Home > Blogs > VMware SMB Blog

Horizon FLEX: Powerful Policy Controls (Part 2 of 3)

This is a repost from the EUC Blog.

By Andy Morris, Sr. Product Line Marketing Manager, Horizon FLEX, End-User Computing, VMware

Hello again, Andy here.

Last time I showed you how to build a Horizon FLEX image for mass sharing. This time, I’m going to show you the simple steps needed to ensure that image is securely used.

You’ll be happy to note that there’s significantly less of my shiny red face in this video.

The video concentrates on server controlled dynamic policies. At the time of writing there’s over half a dozen of them, but a customer was quick to correct me when I shared the video, saying  ‘we enforce over 50 policies with FLEX ‘. He is right of course, there are lots of policy decisions you burn into the image at creation time.

The full list of FLEX polices is huge and varies depending upon the client hypervisor (in other words, your mileage may vary). Using a combination of fixed image and dynamic server policy an administrator can specify over 70 distinct control points.

Processor

  • Specify VM memory allocation
  • Specify number of processors assigned to VM
  • Specify number of cores per processor assigned to VM
  • Specify the type of virtualization engine used
    • Automatic, binary, VT-x, AMD-V, VT-x/EPT, AMD-V/RVI
  • Enable / disable acceleration for binary translation
  • Virtualize CPU performance counters
  • Specify process priorities
  • Disable memory page trimming

Storage

  • Map virtual disk to local volume
  • Add virtual hard disk
    • IDE, SCSI, SATA (independent, persistent, non-persistent)
    • New, existing, physical
  • Add virtual CD/DVD
    • ISO, physical (SATA, SCSI, IDE, legacy emulation)
  • Add floppy drive
    • Image, physical
  • Connect CD/DVD at power-on
  • Share local folders with VM
  • Map local folders as network drive
  • Share local folders as read only

Network 

  • Connect network at power-on
  • Create bridge directly to physical network
    • Initially set by admin, user can edit
  • Share host IP address
  • Create private network to host
  • Create custom virtual network
  • Attach to specific LAN segment
  • Custom throttle incoming network traffic
  • Emulate incoming pipe size
    • Modem (28.8Kbps, 56Kbps)
    • ISDN (64Kbps, 128Kbps)
    • Leased line (192Kbps, 1.544Mbps, 45Mbps)
    • Cable (4Mbps, 10Mbps, 100Mbps)
  • Enable VNC access

Hardware

  • Turn USB support on or off
    • Except for keyboard and mouse
  • Specify USB supported level
    • 1.0, 2.0, 3.0
  • Automatically connect new USB devices
  • Add specific USB controller
  • Share Bluetooth devices with VM
  • Connect soundcard on power-on
  • Specify host sound card to use
  • Connect printer at power on
  • Auto-map host printers to VM
  • Add specific printer
  • Hardware accelerate 3D graphics
  • Use host settings for monitor
    • Initially set by admin, user can edit
  • Specify number of monitors to use
    • To a maximum of 10
  • Specify screen resolution
  • Use Retina Mode (mac only)
  • Specify graphics card memory allocated to VM
  • Use enhanced virtual keyboard
  • Share battery info with VM
  • Synchronize guest time with host
  • Specify hardware compatibility level
  • Add parallel port
    • Physical, file
  • Add serial port
    • Physical, file, pipe
  • Add generic SCSI device

User Experience           

  • Go full screen on power on
    • Initially set by admin, user can edit
  • Close application after powering off VM
  • Enable drag & drop between host and VM
  • Enable shared clipboard (cut & paste)
  • Show borders in Unity mode
  • Show badges in Unity mode
  • Add custom colored borders in Unity mode
  • Enable direct access to applications
  • Auto-update embedded VMware Tools
    • Manual, auto, global

Recovery & Protection

  • Revert to snapshot on power-off
  • Auto-create snapshot on power-off
  • Auto-create snapshots
    • Daily, hourly, every 30 mins
  • Specify number of snapshot generations to keep
  • Force local encryption password reset
  • Specify VM expiration date
  • Display custom message for expired VM’s
  • Display custom message for soon expiring VM’s
  • Specify policy server contact frequency
  • Specify policy server contact grace period
  • Remote kill of local VM

Next time, I’ll show you how to easily combine AD, images and policy to give your users the desktop you want them to have.

Thanks and if you’d like to know more, or to download a free trial of Horizon FLEX, please click here.

Follow VMware SMB on FacebookTwitterSpiceworks and Google+ for more blog posts, conversation with your peers, and additional insights on IT issues facing small to midmarket businesses.

