Enterprise Desktop Strategy 092009

Enterprise Desktop Strategy – White Paper

Application and Desktop Virtualization Page i

Enterprise Desktop Strategy

Application and Desktop Virtualization

White Paper

Joe Jessen

Analyst – Desktop Virtualization

September 2009

Copyright © 2009 Gotham Technology Group, LLC. All rights reserved.

All other marks are property of their respective owners


Application and Desktop Virtualization Page ii

Contents

Executive Overview .............................................................................................................................................. 1 Decoupling the Desktop ....................................................................................................................................... 2

Hardware ............................................................................................................................................................ 2 Operating systems and Infrastructure ................................................................................................................. 4 Applications ........................................................................................................................................................ 5 User Data ........................................................................................................................................................... 6 Maintenance and Support ................................................................................................................................... 7

Application and Desktop Options ....................................................................................................................... 9 Physical Desktop with traditionally installed applications .................................................................................... 9 Physical Desktop with Streamed Applications .................................................................................................. 10 Physical Desktop with Isolated / Virtualized Applications ................................................................................. 11 Presentation Virtualization ................................................................................................................................ 12 Virtual Desktop Technology .............................................................................................................................. 13 Operating System Streaming ............................................................................................................................ 14

Solution Selection Process ................................................................................................................................ 15 Mapping Available Technologies ...................................................................................................................... 15 Defining Use Case Scenarios and Requirements ............................................................................................. 17 Match technologies with Use Cases ................................................................................................................. 20 User Profile Virtualization ................................................................................................................................. 24

Next Steps – Enterprise Desktop Product ........................................................................................................ 25 About Gotham .................................................................................................................................................. 26


Application and Desktop Virtualization Page 1

Executive Overview

Distributed computing continues to challenge large organizations, exponentially increasing in

complexity with the growth of portfolios of applications and devices. Today’s work environment is

both global and agile, with employees working in any number of environments, including homes,

client sites, even the local coffee shop. As this diversity increases, so do the challenges of compliance

and risk requirements regarding distributed data.

Current state of the art solutions look to blend and balance the controlled stability of a centralized

computing environment with the rich application portfolio of the personal computing platform. Two

complimentary technical movements are making this possible, virtualization and centralization.

Virtualization creates distinct areas for applications and data to reside, removing dependencies on

hardware and the environment. Centralization pulls data and the program code operating against it

into data center environments, leaving only interface issues to end user devices.

Virtual Desktop Infrastructure (VDI) solutions are now presenting organizations with an alternative to

deploying traditional PC desktops. VDI follows the trend of server consolidation and virtualization

where workloads are moved from physical devices to virtual instances hosted in the corporate data

center. Implementing a managed desktop solution that incorporates traditional and virtual desktops,

an organization should expect to gain greater flexibility in delivering workspaces to users while

reducing hardware, software, and maintenance costs of supporting this new infrastructure.

An organization’s typical position on application and desktop virtualization revolves around

implementing a process to identify user profile characteristics to map the ideal desktop solution.

Typically they will have multiple options available to ensure the user experience is optimized for any

given user. This document details the process and plan to reduce the total cost of ownership while

providing the best possible user desktop experience.



Decoupling the Desktop

As consultants we have had the opportunity to assist in the planning and implementation of strategic

technology solutions at many firms. The most challenging solutions, not surprisingly, involve the

deployment of a corporate desktop.

As the primary interface, the desktop typically consumes over one third of companies’ IT budgets and

resource allocations, to ensure that users can complete their required business tasks. We have seen

many organizations spend countless hours performing system image rebuilds, and application and

operating system upgrades, with the goal of standardizing the environment, without ever achieving

the reduction in maintenance and support (hidden or soft costs) they expected.

These organizations will continually fail to achieve their TCO goals as long as they continue the

legacy approach to desktop management. There must be a complete shift in thinking about the end

point computing device, how it’s built, and how it’s managed.

The challenge before us is how to assist organizations in creating a more dynamic and scalable end

point computing environment that maintains the power and personalization of today’s desktop

environment combined with all of the controls once experienced with mainframe computing.

In the next section, we present six models organizations can use to deploy desktop services to users.

Getting to one of these models, the individual elements that make up the desktop computing

environment need to be decoupled and managed as unique items. These elements include: hardware,

operating systems, applications, user data and maintenance and support.

HARDWARE

The computing hardware is the layer on which most organizations have historically standardized.

Procurement of one machine type from a single vendor for all users reduces the complexity of



supporting the device once it has been deployed. System lifecycles vary, especially in large enterprise

environments, so inevitably, multiple machine types, with similar but not exact images of the

operating system, are supported.

