of the OS you are connecting from UNLESS you have a valid SA which has roaming rights built in.
You don't need a VDA if you are connecting to a remote 'physical' PC regardless of what OS you are connecting from.
Wrong again. You need and RDS CAL to connect to any remote Windows system as a user sessions (i.e. non admin connection). The VDA license is to compensate for using a non Windows OS on the base system to connect and use a Windows OS on the hosting system. The RDS (Remote Desktop Service) CAL is needed for the terminal session itself.
Getting VDI licenced in an Education is a similar nightmare - students share machines, so there's not the one-to-one correlation between a physical machine and a virtual desktop. So you could buy a VDA for EACH student - 20,000 here - concurrent use doensn;t work as the licence has a a 90 day transfer restriction.
PLEASE PLEASE MICROSOFT kick your licencing team - they introduce needless complex licences which wastes our time, our resellers time and theirs!
Make the licencing really simple - so one purchase = one instance for desktop stuff. Same with server stuff, but keep the nice rules around visualization.
Wrong. A VDA license is a "DEVICE" based license not a user based license. If you have 100 terminals and 20,000 students then you only need 100 VDA licenses, NOT 20,000.
You would need 20,000 RDS CAL's to cover all the students that use the terminals but the applications presented by the Citrix servers would only need licensing on the number of DEVICES that they are being accessed from - i.e. 100 to cover each terminal, unless of course you have user based licenses but in this scenario you just wouldn't.
By the wider use case for VDI.
The requirements for fast-I/O backend storage (notwithstanding one or multiple SANs) is a huge factor that needs careful planning and consideration. All too often I've heard "But we already have a SAN" which would often turn out to be old, creaking and/or already heavily utilised.
With VDI you are adding in extra layers of complexity to manage and control.
Unless it's changed in the very latest version (which I'm yet to test in anger), you can only stream a single personal vDisk. We had one customer where the ability to have two would have made VDI a very usable option but because of bespoke apps hard coded to specific local drive letters (mapped drives, mount points, subst etc wouldn't cut it) and requiring persistence etc made it a non-starter.
You can already do most of what is necessary within XenApp (by the way when did Citrix try to kill it off? I agree they made it less than bloody obvious that it was still an option within XenDesktop v7.0 but it's always been there - I think you mean that they chose to try to kill off the name rather than the product).
You can stream servers via PVS in the same way you can stream a client OS but generally with fewer of them being spun up simultaneously and with a bit of judicious planning and tuning, you don't need the top tier storage capabilities.
There are cases where VDI is a useful fit but far too often over the last few years, it seems to be being punted because it's there rather than because it's actually a good option.
In essence I guess my issue is down to added complexity + added support overhead + added hardware and licensing costs for, in most cases, no real tangible benefits.
I am more than happy to hear counter-arguments on these points.
Have a look at the latest version of PVS and Ram Cache with Disk Overflow or Atlantis Computings ILIO product. These two products have removed the need for top tier storage as by adding some (between 40 and 80GB) cheap commodity memory to each host you use for VDI you can achieve the write IOP's that VDI requires. Flash storage vendors are desperately trying to sell products before the knowledge of these technologies spreads and designers realise there is a better way.
ILIO is a more flexible product as it can be used independently of XenDesktop and PVS, being suitable for MCS and full clones too. So much so that if PVD is too restrictive needn't be used and full clones be used instead.
Personally I agree that PVS adds an unwanted layer of complexity to an already complex design scenario but with Ram cache with disk overflow being free to PVS users it makes an attractive proposition from a cost perspective while giving the IOPS performance required.
There are a lot of scenarios where VDI is not suitable and the main problem has been blanket sales into organisations where some users are suited and others (road warriors) are blatantly not, also the fact is is quite often sold with the promise it is cheaper than a traditional PC estate, which is not true. This has created that apathy you speak of towards the product as voices of complaint are inevitably louder than the ones of satisfaction.
I am aware of the caching and the ILIO products although I haven't direct experience of using the latter.
Adding RAM is preferable to adding top-tier storage, I agree but it requires care given the switch to 2M blocks as opposed to 4K.
And it still backs off to storage.
That said I'd be interested in seeing some real world load and performance figures.
Adding in ILIO just adds yet another layer of complexity and management and skills required (although from what I've heard of it elsewhere it does the job extremely well). I think these are solutions to problems that shouldn't be there in the first place.
I guess my point is that whilst these go some way to mitigating performance bottlenecks, it doesn't go any way to providing a wider use case.
Honestly I am yet to hear a compelling wider use argument for VDI. I does have uses that is for sure but not to the wider scale.
And I've heard some spurious arguments for it (honestly I've genuinely heard these):
You cannot publish a desktop from XenApp
You need VDI to get non-persistent disks. You cannot do that with XenApp
But none of my applications work on XenApp*
It's quicker than XenApp
It's cheaper than XenApp
*I don't think I've come across an app that won't work with Citrix for years, although I've come across a couple that don't work with the underlying server OS. Now that might make a use case for VDI or it just might mean another delivery mechanism is required (thick client, application virtualisation etc).