Making NSX for Horizon 6 More Approachable

This is a repost from the EUC Blog

By Tristan Todd, Architect, End-User Computing, VMware

I love riding bikes! For years I have served as my own bike mechanic. And for about the last 10 years I have hand-built my own bicycle wheels. I do this because I like to choose my parts, I like the quality of the finished product, and I like to save money!

Making_NSX_Horizon_6_Approachable

When I first started thinking about building my own bicycle wheels, I was terrified of the complexity, and I faced myriad questions. How do I find parts? What tools do I need? How long will it take? Will my wheels be safe? Yikes! This might be more than I can handle!

VMware_NSX_Horizon_6_Environment

My first experiences with NSX in a Horizon 6 environment were similarly overwhelming. Things seemed simple at first until I started considering deployment nuances, operational procedures, and design options.

For background on the importance of micro-segmentation for Horizon 6, see the recent VMware EUC blog post VMware NSX - Customer Imperatives for Desktop Transformation Security. Today’s article aims to break down the broad micro-segmentation topic as it applies to a Horizon 6 environment. By breaking down NSX into bite-sized chunks, I hope to make this topic a bit more approachable to the EUC technical professional.

VMware_NSX_Horizon_6_EUC

One obvious benefit that NSX provides to a Horizon 6 virtual desktop environment is the ability to provide micro-segmentation as part of desktop and application delivery services in an enterprise environment. As depicted at a high level in the preceding diagram, it is actually quite easy to introduce NSX into a Horizon 6 virtual desktop environment. I want to address a handful of important NSX components and then address their role in micro-segmentation.

VMware_NSX_Components

NSX is easy and fast to deploy in an existing Horizon 6 environment. A single OVA (open virtualization appliance) is deployed in minutes, and after it is connected to vCenter, you are ready to start delivering services. Service Composer lets you provision and assign firewall policies and security services to applications. The Firewall Services let you build rules to protect virtual machines and applications. NSX Load Balancers provide the capability of front-ending application servers via an integrated, intuitive management interface.

VMware_Horizon_6_View_virtual_desktop_environment

A simple View virtual desktop environment in Horizon 6 (configured for desktop pool services) is depicted in the preceding diagram. Zooming in, we can see four ways that NSX is adding more lateral controls and protection.

VMware_NSX_distributed_firewalls

  • Distributed firewalls to protect Horizon 6 services

Required network services for Horizon 6 are controlled through distributed firewall rules. The NSX Service Composer interface makes it very easy to create and group services that the different Horizon 6 components require.

Protip: See VMware Horizon 6 (View) Firewall and Network Ports Visualized from Ray Heffer at VMware. In this blog post, Ray clearly depicts all of the required network services needed throughout a Horizon 6 environment.

VMware_Horizon_6_firewall_View_desktop_pool

  • Distributed firewall for controlling View desktop pool access in Horizon 6

Virtual desktop access can be easily managed (allowed or blocked) at the desktop pool level by grouping desktops that belong to a single pool (for example, by desktop name or by NSX security tagging) with client connectivity addressed by identity-based firewall rules. If View user Dexter Smith belongs to the “IT Admin” security group in Active Directory, then he is permitted access to the “IT Admins Pool” desktop pool in Horizon.

VMware_View_desktop_pool

  • Distributed firewall for controlling individual desktop access

Because firewall rules are distributed and can be based on the identity of a logged-in Windows user, it is easy to deliver just-in-time firewall rules to a large pool of desktops based on a master image. For example, it might be a good security best practice to block all network traffic between individual desktops in a pool. This could protect the environment from attacks such as malware that is injected at the desktop browser and which attempts to move laterally through an environment. Blocking all network traffic between desktops could go a long way in protecting the enterprise.

VMware_NSX_load_balancing_servers

  • Load-balancing servers to optimize performance

An NSX edge load balancer can be rapidly deployed in front of a cluster of View Connection Servers in Horizon 6. With a basic round-robin load balancing policy, a basic protective mechanism is in place which prevents any single View Connection Server from being overloaded with sessions. Because everything is administered through the vCenter Web Client, it is very easy to deploy, administer, and monitor this load balancer service.

VMware_NSX_bike

Cycling back (sorry for the pun!) to my biking story, after reading some books, using some Web resources, and making a few mistakes along the way, I have now worked through the complexity of bicycle wheel building. What used to take me three days, I can now do in three hours. Sometimes a topic that seems complex on the surface is, in fact, not so complex after all.

