View
88
Download
1
Category
Tags:
Preview:
DESCRIPTION
VMworld 2013 Andrew Hawthorn, VMware Bhavin Mathia, VMware Vishesh Nirwal, VMware Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
Citation preview
Horizon Workspace at Scale:
Deploying to 15,000 VMware Employees
Andrew Hawthorn, VMware
Bhavin Mathia, VMware
Vishesh Nirwal, VMware
EUC5004
#EUC5004
2
Agenda
Why Horizon Workspace?
What We Did (The Process)
Architecture of the Solution
Best Practices
Lessons Learned
Value of the Solution
Q&A
3
IT’s Objective for End User Computing Infrastructure
Deliver the right business apps and data to
user devices in a way that is efficient and
secure for IT and productive for the end user
4
The Requirements We Used to Have…
Change is hard and highly managed
Software implemented from the center out
Difficult to adjust to users needs
Control Through Ownership People you employ
Using a network you
own to connect to…
Using software you own on a
Windows desktop you own
An application you own,
running on a server you own
5
What the World Wants Now…
Control & Governance are Becoming More Challenging
Inability to track, control or secure information assets
Can not remove access you didn’t grant
Serious compliance concerns
Apps live in many
clouds and are easily
procured without IT
Always connected, via
3G, 4G and public or
personal wifi
Non-owned devices and
multiple non-Windows OSs
Employees, contractors
outsourcers, partners
citizens, students
6
How to Optimize Delivery of EUC Services
Manage
users, not
devices
Embrace
co-ownership
Architect for
change and
continual
improvement
Prioritize
end user
experience
Treat mobile
as a first-
class citizen
7
VMware Horizon is the Platform for Workforce Mobility
Broker: Manage & secure
centrally and broker services
to your workforce by policy
300
Transform: Transform
desktops, diverse
apps and data into
centralized services
Deliver: Empower your
workforce with flexible
access across devices,
locations and connectivity
8
What We Wanted to Accomplish
Improve the productivity of the employees as
well as provide secure collaboration with
contractors, clients, partners, etc.
Improve security of the entire system
Deliver the freedom employees want (BYOD) with
the security and control IT needs Horizon
Workspace will
help prepare IT
for the end of
the post-PC era
and embrace
the BYOD
movement. Reduce IT costs:
• Optimize application licenses
• Utilize existing infrastructure, resources and skills
• Reduce helpdesk calls: application access, password resets
9
The Challenges – How Big Was the Problem?
VMware
IT
15k Employees
59k Partners
2+ Devices Per Employee
50+ Internal/
Custom Apps
15k Logins
Per Day
4+ File
Repositories
80+ SaaS Apps
• Siloed access management
• Multiple file repositories
• Heterogeneous application portfolio
• Difficult audit & compliance
• Weak security
• Manual provisioning
• Lack of device support
• Increased license costs
• Huge support costs
Problems
10
Today: 18K Users, 88 Web Apps and 31 View Pools
11
How Did We Get Here?
First Month Second Month Third Month
Week 1-2
Start Small (12 people)
Week 5-6
Rollout to IT (500 people)
Validated Architecture
Week 7-8
Establish production processes
Week 3-4
Develop usage patterns
Initial processes
Months 36
Rollout By Department
12
How Many IT Admins Would You Expect Run This System?
13
Horizon Workspace: Staffing
Reasons
• Runs on industry standard platforms
• Works well with existing vSphere infrastructure
• Out of the box functionality
• Operational efficiencies achieved with
appropriate architecture and minimum scripting
Answer:
2 FTE
just
Equivalent to
14
Horizon Workspace Solution Components
• vSphere
• vCenter
• vCenter Operation Manager
• vCenter Site Recovery Manager
• View
• PostgreSQL
• Active Directory
• RSA Authentication Manager
• RSA Secure-ID
• HP BL460 G8
• EMC Isilon
• EMC VNX 7500
15
Horizon Workspace Architecture
Mobile Users
Web Client
Gateway
Service
Connector
Data
Internal Users/Clients
Configurator
https://horizonwork
space.vmware.co
m/web
Port: 443
Internal VIP
Port: 443
External VIP
gw1 to gw4 conn1 and conn6
8443
RSA
Kerberos
RSA
AD
LDAP
443
svc1 and svc2
Postgress Database postgres-db1 (Active) postgres-d2 (Standby)
5432
5432
Preview-vip
Port 80
Preview 1 to 3
443
443
Port
443
443
443
80, 443, 7071, 7072
data1 to data11
ldap-vip
Port 8443
16
Scale-Out Architecture
All supported with 3 ESX servers: 90 vCPUs, 250 GB vRAM, 2 TB
block storage, 3+ TB NFS storage in use
17
Data Best Practices
• New users get synced to Workspace via
nightly script
• Every data node has a Class of Service
(CoS) attached to it
• Every CoS has one active directory
group entitlement
• Script automatically add users to one of
these security group based on their Geo
Data Provisioning
Disk Quota Mgmt.
