Virtual desktops - Frenemies at the gate

Apple's tablet-PC darling started out as a shiny target of gadget lust offering a world of possibilities. But before long, it was a key facilitator in the battle to free the desktop from the tightly-controlled domain of the IT manager — a workable business tool that is steadily replacing long-favoured laptops for more and more mobile employees, David Braue writes.

Managing the iPad — and the dozens of imitators that will flood the market this year — promises to become one of the biggest headaches for IT managers finding it harder and harder to maintain the consistency of the corporate standard operating environment (SOE) in an intrinsically mobile world. And while the lack of viable alternatives once meant it was possible to focus on rolling out better-the-devil-you-know corporate desktops, the new mobility paradigm is driving more and more IT executives to entirely rethink their desktop platform.

For many, the answer increasingly lies in virtual desktop technology, an application delivery paradigm that was once more gimmick – a proof-of-concept borrowing from immensely-popular server virtualization – than corporate imperative. Yet with the whole idea of the corporate 'desktop' now necessarily extending to tablet computers that are more smartphone than PC, virtual desktops are gaining popularity as a way of regaining control and stemming device management chaos.

Conceptually, virtual desktops exist simply as files, stored and run on high-powered servers in a reversal of the 1990s-era client/server paradigm. In the virtual-desktop world, the client still has all the power – but it lives on the server, not the client. Indeed, virtualization has separated the whole idea of a 'client' from the application running on it: a client, these days, is simply a device. As long as you have adequate telecommunications coverage and can broadcast a functional desktop environment to that client, it doesn't matter where the client is located – or what shape it takes.

Virtual reality, real benefits

Despite its promise, virtual desktop technology has taken a while to get off its feet: for all the industry's enthusiasm, the time-honoured desktop model remains sacrosanct for many. There are also practical issues, such as ensuring that applications are easy to use on mobile devices' smaller screens, points out Mark Rugless, workplace strategy and services executive for Asia-Pacific with IBM.

"We've got a large number of proofs of concept around the region," Rugless explains. "People are trying to understand what the use cases are where it makes sense to do this." IBM's flagship local customer is the Commonwealth Department of Health and Ageing, which in December signed a $109m services deal that includes delivery of a 4500-desktop virtual desktop platform.

Recent signs suggest momentum is slowly building, even at the lower end of town. Last August, virtualization giant VMware assembled a "crack team" of desktop-virtualization specialists designed to launch a charm offensive against Australian businesses. Early takers of VMWare's View virtual desktop infrastructure (VDI) solution included two local councils — the 200-desktop City of Cockburn, south of Perth, and South Australia's City of Norwood, Payneham and St Peters — but a number of private enterprises have followed suit.

For example, bedding retailer Forty Winks' franchise in Mile End/Marion, South Australia installed View during a major virtualization project, allowing users to access MYOB and other systems from three sites – and saving workers 2.5 days per week of duplicate data entry as a result. And 90 employees of wind-power generation company Infigen Energy used View to smooth a corporate restructuring: staff could access old and new desktops at the same time, accessing applications including Microsoft Office, Visio and Project from anywhere.

Agricultural cooperative Wesfarmers has also found benefits in virtual desktops, using View and VMware's ThinApp application-virtualization system to deploy more than 150 virtual desktops running an Oracle Hyperion financial reporting application. That application was made available to employees without disrupting the individual SOEs of ten different Wesfarmers subsidiaries, saving IT managers at those subsidiaries from each having to configure, test, roll out and support the application individually. Based on its success, Wesfarmers is considering adding 350 more virtual desktops to support its workers' compensation operations.

Although many IT managers may go into a virtual desktop deployment expecting capital reductions, these deployments highlight VDI's real value. Centralisation, for example, allows concentration of computing power and attendant reductions in hardware capital and maintenance costs. It makes for easier backup, security, and user data management.

Page Break

Yet it also has drawbacks – particularly in terms of the additional capital investment required to deliver enough servers to support a VDI environment (see sidebar). With seven to nine virtual desktops supported per server CPU core and 1GB to 2GB RAM still required per server, most companies will need to bulk up their servers and storage infrastructure to bring their desktops under the data centre's wing.

