Virtual Experience Infrastructure

© 2009 Cisco Systems, Inc. All rights reserved.

Virtual Experience InfrastructureRichard Dodsworth, Lai KwaiSeng

© 2009 Cisco Systems, Inc. All rights reserved. 2

Desktop Virtualization: XP EOL


Desktop Virtualization : Intellectual Property Protection


Gartner Press Release "The worldwide hosted virtual desktop (HVD) market will

accelerate through 2013 to reach 49 million units, up from more than 500,000 units in 2009, according to Gartner Inc.

Worldwide HVD revenue will grow from about $1.3 billion to $1.5 billion in 2009, which is less than 1 percent of the worldwide professional PC market, to $65.7 billion in 2013, which will be equal to more than 40 percent of the worldwide professional PC market."

- Gartner, Inc.http://www.gartner.com/it/page.jsp?id=920814

http://www.gartner.com/it/page.jsp?id=920814


User End point and

Application Demands

Lost Agility & Productivity

Data Security

Compliance

High TCO and Lifecycle Costs

Heavy Administration

Microsoft Windows 7 Migration Reduce migration costs Reduce application incompatibility Extend life of existing desktop software

Contractors and Employee-Owned IT Manage desktop image on

employee-owned assets Provide separation between

corporate and personal desktops

Remote Office and Branch Office Reduce costs by single point of

management Centrally control sensitive data

Business Continuity Endpoint Independence Rapid Provisioning

Remote and Mobile Users Enable desktop access regardless of

network connection type Extend security and control Centrally control sensitive data

Challenges of Traditional PC Environment Transition Opportunities

6© 2010 Cisco and/or its affiliates. All rights reserved.

Virtual eXperience Infrastructure


Desktop Virtualization Refers to the separation of the physical endpoint from

the logical desktop Endpoints may be variety of devices; applications are

hosted where ever the best user experience is offered (locally at endpoint or data center)

Access from the endpoint to the logical desktop is delivered through the network


Building Blocks for Virtual Desktop

vCenter

CentralizedVirtual Desktops

Display BrokersEnd

Station

DMZHTTPS Secure Tunnel

Datastore(s)

slot 1slot 2slot 3slot 4slot 5slot 6slot 7slot

slot 1slot 2slot 3slot 4slot 5slot 6slot 7slot 8

AD

Core Compute(Virtual Desktop)Desktop BrokersInternetDesktop

Client

High AvailabilityScalability

Edge SecurityDesktop Mobility

HTTPS LoadHigh Availability

Scalability

SecurityBandwidth & Latency

Any DeviceMedia Rich

Security

Secure Access and Accessibility


What Cisco Does with VXI…

OptimizedVideo / Audio

StreamingInteractive

Borderless Network Services

SecurityPower Mgmt

Branch Survivability

ScalableData Center

UCS Compute Bundles

Validated Integrated Open

Delivers an enhanced user experience Leverages the network as a platform Integrates with 3rd party technology in open ecosystem Drives ROI in the DC

VXI


End-to-End Security, Management and Automation

Compute

ISR

Data Center Network

WAAS

Branch

ACNS/ WAAS

Nexus

ACE

Broker

Virtualization Experience Infrastructure (VXI)