PC vs. Thin Clients

Many organizations that have adopted server-based computing models (i.e., Terminal Services,

Citrix) to deliver user applications have also chosen to deploy thin client devices where no local

application processing is required. These organizations have benefited from the reduced support

required to maintain these devices and the working environment lends itself to being accessed from

multiple locations, including, potentially from the user’s home. The apparent downside to this model

is that the user must always be connected to the corporate network to get their applications and data.

PCs and laptops are the only options for organizations that have either not adopted a server based

computing model or have a large population of users who work disconnected from the corporate

network. In these scenarios it is best to establish a standard configuration specification from a single

vendor, ensuring the specifications meet the organization and application needs, for example:

Graphical display

Memory

Network connectivity

Operating System

Peripherals

Server based computing (SbC), Virtual Desktop Infrastructure (VDI), and Application Streaming and

Virtualization are all technologies that enable thin client devices to look and feel just like standard

PCs and laptops. Thin client devices significantly reduce the hidden costs of supporting the end point

computing device, such as shadow support staff (i.e., co-worker support), floor space, power and

cooling costs, transportation, travel, turnover, and time off for training. Organizations should

consider replacing PCs with thin clients wherever the applications and user data can be accessed

through server based computing solutions (Citrix and Terminal Server) or through a Virtual Desktop

infrastructure.

Organizations can realize some of the following benefits when implementing thin clients:

Centralized support – Support of the device is done through native remote control utilities,

reducing the need to send help desk engineers to visit the end user. Failed devices can be replaced

by a non-technical user in locations where no technical staff exists.

Centrally Managed Device Images– Embedded operating systems (Linux or Windows) are

deployed and managed from a centralized console.

Easier Patch Management – Patches are provided by the hardware vendor, usually within 48

hours of release from the operating system vendor, and are centrally deployed.

Increased Device Lifespan – The lifespan of thin clients is typically six to eight years, which

reduces the number of devices that need to be refreshed annually.

Increased Security – With no local hard disks, no data lives on the physical device. Deployment

of these devices to remote or public locations can be done with less concern of intellectual

property or patient data loss.

Protected Operating Environment – The operating systems are protected from the user making

any changes and are typically read-only, reducing the likelihood of the device becoming infected

by malware or viruses.



Reduced power consumption – Thin clients use less than 10% of the power of standard PCs.

WYSE provides the following sample of a comparison between 1,000 PCs and 1,000 thin client

users connected to a centralized server environment over a one year period.

1,000 PCs Number of Devices 1,000 Thin Clients + Servers

70.51 Kilowatts consumed per hour 7.14

146,660.80 Kilowatts consumed per year 14,851.20

$13,111.48 Energy costs per year $1,327.70

OPERATING SYSTEMS AND INFRASTRUCTURE

Since its earliest adoption in the business environment, IT has made significant strides to deploy and

maintain a standard PC operating system image that suits the needs of the organization. Users are

initially given little or no ability to customize the interface of the machine which is in complete

opposition to the concept of personal computing. As a result, IT is overwhelmed with requests to

grant users additional access to their desktops. With these additional privileges, the possibility of

local system and network corruption increases significantly. Creating and maintaining a centrally

managed operating system environment that is also flexible to meet the user’s needs is what is

required.

Operating System Images

Creating a single operating system image that is separated from any applications or hardware

specifics reduces the amount of maintenance and storage of such images. Additionally, a single

application- and hardware-agnostic image can be used on nearly all physical and virtual platforms.

Microsoft has an extensive set of guidelines (http://technet.microsoft.com/en-

us/library/bb456439.aspx) for developing operating system images, which Gotham recommends

following. These guidelines also include integration with Active Directory Services, and Group

Policy Objects (GPOs).

Operating System Distribution

There are several solutions that can be leveraged for creating, deploying, and managing operating

system images. Depending on the size and complexity of the environment, organizations may find

one or a combination of solutions can meet their needs.

Scripted Install – A traditional method for operating system implementation, it utilizes local (CD)

or network-based source files of the operating system in conjunction with a setup script. This

method performs a native installation of the operating system but may require a technician to

interact with the installation for it to complete. This process may be used in environments where a

local operating system is required, but hardware and peripherals are unknown prior to the

deployment, allowing the install routine to automatically identify the hardware correctly.

Applications can be added to this process through additional automated scripts or software

distribution tools.

Image Install – Image installations are a method where a completely configured desktop machine,

including applications, is prepared for deployment by first removing the personalized information

(for example, machine name) and then creating a single file of that imaged machine. The image is

copied to the destination device locally or through the network where it is extracted on the local

hard disk. Personalization scripts are then run to finalize the installation.

http://technet.microsoft.com/en-us/library/bb456439.aspx

http://technet.microsoft.com/en-us/library/bb456439.aspx



OS Streaming – These solutions load a pre-configured image of the operating system from a

central network location to a LAN-attached PC, a thin client device, or a virtual desktop. The

operating system is never installed on the local device and uses RAM and the local disk (if any)

for temporary files. When the device is rebooted, the central image is reloaded, so any changes

made by the user are lost, unless they have been stored in their roaming profiles or network file

shares.