In the next blog post I will address just how easy it is to deploy NSX for micro-segmentation in an existing Horizon 6 environment. In future posts I will address the topics of:

  • Distributed firewalling with identity
  • Distributed firewall rule creation
  • Monitoring NSX with vRealize Log Insight

Some other fantastic resources that I highly recommend are:

 

Follow VMware SMB on FacebookTwitterSpiceworks and Google+ for more blog posts, conversation with your peers, and additional insights on IT issues facing small to midmarket businesses.

Introducing Horizon FLEX (Part 1 of 3)

This is a repost from the EUC Blog.

By Andy Morris, Sr. Product Line Marketing Manager, Horizon FLEX, End-User Computing, VMware

Hi, I’m Andy from VMware.

Today I’d like to show you something exciting from VMware that may not have made it on to your radar – remotely managed policies for Mac and Windows users!

Back in December we launched a new product called Horizon FLEX. The concept behind FLEX is simple. Player Pro and Fusion are fantastic for you on your PC or Mac, but can be a bit troublesome for the person responsible for rolling out 500 copies of them to everyone in sales, or worse, to your senior exec team.

Horizon FLEX matches AD credentials against your library of managed virtual images, makes them available to valid users, and then enforces best practice use policies. It’s incredibly simple for your users to use, and gives you peace of mind that your containerized desktops are secure, licensed, and only being used by the right people.

Here’s a two minute video of me sweating under the studio lights that should give you a flavor for what Horizon FLEX can do for you.

Great -- that’s the marketing fluff out of the way -- but I know as seasoned Player Pro/Fusion Pro users, you’re more interested in how different this is from the process you already have in place. So here’s another two minute video that demonstrates the various steps.

One of things I don’t make clear in the video is ‘why are there two passwords?’ This is our cunning plan to give you extra flexibility. You see, the first password is used to encrypt the virtual machine image and needs to be given to the user in order for them to access the image. The second password is an IT-only security switch. Using this, you can remote into your users’ computer and change the VM settings that are normally out of their reach. It gives you the ability to fine tune the performance of a VM without having to open all the dangerous controls to users who probably won’t know the right way to use them.

Next time I’ll show you how to define that policy I mentioned.

Thanks for reading and if you’d like to know more, or to download a free trial of Horizon FLEX, please click here.

 

Follow VMware SMB on FacebookTwitterSpiceworks and Google+ for more blog posts, conversation with your peers, and additional insights on IT issues facing small to midmarket businesses.

Application Delivery with Horizon 6: Newly Updated White Paper

This is a repost from the EUC Blog.

By Cindy Heyer, Technical Writer, Technical Marketing, End-User Computing at VMware

The newly updated Application Delivery with Horizon 6 white paper is now available. This new version is packed with easy-access tips about using the features and components of Horizon 6 to more effectively manage your applications and desktops.

VMware_Horizon_6_Components

This paper has something for everyone. It takes you through the myriad ways that Horizon 6 offers to provide your end users with easily accessible applications. No matter what kind of environment you started with—View virtual desktops, ThinAppapplication virtualization, Workspace Portal, legacy Citrix XenApp, even a non-VMware VDI environment, or a combination of the above—you can find pertinent use cases for application delivery that help you identify potential benefits and return on investment.

After all, where application delivery is concerned, you have a lot of variables to juggle. For one thing, you have many types of applications to manage. Each type of application comes with its specific requirements and limitations such as device drivers, licensing, and more. Endpoint devices also come in many varieties. Maybe your end users provide their own devices in a BYOD program, and maybe they use mobile devices in the field. Either way, you need to take into account the dependencies and limitations of these devices. You might have multiple types of end users, too: some stationary and others traveling, some working on premises and others working remotely. And, last but not least, you most likely have environmental considerations to factor in, such as legacy infrastructures and applications, multiple versions of the same application, and frequency of upgrades or license renewals.

In the end, you might conclude that what you need is a hybrid of app-delivery options instead of just one. If so, you are not alone. Most enterprises of any size need a combination of strategies to deliver diverse types of applications to diverse sets of endpoint devices. And Horizon 6 supports that diversity. VMware has long provided options for application delivery of virtualized applications through ThinApp, and, through Workspace Portal, delivery of SaaS- or cloud-based applications from individual software providers, and delivery of Citrix published applications from XenApp farms. Horizon 6 also recently added RDSH-based app remoting to this mix. In addition, Horizon 6 Advanced and Enterprise editions include Mirage, which provides support for app delivery of ThinApp packages and natively installed Windows applications through Mirage app layers.