VirtualizationEndpoints

CUPC MS Office Video

Desktop Virtualization Software

Microsoft OS

Hypervisor

FCFC

UCS

VirtualCUCM

Virtual QUAD

End-to-End System

Endpoint Ecosystem

Virtualized Data Center

Virtualization Aware Network

Virtualized Collaboration Workspace

Cisco WAN

Wyse, Devon IT, iGEL

Desktop Virtualization Client


Cisco Desktop Virtualization Solution

Removes VDI deployment barriers

Combined joint partner solutions with industry leaders

Cisco Validated Designs & Services to accelerate customer success

Clients

Cisco UCS Platform

Desktop Virtualization S/WVMWare/Citrix

Virtualized Data Center

CiscoWAAS

HypervisorVMWare/Citrix

Cisco ACE

Desktop O/S

Cisco ASA

CiscoMDS9000

Family

App App Data

Storage

Unified Network Services

Unified Computing

Unified Fabric

CiscoNexus

WAN

Partner Solution Elements

Cisco Data Center Business Advantage Framework

VDI Broker


VXI Technology Partners

Storage

HW Acceleration

Virus Scan Offload

Monitoring Tools

Monitoring Tools

EndpointsDesktop

Virtualization Software

Hypervisor Management Storage Optimization

Current = In Progress =

http://images.google.com/imgres?imgurl=http://www.buholzer.ch/img/logos/igel_logo.gif&imgrefurl=http://www.buholzer.ch/pages/produkte/Produkte.html&h=60&w=92&sz=2&hl=en&start=3&um=1&tbnid=Ff6-w3ZHfT6jRM:&tbnh=52&tbnw=79&prev=/images?q=igel+logo&svnum=10&um=1&hl=en&rlz=1T4GFRC_enUS211US212


Cisco Validated Designs, validated through System Level Testing, enable customers to:• Lower risk of deploying technology solutions• Increase speed of technology solution deployment • Deploy a scalable, reliable, predictable foundation• Ease technology solution integration • Ease deployment of business critical applications• Utilize Cisco Advanced Services to customize a CVD to meet specific requirements

Detailed system design and/or implementation guidance are available to provide: • Customer use examples• Products, Software and Configurations used in design testing• Design limitations uncovered during testing

www.cisco.com/go/vxi http://iwe.cisco.com/html/index.html#url=/web/cisco-vxi

Cisco Validated Design

http://www.cisco.com/go/vxi

http://iwe.cisco.com/html/index.html%23url=/web/cisco-vxi


VXI Components- End Points -


Voice/Video embedded in the display protocol

Media flow goes all the way back to data center and back

Heavy processing on virtual desktop in data center

Bandwidth explosion Latency and jitter Display protocol and

possible endpoint become unstable

Virtual Desktop

Virtual Desktop

Cisco Unified

CMWAN

Thin Client

Display Protocol

Thin Client

Media Flow

Data Center

Signalling

Signalling

Display Protocol

Media Flow


Data Center

End User

VXC

Signalling

Signalling

PCoIP, ICA/RDP

PCoIP, ICA/RDP

MediaFlowOutside of Display Protocol

Data Center

ConnectionBroker

Desktop O/S

App App Data

Unified CM and Unified

Presence Server

manmitta

Add a few features of the endpoints into the slidesadd a few benefits of the media separation approach


End User

VXC 6215

Signalling

Signalling

ICA

PCoIP, ICA/RDP

Data Center

ConnectionBroker

Desktop O/S

App App Data

VXC 4000

Media Flow outside of Display Protocol

• Software Appliance on XP and Windows 7

• Voice Support only• Enables VXI

Collaboration for refurbished PCs

• Video & Voice Support

• Linux based endpoint• Monitors

Single:2560x1600Dual:1920x1200

• No PoE

Unified CM and Unified

Presence Server


Zero client endpoints

Integrated form factor for Cisco Unified IP Phone 8961, 9951*, 9971

VXC-2212 supports HDX/ICA, RDP

VXC-2211 supports PCoIP

Powered via Phone – Leverages existing Power over Ethernet (PoE+), or PWR-CUBE-4

Works with Cisco IP Phones to deliver voice, video, virtual desktop

* NOTE: 9951 IP Phone must have Serial Number FCH153681E0 and above, OR VID V05 and above


Zero client endpoints

Standalone form factor

VXC-2212 supports HDX/ICA, RDP

VXC-2211 supports PCoIP

Powered with Power over Ethernet (PoE+ - 30W) or with PWR-CUBE-4

Works with Cisco IP Phones to deliver voice, video, virtual desktop


Enterprise tablet that combines voice, video, collaboration, and VDI

Supports external Bluetooth/USB mouse & keyboard when docked

Supports external display in “mirror mode”

Supports Citrix Receiver, VMware View Client and Wyse PocketCloud


Zero Clients Zero Clients Software Appliance

Thin Client Enterprise Tablet

VXC 2100 Series VXC 2200Series

VXC 4000 VXC 6215 Cisco Cius

Shipping Shipping AvailableQ4CY11

Available Q1CY12

Shipping

Recent additions to the Virtualization Experience Clients (VXC) portfolio


Enables UC voice capabilities for repurposed windows PCs for virtual desktops

Introduces unique voice processing capabilities that efficiently use network and data center CPU resources, eliminating the hairpin effect

