Home > Blogs > VMware Consulting Blog > Tag Archives: TJ Vatsa

Tag Archives: TJ Vatsa

EUC Design Series: Horizon 7 Strategy for Desktop Evolution to IoT Revolution

TJBy TJ Vatsa

Introduction

Mobility and end-user computing (EUC) are evolving at a very rapid pace. With the recent announcements made by VMware around Horizon 7 it becomes all the more important to recalibrate and remap the emerging innovation trends to your existing enterprise EUC and application rationalization strategies. For business and IT leaders, burning questions emerge:

  • “What are these EUC innovations leading to, and why should it matter to my organization?”
  • “What is the end-user desktop in the EUC realm evolving into, and are these innovations a precursor to an IoT (Internet of Things) revolution?”
  • “What outcomes might we expect if we were to adopt these innovations in our organizations?”
  • “How do we need to restructure our existing EUC/mobility team to fully leverage the mobility evolution?”

Now there are enough questions to get your creative juices flowing! Let’s dive right in.

The What

Desktop virtualization revolutionized how end-user desktops with their applications and data were securely managed within the guard rails of a secure data center. These were essentially Generation1 (Gen1) desktops that were persistent (AKA full clone) desktops within a virtual machine (VM) container. While the benefit was mainly secure encapsulation within a data center, the downside was cumbersome provisioning with a bloated storage footprint. For instance, if you had one persistent desktop with a 50 GB base image and 100 users, you would be looking at 5,000 GB—or 5 TB—of storage. In an enterprise where we have thousands of users with unique operating system and application requirements, the infrastructure capital expenditures (CAPEX) and the associated operational expenditures (OPEX) would be through the roof.

The preceding scenario was solved by the Generation2 (Gen2) virtual desktops, which were classified as non-persistent (AKA linked clone) desktops. Gen2 desktops relied on a parent base-image (AKA a replica), and the resulting linked clones referenced this replica for all read operations, and had delta disks to store any individual writes. These desktops benefited from faster process automation using a Composer server (AKA desktop provisioning) that generated linked clones referencing a base replica image. This resulted in a significant reduction in the storage footprint and faster desktop provisioning times. This also aided in reducing the CAPEX and OPEX levels incurred in Gen1 desktops. However, the downside of desktop boot-up times was still not fully resolved because they are dependent on the storage media being used. Boot-up times were faster with flash storage and comparatively slower with spinning media storage. The OPEX associated with application management was still not fully resolved despite application virtualization technologies offered by various vendors. It still required management of multiple patches for desktop images and applications.

The panacea offered by the new Horizon 7 has accelerated the virtual desktop evolution to Generation3 (Gen3) desktops. Evolution to Gen3 results in just-in-time desktops and application stack delivery. This means you only have to patch the desktop once, clone it with its running state, and dynamically attach the application stack using VMware’s App Volumes. Gen3 virtual desktops from VMware have the benefits of Gen2 desktops, but without the operational overhead, resulting in reduced CAPEX and OPEX. Here is an infographic detailing the evolution:

TVatsa_Clone Desktop VM

Gen3 desktops pave the way for a Generation4+ (Gen4+) mobility platform that leverages VMware’s Enterprise Mobility Management (EMM) platform and the EUC platform into Workspace ONE, capable of tapping into all of the possibilities of mobility-enabled IoT solutions. The potential generated by these solutions is capable of being tapped across various vertical industries—healthcare, financial, retail, education, manufacturing, government and consumer packaged goods—creating an IoT revolution in days to come.

The Why

The innovations listed in the preceding section have the potential of transforming an enterprise’s business, IT and financial outcomes. The metrics to quantify these outcomes are best measured in the resulting CAPEX and OPEX reductions. The reduction in these expenditures not only fosters business agility as in accelerated M&A, but also enhances an organization’s workforce efficiency. The proof is in the pudding. Here is a sample snapshot of the outcomes from a healthcare customer:

TVatsa_Healthcare Customer Diagram

The How

While the mobility evolution and its leap to an IoT revolution is imminent with the promise of anticipated outcomes as mentioned earlier, the question still lingers: How do you align the roles within your organization to ride the wave of mobility transformation?

Here is a sample representation of the recommended roles for an enterprise mobility center of excellence (COE):

TVatsa_COE

Here is the description of field recommendations in terms of mandatory and recommended roles for an enterprise EUC/mobility transformation:

TVatsa_Proposed Org Roles

Conclusion

Given the rate at which enterprise mobility is evolving towards IoT, it is only a matter of time when every facet of our lives, from our work to home environments, will be fully transformed by this tectonic mobility driven IoT transformation. VMware’s mobility product portfolio, in combination with VMware’s experienced Professional Services Organization (PSO), can help you transform your enterprise onward in this revolutionary journey. VMware is ever-ready to be your trusted partner in this “DARE” endeavor. Until next time, go VMware!


TJ Vatsa is a principal architect and member of CTO Ambassadors at VMware representing the Professional Services organization. He has worked at VMware for more than five years and has more than 20 years of experience in the IT industry. During this time he has focused on enterprise architecture and applied his extensive experience in professional services and R&D to cloud computing, VDI infrastructure, SOA architecture planning and implementation, functional/solution architecture, enterprise data services and technical project management.