Such considerations are unavoidable, and mean may companies will make the move to virtual desktops when it's a natural progression rather than a revolution, according to Trevor Clarke, senior analyst within IDC Australia's Infrastructure Group.

"A lot of Australian organisations have gone through a consolidation phase, bedded down their strategies and are looking at what to do with virtualization next," says Clarke, who recently surveyed local industry and found more than half of Australian organisations will be using VDI, although not exclusively, within a few years. Twenty percent are already doing so, he adds. "It's a matter of rolling it out and seeing that they're doing it for the right reasons."

When building a business case for virtual desktops, very real capital costs must be balanced against the projected savings from everyday management — and the ability to better execute complex or large-scale changes to the application and operating environment. As Wesfarmers in particular found, the ability to isolate desktop environments offers tantalising benefits by enabling the coexistence of different operating systems and application versions.

This is particularly useful in large companies with multiple SOEs, but it can also be used as a migration strategy that allows the maintenance of parallel desktops during an application switchover. This will make virtual desktops invaluable for IT managers staring down the end of Microsoft's Windows XP support in a few years, when they'll have no choice but to refresh Windows. In the intervening years, it's possible to move to Windows 7 and scrape a user's existing XP environment into a virtual machine so nothing outwardly changes.

Access to multiple desktops at once is one of the main reasons the Department of Defence has been outspoken in its support for the VDI concept, since many employees currently have several desktops each configured for access to information of a certain security level; virtualising these would allow access through a single device.

Access rights are another important benefit of virtual desktops. Since VDI technology is now integrated into existing management frameworks, it's possible to assign access to virtual desktops based on an individual user's access rights, job role, or ad-hoc requirements. Extend this to mobile devices and factor in the fact that virtual desktops retain their state at all times, and it becomes immediately obvious why virtual desktops are a good idea. An employee whose laptop battery dies while in the field, for example, could switch to his iPad, authenticate himself, and keep on working.

The right level of virtualization

In feeling out the opportunities of the virtualization market it's also worth considering 'application virtualization' technology, which wraps individual applications in their own virtual machines and streams them to user desktops.

"The traditional Office SOE is being disassembled," says IBM's Rugless. "Rather than having it all distributed and having to be managed so every update is loaded in a timely fashion, we're stripping the apps off and publishing them back through the network. The way the apps are stacked on the SOE provides the best performance.

This highly-granular approach, pioneered by now-Symantec subsidiary Altiris and also encapsulated in products like VMware ThinApp and Citrix XenApp, allows for easy distribution of new apps without fear that they will clash with the rest of the environment; this model can easily be extended to third parties to allow secure, streaming access to applications on demand. Expect to hear a lot more about application virtualization this year, since it – and the self-contained applications upon which it depends – is a core tenet of Apple's Mac App Store and the inevitable knockoffs enabling apps-on-demand app installation.

There is a downside: since the applications rely on the underlying operating system and hardware, this approach doesn't allow the same measure of device independence unless paired with a full virtual desktop platform as well. That's not a problem when all the devices you're working with are running the same operating system, but it can pose issues when you're trying to deliver, say, Microsoft Word to an iPad running Apple's A4 processor and the iOS operating system. Such situations require the streaming of both the applications and a suitable operating system on which to run them. Application virtualization sits aside two types of desktop virtualization — 'pooled' virtual desktops, in which a standard desktop image and applications can be delivered to many people — and 'assigned' virtual desktop model, in which each user gets a full desktop of their own that just happens to be hosted somewhere else.

Pooled desktops are easier to manage, but users tend to prefer assigned environments because they offer the customisation they're used to. Since each assigned desktop can be different, that approach can also ease the migration process if a company wants to scrape existing desktop images and drop them into a VDI container. This is possible using Microsoft P2V Migration for Software Assurance, VMware vCenter Converter, or Citrix XenConvert.

Page Break

Thankfully for decision makers, the VDI market is currently very top-heavy and straightforward to investigate. Although cloud providers like ThinkGrid and Cloud Networks Australia are experimenting with hosted virtual-desktop offerings best suited to smaller businesses, the most enterprise-ready offerings still come from Microsoft, VMware and Citrix.

