Desktop virtualization is a broad term that can have multiple meanings. As a concept, Desktop virtualization refers to separating the desktop computing environment from the physical machine. Various strategies can be employed to acheive this goal, and various vendors have released products to accomplish this. At RedShift Solutions, our Desktop Strategy centers on Virtualization – treating the enterprise desktop as a set of layers (Hardware, OS, Application, User) and then virtualizating and managing these layers as discrete entities. This reduces the dependencies between the layers and facilitates true Desktop Virtualization.
This is a key concept as it relates to Desktop Virtualization. Some definitions may indicate VDI or Virtual Desktop Infrastructure, where the entire Desktop is virtualized, hosted in the datacenter within a VM and delivered to the end user via various remote access technologies. This model has its advantages but if the underlying Desktop Management practices are not sound, then essentially what has been accomplished is that a physical asset with all of its inherent management challenges (user profile issues, application deployment issues, patching/security risks, etc) has simply been virtualized and moved to the data center. There would still be some benefits to an en masse physical to virtual migration and adoption of VDI even if the upper layers of the stack (application and user) were not addressed – notably, driver issues with hardware platforms and enhanced remote access.
However, as a rule it is better to begin managing the layers appropriately and introducing virtualization into the stack at each layer. Most organizations are not willing or ready to implement full VDI without taking stock of their environment and addressing the challenges – as mentioned, this simply takes the problem from the Desktop to the Data Center. Rather, by implementing Desktop Virtualization concepts right on the physical desktop, organizations can position themselves for success in the future, whether it’s an OS migration or a VDI implementation. By abstracting each layer, virtualizing it, then managing and delivering it dynamically, all of the benefits of VDI can truly be leveraged.
In a typical scenario, it is most effective to start at the top and work downward. By starting at the top (the user layer) and moving progressively downward, IT administrators are able to achieve the most seamless transition possible in moving to a dynamic, well-managed desktop that leverages virtualization across the stack.
Imagine that an effective user virtualization solution has been implemented. Desktop and user policies are being enforced, and Desktop and Application-specific user personalization settings are being captured and managed. The “personality” of the user – that is, the settings and configuration items they require in order to work (drive and printer mappings, security policies, shortcuts, icons, application configuration items, etc) as well as their own personalization of the OS and applications are being centrally stored and managed. These settings and personalizations are streamed to the desktop whenever the user logs in. This results in a true “follow me” personality across desktop delivery mechanisms – whether the application is being accessed as a locally installed app, via Citrix or as a virtual application via Application Virtualization.
Now imagine that all of the applications required for the user in their role have been virtualized and policy assignments have been configured for that role to receive those applications through Application Virtualization. The applications are streamed down at launch. As they are used and customized, User Virtualization captures this personality. As the user roams across devices, from their Desktop to a boardroom or laptop, their applications also follow them. Because Application Virtualization publishes the shortcuts for all authorized applications and then streams down the virtual application package to the client at launch, only the apps needed for a given logon session are actually loaded on the client. But they are never installed. They never modify the underlying Operating System. By virtualizing both of these layers – the user personality and the applications they require, organizations are able to deliver desktops as a service. Even without a VDI scenario, there are huge benefits to this model of user and application delivery. The desktop is simply a commodity. A standard, locked down and lightweight “thin” image can be deployed. The desktops never have to move and follow the user around because this management model is user-centric, not machine centric. If there is a catastrophic failure of the desktop, a replacement can be deployed immediately or the existing desktop can be re-imaged with no impact to the end user – all of their applications and user settings are being centrally managed and delivered dynamically.
Now take it a step further. Once that kind of desktop environment has been established, it becomes easy to flow between Operating Systems and delivery mechanisms. Take your existing virtual application packages and publish them to your Citrix XenApp environment. Install a user virtualization solution to your XenApp servers and now the user personality will follow the user to their remote access points as well. They will be using the same virtual application packages – everything will be consistent. Simple, consistent user access to services – that’s the vision. You want to start rolling out Windows 7? Simply ensure your application and user virtualization clients are installed in your Windows 7 image (both 32 or 64 bit Operating Systems) and those virtual application packages and user personality will be streamed down to the Windows 7 box. No more USMT, no more packaging nightmares and application conflicts.
Now VDI starts to become a reality. You want to provide your users with access to their full, rich Desktop experience from any device and from anywhere. You want to enable secure, performant remote access to their enterprise computing environment. They want their familiar desktop with the shortcuts, icons, favorites, and applications they are so comfortable using. Now that you are already delivering the user and the applications as a service, you can truly deliver the entire Desktop as a service. In most environments, a one-to-one relationship between the user and their Virtual Desktop would be prohibitively expensive, plus would simply perpetuate the ongoing challenges with managing hundreds or thousands of desktops. Robust systems management tools would still be required, and as each user began using their Virtual Desktop, it would quickly become a unique, unpredictable entity. However, if User and Application Virtualization have been implemented, then it becomes feasible to create a single Gold image from which child images are spawned and delivered dynamically to end users. There are many options in terms of VDI architecture, but as a general concept, the ability to manage only a single Gold image is one of the key values to this model of Desktop delivery.
Now you are managing the OS independently of the Applications and the User. You are centrally managing the OS and dynamically delivering it to the end user. When they log into their Virtual Desktop they are getting a clean, pristine VM that is security hardened, patched, and up to date, delivered from a pool of desktops available to that user. As they use the VM and make changes, AppSense is capturing those user-specific changes. App-V is delivering the applications dynamically, streaming them down (or, in the newest versions of the tool, running the virtual application packages directly off of the network via a shared application cache). When they log off, the VM is returned to the pool.
Because everything is housed in the datacenter, users can access these Virtual Desktops from anywhere. With technologies like Citrix XenDesktop, they can be accessed from most devices as well, including Mac OS X, iPhone, Android, Blackberry, Thin Clients, and of course Windows Operating Systems, whether it’s a laptop or a kiosk or simply their home computer. Now the desktop is truly being delivered as a service – on demand, from anywhere and from any device. IT organizations could grant users a technology allowance and provide the appropriate network ports and hardware (monitors, keyboards) in each office, allowing users to connect their personal device to a guest network that connects them through an access gateway to their virtual desktop. Users would have the flexibility to move from office to office and always access their own desktop, and IT would not have to continually ensure that the hardware stayed tied to the user. When the user roamed offsite, they would still have access to their Virtual Desktop across the internet – and everything would remain secure in the datacenter.