Honestly I'm not dead-set against VDI, but the compelling arguments are missing, to me, for the wider adoption.
I saw a VDI deployment project fail. It was about removing desktops and laptops and replacing them with dumb wise-style terminals and a big VDI back end infrastructure.
They found that once moved to VDI people still wanted to keep their desktops and laptops for a couple of reasons: the dumb terminals had serious issues with video and teleconferencing, and the WAN links failing or under performing left them without being able to keep working locally.
Cost wise the dumb terminals they choose were Microsoft CE based and its cost was higher than an entry level netbook or a Chromebook, and then they faced the burden of keeping all existing support infrastructure alive PLUS paying for and keeping all the VDI infrastructure PLUS the additional WAN bandwidth required to keep VDI streaming working. The business case wend down the drain before even starting to talk about licensing and yes, they should have accounted for all this beforehand but they didn't
VDI only makes sense if you go for the cheapest of the cheap dumb terminals (perhaps running Linux so you don't have to pay yet more MS licenses) and completely abolish desktops and laptops. Which is to say, almost nowhere except perhaps data entry shops.
Common mistake on the dumb terminals. Most just assume that everything is taken care of at the backend with Citrix VDI (like it is with View/Horizon) but the relationship between front and backend with Citrix is symbiotic and terminals need to be chosen with care and a view on users requirements for their job role. Zero's and basic Terminals are fine for task workers who have a couple of apps and no need for voice/video or rich media, however all too often they are chosen on a blanket basis on the misguided advice that they are all that is needed.
Sadly to have more capability you generally need Windows Embedded and all the support requirements and additional costs to go with them.
The above case is exactly what I spoke about earlier, blanket cover and perpetuating the 'cheaper' myth.
VDI makes sense if it is targeted at certain worker profiles that it suits and those that it doesn't are left with a traditional PC and also if your requirement is a highly controlled automated environment with a high degree of data security and not for cost considerations.
On the storage point, fast storage has actually become quite easy to address, largely due to SSD technology and some of the clever software solutions out there (Atlantis and VMware VSAN spring to mind).
VDI actually improves management and control - using template deployed desktops, particularly in the Linked Clone/non-persistent type approach makes maintenance and security much easier - more so in a zero/thin client estate. Managing disparate desktops and laptops, each requiring regular feeding and watering with OS and application patches and AV, all the while distancing themselves from the initial configuration is always going to be much more painful, even with products like SCCM etc to help. Of course, in a smaller environment man handling lots of old fashioned thick clients is less of a problem, but scale it up...
I agree that it's not the right fit in all cases (what solution is?), but it can be used to solve some really serious issues in increasing varieties of use cases. But I'd add this - If a salesman tries to tell you it'll save you money - smile politely, then kick his sorry ass out of the door!
I have seen VDI (specifically Citrix XenApp) work for a medical patient admin system - it was very useful for things like remote access and access from PCs owned by another organisation. The problem was that all access had to be through VDI (even from locally owned PCs) and that it was hosted off site by CSC on Windown NT; the link bombed out multiple times a day kicking everyone off.
VDI for some cases can be very useful, but you should be wary of making everything VDI, and of hosting off site unless you have very fat, reliable and redundant links. Either way though it is unlikely to be a significant money saver.
I run the VDI infrastructure in my office. Approx 200 staff.
We have 5 DL380s with Fusion IO cards for write cache fast IOPS. No SAN for the desktops. Of course the PVS servers deliver from SAN but cached in memory.
We stream three different discs delivered to three different groups of staff. Assignment dependent on work load and some application access. We had to overcome some very similar issues to what you have described.
Personalisation dealt with by AppSense which is allows us to layer settings and minimize log on times and deal with mapped drives on an AD group level.
Our use case for VDI was ensuring the same working environment whether working in head office, Lloyd's or home. The same session can be picked up anywhere. Further more patching and software deployment takes minutes of streamed or maybe an hour or two if an image needs updating.
Back on topic, licensing is a ball ache. It was a big stumbling block for us.
I can't help but notice that the "we do it" comments include a lot of third party add-ons both in hardware and software - AppSense*, ILIOS, FusionIO, to help it along...which brings me back to my initial point of added complexity and cost.
All of these perceived benefits that are being listed - you can do exactly the same thing with PVS provisioned XenApp servers.
*I am a big fan of AppSense. The trusted ownership model in Application Manager alone is a huge boon to enterprise clients and makes application control so much easier.
A reason I forgot to mention were 16bit apps. Latest XenApp is 64bit only which limited us.