Microsoft VDI Suite, VMware's View, and Citrix XenDesktop all offer both types of VDI infrastructure, while Microsoft App-V, VMware ThinApp, Citrix XenApp and Symantec Endpoint Virtualization Suite deliver application virtualization capabilities.

If you're using a range of client devices, you'll also need an appropriate viewer. VDI tools allow desktops to be accessed using a Web browser, but for better performance – and to gain access to recent innovations like Citrix's HDX technology – it's preferable to add a client application like a Microsoft RDP-capable client, VMware Player or Citrix Receiver, which Citrix endeavours to port to every new device as soon after its release as possible.

Which platform you choose may ultimately depend on your existing environment: heavy Microsoft houses, for example, will prefer a VDI infrastructure that works closely with Windows Server 2008 – and can be managed using Microsoft's System Center family of tools. That company's Virtual Machine Manager simplifies ongoing management of virtual machines, while VMware and Citrix offer their own tools to ensure the tendrils of desktop management reach into the virtual world as well.

No matter how straightforward and well-integrated the tools, it's important to remember that the old GIGO (Garbage In, Garbage Out) rule applies: VDI won't necessarily fix issues with your corporate desktops. "Iif you've got problems in the physical desktop management environment and you expect to move to a VDI environment and for those problems to suddenly disappear, that's not necessarily going to happen," says Clarke.

Caveat virtualisor

Virtual desktop technology is real, and it's delivering on its promise for some. But the technology is not without its share of sceptics: Gartner, for one, has revised its cost-savings projections downwards into the realm of single-digit cost savings.

Speaking at the firm's Gartner Symposium in Sydney in November, analyst Mark Margevicius got stuck into the whole idea of virtual desktops, suggesting that barely 10 percent of PC users – and these, primarily teleworkers, call centres and sales staff – would be using the technology by 2015. Margevicius had ten reasons why companies should be sceptical about desktop virtualization:

10. Servers need significant grunt, with 7 to 9 virtual desktop users per CPU core maximum and 1GB to 2GB of RAM per user boosting server hardware costs.

9. Storage needs can be hard to project, with hard drive performance a very real bottleneck and potential logjam if, for example, five virtual desktops all decide to run a full virus scan at the same time.

8. Heavy virtual desktop usage can bring out the worst in heavily-used networks, with latency a key issue that can affect the user experience.

7. Application performance issues, and the lack of high-end capabilities, can affect user satisfaction with virtual desktops if they feel they're being downgraded.

6. Licensing issues must be reconciled: companies assuming the delivery of applications and operating systems to virtual devices is covered under existing licenses will want to check again: Microsoft, for one, recently introduced Virtual Desktop Access licenses to cover thin-client and mobile devices that aren’t covered for virtual desktop use under existing Software Assurance licenses.

5. Offline access may not be an issue within the confines of the hardwired corporate network, but for off-net or mobile workers it can be a show-stopper. Telecoms services are better than ever, but you still need to consider and plan for potential outages.

4. Internal politics can be a real issue amongst IT teams, who are used to dealing with desktops and user support, and data centre staff, for whom the shift to virtual desktops represents a significantly large volume of additional data and users to manage.

3. They're not always easier to manage. Pooled virtual desktops may provide a cookie-cutter approach to the corporate desktop, but users tend to want more customisability. There is so far no concrete way to combine the best of both worlds, so you may very well virtualise your users' desktops to find there's just as much to manage as there was before.

2. Cost-benefit analysis is difficult. You may intuitively feel that virtual desktops will save money, but how do you translate that into your budget forecasts? There are still no hard and fast measures of savings, although a good place to start is staff and time savings from reduced user support and day-to-day management.

1. The numbers don't work. Virtual desktops cost 1.4 to 1.7 times as much as a conventional desktop, by Gartner's calculations, and this makes the whole concept unpalatable for many organisations – unless there are other operational benefits that can be quantified and offset against the additional capital investment required.

By David Braue