Horizon 6 Advanced and Enterprise editions include Workspace, a unified workspace where your end users can log in once from any type of device, and launch any supported application type: ThinApp packages, XenApp published applications, SaaS-based or cloud-based applications, and hosted applications.

Application Delivery with Horizon 6.0 is in a new, more consumable interactive format—it is more visual and has many new links to videos and demos. Be sure to download the paper from your browser to take advantage of all of the document navigation possibilities. See the following videos for a few of the app-delivery opportunities with VMware products:

 

Follow VMware SMB on FacebookTwitterSpiceworks and Google+ for more blog posts, conversation with your peers, and additional insights on IT issues facing small to midmarket businesses.

VM Component Protection (VMCP)

This is a repost from the Storage Blog.

vSphere 6.0 introduces a powerful new feature as part of vSphere HA called VM Component Protection (VMCP). VMCP protects virtual machines from storage related events, specifically Permanent Device Loss (PDL) and All Paths Down (APD) incidents.

Permanent Device Loss (PDL)
A PDL event occurs when the storage array issues a SCSI sense code indicating that the device is unavailable. A good example of this is a failed LUN, or an administrator inadvertently removing a WWN from the zone configuration. In the PDL state, the storage array can communicate with the vSphere host and will issue SCSI sense codes to indicate the status of the device. When a PDL state is detected, the host will stop sending I/O requests to the array as it considers the device permanently unavailable, so there is no reason to continuing issuing I/O to the device.

All Paths Down (APD)
If the vSphere host cannot access the storage device, and there is no PDL SCSI code returned from the storage array, then the device is considered to be in an APD state. This is different than a PDL because the host doesn’t have enough information to determine if the device loss is temporary or permanent. The device may return, or it may not. During an APD condition, the host continues to retry I/O commands to the storage device until the period known as the APD Timeout is reached. Once the APD Timeout is reached, the host begins to fast-fail any non-virtual machine I/O to the storage device. This is any I/O initiated by the host such as mounting NFS volumes, but not I/O generated within the virtual machines. The I/O generated within the virtual machine will be indefinitely retried. By default, the APD Timeout value is 140 seconds and can be changed per host using theMisc.APDTimeout advanced setting.

VM Component Protection (VMCP)
vSphere HA can now detect PDL and APD conditions and respond according to the behavior that you configure. The first step is to enable VMCP in your HA configuration. This settings simply informs the vSphere HA agent that you wish to protect your virtual machines from PDL and APD events. In the spirit of keeping things dead simple, it’s as easy as a clicking a checkbox. To see for yourself, head on over to the Feature Walkthrough site and see just how simple this really is.

Cluster Settings -> vSphere HA -> Host Hardware Monitoring – VM Component Protection -> Protect Against Storage Connectivity Loss.

Configure VMCP

The next step is configuring the way you want vSphere HA to respond to PDL and ADP events.  Each type of event can be configured independently.  These settings are found on the same window that VMCP is enabled by expanding the Failure conditions and VM response section.

Configure VMCP

Response for Datastore with Permanent Device Loss (PDL)
There are three actions that can be taken in response to a PDL event. These choices are pretty simple since a PDL event is black and white.

Disabled – No action will be taken to the affected VMs.
Issue events – No action will be taken against the affected VMs, however the administrator will be notified when a PDL event has occurred.
Power off and restart VMs – All affected VMs will be terminated on the host and vSphere HA will attempt to restart the VMs on hosts that still have connectivity to the storage device.

Response for Datastore with All Paths Down (APD)
There are few more options available for an APD response. This is because the device state is unknown and may only be temporarily unavailable.

Disabled – No Action will be taken to the affected VMs.
Issue events – No action will be taken against the affected VMs, however the administrator will be notified when an APD event has occurred.
Power off and restart VMs (conservative) – vSphere HA will not attempt to restart the affected VMs unless it has determined there is another host that can restart the VMs. The host experiencing the APD will communicate with the HA master to determine if there is sufficient capacity to power on the affected workloads. If the master determines there is sufficient capacity, the host experiencing the APD will terminate the VMs so they can be restarted on a healthy host. If the host experiencing the APD cannot communicate with the vSphere HA master, no action will be taken.
Power off and restart VMs (aggressive) – vSphere HA will terminate the affected VMs even if it cannot determine that another host can restart the VMs. The host experiencing the APD will attempt communicate with the HA master to determine if there is sufficient capacity to power on the affected workloads. If the HA master is not reachable, it will be unknown if there is sufficient capacity available to restart the VMs. In this scenario, the host takes the risk and terminates the VMs so they can be restarted on the remaining healthy hosts. However, if there is not sufficient capacity available, vSphere HA may not be able to recover all of the affected VMs. This is common in a network partition scenario where a host cannot communicate with the HA master to get a definitive response to the likelihood of a successful recovery.