EUC Design Series: Application Rationalization and Workspace Management

TJBy TJ Vatsa

Introduction

Over the last few years, End User Computing (EUC) and the associated workspace mobility space have emerged to be transformational enterprise initiatives. Today’s workforce expects anytime and anywhere access to their applications, be it enterprise applications or user-installed applications (UIA), and everything in between. These expectations create newer opportunities, as well as newer challenges for the existing processes that are followed by enterprise and application architects. So what are the different facets of these challenges that the architects need to be aware of while analyzing and defining an enterprise application strategy? Let’s dive right in.

The What

Application rationalization is the process of strategizing an available set of corporate applications along the key perspectives of business priority, packaging, delivery, security, management and consumption to achieve a defined business outcome. The tangible artifact(s) The Whatof an application rationalization process is a leaner collection of one or more application catalogs. An application catalog is a logical grouping of application taxonomies based on a user’s roles and responsibilities within an organization, as well as within the enterprise. For instance, a user belonging to the finance department will have access to a department-specific catalog housing financial applications, as well as access to a corporate catalog housing all corporate-issued applications. While a user from the IT department will not need access to key financial applications used by a user from the finance department, they will have access to an IT-specific application catalog that may include applications like infrastructure monitoring. With end-user mobility/computing pervading every aspect of workforce productivity within the enterprise, organizations intend to leverage their existing investments in various application delivery platforms including those from VMware, Citrix, Microsoft and other vendors. The application rationalization process is an enabler of application governance, management and operations leading to minimal applications sprawl within the enterprise.

The Why

Traditionally, managing legacy applications has been a time-consuming and complex process from the perspective of application packaging, provisioning and monitoring. Delivery of such applications has been equally— if not more—complex. Add to that the constraints of application conflicts when it comes to supporting different devices and integration with other App Management 1 App Managementapplications. For instance, the requirement of integrating with the authentication process of an Identity Management (IDM) platform that all mission-critical applications need to support as part of the security directive coming from the Chief Information Security Officer’s (CISO) office.

So, first things first, we need to ask ourselves some of these key questions:

  • What are these applications, and what are the business priorities of these applications?
  • Do all these applications need to adhere to security directives and regulatory compliance directives such as HIPAA, PCI, etc., and if so, how soon?
  • Have the non-adherence risks been assessed, and what are the exceptions?
  • How do we package, provision, deliver, access, maintain, monitor and finally retire these applications?

What this means is that it is very important to make the available application catalog(s) lean in case they have become bulky over a given period of time due to inefficient Application Lifecycle Management (ALM) processes, mergers and acquisitions, emerging business priorities and other factors outside the control of enterprise, application and IT architects/leaders. Furthermore, the application portfolio(s) reflected in these collective catalogs need to be agile to support the ever-changing innovations in the areas of end-user mobility/computing, hybrid cloud, and the emerging Internet of Things-aware applications.

The How

A pragmatic approach to application rationalization relies on a strong foundation of people, processes and technology platforms. It is recommended to start by identifying some of the key application classifications along the lines of Mission Critical (MC), Business Critical (BC) and User Critical (UC) applications, and map these classifications to your user segmentation along the lines of key roles and responsibilities within and across the organizations. An existing organizational level RACI (Responsible, Accountable, Consulted, and Informed) matrix may come in very handy as part of this process. The information in the table below reflects a sample of how this could be accomplished.

The How

While the people and the processes parts may take multiple iterations, once these applications have been rationalized and the key stakeholders have been identified, we need to define an enterprise Application Management Architecture (AMA) to mature the EUC initiatives within an enterprise. The schematic below lists key components that help develop a mature Application Management Architecture.

App Management 1

What this means is that the AMA needs to address the following capabilities as illustrated in the schematic above:

  • Application packaging and isolation. For instance, whether the applications are natively installed in the base image or whether they are virtualized.
  • A unified application provisioning launch-pad for virtual, Web, Citrix XenApps, RDSH and SaaS applications.
  • Real-time application delivery for just-in-time desktops that would abstract the desktop guest operating system (GOS) from the end-user applications.
  • Unified authentication and application entitlement policy platform that supports Single Sign-on (SSO) and acts as a policy enforcement point (PEP) and a policy decision point (PDP).
  • Application maintenance capability that enables flexible patch management.
  • Application monitoring functionality that provides in-guest metrics for application performance monitoring.
  • Most importantly, supporting EUC mobility by interoperating with virtual, hybrid cloud and mobile platforms.

Conclusion

Now let’s tie it all together. VMware’s End User Computing (EUC) Workspace Environment Management (WEM) Solution includes VMware’s EUC product portfolio in combination with VMware’s experienced Professional Services Organization (PSO). This platform accelerates application rationalization initiatives by additionally providing application isolation, real-time application delivery and monitoring for Citrix and VMware environments. It facilitates comprehensive governance of end-user management with dynamic policy configuration so you can deliver a personalized environment to virtual, physical and cloud-hosted environments across devices. It is your fast track approach to success for your Application Rationalization initiatives within your enterprise where not only the technology—but also the people and processes—are given high priority. For additional information please visit VMware.

 

Find out more about Application Rationalization from the perspectives of an Enterprise EUC strategy and BCDR (Business Continuity and Disaster Recovery) by attending the following sessions at VMworld 2015, San Francisco.