One workaround I've traditionally used here is to throw in a 2008 (non-R2) server or two to serve up legacy apps like that. The problem being you're then perpetuating the use of them, rather than the better game of trying to find replacements.
For very legacy apps the best solution we have come up with so far is actually to run them on Linux under Wine, then stream them out to the desktop.
You may laugh, but Wine still officially supports 16 bit Windows executables, even under a 64 bit OS install. This way you remain under full support and maintain a working solution. Take a look at this and this.
We've been running non-peristent VDI desktops (VMware View) using zero clients at my org for the last three years.
Pros:
Updates: Update the master image, redeploy, voila, all desktops are running the latest and you know you have 100% coverage/compliance - there's no possibility that an endpoint got left out. Update goes wrong? Simple rollback, so we're able to push updates sooner without weeks of testing.
Audits: My auditors love my VDI environment. From the zero clients on the desk (steal one, go ahead and see how much data you take with you), to the consistent, up-to-date and verifiable software stack, to secure remote access, etc.
Ubiquitous Access/DR: Probably the biggest benefit of VDI that's hard (but not impossible) to replicate with physical desktops. My users can log on from anywhere using just about any device, and have the same desktop experience follow them everywhere they go. They leave their desktop, walk to a conference room (or go home) and connect there and the desktop is open exactly where they left it.
And if my building burns down tonight? No issue - I'll have those same user desktops up and running in three hours at my DR site (we do this test every year and it really works), and no one will even know. Just work from home.
Cons:
Cost: As mentioned, you need the IOPs to handle VDI, you need stupid MS VDA (blackmail) licenses, Teradici sucks, and you need expertise to keep it all running. And if you're smart you have a mirrored test environment. See the next two points.
Terror: Even after three years I still have that horrible feeling every now and then about my pool not coming up properly. What happens if View stops working, or a deployment goes South and I can't get my desktops back up. You have all your eggs in one basket and it's all or nothing; either all your desktops are working, or none of them are. That would mean the business is dead in the water, and that can be terrifying at times, especially when you're upgrading View or making other infrastructure changes that shouldn't affect your desktops... but what if you're wrong? (And no, I can't afford a mirrored test environment.)
Compatibility: This is becoming a big one for us. We now have users wanting to local document scanning and video conference calling. Guess what? Zero clients support neither of these (at least not in a way where they have a chance of actually performing decently), so now we're looking at moving to thin clients with RTAV support. If we do this then all the same patching/security issues as a full desktop come back. Oh, and Teradici just pulled the rug out from anyone using their Gen 1 zero clients. No more support going forward - you'll need to buy all new hardware if you want to use View 6 and beyond. See the cost issue above. VDI is not cheap, and did I mention that Teradici sucks?
So after three years we're seriously thinking about going back to physical desktops. If I could elegantly solve the ubiquitous access/DR problem we probably would have moved already. I suspect the compatibility issues with video and local doc scanning are what will probably force us to move back.
In hindsight would I choose VDI desktops again knowing what I know now? Probably not. I would have spent some of that money on the best endpoint management/security tools I could buy, and I would have built Terminal Servers and used roaming profiles/folder redirection for DR. Not the same experience, but close, and more than good enough to keep the business running.
So think hard about why you're doing a VDI deployment and make sure you have a plan to accommodate things like high bandwidth USB peripherals and video cams that don't play nicely in a VDI environment without serious local desktop resources. Once you look at the entire cost, risk, and complexity you may find it cheaper just to manage your local desktops better.
Software which is free to acquire is not the same thing as free to use in operation.
You still need support. In house that means suitably qualified staff. It also means suitable support contracts with the vendor for when things do inevitably go completely tits up.
Also, back in the real world, just how many enterprise customers have the time, experience and money to migrate infrastructure that mostly works?
And then there's end user training.
Open source has a place for sure. But let's not perpetuate the 'cost of nothing' myth.
And let's remember that most end users aren't typical el reg readers. They have neither the ability nor the desire to learn something radically new.
Upvoted both the "move to Linux" and its response. Truth is, each business is different and the business case that does not apply in some place applies in another. For example, I know of a research institution that uses nothing but Unix/Linux both in servers and desktops. In this place, doing VDI over Linux would be just natural. They have already the staff and infrastructure in place to do it.
But that's not always the case, and before embarking on any such project you need to take into account everything, not just the licensing costs.
Small biz customer, no agreements, all OEM stuff. 2003 upgrade with a need for 3 x external users to remote into the office. After doing a cost analysis, which included the VDA, it was cheaper in the long run to get 3 cheap PCs and shove them into a cupboard rather than dropping them into hyper-v.
MS are killing the whole VDI concept because they want a share of the market despite the fact that the end computers are already running Windows and need to remote into another Windows machine.
£80 or so per year may not be much, but on the basis that I just brought 3 x lenovos for £213 each (insight UK) it means there's no long term costs. Sure, there's a bit of electricity, but thats only pennies.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