Delay for VM failover for APD
Once the APD Timeout has been reached (default: 140 seconds) VMCP will wait an additional period of time before taking action against the affected VMs. By default, the waiting period is 3 minutes. In other words, VMCP will wait 5m:20s before taking action against VMs. The sum of the APD Timeout and the Delay for VM Failover is also known as the VMCP Timeout.

Response for APD recovery after APD timeout
This setting will instruct vSphere HA to take a certain action if an APD event is cleared after the APD timeout was reached but before the Delay for VM failover has been reached.

Disabled – No action will be taken against the affected VMs.
Reset VMs – The VMs will be reset on the same host. (Hard reset)

This option is available because some applications or guest operating systems may be in an unstable condition after losing connection with storage services for an extended period of time. This setting will instruct vSphere HA how to handle this situation.

VMCP Recovery Workflow

VMCP Recovery Workflow

Figure 1. VMCP Recovery Workflow

VMCP Recovery Timeline

VMCP Recovery Timeline

Figure 2. VMCP Recovery Timeline

T=0s: A storage failure is detected. VMCP will start the recovery workflow.
T=0s: For a PDL event, the recovery process immediately starts. VMs will be restarted on healthy hosts in the cluster.
T=0s: For an APD condition, the APD Timeout timer starts.
T=140s: The host declares an APD Timeout and will begin to fast fail non-virtual machine I/O to the unresponsive storage device. By default, this is 140 seconds.
T=320s: The VMCP Timeout.  This is 3 minutes after the APD Timeout has been reached. vSphere HA will start the APD recovery response.
T=140s-T=320s: The period after an APD Timeout, but before the VMCP Timeout. VMs may become unstable after losing access to storage for an extended period of time. If an APD is cleared in this time period, the option to reset the VMs is available.

Summary
VMCP is a long-awaited feature that provides protection against datastore accessibility failures that affect the virtual machines running on a host in a vSphere HA cluster. Hopefully this article will help explain the various configuration options available that are appropriate for your specific environment.

Follow VMware SMB on FacebookTwitterSpiceworks and Google+ for more blog posts, conversation with your peers, and additional insights on IT issues facing small to midmarket businesses.

If You Like vCloud Director, You Will Love vCloud Air

This is a repost from the vCloud Blog.

A couple of years ago, VMware made the decision to focus our vCloud Director development efforts on public cloud use cases and prioritize vRealize Automation (previously vCloud Automation Center) for private cloud use cases. As a result of this shift, we are using and leveraging vCloud Director to provide the compute service in vCloud Air, and our service provider partners in the vCloud Air Network are using the product to stand up compatible VMware-based public clouds. A side effect of this strategy is that vCloud Director is no longer available (since version 5.6) to our traditional customers buying perpetual licenses.

Ironically, not only is vCloud Director alive and prospering, but we are hearing many enterprise customers want to continue to use it to cover specific use cases around test/dev and lab management.

While we invite customers to continue to provide and voice their feedback to us to better understand their actual needs, vCloud Air provides lots of value to customers looking to support these use cases.

The idea is that if you like how vCloud Director works, what it delivers, and how it provides logically isolated pools of resources, you can keep the same experience by subscribing to vCloud Air. By leveraging “vCD-as-a-Service” with vCloud Air, you can avoid having the "low level plumbing" in your on-premises private cloud, while keeping the focus on your own workloads. In other words, it is possible (and sometimes convenient) to move a lab environment to vCloud Air and gain the benefits of an Opex cost model versus a Capex model.

Provided this solution isn't a direct replacement for customers that have vCD on-premises and would like to keep it, we believe that the nature of the use cases fits perfectly within the characteristics of a public cloud delivery model.