TJ Vatsa is a Principal Architect and member of CTO Ambassadors at VMware representing the Professional Services organization. He has worked at VMware for the past 5+ years with more than 20 years of experience in the IT industry. During this time he has focused on enterprise architecture and applied his extensive experience in professional services and R&D to Cloud Computing, VDI infrastructure, SOA architecture planning and implementation, functional/solution architecture, enterprise data services and technical project management.

TJ holds a Bachelor of Engineering (BE) degree in Electronics and Communications from Delhi University, India, and has attained industry and professional certifications in enterprise architecture and technology platforms. He has also been a speaker and a panelist at industry conferences such as VMworld, VMware’s PEX (Partner Exchange), Briforum and BEAworld. He is an avid blogger who likes to write on real-life application of technology that drives successful business outcomes.

EUC Datacenter Design Series — EVO:RAIL VDI Scalability Reference

By TJ Vatsa with Fred Schimscheimer and Todd Dayton

End User Computing (EUC) has come of age and is continuing to mature by leaps and bounds. Customers are no longer considering virtual desktop infrastructure (VDI) as a tactical project but are looking at EUC holistically as an enterprise solution that accelerates EUC transformation. You can refer to the EUC Design 101 series here (Part 1, Part 2, and Part 3) or a consolidated perspective here (EUC Enterprise Solution). Having collaborated with my fellow colleagues Fred Schimscheimer and Todd Dayton (bios below) during the last few weeks, I intend to share the game changing revolution that VMware’s hyper-converged infrastructure solution is bringing to the EUC domain.

The Challenge
People familiar with VDI are well aware of the fact that a scalable production deployment requires systematic and thorough planning of the infrastructure, namely compute, storage and networking. This can be a daunting task for customers that are either chasing tight deadlines or do not have the available infrastructure or people resources. We have noticed this to be a perpetual challenge for many of our customers across different industry domains including healthcare, financial, insurance services, manufacturing and others.

The Panacea
During the last few years, hyper-converged appliances have been taking the industry by storm. By design these systems follow a modular, building block approach that scales out horizontally and is very quick to deploy. From the EUC infrastructure perspective, it has become necessary to acknowledge the efficiency of hyper-converged appliances. While there are vendors that have hyper-converged infrastructure that runs on VMware’s vSphere hypervisor, VMware’s foray into this domain, EVO:RAIL, was released for general availability during VMworld 2014 in San Francisco in September.

EVO:RAIL has been optimized for VMware’s vSphere and Virtual SAN technology with compute, storage and networking resources in a simple, integrated deployment, configuration, and management solution. EVO:RAIL is the next generation EUC building block for a Software Defined Data Center (SDDC).

Numbers Don’t Lie
During the last few months, our teams have been diligently testing and scaling EVO:RAIL for a variety of use cases such as EUC, Business Continuity and Disaster Recovery (BCDR) and X-in-a-box. The next few paragraphs will focus on our findings for Horizon 6 View desktops scalability.

You may be having lots of questions by now. So let’s take it one by one!

Q: What did the hardware configuration look like?
A: The test bed hardware infrastructure configuration was as follows:

EVO:RAIL Appliance

  • 4 x nodes
  • Each node
    • 2 x Intel E5-2620 @ 2.1 GHz
    • 192GB memory (12 x 16GB)
    • 3 x Hitachi SAS 10K 1.2TB MD
    • 1 x 400GB Intel S3700 SSD

Q: What did the software configuration look like?
A: The test bed View software configuration was as follows:

  • vSphere 5.5 + VSAN
  • Horizon View 6.0 (H6)

Table 1: Horizon 6 Configuration

Horizon 6 Configuration TableNote: vCSA=vCenter Server Appliance

Q: What did the VDI image configuration look like?
A: The test bed image configuration was as follows:

Table 2: Desktop Image Configuration

Desktop Image Configuration Table

Q: What types of View desktops did we test?
A: Horizon View 6, linked clone virtual desktops with floating assignments.

Q: What Horizon 6 configurations did we test?
A: The following configurations were tested using Reference Architecture Workload Code (RAWC):

Table 3: Load Test Configurations

Load Test Configurations

These configurations are pictorially represented in the following schematics:

Management Cluster and Desktop Cluster

 

Figure 1: Configurations #1a/#1b

The figure above represents EVO:RAIL appliances with separate Horizon 6 Management and Desktop clusters.

VDI-in-a-Box

Figure 2: Configuration #2

The figure above represents the EVO:RAIL appliance with both Horizon 6 Management and Desktop clusters in the same appliance. It also illustrates an N+1 configuration to support one node failure within the EVO:RAIL appliance.

Q: What did the results look like?
A: The following results were obtained after the configurations were stress tested using RAWC.

Test Category Results
RAWC Virtual SAN Observer
Config #1a Configuration 1a-RAWC Configuration 1a - VSAN
Config #1b Configuration 1b - RAWC Configuration 1b-VSAN
Config #2 Configuration 2 - RAWC Configuration 2 - VSAN

 

Note: Click the thumbnail images above to drill down into graph details.

Results Summary
The table below summarizes different test configurations and the tested consolidation ratios of numbers of virtual desktops to the EVO:RAIL appliance.