OS Virtualization – Leveraging hypervisor technology, OS Virtualization loads multiple

instances of the operating system on network servers from a single image source. The user

interface is delivered using a presentation protocol such as Citrix’s ICA or Microsoft’s RDP.

Users have the same user experience as a locally installed operating system, regardless of their

connectivity to the network or the configuration of the local device.

Server Based Desktops – Microsoft Terminal Server enables delivery of server-based desktops

and applications to end users using PCs or thin clients. Citrix XenApp (formerly Presentation

Server) provides added features and functionality that many enterprises take advantage of.

Citrix’s ICA protocol has clients that run on all Windows and non-Windows desktop operating

systems and has historically been used as the primary method of deploying applications to remote

users.

Desktop Policies and Security

Group Policies

Central to the desktop design is the method by which the operating environment is configured and

controlled. Machines that are members of the Active Directory domain can leverage security policies

defined in Group Policy Objects (GPOs) and login scripts. Implemented in a hierarchical manner, the

top GPOs should provide the most stringent lockdowns with subsequent policies allowing additional

functionality as necessary.

Organizational Units (OU) within Active Directory can be used to group common machine types or

user types to ensure that proper security policies are implemented. It is recommended to limit the

number of OUs and Security groups that control the configuration of the desktop so as to keep the

complexity of supporting the environment to a minimum.

Active Directory tools can also be implemented to assist in creating and managing Group Policies.

Many of them have the capability of testing the effects of policies before they are implemented into

production.

Privilege by Application, not by User

To ensure the integrity of the working environment, desktop policies should restrict users from

making permanent system configuration changes. Changing the privilege state of the user or

configuring the Run As feature in Windows XP and above should be done to allow the specific

application to run. This method will maintain the system integrity while ensuring applications will

function.

APPLICATIONS

Access to applications and data is the core purpose of IT infrastructures and the desktop has

traditionally been tasked with hosting the application executables. Keeping the operating environment

performing at its peak, while hosting a complete application set has been one of the greatest

challenges IT has had to face. Traditional desktop deployments classify applications as core or line-

of-business (LOB). The core applications are those that all users require access to, whereas LOB

applications are only utilized by specific users or groups of users. Installing LOB applications locally



limits those users to working only on specific machines, preventing them from roaming or accessing

the applications remotely.

Once an application has been deployed to the desktop, the next challenge for IT is the maintenance of

the application. Code updates and patches are sometimes difficult to deploy and can possibly affect

other applications installed on the machine. For instance, some applications use commonly named

DLL files, which are expected to be on the local machine. One application may overwrite an existing

version during installation or update, causing a conflict with another application. (This is commonly

known as DLL-Hell.)

It is estimated that software product updating accounts for up to 55% of a desktop system's total cost,

whereas the initial purchase and support account for less than 45%. Electronic software distribution

(ESD) packages offer a cost-effective solution for automating the distribution and installation process.

In addition, ESD can provide capacity checking, auditing and management reports, and tools that ease

the initial installation of applications on the desktops. These solutions statistically achieve an 80%

success rate for first time installation of application packages and patches. The remaining failed

deployments usually require a desktop visit and possibly a manual installation by an engineer.

Application Streaming and Virtualization

Application Streaming and Virtualization solutions provide an alternative to the legacy ESD

solutions. These tools leverage the application packaging standards that were utilized with the ESD

solutions but instead of installing applications on the local machine, the application code is streamed

and then executed in protected memory space.

These solutions separate the application from the operating system as well as from other applications.

This application isolation eliminates the application conflicts that have been experienced in the past.

It also keeps the operating system clean, because the applications are never installed. Different

application and user security policies can be applied to individual packages, eliminating the need to

grant users elevated access on their desktops to ensure the applications will run.

Application updates and patches can be applied once to the centrally stored package and distributed

automatically to each user on their next launch of the application. In addition, previous versions of the

application can be stored for easy rollback in the event an application update causes an issue.

USER DATA

Management of users’ data is a daunting task for IT. Data lives anywhere a user has privileges – the

network, local hard drives, and portable devices (USB). A best practice is to keep all users’ data on

the network and allow nothing to be stored locally. Providing a dynamic desktop environment will

require the centralization of all application and user profile data. The user’s profile stores application

and user personalization and preferences. When configured, these preferences will load with every

user session regardless of the device they are logged into.

Roaming Profiles

A dynamic desktop environment should enable users to roam to any device, log on, and get access to

their applications and data. Roaming profiles, which allow users to save data that is typically saved in

their registry, along with profile folders that cannot be redirected (My Documents, Desktop,

Application Data, Start Menu), are one method for providing a consistent user experience for

Citrix\Terminal server environments.