At a very high level, this diagram shows how cloud resources are consumed in vCloud Air, while the role of admins managing the cloud and consumers using the resources remain the same:

vCloud Director comparison

Here are some reasons why this may be appealing:

  • The user experience in vCloud Air, from an end-user’s perspective (think Org Admin role), is going to be largely similar if not identical compared to what they had on-premises. The user will have access to the vCloud Director portal.
  • We have recently introduced features in vCloud Director that are only exposed via APIs. This may be a problem for customers that would like to use those features but don't want to build a UI. The vCloud Air UI covers some of this out-of-the-box without any additional customer investment.
  • There is (almost) complete compatibility of APIs. If your internal users (think Org Admin role) wrote a tool to automate the resources in their Orgs, it will likely work completely un-modified against vCloud Air. There are some small caveats that apply, primarily because vCloud Air is actually ahead of delivery of new features into vCloud Director.
  • The migration of templates and vApps from on-premises to vCloud Air is highly simplified since we are using the very same stack and format in both endpoints.
  • Enterprise customers can get out of the business of curating the lifecycle of an on-premises setup. While this isn't a problem unique to VMware, managing a private cloud is known to be a fairly time consuming task. By consuming vCloud Director online, the customer will no longer need to waste time on infrastructure upgrades and similar projects.
  • As a result of the above, people can focus on more meaningful tasks than (e.g.) checking compatibility matrixes to find out which version of product A works with which version of product B. We have teams of engineers working on this to deliver vCloud Air services (with uptime SLAs).
  • Similarly, this model is very much inline with the new role of IT being a broker of resources. The team currently in charge with managing the environment (think Cloud Admin role) can focus on what matters the most and how to best serve their "internal users" providing added value services instead of spending time fixing the infrastructure.
  • Security remains a top concern with public cloud computing. Placing your test/dev and lab environments in vCloud Air is a great way to begin your hybrid cloud journey without exposing your department to too much risk. As your comfort and exposure to public clouds increases, you will be able to make decisions about production workloads next.
  • We have proven this hosted model for lab environments to work very well in the past 7-8 years. Hands-On Labs anyone? Customers can also instantiate nested environments in vCloud Air.
  • In a vCloud Director-as-a-Service scenario, a customer has the option of choosing between a subscription model or a PAYGO (aka OnDemand) model depending on the commercial approach that best fits their consumption patterns. This provides a great deal of flexibility (particularly compared to a standard very rigid CAPEX model). This concept is particularly intriguing for test/dev and lab management scenarios where the consumption pattern may vary substantially over the course of the day, week, month, quarter and/or year.

What we have covered so far are the "pros" for making the move. There are clearly some caveats that need to be taken into account. Some of them are listed here:

  • Customers that have created vCloud Director extensions won't be able to bring them to vCloud Air.
  • If your company considers your data/workloads unsuitable for public clouds, a true on-premises private cloud is the only solution.
  • Some typical cloud admin knobs are intentionally unavailable in vCloud Air. For example, customers won't be able to configure the service to use Linked Clones.

There may be obviously other reasons but, for the large part, we think that a lot of vCloud Director customers could find this solution appealing and fitting.

Last but not least, to make it even more appealing, most of what we have discussed above applies to our hundreds of vCloud Air Network partners too.

I think this is exciting. What do you think?

Follow VMware SMB on FacebookTwitterSpiceworks and Google+ for more blog posts, conversation with your peers, and additional insights on IT issues facing small to midmarket businesses.

Supporting Temporary Use Cases with Desktops-as-a-Service (DaaS)

This is a repost from the EUC Blog.

By Josue Fontanez, Sr. Product Line Marketing Manager, Horizon Air

The coming of summer makes me think of that big truism “the only constant is change,” and its counterpart, “it’s how you handle change that matters.” When it comes to IT infrastructure, the ability to effectively manage unforeseen business shifts, seasonal peaks and valleys, and ad-hoc temporary use cases is critical.

How rapidly can you adjust? And how much will it cost you, both in financial and human resources?

Businesses of all types struggle with this. One of the more obvious examples is in retail, where influxes of seasonal workers need to be armed with secure a corporate desktop to handle holiday gift-buying crunches.

Education is another vertical that has regular capacity spikes. In their case it’s during mid-terms and finals, when they need a slew of additional desktops for online testing applications. To make sure they can handle these ebbs and flows, IT organizations often purchase, build out and maintain extra infrastructure, which sits unused much of the year.

And it’s not just in verticals. For instance, every business with dev/test capabilities needs to spin up servers and desktops when evaluating technologies and simulating how apps will run in various environments, and then just as easily spin them down. And, as anyone in IT who has been part of an M&A knows, it’s not uncommon to have to quickly turn around temporary workspaces for hundreds or thousands of new employees, while the acquired company’s infrastructure is evaluated for security and compliance before being integrated with the acquirer’s environment.

One of the best ways to handle temporary use cases like these is with virtual desktops, which enable great flexibility and security and, when part of a virtual desktop infrastructure (VDI), the benefits of centralized management. However, on-premises VDI has drawbacks when the desktops aren’t used continually or needed for the full calendar year. The large up-front capital investment required for VDI doesn’t pay off for short-duration uses. Neither does the time, training and staff required to set up and maintain VDI environments.