Table 4: Test Configuration Findings

Test Configuration Findings

We hope you will find this information to be useful and motivating. We are looking forward to you bravely adopting and implementing a VDI-in-a-box solution using VMware’s EVO:RAIL hyper-converged appliance in your Software Defined Data Center (SDDC).

Until next time, Go VMware!


Author

TJ VatsaTJ Vatsa is a Principal Architect and CTO Ambassador at VMware, representing the Professional Services organization. TJ has been working at VMware since 2010 and has over 20 years of experience in the IT industry. At VMware, TJ has focused on enterprise architecture and applied his extensive experience to cloud computing, virtual desktop infrastructure, SOA planning and implementation, functional/solution architecture, enterprise data services and technical project management. Catch TJ on Twitter, Facebook or LinkedIn.

Contributors

Fred SchimscheimerFred Schimscheimer has worked at VMware since 2007 and is currently a Staff Engineer in the EUC Office of the CTO. In his role, he helps out with prototyping, validating advanced development projects as well as doing product evaluations for potential acquisitions. He is the architect and author of RAWC – VMware’s first Reference Architecture Workload Simulator.

 

Todd DaytonTodd Dayton joined VMware in 2005 as the first field “Desktop Specialist” working on ACE (precursor to VDI). In his current role as a Principal Systems Engineer and CTO Ambassador, he continues to evangelize End User Computing (EUC) initiatives and opportunities for VMware’s customers.

End User Computing 101: Tying It Together with Mobility, BYOD, and Proper Methodology

By TJ Vatsa, Principal Architect, VMware Professional Services

TJ Vatsa

In the first two posts in this End User Computing (EUC) series (End User Computing 101 and Tips for Successful Deployments and End User Computing 101: Network and Security) I delved into EUC infrastructure, server power, network and security, devices, and appliances. Today, I’ll wrap up this three-post series by covering mobility and BYOD, application and image management, and touch on EUC project scenario and methodology.

First, let’s take a closer look at the mobility and Bring-Your-Own-Device (BYOD) space. If this is not well planned, deploying a mobility and BYOD policy (and the infrastructure to handle the influx of personal devices) can be a harrowing journey. With users today demanding anytime, anywhere access to business productivity applications, mobile devices, and data on personal devices, not having a policy in place can be even more detrimental.

Enterprise Mobility Management Platform

Components and framework to consider for managing mobility at the enterprise level

(For additional design considerations and tips for establishing a secure, manageable, and scalable enterprise Mobility & BYOD policy, read How to Set Up a BYOD/Mobility Policy.)

Applications and Image Management

These days, it’s not enough for users to have access inside the four walls of an office building. Users need anytime and anywhere access to their applications and associated data. While this may sound like a business and mobility use case, IT directors and managers need to analyze this requirement from the perspective of a unified application launch-pad a.k.a. a follow-me virtual workspace. This can mean virtualized applications, Software-as-a-Service (SaaS) applications, application publishing, web pages, virtual desktops, RDSH (Remote Desktop Session Host) desktops, to name a few.

Applications

When you look from the perspective of applications and data entitlement and policy management, it’s important to have a single source of truth—essentially, a repository for enterprise policy. This repository should not only facilitate one-stop-shop for policy definition, entitlement, and management, but also for operational excellence and auditing. VMware’s Workspace Portal provides these capabilities and a lot more.

Image Management

For desktop operational excellence in terms of swift provisioning, efficient management and centralized security, using VMware’s Horizon View means you won’t have to deal with “application and desktop image sprawl.”

As such, whether you use VMware or not, it’s imperative for enterprises to deploy a platform that provides centralized image management, image recovery, integrated PC break-fix and troubleshooting, and automated OS migration (to name a few).

It’s important to use desktop image management, not only for physical, but for virtual desktops as well. (VMware’s Horizon Mirage is one option to help make this happen.)

Weaving it together: EUC Project Methodology

Now that we’ve covered key EUC details, bringing it together with VMware’s Professional Services (PS) organization and our approved partner network is the best route to an agile methodology. It’s important that the methodology takes business and IT initiatives into consideration and turns them into successful business outcomes. This approach is composed of multiple iterative sequences.

Project Methodology

Each iteration focuses on requirements and vision, analysis, design, inventory details of implementations, and operational excellence. This approach not only enables early feedback, risk mitigation, and effective progress management, it also enables effective scope management and the perpetual enforcement of IT governance.

This iterative process begins with an analysis and assessment initiative that helps define the baseline by categorizing and prioritizing business and technical requirements. These requirements become part of detailed use cases that may also have business specific pre- and post-execution contingencies.

The use cases are then abstracted into a logical enterprise architecture design that is mapped to the available physical infrastructure. Once the physical design is ready, the pilot/blueprint implementation is initiated. This ensures compliance with business outcomes as defined by business sponsors. Upon successful user acceptance testing (UAT), VMware’s PS organization and partners test blueprints that are then rolled into the production environment with accompanying knowledge transfer (KT) sessions and role-based user training.

TJEUC img 8

 

By conforming to proper EUC infrastructure considerations, creating appropriate mobility and BYOD policies, adhering to best application and image management practices, and using a typical EUC project scenario that follows VMware’s iterative architecture methodology, you will set yourself up for success and effectively transform EUC and mobility initiatives within your organizations.