A centralized user profile keeps application and user personalization in a central location and is

loaded upon logon. A roaming profile will be critical to those organizations implementing SbC and



VDI solutions, as these single image source solutions do not enable the user to make permanent

customizations to their working environment.

MAINTENANCE AND SUPPORT

Maintenance and support are the processes and tools organizations use to manage their desktop

environments. Determining the total cost of maintenance and support is difficult, as this area includes

most of the hidden costs of managing the desktop. Hidden costs, which can account for as much as

25% of the total cost of managing a desktop environment, typically include shadow (i.e., non-IT) staff

for support, floor space, power and cooling costs, transportation, travel, loss of user productivity, and

user time off for training.

Standards and guidelines establish organizational clarity on technology, business processes, and

procedures and are crucial to establishing a productive IT environment at a reasonable cost.

Technology standards include not only the technology itself, but also how that technology is

configured, managed, and supported. Standards must also be applied to the business processes and

procedures utilized in managing an organization's desktop environment, particularly if that

organization supports remote locations and users.

It is critical that an IT organization establishes consistent processes for diagnostics, maintenance,

backup/restore, disaster recovery, change and problem management and software distribution to make

the overall client/server environment more manageable and scalable.

The solutions in the IT department tool belt should include:

Automated Inventory and Software Metering – These tools help maintain the application and

license inventory of an organization

Data Backup and Disaster Recovery – Tools that maintain the integrity of the organization’s

data in the event of a system or storage failure, and the processes to recover from such a failure

End Point Monitoring – Implemented in either a proactive or reactive mode, data collected from

the endpoint can enable the help desk to address user issues in a more timely manner

Patch Management – Processes and tools for implementing application and system patches

Remote Assistance – Decreasing the time to resolution can be achieved without an engineer

leaving his desk; remote assistance tools allow the help desk to take control of the end point

device and begin troubleshooting quickly

Virus Protection and Repair – A requirement for local and network data protection

Support Levels

Defined support levels enable an IT organization to properly identify the resources required to

support an application or service and to ensure that all Service Level Agreements (SLAs) are being

met. Structured into three tiers; Help Desk, Operations Support, and Subject Matter Expert, these

resources represent a workflow on how and when an issue is escalated to the next tier.



Level 1: Help Desk support is the first tier of the support structure and provides first-line, client-

facing support to the end-user. Level 1 support responsibilities include initial issue analysis, problem

definition, problem ticket routing, and low level issue resolution. The appropriate skill set, in

conjunction with the right tools, will aid the Help Desk in successfully performing its role. Level 1

support should also include automated tools that perform event-driven issue identification and

automatic routing to Level 2 – Operations Support.

Level 2: Operations Support is the intermediate tier in the support structure and handles all issues

forwarded from the Help Desk or from automatically generated alerts. Level 2 Support rarely

interfaces directly with the end-user community, but has the authority to engage IT Technical

Management when addressing issues. Level 2 support responsibilities include core network

infrastructure, network server support, and advanced issue resolution. The appropriate skill set, in

conjunction with the right tools, will optimize these processes. Level 2 Support also implements any

new technology that directly interacts with the environment.

The Level 3: Subject Matter Expert (SME) is the highest level of expertise within the organization.

SMEs are responsible for engaging directly with IT Technical Management, and serve as technical

liaisons with vendors and the user community. The SME must possess advanced networking,

operating systems, and server hardware knowledge and highly developed troubleshooting skills.

SMEs will also be responsible for the development, testing, architecture of all designs. They are also

responsible for validating the proper implementation of any new technology that directly interacts

with the environment.

Level 3

Subject Matter

Expert

Level 2

Operations Support

Level 1

Help Desk

Es

ca

lati

on



Application and Desktop Options

Organizations have several options to deploy desktop services to their users. In this section we

identify six desktop models:

Physical desktop with traditionally installed applications

Physical desktop with streamed applications

Physical desktop with isolated / virtualized applications

Presentation virtualization

Desktop virtualization

Operating system streaming

Each solution has its own benefits to an organization, providing levels of flexibility, portability, and

security that meet the use case needs of its users.

As noted in the previous section, these models require exploring and managing the various

components of the desktop environment – hardware, operating systems, applications, user data, and

maintenance and support – individually.

PHYSICAL DESKTOP WITH TRADITIONALLY INSTALLED APPLICATIONS

In the physical desktop model, an operating system is installed on the hard drive of the device, and

applications are deployed using automated software distribution tools or manual installations.

Local applications connect directly to data on the backend.

Updates to the application require in place upgrades or complete redistribution of the application

package

This model provides the user the flexibility to work off-line (such as with a laptop), but requires

more rigorous policies to ensure the applications and data are secure.