Supports Citrix XenDesktop and VMware View

Based on CIPC (Cisco IP Communicator)

Endpoint support: WinXP, Win7

Target Availability: Q4CY11

manmitta

- SHould add a bullet stating CIPC based.- First bullet. The term Rich Media is too generic and implies some type f video support. Should change to "Enables UC voice capabilities for repurposed windows PCs for virtual desktops- Change second bullet to "Intillegent network" statment recommended in previous slide


A thin client that unifies voice, video and virtual desktop in one device

Supports high quality, scalable voice and video, delivering optimal user experience

Introduces unique voice, video processing capabilities to eliminate the hairpin effect

Linux based platform supports HDX/ICA, PCoIP/RDP

Target Availability: Q1CY12


Innovative form factor that reduces real estate and simplifies management

Power over Ethernet (POE) delivering energy savings and compliance to green initiatives

Thin Client endpoint that provides a single converged desktop asset for rich media, voice and video collaboration in a hosted virtual desktop (HVD) environment

Software appliance option that leverages existing PC investments Collaborative mobile virtual workspace on an enterprise tablet Cisco Validated Design (CVD) that provides blueprint for

successful deployments and lower TCO Cisco Technical Assistance Center (TAC) support for end to end

solution

manmitta

- PoE+/PoE is not supported on all models - try to make this point clearly- EnergyWise is not directly supported - clarify- Bullet # 3 - Consider adding "Telephony" to clarify the point


VXI Components- Borderless -


Borderless Network

What happens to the network services?Bandwidth ReductionProtocol OptimizationFile cachingSecurityQoSPrintGatewayCall controlCompute

Network services depend on clientZero – Minimal local services Hybrid – Local UC and Web applications and servicesThick – Traditional local applications and services


End-users see pixelization and bad UE without WAN Optimization/Acceleration

T1

Increasing bandwidth might not help

Video processed on HVD causing bandwidth and server compute overload

End-users experience no pixelization on LAN

Branch Router

Branch Office

Data Center

Video Source

Campus

• Hairpinning•WAN’s effects on Users Experience• Display Protocol Opaque to the Network

Routing Protocol

Display ProtocolVideo

Text


Borderless NetworkNetwork Strategy

Display protocols are proprietary

Display protocols attempt to deliver media streams, text, and bulk transfer in a single or set of connections

WAAS increases WAN user density from 2X to 8X

Network Intelligence to disaggregate data types so the network can appropriately differentiate

Offer a seamless migration to web


Borderless NetworkDisplay Protocol Channels

Display protocols operate at the session layer

Display protocols were intended to remote applications and not desktops

Desktop interactions require that some local client services be extended to the remote virtual desktop

Channels provide a means to extend remote virtual desktop services

Channels cannot leverage network services like QoS, security, stream splitting, or multicast

DisplayProtocol

TCP

USB

Video

Sound

Print


• Latest release: XenDestion 5.5 – Improved HDX for WAN, better management

• HDX MediaStream and Adaptive Orchestration• Leverage client-side resources• Better server scalability• More simultaneous users over WAN (Controlling Bandwidth

Explosion)• Handle changing network conditions

• HDX Flash Redirection• Now can handle 300 ms RTL• Linux now supported• Fallback to Server-side rendering adaptively

• HDX VoIP-Over-ICA• Inline with Cisco VXI approach of separating media• SDKs for VOIP providers• Multi-Stream ICA for QoS• Larger Audio Jitter buffers

• Basic Characteristics• 64 Virtual Channels• TCP based protocol• Encryption/Compression

Citrix XenDesktop and ICA/HDX


BenefitsDescription

• New optimization controls to reduce bandwidth

• Client Side Caching• Lossless CODEC• Build to Lossless GPO

• Customize to reduce bandwidth usage on both the LAN and WAN• Optimization Controls available in GPO

• Up to 75% reduction in bandwidth usage• Improve scalability on WAN links• Increase user density on WAN• Configure by user case, user expectation and network requirements

Power User • Build to lossless (default)

• Direct CPU/GPU to endpoint mapping

• Superior image quality

Office Worker • Dynamic network management• Correct codec for each media type• Best image quality on available network bandwidth

