Home > Blogs > VMware Consulting Blog


End User Computing 101: Network and Security

By TJ Vatsa, Principal Architect, VMware Professional Services

TJ Vatsa

In my first post on the topic of End User Computing (EUC), I provided a few digestible tidbits around infrastructure, desktop and server power, and storage. In this post, we’ll go a bit further into the infrastructure components that affect user experience and how users interact with the VDI infrastructure. We’ll cover network and security, devices, converged appliances, and desktop as a service.

Let’s look a bit more closely at network and security first.

Network and Security

To ensure acceptable VDI user experience, monitor the bandwidth and latency or jitter of the network. This means performing the appropriate network assessment by deploying monitoring tools to first establish a baseline. Once that’s completed, you’ll need to monitor the network resources against those baselines. As with any network, high latency can negatively affect performance, though some components are more sensitive to high latency than others.

When deploying Horizon View desktops using the PC-over-IP (PCoIP) remote display protocol in a WAN environment, consider the Quality of Service (QOS) aspect. Ensure that the round-trip network latency is less than 250 ms. And know that PCoIP is a real-time protocol, so it operates just like VoIP, IPTV, and other UDP-based streaming protocols.

To make sure that PCoIP is properly delivered, it needs to be tagged in QoS so that it can compete fairly across the network with other real-time protocols. To achieve this objective, PCoIP must be prioritized above other non-critical and latency tolerant protocols (for example, file transfers and print jobs). Failure to tag PCoIP properly in a congested network environment leads to PCoIP packet loss and a poor user experience, as PCoIP adapts down in response. For instance, tag and classify PCoIP as interactive real-time traffic. (Classify PCoIP just below VoIP, but above all other TCP-based traffic.)

For optimizing network bandwidth, ensure that you’ve got a full-duplex end-to-end network link. Consider segmenting PCoIP traffic via IP Quality of Service (QoS) Differentiated Services Code Point (DSCP) or a layer 2 Class of Service (CoS) or virtual LAN (VLAN). While using VPN, ensure that UDP traffic is supported.

Enterprise security for corporate virtual desktops is of paramount importance for the successful rollout of VDI infrastructure. It is highly recommended that an enterprise scale, policy-based management security solution be used to define and enforce security policies within the enterprise.

Based on typical customer requirements, secure access to the VDI infrastructure is provisioned via the following user access modes:

  1. LAN Users: VDI users accessing virtual desktop infrastructure via the corporate LAN network.
  2. VPN Users: VDI users accessing corporate virtual desktop infrastructure via the VPN tunnel.
  3. Public Network Users: VDI users accessing virtual desktop infrastructure via the public network.

Use Case: VDI User Secure Access Modes

Enforcing authentication and authorization policies is a domain by itself, and is influenced by industry verticals. For instance, many hospitals prefer “tap-‘n’-go” solutions to authenticate and authorize their clinical staff to access devices and Electronic Medical Record (EMR) applications. The regulatory compliance perspective should not be ignored either when it comes to industry verticals, such as HIPAA for healthcare industry and PCI for the financial industry.

Note: The scenario depicted below is that of a typical public network user.

Infrastructure scenario

Horizon View infrastructure can be easily optimized to support any combination of secure VDI user access modes.

Devices

Based on security policies and regulatory compliance standards that are prevalent within the enterprise, I highly recommended doing a thorough end user devices/endpoints assessment. You’ll want to categorize your users based on desktop communities that support one or more types of endpoints. VMware’s Horizon View client supports a variety of endpoints, whether they’re desktops, laptops, thin clients, zero clients, mobile devices, or tablets that support iOS, Android, Mac OS X, Linux, Windows, HTML Access—just to name a few.

Converged Appliances

The converged appliances industry is rapidly and effectively maturing as more and more customers prefer converged appliances because they enable faster infrastructure deployment times. From an EUC infrastructure perspective, it’s important to evaluate available converged appliance solutions available for your business scenarios.

Vendors are and will be providing customized and optimized solutions for EUC, business continuity and disaster recovery (BCDR) as x-in-a-box, wherein the required infrastructure components, hardware and software have been validated and optimized to cater to specific business scenarios.

Desktop as a Service (DaaS)

Some customers worry about EUC datacenter planning, infrastructure procurement, and deployment.

DaaS scenario

Look to hosted desktop services, such as Horizon DaaS, to address business requirements and use cases that revolve around development, testing, seasonal bursts, and even BCDR. DaaS can even provide a more economical alternative to traditional datacenter deployment. For instance, DaaS reduces your up-front costs and lowers your desktop TCO with predictable cloud economics that enable you to move from CapEx to OpEx in a predictable way.

Plus, users can access Windows desktops and applications from the cloud on any device, including tablets, smartphones, laptops, PCs, thin clients, and zero clients. DaaS solutions like Horizon DaaS desktops can also be tailored to meet the simplest or most demanding workloads, from call center software to CAD and 3D graphics packages.

In these first two posts, we’ve gotten a good handle on infrastructure, devices, and security. In my next post, I’ll cover mobility and BYOD along with applications and image management, and weave it all together with EUC project methodology.


TJ has worked at VMware for the past four years, with over 20 years of experience in the IT industry. At VMware TJ has focused on enterprise architecture and applied his extensive experience to Cloud Computing, Virtual Desktop Infrastructure, SOA planning and implementation, functional/solution architecture, enterprise data services and technical project management.

TJ holds a Bachelor of Engineering degree in Electronics and Communications from Delhi University and has attained multiple industry and professional certifications in enterprise architecture and technology platforms. TJ is a speaker and a panelist at industry conferences such as VMworld, VMware’s PEX (Partner Exchange) and BEAworld. His passion is the real-life application of technology to drive successful user experiences and business outcomes.

2 thoughts on “End User Computing 101: Network and Security

  1. Mr. Rodd

    Thank you, sir. Learned a lot. Looking forward to the third edition in your series.

    Reply
  2. Pingback: EUC Datacenter Design Series -- EVO:RAIL VDI Scalability Reference | VMware Consulting Blog - VMware Blogs

Leave a Reply

Your email address will not be published. Required fields are marked *

*