PHYSICAL DESKTOP WITH STREAMED APPLICATIONS

In the Streamed Applications model, an operating system is installed on the hard drive of the device,

and the applications are deployed to the device from a central location on the network and are run

from a protected area on the local machine. The machine’s system files and registry are not modified,

and the application performs using local resources.

Applications connect directly to the data on the back end.

Updates to the application package are performed from a central location. Upon the next launch

the user receives the updated application.

Streamed applications can also be isolated from one another, allowing multiple versions of the

same application be run on a single device.


more rigorous policies to ensure the applications and data are secure. Streamed applications will

require to be cached to the local device before offline execution is possible.



PHYSICAL DESKTOP WITH ISOLATED / VIRTUALIZED APPLICATIONS

In the Application Isolation with Virtualization, an operating system is installed on the hard disk of

the device and a software hypervisor is installed. Application packages are distributed and executed in

the local virtual environment.

Applications connect directly to the data on the back end.

In this model, applications are explicitly isolated from the operating system which will allow for

multiple versions of an application to run, even if one of the versions is installed on the local hard

disk.


more rigorous policies to ensure the applications and data are secure.



PRESENTATION VIRTUALIZATION

With Presentation Virtualization, applications are installed and managed on centralized servers in the

data center; screen images are delivered to the users, and the users' client machines, in turn, send

keystrokes and mouse movements back to the server

Applications can be installed locally or leverage application streaming and isolation solutions

Multiple servers can act as a single resource (i.e., a server farm) to deliver applications and

desktops to client devices

Common protocols ICA and RDP are used to connect to the back end servers. Both clients and

their protocols are available from traditional desktops and from thin clients

Applications execute on the server so the client never communicates directly with the data on the

back end

This model provides only connected user access to applications; there is no offline access

capability of this solution



VIRTUAL DESKTOP TECHNOLOGY

With Virtual Desktops, servers in the data center running a hypervisor host multiple instances of a

desktop operating system. Screen images are delivered to the users, and the users' client machines, in

turn, send keystrokes and mouse movements back to the server

Desktop images are located on a central NAS/SAN

Applications can be installed within the desktop image or leverage application streaming and

isolation solutions

Multiple servers can act as a resource pool to deliver desktops to client devices

Common protocols ICA and RDP are used to connect to the back end servers; both clients and

their protocols are available from traditional desktops and from thin clients

Application execution is on the virtualized desktop instance so the client never communicates

directly with the data on the back end

This model provides connected user access to desktops; there is limited offline access capability

of this solution



OPERATING SYSTEM STREAMING

In an Operating System Streaming solution, the desktop is stored as an image on a central NAS/SAN.

During the boot of the client device, a desktop image is provisioned to it and is streamed from the

data center to the endpoint device.

The user experiences the same look and feel as a locally installed operating system, enabling

greater interaction with the underlining hardware

Applications can be installed within the desktop image or leverage application streaming and

isolation solutions

Applications connect directly with data on the back end

This model provides connected users access to desktops; there is limited offline access capability

of this solution



Solution Selection Process

There are many desktop options and possible combinations, physical and virtual alike, and therefore

the development of a desktop strategy requires three distinct steps:

Mapping the available technologies

Define use case scenarios and their requirements

Matching technologies with use cases

This section details the three steps in the process.

MAPPING AVAILABLE TECHNOLOGIES

Organizations may find that they will require the use of multiple solutions to satisfy the different use

case requirements. There are numerous options for application, desktop and presentation

virtualization. The following is a list of many the current solutions.

Technology Area/ Vendor-Product

Vendor Website Reference

Server Virtualization refers to uncoupling server operating systems from hardware hosts, allowing multiple isolated operating system environments to share the same physical server

Citrix XenServer http://www.citrix.com/English/ps2/products/product.asp?contentID=683148&ntref=hp_nav_US

IBM Virtualization http://www-03.ibm.com/systems/i/os/

Microsoft Hyper-V http://www.microsoft.com/windowsserver2008/en/us/hyperv-main.aspx

Novell Virtualization http://www.novell.com/products/server/

Oracle Virtual Iron http://www.oracle.com/virtualiron/index.html

Parallels http://www.parallels.com/solutions/consolidation/server/

RedHat Virtualization

http://www.redhat.com/rhel/server/

Sun VirtualBox http://www.sun.com/software/products/virtualbox/get.jsp?intcmp=2945

VMware ESX

VMware vSphere

http://www.vmware.com/products/vi/

http://www.vmware.com/products/vsphere/

Desktop Virtualization refers to uncoupling a client operating system environment from underlying hardware, allowing end-user workspaces to be hosted on servers and accessed remotely, or for corporate workspaces to be isolated from personal workspaces on client machines.