Task Worker• Disable build to lossless

• Client side caching• Best performance on constrained WAN

View 5.0

All use cases = UDP, Secure, future proof, OS & application independent, session resilience

WIN7 Aero & Win 8 Metro

Interfaces

All video

codecs

Network latency

independent

PCoIP Optimizations – View 5.0


WAAS optimize encrypted and compressed ICA desktop session traffic ( no changes required on ICA client, HVD, or DC infrastructure) for all versions of XenDesktop and XenApp

Includes WAAS 4.4 Application aware DRE feature for unidirectional caching of desktop session traffic which improves the scalability and Application performance

Branch Office

Branch WAE Data Center WAE

WAN Acceleration for Display Protocol

Edge Router Citrix HVD

Display Protocol

ICA client

Head quarters

Note: Multi-Session ICA (MSI) in XenDesktop 5.5 is not supported in the current release. If MSI is used only one initial session (port 1498) will be optimized automatically. Other flows will be treated as regular TCP flows

WAAS 4.5 Optimization with Citrix ICA AO


Interoperate w/native ICA encryption−Without requiring manual registry changes or changes to XenDesktop

and XenApp settings− 3 flavors of RC5 (40b,56b,128b keys) with DH key exchange −SSL deployments with Citrix Access Gateway + Secure Gateway

Target Bandwidth reduction of 40% - 60% (mileage will vary) Supports XenDesktop (4.0/5.0/5.5) XenApp (6.0/6.5) and ICA Supports HDX Mediastream redirection for client multimedia rendering Fully supported by Citrix and Cisco

Citrix ICA AO Capabilities


WAAS Acceleration for vmView Connection Status

RDP-in-HTTPS session WAAS performs optimization of HTTPS flow from View Client to

Cisco ACE VIP

Multiple RDP direct mode sessions running MMR streams The byte counts give an indication of where the bulk of the data is

coming from flow-wise


WAAS can optimize both VDI (ICA, RDP, MMR, USB) and non-VDI traffic and represents more comprehensive solution

WAAS can be deployed in different form factors : hardware appliance, network module in ISR, IOS feature in ISR, as a software aplication running on SRE module, as a virtual appliance in vSphere. and as an application running on laptop.

WAAS compression ratio and performance is better than most competitor offerings

WAAS licensing is also more favorable and reduces TCO of large scale deployment.

Value of WAAS in VDI environment


Protocol Vendor Transport Bandwidth without WAAS

(Approx) Cisco KW+

Bandwidth without WAAS

(Approx) Task Worker

Bandwidth with WAAS

(Approx)Task Worker

Remote Desktop Protocol (RDP)

Microsoft TCP 3389 1.5 Mbps 384 Kbps 96 Kbps

Independent Computing Architecture (ICA)

Citrix XenDesktop 4.0/5.0/5.5

TCP 2598 CGPTCP 1494

967 Kbps 120 Kbps 60 Kbps

PC over IP (PCoIP)

Teradici / VMware

Media – UDP 50002/4172Control – TCP 50002/4172

1.5 Mbps 192 Kbps 192 Kbps

Bandwidth Reduction


VM Agent

Visibility into Display Protocol

Customer Benefits:Hosted Desktop Architecture fix-up for rich media applicationsNo change needed at end-points for deploymentDisplay protocol agnosticLeverage existing Cisco network services


Borderless NetworkQuality of Service in a Cisco VXI Network

Display protocols obscure multiple traffic types in a single TCP connection

Protocol TCP/UDP Port DSCP /CoS ValueDesktop Virtualization ProtocolsRDP7 TCP 3389 DSCP af21/CoS 2PCoIP* TCP & UDP 50002

TCP & UDP 4172DSCP af21/CoS 2 DSCP af21/CoS 2

ICA/HDX

Session

Session Reliability

Web Services

TCP 1494

TCP 2598

TCP 80

DSCP af21/CoS 2

DSCP af21/CoS 2

DSCP af21/CoS 2USB Redirection (PCoIP) TCP 32111 DSCP af11/CoS 1MMR TCP 9427 DSCP af31/CoS 4Other Protocols found within Cisco VXINetwork-based Printing (CIFS) TCP 445 DSCP af11/CoS 1UC Signaling (SCCP)

UC Signaling (SIP)

UC Signaling (CTI)

TCP 2000

TCP 5060

TCP 2748

DSCP cs3/CoS 3

DSCP cs3 /CoS 3

DSCP cs3/CoS 3UC Media (RTP, sRTP) UDP 16384 - 32767 DSCP ef/CoS 5


• VXI service only• Internet only• Full access

Differentiated Access Controlled

AccessBroker

Campus

Internet

• Policy Based Device/User Network Access Enable differentiated network access to

Device/User type Utilize existing network access control

infrastructure Allow controlled access only to VXI

infrastructure for Employee owned assets, Temporary workers etc.

