network and server demands of a virtual desktop infra- structure may ... as Dell PowerEdge servers, this application del
Client Security and virtualization
How to Optimize Virtual Desktop Infrastructure Deployments with F5 BIG-IP By Alan Murphy
Centralized management helps improve efficiency, but delivering desktop images over a network can incur cost, security, and latency trade-offs. Application delivery platforms from F5 Networks such as F5® BIG-IP® devices connected to virtualized Dell ™ PowerEdge ™ servers help organizations deploy a virtual desktop infrastructure designed to simplify management and reduce costs.
D
eploying and managing desktop computers,
especially in large-scale environments, may prevent
especially remote desktop computers, can
some organizations from achieving the potential ben-
be costly and time-consuming. As a result,
efits of virtual desktop infrastructure technology.
many organizations are transitioning to a virtual desk-
F5 Networks helps organizations prepare their
top infrastructure for their client environments to help
IT environments for a successful virtual desktop
centralize management and reduce costs. In a virtual
infrastructure deployment by offering a range of
desktop infrastructure, desktop images are offloaded
application delivery solutions. When combined with
to data center servers and distributed to clients over
scalable virtual machine (VM) host platforms such
Related Categories:
the network using these virtual environments,
as Dell PowerEdge servers, this application delivery
F5 Networks
enabling centralized management of desktop images
system helps organizations dramatically enhance
Flexible computing
without compromising the end-user experience. By
the performance and availability of their enterprise
avoiding the burden of deploying individual desktop
virtual desktop infrastructure deployments, enabling
images, a virtual desktop infrastructure can help dra-
them to take advantage of the benefits of reduced
matically increase manageability while contributing
costs, simplified management, and enhanced secu-
to reduced total cost of ownership across the enter-
rity while still offering a robust and familiar end-
prise desktop environment.
user experience.
Microsoft Virtualization VMware Visit DELL.COM/PowerSolutions for the complete category index.
But first, IT decision makers must resolve concerns common concerns of virtual desktop infrastructure
Enhancing desktop security and manageability
deployments that can frustrate end users and lead to
Traditional enterprise desktop deployments can be
diminished productivity. In particular, the intensified
costly to manage and difficult to secure. For exam-
network and server demands of a virtual desktop infra-
ple, in a typical non-virtualized environment, desktop
structure may increase application latency and reduce
computers must be managed individually. As a
application availability, especially over wide area
result, tasks such as image deployment and ongoing
network (WAN) and other remote connections.
administration of application updates and security
As a result, concerns about application performance,
patches can be costly and cumbersome. Because IT
about reduced performance and availability, which are
68
DELL POWER SOLUTIONS | June 2009
Reprinted from Dell Power Solutions, June 2009. Copyright © 2009 Dell Inc. All rights reserved.
organizations often do not have consis-
happens on the servers with specialized
outside an organization firewall, over con-
tent access to or control over end-user
platform software, such as VMware® View,
gested links, or through access from an
desktops, maintaining security and ensur-
delivered over the network, and the propri-
autonomous network. Also, load on VM
ing regulatory compliance can be difficult
etary client application performs only
servers running virtualized desktops can
as well. For example, in a traditional non-
graphics processing and other user inter-
negatively impact the performance and
virtualized desktop environment, failure
face functions. Alternatively, a virtual desk-
availability of those virtual desktop images
to prevent users from adding unauthor-
top infrastructure may be deployed over
because processing desktop graphical
ized applications or other content to their
the Web. In this case, centrally stored desk-
user interfaces is I/O intensive. Overall,
desktops can result in compromised
tops are accessed through a Web browser.
concern about potential performance
enterprise security and violations of reg-
Another option is to virtualize individual
degradation, especially in large-scale
ulatory legislation such as the Health
applications rather than the entire desktop,
environments, is one of the main reasons
Insurance Portability and Accountability
which allows the desktop image to remain
why IT organizations may hesitate to
Act (HIPAA).
on the end-user device while certain indi-
adopt a virtual desktop infrastructure.
By enabling centralized control of desktop images, a virtual desktop infra-
vidual applications are stored on centralized servers and run remotely.
To help enterprises meet the additional network and server requirements imposed by a virtual desktop infrastructure, F5
structure is designed to eliminate many of
Networks offers easy-to-deploy solutions
robust, familiar user experience. For exam-
Optimizing virtual desktop infrastructure deployments
ple, because desktop images are stored
Although the move to a virtual desktop
performance for VM servers. F5 BIG-IP
centrally rather than on individual desk-
infrastructure can deliver tremendous
Local Traffic Manager™ (LTM) systems pro-
tops, administrators can easily deploy
benefits, IT organizations must address
vide load balancing and traffic management
images, updates, and patches without
the potential risks of reduced application
functions that enhance the performance
needing to manually service individual end-
performance and availability that can frus-
and availability of VMs when using a virtual
user devices. Centralized management also
trate end users and compromise worker
desktop platform such as VMware View
allows IT organizations to easily identify
productivity. Because a virtual desktop
(see Figure 1). Key capabilities of BIG-IP
and remove unauthorized applications or
infrastructure can send large amounts of
LTM include the following:
content, which helps simplify enterprise
data over WAN and other remote connec-
security and regulatory compliance tasks.
tions, limitations in network bandwidth
Desktop virtualization technology can
and performance are key considerations
to load balance traffic and workloads
be deployed in several ways. Typically, the
for organizations considering this type of
across VMs to help maximize availabil-
entire desktop image is offloaded to
infrastructure.
ity and performance. For example, in a
the problems associated with desktop management without compromising a
designed to mitigate limitations of WAN connectivity and deliver scalability and
■■
Load balancing: BIG-IP LTM is designed
centralized servers and virtualized. In this
Network-induced problems are highly
VMware View virtual desktop infra-
case, application and desktop processing
pronounced when data is transferred
structure deployment, BIG-IP LTM can monitor the health of VMware View connection servers and balance the workload based on the status of individual connections. BIG-IP LTM can also make load-balancing decisions based on response times.