2X Software http://www.2x.com/

3Par http://www.3par.com/solutions/utility_computing/vmware_vdi.html

Citrix XenDesktop http://www.citrix.com/English/ps2/products/product.asp?contentID=163057

ClearCube http://www.clearcube.com/controller/virtualization_solutions.php

Desktone http://www.desktone.com/

Ericom http://www.ericom.com/virtual_desktops.asp

Kaviza http://www.kaviza.com/virtual-desktop-Products/kaviza-vdi-in-a-box.html

Leostream http://www.leostream.com/products/overview.php

Microsoft http://www.microsoft.com/virtualization/products/desktop/default.mspx

MokaFive http://www.mokafive.com/products/products-overview.php

Neocleus http://www.neocleus.com/

Pano Logic http://www.panologic.com/

http://www.citrix.com/English/ps2/products/product.asp?contentID=683148&ntref=hp_nav_US

http://www-03.ibm.com/systems/i/os/

http://www.microsoft.com/windowsserver2008/en/us/hyperv-main.aspx

http://www.novell.com/products/server/

http://www.oracle.com/virtualiron/index.html

http://www.parallels.com/solutions/consolidation/server/

http://www.redhat.com/rhel/server/

http://www.sun.com/software/products/virtualbox/get.jsp?intcmp=2945

http://www.vmware.com/products/vi/

http://www.vmware.com/products/vsphere/

http://www.2x.com/

http://www.3par.com/solutions/utility_computing/vmware_vdi.html

http://www.citrix.com/English/ps2/products/product.asp?contentID=163057

http://www.clearcube.com/controller/virtualization_solutions.php

http://www.desktone.com/

http://www.ericom.com/virtual_desktops.asp

http://www.kaviza.com/virtual-desktop-Products/kaviza-vdi-in-a-box.html

http://www.leostream.com/products/overview.php

http://www.microsoft.com/virtualization/products/desktop/default.mspx

http://www.mokafive.com/products/products-overview.php

http://www.neocleus.com/

http://www.panologic.com/



Parallels http://www.parallels.com/solutions/vdi/

Quest vWorkspace http://vworkspace.com/default.aspx

Red Hat http://www.redhat.com/rhel/desktop/

RES PowerFuse http://www.ressoftware.com/pm-products.aspx?PageID=70&menuid=1

RingCube vDesk http://www.ringcube.com/portal/content/products/vdesk/

Sentillion http://www.sentillion.com/solutions/remote-access.html

Sun Virtual Desktops

http://www.sun.com/software/vdi/index.jsp

Symantec EVS http://www.symantec.com/business/solutions/solutiondetail.jsp?solid=sol_infrastruct_op&solfid=sol_endpoint_virtualization

Teradici http://www.teradici.com/pcoip/pcoip-technology.php?gclid=CIPphNLdrJkCFQw9GgodgFhXJQ

Unidesk http://www.unidesk.com/

VDIworks http://www.vdiworks.com/new_vdi/?q=node/5

Virtual Computer NxTop

http://www.virtualcomputer.com/Products+page

VMware View http://www.vmware.com/products/view/

Presentation Virtualization refers to the delivery of applications and desktops over a common protocol that displays application user interface on a client machine, but whose code is executed on a multi-user Windows server

2X Software http://www.2x.com/

Citrix XenApp http://www.citrix.com/English/ps2/products/product.asp?contentID=186

Microsoft Terminal Services

http://www.microsoft.com/windowsserver2008/en/us/rds-product-home.aspx


Application Virtualization refers to the uncoupling of applications from host operating systems, dramatically easing deployment and allowing the virtualized application to run in its own isolated sandbox

Citrix Application Streaming

http://www.citrix.com/English/ps2/products/subfeature.asp?contentID=163987

InstallFree http://www.installfree.com/products/overview/

Microsoft App-V http://www.microsoft.com/systemcenter/appv/default.mspx

Microsoft Med-V http://www.microsoft.com/windows/enterprise/products/mdop/med-v.aspx


VMware ThinApp http://www.vmware.com/products/thinapp/

Operating System Streaming refers to uncoupling a client operating system environment from underlying hardware, allowing end-user workspaces to be dynamically streamed from a central repository to local client machines.