Instead, many VMware customers have found DaaS, or cloud-hosted desktops-as-a-service, to be ideal for temporary use cases. DaaS moves virtual desktops and apps into the cloud, where an experienced service provider handles the servers, software and support. DaaS gives you all the benefits of VDI on a temporary basis, without any of its large infrastructure cost and time requirements. You just subscribe to cloud-hosted virtual desktops and apps on a monthly basis and, when they’re no longer needed, stop paying for them.

For instance, one of our customers, a global oil and gas conglomerate, divested several of its businesses and, overnight, had to take the divested units’ workforce off the corporate network for security reasons. However, it still had to provide the computing resources workers needed to be productive. The IT group quickly designed a new workspace environment, using VMware Horizon Air, and quickly made it available to more than a thousand workers. These people were able to use the fully functional, cloud-hosted Windows desktops right away and throughout the transition.

Change is inevitable. But, from an IT perspective at least, it doesn’t have to be expensive, cumbersome or painful.

Check out some additional ways Horizon Air makes it easy to support your next use case by taking a look at the Top 5 Use Cases for Desktop-as-a-Service here.

Follow VMware SMB on FacebookTwitterSpiceworks and Google+ for more blog posts, conversation with your peers, and additional insights on IT issues facing small to midmarket businesses.

Changing Desktop Economics: Cost Leadership with Horizon 6

This is a repost from the EUC Blog.

VDI has long shown a lower TCO than physical desktops, but until mid-2014 the savings were in operational costs; per user capitalcosts were actually higher, representing a barrier to adoption for many organizations. With the launch of Horizon 6, the scenario changed and VDI is now the lowest capital-cost option, as well.

This was a significant landmark for end-user computing, but not the end of the story. VMware sees cost reduction as a journey—and there are more steps to come.

The Starting Point – Spend Now To Save Later

From the first VDI deployment in 2001, the value proposition was clear: multiple users share common data center infrastructure and access their desktops remotely.  The centralized and shared infrastructure delivers efficiencies, and hence savings, in operations.

Advances in virtualization technology and the commoditization of hardware drove steady reductions in the per user cost of servers and networking, but the cost of storage remained high and was the single biggest factor in keeping per user capital costs higher than for a physical desktop. By 2012, the cost equation was simple: spend upfront to save over a lifetime of use and deployment. Industry analyst estimates typically showed annual reductions of around 10 percent, but that initial capital expense was 10 percent higher.

Storage Appliances – Steps To Cost Parity

Most early VDI deployments used storage area networks (SANs) to support desktop images and user data. The performance was good, but the cost was still too high for many.

The VDI ecosystem stepped up to the challenge and delivered new storage products optimized for virtual desktop deployments. Companies like Atlantis, Tintri, Nutanix, Nexcenter, and EMC all released smart appliances that significantly drove down per-user costs. The savings were significant, but still not enough. By the end of 2013, analyst estimates showed the capital costs of VDI were almost equal to those of physical desktops.

Capital-Cost Leadership

2014 saw the release of VMware Horizon 6 and, for the first time, the per user capital costs of VDI fell below those of physical desktops. The primary cost-saving category was again storage, where our Virtual SAN technology delivered major capital cost savings.

Virtual SAN uses direct attached storage in servers to build a virtual storage area network—in effect, it delivers on the long-term promise of low-cost, gridded storage. A combination of solid state and disks maintains I/O performance while delivering big savings: we saw average per user reductions of more than 25 percent in capital costs and 10 percent in operational costs. VDI now held cost leadership in both OpEx and CapEx.

Horizon 6 Moves On – App Volumes and EVO

VMware App Volumes uses smart isolation technology to deliver “stacks” of applications in close to real time to any desktop. It also delivers a significant reduction in per user storage requirements. App Volumes was added to our Horizon desktop and applications portfolio in late 2014, and customer business cases show reductions of at least 30 percent in required storage space (often more). Whereas Virtual SAN reduced the unit cost of VDI storage, App Volumes has reduced the number of storage units required.

EVO is VMware’s hyper-converged infrastructure initiative—combining storage, server and networking infrastructure into an appliance that is quick to deploy and simple to manage. The first product, EVO: RAIL, is designed to minimize operational and deployment overhead. EVO: RACK will be optimized for higher scale deployments and will combine these operational cost savings with further reductions in capital costs.