• By default all users gets 5 GB quota
User Group
5 GB
20 GB
• Weekly script for users at 80% capacity to
get a bump in quota
18
View Pools Best Practices
31 pools
External
Internal
Connector
US
19
Horizon Workspace: Application Catalog
20
Application Best Practices
• On-board app in pre-production environment
• Supported use cases (SP SSO, IDP SSO & application logout)
• Dual mode authentication
• User provisioning to apps
NEW APP
• Set-up app for production
• Set-up group
• Entitle users as per access policy
• Communication for new app in workspace
PRODUCTION
• Set-up app in workspace for QA & UAT environments
• Verified support use cases
QA / UAT
21
The Horizon Suite: Centralized Admin and Unified Workspace
Horizon Management
User Management
Policy Management
Apps Management (Web, Mobile)
Desktop Management
File/Data Management
Authentication
& User Sync
Entitled Data,
Apps & Desktops
VMware View
Files/Data
On-premise Apps
Public & Enterprise
Mobile Apps
SaaS Apps
Authentication
Unified
Workspace (Files, Apps,
Desktop, Mobile)
Any Device
(Desktop, Web,
Mobile, VMware
View, MVP)
22
VMware Horizon Workspace Serves Both IT and End Users
Get access to a secure
workspace that contains the
user’s files, apps, and Windows
desktops on any device
END USERS
Provision, populate,
manage and secure the
workspace remotely across
all users and devices
IT ADMINS
23
Lessons Learned
Design decisions are important up front
• Data – determine the number of data nodes you need
• Data – How many Class of Services (CoS)?
• What are your storage (Data BLOB needs) requirements?
• Data, Apps, View entitlements – how can you automate?
• Highly available environment – make every node redundant
Understand your usage patterns
• 95% of users are fine with 5gb storage
Solidify processes before rolling out to masses
Operational efficiencies can be done with
minimal scripting
Once deployed, minimum administration
• Admin needed for troubleshooting
• Admin needed to onboard an application
24
Results
Better User Productivity
Lower Help Desk Costs
Improved Security
Easier Compliance
85% reduction in time to access information.
BYOD / Mobile Access
No password resets
75% reduction in helpdesk tickets related to password resets
No extra overhead for Workspace
Strong passwords now applied to 88 applications uniformly
Enterprise-wide compliance strategy
Per-user auditing of application access
1 3 2 4
25
Results and Benefits
• Rolled out to 15,000 employees
• VMware employees are accessing over 72 applications, 6000 virtual desktops, and 4 TB of data through Horizon Workspace clients on iOS, Android, Windows and Mac OS devices
Results
Benefits
• End-users have one AD password and a single place to access, sync and share data
• Strong authentication if outside network
• Single administrative dashboard
• Single place to de-provision when employee leaves the company
405
50
January February March April May
Oracle EBS Service Tickets
Introduction of Horizon
“Nearly 90% drop in service tickets and that’s just one of
72 applications. Each of those tickets is an average of 30
minutes of helpdesk time. That’s an annual savings of
$63k—just for one application.”
Thirumalesh Reddy-IT Deployment Manager
26
What We Wanted to Accomplish
Improve the productivity of the employees as well
as provide secure collaboration with contractors,
clients, partners, etc.
Improve security of the entire system
Deliver the freedom employees want (BYOD) with
the security and control IT needs
Reduce IT costs:
• Optimize application licenses
• Utilize existing infrastructure, resources and skills
• Reduce helpdesk calls: application access, password resets
27
Questions?
Documentation and Technical Resources:
http://www.vmware.com/products/desktop_virtualization/horizon-
workspace/resources.html
Other VMware Activities Related to This Session:
HOL:
HOL-MBL-1304
Horizon Workspace - Explore and Deploy
Group Discussions:
EUC1005-GD
Workspace with Rasmus Jensen
THANK YOU
Horizon Workspace at Scale:
Deploying to 15,000 VMware Employees
Andrew Hawthorn, VMware
Bhavin Mathia, VMware
Vishesh Nirwal, VMware
EUC5004
#EUC5004
Recommended