TJ has worked at VMware for the past four years, with over 20 years of experience in the IT industry. During this time he has focused on enterprise architecture and applied his extensive experience in professional services and R&D to cloud computing, VDI infrastructure, SOA architecture planning and implementation, functional/solution architecture, enterprise data services and technical project management. TJ holds a Bachelor of Engineering (BE) degree in Electronics and Communications from Delhi University, India and has attained industry and professional certifications in enterprise architecture and technology platforms. He has also been a speaker and a panelist at industry conferences such as VMworld, VMware’s PEX (Partner Exchange) and BEAworld. He is an avid blogger who likes to write on real-life application of technology that drives successful business outcomes.

End User Computing 101: Network and Security

By TJ Vatsa, Principal Architect, VMware Professional Services

TJ Vatsa

In my first post on the topic of End User Computing (EUC), I provided a few digestible tidbits around infrastructure, desktop and server power, and storage. In this post, we’ll go a bit further into the infrastructure components that affect user experience and how users interact with the VDI infrastructure. We’ll cover network and security, devices, converged appliances, and desktop as a service.

Let’s look a bit more closely at network and security first.

Network and Security

To ensure acceptable VDI user experience, monitor the bandwidth and latency or jitter of the network. This means performing the appropriate network assessment by deploying monitoring tools to first establish a baseline. Once that’s completed, you’ll need to monitor the network resources against those baselines. As with any network, high latency can negatively affect performance, though some components are more sensitive to high latency than others.

When deploying Horizon View desktops using the PC-over-IP (PCoIP) remote display protocol in a WAN environment, consider the Quality of Service (QOS) aspect. Ensure that the round-trip network latency is less than 250 ms. And know that PCoIP is a real-time protocol, so it operates just like VoIP, IPTV, and other UDP-based streaming protocols.

To make sure that PCoIP is properly delivered, it needs to be tagged in QoS so that it can compete fairly across the network with other real-time protocols. To achieve this objective, PCoIP must be prioritized above other non-critical and latency tolerant protocols (for example, file transfers and print jobs). Failure to tag PCoIP properly in a congested network environment leads to PCoIP packet loss and a poor user experience, as PCoIP adapts down in response. For instance, tag and classify PCoIP as interactive real-time traffic. (Classify PCoIP just below VoIP, but above all other TCP-based traffic.)

For optimizing network bandwidth, ensure that you’ve got a full-duplex end-to-end network link. Consider segmenting PCoIP traffic via IP Quality of Service (QoS) Differentiated Services Code Point (DSCP) or a layer 2 Class of Service (CoS) or virtual LAN (VLAN). While using VPN, ensure that UDP traffic is supported.

Enterprise security for corporate virtual desktops is of paramount importance for the successful rollout of VDI infrastructure. It is highly recommended that an enterprise scale, policy-based management security solution be used to define and enforce security policies within the enterprise.

Based on typical customer requirements, secure access to the VDI infrastructure is provisioned via the following user access modes:

  1. LAN Users: VDI users accessing virtual desktop infrastructure via the corporate LAN network.
  2. VPN Users: VDI users accessing corporate virtual desktop infrastructure via the VPN tunnel.
  3. Public Network Users: VDI users accessing virtual desktop infrastructure via the public network.

Use Case: VDI User Secure Access Modes

Enforcing authentication and authorization policies is a domain by itself, and is influenced by industry verticals. For instance, many hospitals prefer “tap-‘n’-go” solutions to authenticate and authorize their clinical staff to access devices and Electronic Medical Record (EMR) applications. The regulatory compliance perspective should not be ignored either when it comes to industry verticals, such as HIPAA for healthcare industry and PCI for the financial industry.

Note: The scenario depicted below is that of a typical public network user.

Infrastructure scenario

Horizon View infrastructure can be easily optimized to support any combination of secure VDI user access modes.

Devices

Based on security policies and regulatory compliance standards that are prevalent within the enterprise, I highly recommended doing a thorough end user devices/endpoints assessment. You’ll want to categorize your users based on desktop communities that support one or more types of endpoints. VMware’s Horizon View client supports a variety of endpoints, whether they’re desktops, laptops, thin clients, zero clients, mobile devices, or tablets that support iOS, Android, Mac OS X, Linux, Windows, HTML Access—just to name a few.

Converged Appliances

The converged appliances industry is rapidly and effectively maturing as more and more customers prefer converged appliances because they enable faster infrastructure deployment times. From an EUC infrastructure perspective, it’s important to evaluate available converged appliance solutions available for your business scenarios.

Vendors are and will be providing customized and optimized solutions for EUC, business continuity and disaster recovery (BCDR) as x-in-a-box, wherein the required infrastructure components, hardware and software have been validated and optimized to cater to specific business scenarios.

Desktop as a Service (DaaS)

Some customers worry about EUC datacenter planning, infrastructure procurement, and deployment.

DaaS scenario

Look to hosted desktop services, such as Horizon DaaS, to address business requirements and use cases that revolve around development, testing, seasonal bursts, and even BCDR. DaaS can even provide a more economical alternative to traditional datacenter deployment. For instance, DaaS reduces your up-front costs and lowers your desktop TCO with predictable cloud economics that enable you to move from CapEx to OpEx in a predictable way.

