Embed Size (px)
Citation preview
VDI for Secure Offshore Development
David Crosbie
CTO Leostream
Agenda
Offshore Development ChallengesTraditional SolutionBasic Concepts of VDIConnection BrokerUser AuthenticationVM PoolingRemote Desktop Session ControlRoad AheadConclusion
Offshore Development Challenges
SecurityKeeping control of software and systems
CostManaging licensing costsReducing idle development time
ManagementUser trackingProvision of additional testing and QA resources on demand
Traditional SolutionTraditional solution is Application Publishing (Citrix) Mature Technology
Feature Rich100% of Fortune 1000 companies but 15% max market penetration by application and employees (source: the451group)
So why the strong interest in VDI?Constant End User Experience Application IsolationUser Controlled Reboot
VDI is not displacing Application Publishing –it is extending remote desktops to new user groups, and expanding the market.
(Citrix Desktop Connection Broker uses Presentation Server as a proxy for the hosted desktop and does not manage the VM state).
Network
User
Citrix Environment
ICA Sessions
Application #1
Application #2
Application #3
VDI without a Connection Broker
User connects to Windows OS running within a VM using RDP
BenefitsIsolation between VMsVMs can stay under local management
ProblemsNo access control beyond Windows LogonNo dynamic user to VM mapping• Pooling, Self-Service, “Stickiness”No user control of VM• Stop, Start, RebootNo RDP session status monitoringNo user logging
Connection Broker
A Connection Broker (CB) is a management layer device that setups and monitors RDP sessions.
Uses VirtualCenter to manage VMs
Uses AD to authenticate users
Feature Needed for Offshore Development1 to many mapping of users to VMsSingle sign-onXP, W2K, NT4, Linux desktop supportPhysical machine support for load testing
LeostreamVirtual
DesktopConnection
Broker
LAN
VM
VM
Host Server
VM
Farm of VMs
User
Access Control Rules
Email Directory SNMP
VirtualCenter
Firewall
User Authentication
Leostream Connect runs on the user’s desktop
User enters username and password, then presses Connect.
Remote desktop launches and user is auto-logged in.
If the user has multiple desktops assigned the they get to choose which one(s) are launched and logged-in
VM Pooling
VMs don’t need to be hard assigned to a user.
VMs can be auto-assigned to a Pool.
Users are assigned a VM from a particular Pool.
VM can be returned to the Pool on logout, or can be permanently assigned.
LeostreamVirtual
DesktopConnection
BrokerWANUser
Access Control Rules
VM Pooling Pool One
Pool Two
Remote Desktop Session Control
Remote desktop protocol settings based onPolicy, Device, Location, Protocol
Device• Thin (Neoware & Wyse), Fat (W2K, XP,
and Vista), and Web• Single and dual screen
Location• Set printer mapping etc based on device
location
Multi remote viewer protocol• RDP, ICA, VNC, RAdmin (for NT4, W2K)
Road Ahead
The clear goal is unified end user experience which in practice means:
Backend IndependenceLocation of VM is unimportant.State of VM is fluid (running, suspended, stopped, create from template,..)Virtual or Physical (not all machines can be virtualized).Desktop or Application (Citrix Server in a VM) orientated.
Client IndependenceThick or Thin clientsClient is an extension of CB and VM (requires integration via an API)• Client displays VM status (starting, creating, etc.)
Location IndependenceExperience is the same irrespective of the location of the user or the backend.
Conclusion
Test and Dev is an easy early application for VDI.
Surprisingly the key factor that is driving VDI is great end user experience – single sign-on, familiar desktop.
when the technology works the user has no idea what is going on,they just turn the key.
Isolation and reboot are key features for Development but are less essential for other VDI situations.
Leostream has a production proven solution today – available as a VM, download and go.
Presentation Download
Please remember to complete yoursession evaluation form
and return it to the room monitorsas you exit the session
The presentation for this session can be downloaded at http://www.vmware.com/vmtn/vmworld/sessions/
Enter the following to download (case-sensitive):
Username: cbv_repPassword: cbvfor9v9r