Citrix Provisioning Server


Profile (Personalization) Virtualization refers to the isolation of the user’s application and environment settings, storing them in a central location and applying them upon login to a physical or virtual desktop environment

AppSense EM http://www.appsense.com/products/environment_manager.aspx

Citrix Profile Manager


Liquidware Labs http://www.liquidwarelabs.com/products/profileunitypro.asp


RTO VirtualProfiles http://www.rtosoft.com/Products/VirtualProfiles/VP.htm

http://www.parallels.com/solutions/vdi/

http://vworkspace.com/default.aspx

http://www.redhat.com/rhel/desktop/

http://www.ressoftware.com/pm-products.aspx?PageID=70&menuid=1

http://www.ringcube.com/portal/content/products/vdesk/

http://www.sentillion.com/solutions/remote-access.html

http://www.sun.com/software/vdi/index.jsp

http://www.symantec.com/business/solutions/solutiondetail.jsp?solid=sol_infrastruct_op&solfid=sol_endpoint_virtualization


http://www.teradici.com/pcoip/pcoip-technology.php?gclid=CIPphNLdrJkCFQw9GgodgFhXJQ

http://www.unidesk.com/

http://www.vdiworks.com/new_vdi/?q=node/5

http://www.virtualcomputer.com/Products+page

http://www.vmware.com/products/view/

http://www.2x.com/


http://www.microsoft.com/windowsserver2008/en/us/rds-product-home.aspx



http://www.installfree.com/products/overview/

http://www.microsoft.com/systemcenter/appv/default.mspx

http://www.microsoft.com/windows/enterprise/products/mdop/med-v.aspx



http://www.vmware.com/products/thinapp/


http://www.appsense.com/products/environment_manager.aspx


http://www.liquidwarelabs.com/products/profileunitypro.asp


http://www.rtosoft.com/Products/VirtualProfiles/VP.htm



ScriptLogic Desktop Authority

http://www.scriptlogic.com/products/desktopauthority/


Tranxition http://www.tranxition.com/index.shtml

Tricerat SimplyProfiles

http://www.tricerat.com/profile

Wanova http://www.wanova.com/

DEFINING USE CASE SCENARIOS AND REQUIREMENTS

Best practice dictates the development of use cases to determine functional requirements. Use cases

are the specifications of a set of actions performed by a user on a system that yield a desired result.

Organizations typically utilize use cases during application functionality and scalability testing and do

not extend their use to application and desktop delivery.

Use cases can define basic functionality or contain detailed business processes.

Basic Use Cases

Basic use cases will enable orgnaizations to classify the user type requirements and map a specific

desktop solution to them. Some examples of basic use cases are below:

User Group / Type Requirements Solution

Business User Office Productivity Applications

Line of Business Applications

Access to network file shares and data sources

No Administrator privileges

Applications and Desktop hosted on Citrix XenApp

Network Administrator

Office Productivity Applications

Network Tools

Administrator Tools

Administrator privileges required

Desktop delivered through VDI Solution

Applications are a combination of XenApp hosted, streamed, and local tools

Application Developer

Office Productivity Applications


Development Tools

Administrative privileges required

Desktop delivered through VDI Solution

Applications are a combination of XenApp hosted, streamed and local tools

Contractor Office Productivity Applications


Applications and Desktop hosted on Citrix XenApp

The desktop delivery use case should be used as both a strategic planning tool and to validate

functionality requirements. The desktop delivery use case is made up of three profiles: Application,

Access, and User Privilege.

Application Profile

The application profile is made up of business and technical criteria that determine the best suited

platform for applications to be delivered to the end user’s desktop device.

Major Criteria Sub Criteria Description

Operating System Compatibility

Which operating systems are required and supported by the application

RAM What are the physical RAM requirements for the application

http://www.scriptlogic.com/products/desktopauthority/



http://www.tranxition.com/index.shtml

http://www.tricerat.com/profile

http://www.wanova.com/



Major Criteria Sub Criteria Description

License What is the use-license for the application: Named User, Concurrent or Unlimited Use

Disk – Installation Footprint

How much disk space does the application code occupy when installed

Hardware – Peripherals

Identify the local and network hardware that the application is required to interact with.

Network Application Server Does the application require connectivity to a back-end application server to function

Bandwidth – Data How much network bandwidth is required while the application is running

Bandwidth – UI (Latency)

How much network bandwidth is required for the UI to perform to acceptable levels

Connectivity Is connectivity to the datacenter (network) required for the application to function

Database Does the application connect to a back-end database resource to function

File Share Does the application connect to a back-end file share resource to function

Printing Does the application need to print to local or network printers

Authentication Biometrics Does the application use a biometric device to authenticate the user

Directory Services Does the application use a directory service or ACL list to authenticate the user

User Privileges What level of local and domain privileges does the user require to run the application

Offline Use User requires access to the application when they are disconnected from the network

Audio The application delivers audio content

Video High Resolution The application requires high resolution video to function

Multi – Monitor The application uses multiple monitors

Streaming Media The application delivers streamed audio and video content to the user

Software Dependencies

The application requires the existence of other software in order to function

Compliance Audit The application usage or data changes in the application requires to be audited for corporate compliance

Standards The application falls under the guidance of such standards as: HIPPA, SOX, PCI. Additional auditing and usage restrictions may apply

The application profile should be created when an application is first being tested and packaged for

the environment. The profile can be created in spreadsheet or database format. The criteria in the

table above have both business and technical criteria that would affect the outcome. Organizations

will have to determine if business requirements, such as auditing, will have stronger weighting in the

decision process, or if the decisions will be weighted on purely technical capability.