Plus, users can access Windows desktops and applications from the cloud on any device, including tablets, smartphones, laptops, PCs, thin clients, and zero clients. DaaS solutions like Horizon DaaS desktops can also be tailored to meet the simplest or most demanding workloads, from call center software to CAD and 3D graphics packages.

In these first two posts, we’ve gotten a good handle on infrastructure, devices, and security. In my next post, I’ll cover mobility and BYOD along with applications and image management, and weave it all together with EUC project methodology.


TJ has worked at VMware for the past four years, with over 20 years of experience in the IT industry. At VMware TJ has focused on enterprise architecture and applied his extensive experience to Cloud Computing, Virtual Desktop Infrastructure, SOA planning and implementation, functional/solution architecture, enterprise data services and technical project management.

TJ holds a Bachelor of Engineering degree in Electronics and Communications from Delhi University and has attained multiple industry and professional certifications in enterprise architecture and technology platforms. TJ is a speaker and a panelist at industry conferences such as VMworld, VMware’s PEX (Partner Exchange) and BEAworld. His passion is the real-life application of technology to drive successful user experiences and business outcomes.

End User Computing 101 and Tips for Successful Deployments

By TJ Vatsa, Principal Architect, VMware Professional Services

TJ VatsaThe topic of End User Computing (EUC) is heating up. This is not only because our industry considers this to be a dynamic domain for tremendous innovation today, but also because the industry views great potential for the future and is heavily investing in the space.

In this three-part blog series, I’ll assimilate the vast EUC landscape into digestible tidbits that focus on the infrastructure, mobility and BYOD, applications and image management, and discuss a typical EUC project scenarios and methodology.

My goal is to provide insight into the things you should consider for your own EUC deployment.

EUC Landscape

First Things First: Infrastructure

As soon as someone mentions EUC, the first thing that comes to mind is Virtual Desktop Infrastructure (VDI). The very fact that VDI is deployed in the datacenter, away from individual desktops, means that you must plan the underlying infrastructure in a systematic and thorough way.

At a minimum, this means allocating key infrastructure resources: compute, storage, network, and security.
It is also imperative that some sort of infrastructure resource assessment tools be deployed to establish a baseline for each of these infrastructure components.

Desktop and Server Power

Assuming that a baseline has been established for the compute resources in terms of CPU, clock speed, and memory requirements per desktop, it is important to choose a server configuration with the right processor, clock speed, and physical memory. In turn, this drives the correct consolidation ratio of virtual desktops per core and, ultimately, for the entire server.

Give careful attention to different use cases where specific workloads require different combinations of CPU, clock speed, and memory. You must ensure that you also plan for growth and seasonal/occasional bursts seen in those workloads historically.

For a typical Horizon View deployment, there are two categories of VMs (virtual machines) recommended for deployment inside the data center: one for management purposes and another for desktop purposes. Management VMs are mainly servers (connection brokers, databases, etc.) whereas the desktop VMs are the actual virtual desktops.

For a production deployment, VMware recommends creating two separate cluster types–Management Cluster(s) and Desktop Cluster(s)–to avoid any race conditions that might arise as a result of, say, competing workloads or operational maintenance.

Storage: Key to VDI Success

Having worked with many customers across many different industry verticals (healthcare, financial, entertainment services, and manufacturing) I’ve noticed that there’s one critical success factor in common: storage.

For more information about VDI storage and detailed insight into what is important for a successful VDI deployment, read these two blog posts:

Part I: Storage Boon or Bane – VMware View Storage Design Strategy & Methodology
Part II: Storage Boon or Bane – VMware View Storage Design Strategy & Methodology

In my next post, I’ll cover the remaining considerations around a successful VDI deployment, including network and security, converged appliances, and desktop as a service. Stay tuned!


TJ has worked at VMware for the past four years, with over 20 years of experience in the IT industry. At VMware TJ has focused on enterprise architecture and applied his extensive experience to Cloud Computing, Virtual Desktop Infrastructure, SOA planning and implementation, functional/solution architecture, enterprise data services and technical project management.

TJ holds a Bachelor of Engineering degree in Electronics and Communications from Delhi University and has attained multiple industry and professional certifications in enterprise architecture and technology platforms. TJ is a speaker and a panelist at industry conferences such as VMworld, VMware’s PEX (Partner Exchange) and BEAworld. His passion is the real-life application of technology to drive successful user experiences and business outcomes.

Practical Tools from VMware Consultants: Mobility Policy, Horizon + Lync Architecture, and vCOps Dashboard

Our goal on the VMware Consulting blog is to share best practices that have delivered results for our customers, in hopes that they will help others be successful with VMware offerings.  Once in a while we like to highlight past posts that our readers have found particularly valuable. Last month, we published three such pieces — with great, practical advice to help you in your daily work. Just in case you missed them, we hope you find them useful. And if you’re already putting them to use, be sure to leave comments for our consulting authors. Feedback helps us bring you more of what you want to read!