Next Generation Operational Costs From DaaS

Horizon 6 is our on-premises product, but other areas of our desktop portfolio are bringing savings to customers, too. Horizon Air, our desktop-as-a-service offering, splits desktop-image operational tasks between the categories of core image and application customizations, with only the latter overhead borne by the customer (all core image management is done by the service provider). Average operational and administrative costs per user are cut by nearly a half.

The Cost Leadership Journey Continues

In isolation, the cost saving advances we have made with our on-premises and off-premises products are already significant. In combination, they change the VDI cost and value equation completely—and it is not just VDI: The same Horizon 6 and Horizon Air platforms support other delivery models, too (published applications and desktops), where all these savings apply in much the same way.

But we are not done yet! We are already working on initiatives to drive down capital and operational costs for on-and off-premises deployments still further.

Our Hybrid Goal

By combining the capital-cost reductions of Horizon 6 with the operational-cost savings of Horizon Air, we have set a new per-user cost goal—one that we know resonates with the aspirations of our customers: $30 per user per month—for all infrastructure (server, storage, network, access device), software, and operations (help desk, desktop and image management, infrastructure management).

How far away are we now? Not far: we estimate that Horizon 6 Enterprise Edition, which includes App Volumes, has taken average per user costs down to $36 per month. By comparison, a physical desktop today averages about $62 per user per month. We know further reduction in capital and operational costs can be achieved and we will continue to drive these through both Horizon 6 and Horizon Air.

What To Do Next?

If you are considering your next round of investments in end-user computing and had dismissed VDI as an option because of cost—look again! We know that “mileage can vary” and that your costs might not be average costs, but the advances described here are real. And if you are a partner, currently delivering a more expensive solution, it is time to get up to date.

Follow VMware SMB on FacebookTwitterSpiceworks and Google+ for more blog posts, conversation with your peers, and additional insights on IT issues facing small to midmarket businesses.

The Latest VMware Comic Book: Hero On Demand

Did you enjoy the very first VMware comic book? If so, then you’re in for a treat! The VMware comic book series is back in action with Issue #2!

In the latest issue, you’ll venture on with IT manager, Gene, as he finds his path to vCloud Air OnDemand. Gene’s company is launching a new application in two days, and he needs to find a cloud service to develop and replicate test environments quickly. Could VMware vCloud Air Virtual Private Cloud OnDemand be the perfect solution?

To find out what happens, read and download our newest comic book, “Hero On Demand” to see how Gene fares and whether vCloud Air OnDemand can help the company launch its new app on time.

VMware vCloud Air OnDemand is a self-service public cloud offering that provides increased performance, pay-as-you-go pricing, and enhanced flexibility. With vCloud Air, you can satisfy the need for an agile, dynamic environment to develop and test applications, while maintaining visibility, control, and compliance of IT resources and company data. Read the comic book to learn more. 

comic

Follow VMware SMB on FacebookTwitterSpiceworks and Google+ for more blog posts, conversation with your peers, and additional insights on IT issues facing small to midmarket businesses.

Why Cloud-Based Disaster Recovery is the Best Path to Disaster Security

This is a repost from the vCloud Blog.

Every company knows the importance of having a disaster recovery plan in place to protect business critical applications and data. But if that is the case, then why is it that nearly 60 percent of all businesses haven’t established a plan for disaster recovery?

These businesses don’t want to wager on the chances of a disaster, but the high cost and complexity of traditional disaster recovery solutions can be problematic. Those costs hamper the will to prepare for a disaster — even at the insistence of IT.

Fortunately, there is an answer: VMware vCloud® Air™ Disaster Recovery, a cloud-based disaster recovery solution that offers clear advantages over traditional solutions. vCloud Air Disaster Recovery provides businesses with the same level of protection as traditional disaster recovery, while also providing them with the low cost, ease of use and compatibility they need.

Cloud-based disaster recovery is a superior option for three main reasons: it wards off the unnecessary expenses of building a second site; it can replace or enhance a traditional onsite disaster recovery solution; and it can expand disaster recovery to remote offices or departments with no additional infrastructure, training or staff.

Best of all, vCloud Air Disaster Recovery has agile capabilities that put any business’s IT team in the drivers seat. Perfectly compatible with VMware vSphere®, vCloud Air Disaster Recovery provides native cloud-based disaster recovery capabilities for vSphere environments, so you can leverage the same management tools your team already uses, with no additional training required. You can quickly scale up protection for onsite applications based on tier and demand.

Learn more about why more businesses are adopting cloud-based disaster recovery in this slideshow.

Follow VMware SMB on FacebookTwitterSpiceworks and Google+ for more blog posts, conversation with your peers, and additional insights on IT issues facing small to midmarket businesses.