F5 BIG-IP LTM or GTM devices
■■
Client connection persistence: BIG-IP LTM manages client connection persistence based on unique sessions, which can be a more robust approach
F5 FirePass controller
®
VMware View Manager clients
than persistence based on the typical VMware View connection servers
Virtual desktop pool
VMware vCenter Server
source IP address. For example, in a VMware View virtual desktop infrastructure deployment, if users are accessing virtual desktops through a Web proxy, BIG-IP LTM can distribute
Figure 1. Traffic management services and load balancing in an F5 and VMware View environment Reprinted from Dell Power Solutions, June 2009. Copyright © 2009 Dell Inc. All rights reserved.
and maintain the connections among DELL.COM/PowerSolutions
69
Client Security and virtualization
“Many organizations are transitioning
to a virtual desktop infrastructure for their client environments to help centralize management and reduce costs.”
Preparing the IT environment for a virtual desktop infrastructure Virtual desktop infrastructures have the potential to deliver tremendous benefits to enterprise IT organizations. By centralizing control of enterprise desktops, a virtual desktop infrastructure helps organizations
■■
the VMware View connection servers
performance than call center employees.
dramatically increase manageability and
rather than sending the following con-
With BIG-IP LTM, user connections from
security and decrease total cost of owner-
nections from that proxy server to a
the engineering group can be routed to
ship. Application delivery solutions from
single connection or security server.
a dedicated pool of desktop VMs,
F5 Networks help organizations prepare
Secure Sockets Layer (SSL) process-
whereas call center users would be
their network and storage infrastructures
ing: SSL processing can place a large
routed to general, lower-performing
for the increased load introduced by a
burden on VM servers, especially
desktop VMs. This approach helps
virtual desktop infrastructure, helping
during logon procedures. BIG-IP LTM
ensure organizations can meet different
ensure that end users experience the per-
can offload SSL processing from VM
SLAs for different groups of users.
formance and availability they have come to expect from their desktops.
servers, helping free the servers to optimize delivery of virtual desktop ■■
■■
■■
■■
70
In addition, F5 Networks offers BIG-IP
infrastructure functionality.
Global Traffic Manager™ (GTM) systems,
Alan Murphy is the technical marketing man-
Compression: BIG-IP LTM can provide
which enhance application performance
ager for management and virtualization solu-
asymmetric compression to the client
and availability through intelligent rout-
tions at F5 Networks. Alan provides strategic
for traffic such as JavaScript and HTML,
ing between data centers. BIG-IP GTM is
counsel on the F5 product suite to custom-
and can offer symmetric compression
designed to route incoming virtual desk-
ers, prospects, and analysts through evalu-
in architectures with symmetric local
top infrastructure traffic to the highest-
ation and analysis of current technical
traffic managers, such as a BIG-IP LTM
performing data center depending on the
market trends and the competitive virtual-
device in the data center and a BIG-IP
location, link conditions, and data center
ization and security landscape. He has over
LTM device in the remote office.
conditions for end users. Intelligent rout-
15 years of experience in IT, including UNIX®
Data deduplication: BIG-IP LTM with
ing helps ensure that clients can access
systems administration, systems and data
the BIG-IP WebAccelerator™ module
their virtual desktops irrespective of the
security, and incident response, and holds
can perform data deduplication in
availability of any single data center.
GIAC Certified Incident Handler (GCIH) and
asymmetric deployment architectures,
F5 application delivery devices are
helping to decrease the overall amount
designed to work with a range of virtual
of data that needs to traverse the WAN
desktop infrastructure architectures,
and enhance user experience.
including VMware View and Microsoft®
Rapid deployment template: BIG-IP
Virtual Desktop Infrastructure (VDI) tech-
LTM includes an application template
nologies, along with application virtual-
specific to VMware View, which pro-
ization solutions such as VMware ThinApp
vides administrators with a wizard-like
and Microsoft Application Virtualization
interface to rapidly configure and
(App-V). F5 platforms are also designed
deploy BIG-IP LTM with VMware View.
to deliver excellent application perfor-
This template helps simplify the
mance at all levels of scale, from small
deployment process, minimize the risk
deployments to large-scale deployments,
of configuration errors, and reduce the
and to work seamlessly with VM server
administrative costs of deployment.
infrastructures based on Dell PowerEdge
User-level service-level agreement
servers. Additionally, F5 Networks offers
(SLA): Different categories or groups of
application templates that help stream-
users may have different service levels
line and simplify deployment for a range
in terms of importance and performance;
of virtual desktop infrastructures, includ-
for example, users in an engineering
ing those based on VMware View and
group may have a higher priority for
VMware ThinApp.
DELL POWER SOLUTIONS | June 2009
Red Hat Certified Engineer® (RHCE®) certifications.
QUICK LINKs F5 Networks: www.f5.com F5 virtualization solutions: www.f5.com/solutions/ virtualization VMware View Reference Architecture Kit: www.vmware.com/resources/ techresources/1084
Reprinted from Dell Power Solutions, June 2009. Copyright © 2009 Dell Inc. All rights reserved.