How to Set Up a BYOD/Mobility Policy
By TJ Vatsa, Principal Architect, VMware Americas Professional Services Organization

Architecture Overview: Microsoft Lync with VMware Horizon View
By Ray Heffer, VCDX #122, VMware EUC Architect

Create a vCOps One-Click Cluster Capacity Dashboard, Part 2
By Sunny Dua, Senior Technology Consultant, VMware


How to Set Up a BYOD/Mobility Policy

By TJ Vatsa, Principal Architect, VMware Americas Professional Services Organization

TJ Vatsa

Smart phones have surpassed one billion worldwide for the first time in 2012 and that number will likely double by 2015, says Bloomberg. Smart phone sales are even surpassing desktop and laptop sales, according to IDC’s Worldwide Smart Connected Device Forecast Data.

Rolling out a bring-your-own-device (BYOD) policy and infrastructure to handle the influx of personal devices can be a harrowing journey if it’s not well planned. With users today demanding anytime access to business productivity apps, devices, and data on personal devices, not having a policy in place can be even more detrimental.

The first step to implementing a BYOD policy is to think about the devices themselves, how you’ll manage them, and the applications that are being used. VMware’s Horizon EUC (End User Computing) suite can act as the broker and management platform between devices and applications to ensure that the corporate network stays secure. (And users stay happy.)

The recent acquisition of AirWatch makes VMware the undisputed leader in the space of BYOD and mobility, providing the most mature EUC solution portfolio on the market today. This solution portfolio includes some of the key capabilities, such as:

  1. MDM: Mobile Device Management
  2. MAM: Mobile Application Management
  3. MCM: Mobile Content Management
  4. MEML Mobile Email Management
  5. SCL: Secure Content Locker
  6. And a plethora of additional features and functionalities

Now, having touched on the “why” above, let’s take a look at the “what” and “how” of the BYOD/mobility policy.

What: Devices, Applications, Management, Customizations

Below, I’ll lay out general steps to think about in your BYOD policy and tips to putting it in place. That said, every policy requires its own customizations: there’s no-one-size-fits-all approach. Healthcare has different requirements than a financial institution would, for example.

First Step: Devices and Access
With many solutions in the market, customers and integrators can overlook design. So the burning question an architect needs to ask is: “What kind of access for what types of devices?” For the purposes of this blog, we’ll look at the three most typical categories: LAN, VPN, and public network access (see chart below). You can use the sample matrix below to better assess the access you’d like to grant.

For instance, you’ll put devices on the X axis and network access on Y axis. Your LAN will need to be the most secure; therefore, only company-issued devices will have access. But BYOD devices can still gain network access through VPN or a public network, just no access to the LAN itself. These access and device controls need to be driven by your corporate security policies.

How: Design Dos and Don'ts (Devices & Access)

 

Second Step: Features and Capabilities
Once you’ve figured out access levels, next create a matrix to assess the desktop features and capabilities you’d like to grant. Public network settings will be the most stringent, but VPN and LAN will provide the security you need to enable most desktop features. You’ll want feature category on the X axis against network access on the Y axis, like so:

How: Design Dos & Don'ts (Features & Capabilities)

With your LAN, multimedia redirection is another consideration. If a user is accessing a desktop on the corporate network, audio and video capabilities might require provisioning on the end device. In certain cases, WAN bandwidth may cause an issue accessing corporate recordings. The same issue may happen with printing as well. Ensure that you comply with corporate IT policies while evaluating and enabling such features.

Third Step: Applications
Last, consider your applications entitlement. It’s easy to restrict applications through the catalog of applications provided in the Virtual Workspace Catalog, and the entitlements can be adjusted by department–so your finance department will get access to a different catalog of applications than HR would. Or you can restrict application entitlements based on security rules. For instance, Active Directory GPOs (Group Policy Objects) can be effectively used to enforce business/department specific security policies.
image4-Entitlements-Vatsa-4.18.14

As you can see, creating a BYOD policy doesn’t need to be daunting. If you think through the various steps, you’ll have a secure network access, happy end-users, and a policy that ensures a successful and a mature adoption of your enterprise BYOD/mobility strategy.

I hope you will find this information handy and useful during your BYOD/mobility architecture design and deployment strategy.


TJ Vatsa has worked at VMware for over four years, with over 19 years of expertise in the IT industry, mainly focusing on the enterprise architecture. He has extensive experience in professional services consulting, cloud computing, VDI/End-User Computing infrastructure, SOA architecture planning, implementation, functional/solution architecture, and technical project management related to enterprise application development, content management, and data warehousing technologies. Catch up with TJ on Twitter, Facebook, or LinkedIn.

Top Tips and Take-Aways from VMworld 2013

It’s hard to believe it’s been a month since 23,000 forward-thinking IT professionals converged in San Francisco for VMworld 2013. With VMworld Barcelona just around the corner, we asked a few of our consultants to reflect back on highlights from San Francisco and offer advice for how to get the most out of the event.

What nugget of information from VMworld did you take back to your work?