• Policy Based DC resource access from HVD Common VDI infrastructure for different user groups for cost and flexibility reasons Controlled access to sensitive resources in Data Center Using Security Group Access

Goal: Extend existing SGA based access control to VDI (SMB) Using Virtual Switch and Virtual Firewall

Goal: Provide access level security closest to HVD (including east-west traffic Control)

Open to separate policy management using virtual firewalls

Central Policy Engine

Data Center Network


VXI Components- Data Center -


Data CenterConsiderations

ComputeScaleCostPerformancePower/CoolingSpace

Storage ScaleScale capacity (Linked and Flex Clones)Scale IOPS

Client Network ServicesSeparationMonitoringIP address management


Increase HVD Density by Optimizing Hypervisor Resource Usage

ACEUnified CM

QuadASA

Nexus 1000v

Virtual Security Gateway

WAAS

Compute

UCS

Objective: Maximize User Density and Improve ROI by Scaling the Data Center

Strategies

Increase HVD Density with Cisco UCS Extended Memory; preserve user experience with PCoIP Offload

Extend Investment in Shared Storage with Caching Technologies to Reduce IOPS

Increase availability and load-balance connection brokers with Cisco ACE


ComputeCisco UCS – Do More with Less!

Power Consumption

24+%

x86 Servers

50%

Infrastructure Elements

50%

VDI Instancesper Server

100%

Rack Space

30%

Distribution Layer Ports

30%

In Rack Cabling

75%

How do you achieve a 30% savings


Increase performance and capacity for demanding virtualization workloads

Xeon 5600 Xeon 5600

Cisco UCS With Extended Memory

48 DIMMsMax 384GB

Higher Performance

= > Cisco UCS Servers

HigherHVD

Density






ComputeUCS Virtual Desktop Densities

Blade ServerCPU

Server Memory

DesktopConfiguration

PerBlade

Per Chassis

Per Domain

B200-M1 Xeon5570 2.93 GHz 48 GB WinXP 512 MB 128 1,024 40,960




B250-M2 Xeon5600 192 GB Win7-32 1.5 GB 110 440 17,600

B230-M1 Xeon6500/7500 128 GB Win7-32 1.0 GB 80 640 25,600


Offloads PCoIP image processing to reduce CPU load, enable more users per server

APEX 2800PCoIP Offload Card

• Insures consistent, reliable user experience regardless of server demand

• Reduces server CPU utilization up to 50%; adapts to fluctuating workloads

• Supports up to 64 displays

• Validated with Cisco UCS C Series Rack Mount Servers

• Offload card plugs directly into server

• Can increase user density, enable existing users to run intensive apps

Cisco UCS C Series


StorageScaling IOPS With UCS and Atlantis iLio

Virtual Storage Appliance

Hypervisor

APP APP APPOS OS OS

Desktops

NAS SAN DAS

iSCSI/NFS

Desktop images (vmdk) on top of cache memory

ESX serverThe desktop vmx/vmdk file is actually created in the vmfs namespace


StorageAtlantis UCS Storage IOPS Offload

Storage IOPS are critical to scaleable VDI

Win7 with AV requires around 80 IOPS

ILIO appliance with UCS Extended Memory Technology helps in reducing IOPS over network and to disk

ILIO on UCS benefitsStorage OptimizationPerformance accelerationSupport for Stateless or Persistent desktop modelsCut storage costImproves overall user experience

48

IO Writes

IO Reads

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

Atlantis ILIO IOPS Offload (OnBlade)

IO Writes

IO Reads

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

Atlantis ILIO IOPS Offload (Top-of-Rack)