“Pay special attention to NSX and vSAN because VMware is changing the way IT delivers networking and storage services.” –Jung Hwang

“Automating SDDC is now more than an idea—it’s a reality. It has a huge impact on the Business Critical Applications space.” –David Gallant

“Almost anything can now be virtualized: monster VMs are now commonplace; systems that previously required an entire Unix platform to run can now be accommodated in a single Virtual Machine on VMware vSphere 5.x.” –Michael Webster Continue reading

Part II: Storage Boon or Bane – VMware View Storage Design Strategy & Methodology

By TJ Vatsa, VMWare EUC Consultant

INTRODUCTION Welcome to Part II of the VMware View Storage Design Strategy and Methodology blog. This blog is in continuation to Part I that can be found here. In the last blog, I had listed some of the most prevalent challenges that impede a predictable VMware View Storage design strategy.. In this blog, I will articulate some of the successful storage design approaches that are employed by VMware End User Computing (EUC) Consulting practice to overcome those challenges.

I’d like to reemphasize the fact that storage is very crucial to a successful VDI deployment. Should the VDI project be made prone to the challenges listed in Part I, Storage, for sure, will seem to be a “bane”. But, if the recommended design strategy listed below is followed, you would be surprised to find VDI Storage being a “boon” for a scalable and predictable VDI deployment.

With that in mind, let’s dive in. Some successful storage design approaches I’ve encountered are the following:

    • 1.     PERFORMANCE Versus CAPACITY Recommendation: “First performance and then capacity”
      Often times, capacity seems more attractive when compared to performance. But, is it really so? Let’s walk through an example.

 

    • a)     Let’s say vendor “A” is selling you a storage appliance, “Appliance A” that has a total capacity of 10TB, being delivered by 10 SATA drives of 1TB capacity each.

 

    • b)     On “Appliance A”, let’s say that each SATA drive delivers approximately 80 IOPS. So, for 10 drives, the total IOPS being delivered by the appliance is 800 IOPS (10 drives * 80 IOPS).

 

    • c)     Now let’s say that vendor “B” is selling you a storage appliance, “Appliance B” that also has a total capacity of 10TB, but it is being delivered by 20 SATA drives of 0.5TB capacity each. [Note: “Appliance B” may be expensive as there is more drives compared to “Appliance A”.]

 

  • d)     Now for “Appliance B”, assuming that the SATA drive specifications are the same as those of “Appliance A”, you should be expecting 1600 IOPS (20 drives * 80 IOPS)
    • It’s mathematically clear; “Appliance B” will be delivering twice as much IOPS than “Appliance A”. More storage IOPS invariably turns out to be a boon for a VDI deployment. Another important point to consider, is the fact that employing higher tier storage also ensures high IOPS availability. Case in point, replacing the SATA drives in the example above with SAS drives will certainly provide higher IOPS. SSD drives, while expensive, will provide even higher IOPS.

 

    • 2.     USER SEGMENTATIONRecommendation: Intelligent user segmentation that does not assume “one size fits all approach”.

As was explained in Part I, taking a generic user IOPS, say “X” and then multiplying that with the total number of VDI users in an organization say “Y”, may result in an Oversized or an Undersized Storage Array design. This approach may prove costly, either upfront or at a later date.

The recommended design approach is to intelligently categorize the user’s IOPS as “Small, Medium or High” based on the load a given category of users generate across the organization. As part of the common industry nomenclature for VDI users:

a)     Task Workers: associated with small IOPS.
b)     Knowledge Workers: associated with medium IOPS.
c)     Power Users: associated with high IOPS.

With these guidelines in mind, let me walk you through an example. Let’s say that Customer A’s Silicon Valley campus location has 1000 VDI users. Assuming that the user % split is:

a)     15% Task Workers with an average of 7 IOPS each
b)     70% Knowledge Workers with an average of 15 IOPS each
c)     15% Power Users with an average of 30 IOPS each

The resulting calculation of total estimated IOPS required will look similar to Table 1 below.

Key Takeaways:

      1. It is highly recommended to discuss/consult with the customer and to also make use of a desktop assessment tool to determine the user % distribution (split) as well as the average IOPS per user segmentation.
      2. Estimated capacity growth and the buffer percentage, is assumed to be 30%. This may vary for your customer based on the industry domain and other factors.
      3. This approach to IOPS calculation is more predictable based on user segmentation specific to a given customer’s desktop usage.
      4. You can apply this strategy to customers from Healthcare, Financial, Insurance Services, Manufacturing and other industry domains.
3.     OPERATIONSRecommendation: “Include Operational IOPS related to Storage Storms”.It is highly recommended to proactively account for IOPS related to the storage storms. Any lapse can result in a severely, painful VDI user experience during the storage storms – Patch Storm, Boot Storm and Anti-Virus (AV) storm.

Assuming that a desktop assessment tool is employed to do the analysis, it is recommended to analyze the user % split targeted during each of the storm operations listed above.

For instance, if the desktop operations team pushes OS/Application/AV patches in batches of 20% of the total user community, and the estimated IOPS is let’s say three times the steady state IOPS (explained in Part I), it will be prudent to include another attribute for operational IOPS to Table 1 listed above.

A similar, strategy should also be employed to account for the boot and the log-off storms.

I hope you will find this information handy and useful during your VDI architecture design and deployment strategy.

Until next time. Go VMware!

TJ Vatsa has worked at VMware for the past 3 years with over 19 years of expertise in the IT industry, mainly focusing on the enterprise architecture. He has extensive experience in professional services consulting, Cloud Computing, VDI infrastructure, SOA architecture planning, implementation, functional/solution architecture, and technical project management related to enterprise application development, content management and data warehousing technologies.