NetworkNexus 1000v Per VM Network Services

Client LAN FeaturesDHCP SnoopingDynamic ARP InspectionIP Source Guard

Virtual Ethernet Module (VEM)Networking capabilities at the hypervisor levelL2 switching, CDP, Netflow, ACLs, QoS, SNMP, etcLocal SwitchingPort Profile to simplify Network Policy

Virtual Supervisor Module (VSM)Mgmt, monitoring and config of VEM instancesSees each VEM as a virtual chassis moduleConfiguration done through port-profilesTight integration with Virtual CenterRuns on dedicated appliance or virtual machine

Virtual Chassis ConceptRedundant Supervisors (VSMs)Currently up to 64 VEM instances (64 ESX hosts)Presents a network view of the virtual access layer


NetworkVM Segmentation and Zoning

VMs can form logical groups (aka. Zones) based on VM attributes for easing policy writing and reducing policy scope

VSN (Virtual Service Node) provides enforcement policy to control network traffic flowing between VM zones.

VSN will also provide a subset of firewall inspection functions such as FTP stateful fix-up

VM #1

VM #4

VM #3

VM #2

VM #5

VM #8

VM #7

VM #6

Internet

Zone 1VSN

Zone 2

Nexus 5000


Architectures


Data CenterUCS High Density Fault Domains

Client – 1 user Branch Switch – Up

to 250 Building or WAN – 2

to 1,000 SLB – 2 to 20,000

Broker – Up to 2000 UCS Blade – Up to

332 UCS Chassis – Up to

1,328 Storage – Up to

10,000Client Broker UCS StorageWAN WAE ACEWAELAN


ArchitectureSmall Scale Virtual Desktop Architecture

BranchThin Clients or display protocol clientsWAN Acceleration (1 connection per HVD/HVA)

Data CenterWAN Acceleration From Thin Client (1 connection per HVD/HVA)BrokerVirtual DesktopsApplications

Disp Protocols

DesktopAnd

ApplicationData Centers

App Protocols


ArchitectureLarge Scale Virtual Desktop Architecture

BranchThin Clients or display protocol clientsWAN Acceleration (1 connection per HVD/HVA)

Desktop Data CenterWAN Acceleration From Thin Client (1 connection per HVD/HVA)BrokerVirtual DesktopsLimited applicationsWAN Acceleration to Application (10 connections per HVD)

Application Data CenterWAN Acceleration From HVDCentralized applications

Disp Protocols

App Protocols

TheatreDesktop

Data Centers

CorporateApplication

Data Centers


VDI StorageNFS Acceleration

Display ProtocolsRemote Desktop Protocol (RDP) – MicrosoftICA – CitrixALP - Sun/OraclePCoIP – TeradiciMany other RDP variants

StorageVMware Virtual Machine File System (VMFS)

SCSI local datastore

iSCSI remote datastore (TCP)

Fibre Channel remote datastore

Network File System (NFS) - TCP or UDP

CIFS for user data

DisplayRDPICAALP

PCoIP

StorageNFS

iSCSIFibre Channel Client Protocols

CIFSHTTP(S)

MAPIEtc

UCSC1 NAS User Data


VDI StorageWAAS NFS Acceleration

Client LAN attached terminal Native protocols over WAN Centralized VMDK and user

data

StorageNFS from ESX to NASWAAS between ESX and NAS99.6% compression (10 GB reduced to <100 MB)

C1 UCSC2 C3

RDP

WAE Network

Origin ConnectionOrigin Connection Optimized Connection

WAE NAS

NFS


Conclusion


In Summary…. Cisco’s VXI complements conventional Virtual Desktop solution

Consistent End User’s experience across LAN, WANWAN Optimization is crucial for User’s Experience

Security Simplifications at User’s EndConsistent Edge Security. Move to Data Center

Scaling Out/UP options to improve OPEXOffloading compression/encryption to network make sense

Higher Virtual Desktop Densities improves OPEXUCS’s allows higher vm densities, offers lower $$$/vm

Cisco CVD for VXIProven validated design to mitigate risks


What’s NextImplementing XenDesktop on Cisco Infrastructure

Jan 10, 2012

Implementing vmView on Cisco Infrastructure

Feb 7, 2012

Security Design and Consideration on Cisco VXI

Feb 9, 2012

Documents

Virtual Experience Infrastructure