Access Profile

Applications and data need to be accessed by different people from different devices over different

connections, all with different levels of access that are governed by some set of standards and

governance. This may require an organization to provide different methods of access to the same

data; depending on the access scenario. The access profile is going to determine what level of access

will be required for the application or data set. Some of the questions that need to be answered when

defining the profile are:



Who am I?

What device am I connecting from?

How am I connecting?

What network access will I require?

What network services will I need to access?

What application and data services will I need to access?

The answers to these questions answered are the core of your access profile. Understanding the access

requirements for a particular application or user can have an effect on the decision on how that

application is delivered to the user. Applications that may have sensitive data tied to it, should be kept

away from local installations, or be put on machines that may be accessed while outside the corporate

network. Data Loss Prevention (DLP) initiatives should have some stated guidelines on data

classification and data protection solutions.

The access profile can be represented in a decision tree format, such as the one below:

A user (or use case) requests a network login. In the first decision, it is determined if the user will be

granted access to a desktop login. Short-term contractors or employees who do not access any

applications or data to perform their job function would not be granted access to the network.

If they are authenticated, then the device they are logging in from is checked if it is an organizational

asset or not. If the device is not an organizational asset, then no local apps or data should be allowed.

The user should be redirected to a Web Interface portal where they will be provisioned a Citrix or

VDI desktop.



Authenticated users on sanctioned devices will then be checked on how they are connecting to the

network. LAN/WAN users will be able to access their full application and data sets. Remote users

may be required to access their desktop through Citrix or VDI and may only have limited access to

applications and data from their local machine.

User Privilege

User privilege refers to the level of local administrative privileges that a user requires to perform their

job function, as defined in the use case. Elevated levels of user privileges allow the system’s user to

make changes to its configuration and install applications if necessary. We define these two decisions

as User Level and Admin Level. Network and system administrators and application developers are

two examples of such user types whose accounts will be granted administrative level access.

Tasks performed by these users may include making system-wide changes to their working

environment. In a multi-user environment, such as a Terminal Server with Citrix XenApp, those

changes could have an adverse effect on the other users accessing that server. In such cases, physical

desktops or virtual desktops would be the best suited environment for them.

MATCH TECHNOLOGIES WITH USE CASES

Once an organization has completed the task of profiling the applications and access requirements

and has clearly defined the desktop use cases, then we can map these requirements to specific

solutions.

Gotham has observed working with numerous clients that there is clear need to host multiple

solutions. We have found that the typical distribution of desktop use cases is approximately 20%

physical, 50% presentation virtualization, and 30% virtual desktop.



In order to reduce the complexity of maintaining multiple desktop delivery options, it is

recommended that an organization select a common application delivery solution. The application

streaming/virtualization solutions can provide a common platform for application delivery.

Applications can be packaged once and delivered to multiple platforms.

Desktop Solution Decision Tree

A decision tree will enable organizations to select the most critical criteria for determining the best

suited desktop solution for a particular use case. The following decision tree uses two decision

criteria; Offline Access and User Privileges.

Offline Access

In this step of the decision tree, we are using the user’s business need to work offline, or disconnected

from the network, as the root criteria for which a desktop solution will be deployed. If it is determined

from the first step that the user does not need to work offline, or that the application profile dictates

that their applications can only be accessed when connected to the network, then the model moves on

to the next major criteria – user privilege.



If it is determined that the user requires offline access, the next decision criteria is which operating

system does this user require, or on which operating system platforms are the applications supported.

The final decision in this process is how applications will be delivered to the user’s desktop. The

options are streamed/virtualized, isolated, or locally installed (traditional ESD). A dynamic and

efficient desktop solution will leverage streamed/virtualized applications as its method for software

delivery. If the application does not function while streamed or virtualized, then it can be considered

for isolation with a solution such as Microsoft’s Med-V or installed locally with traditional software

delivery tools.

User Privileges

The second major criteria chosen for this decision process is User Privileges. Similar to the user

privilege profile identified earlier, user privileges refers to the level of local administrative privileges

that a user requires to perform his/her job function, as defined in the use case. Elevated levels of user

privileges allow the system’s user to make changes to its configuration and install applications if

necessary. We define these two decisions as User Level and Admin Level.

After a User Level decision has been determined, we then look at whether the applications can be

supported in a Citrix/Terminal Server environment. This information would be obtained from the

Application Profile process. If the application set is suited for the Citrix/Terminal Server environment

then we follow the same application virtualization decision tasks as we did in the Offline Access tree.



If the User level is determined to be Admin Level, or the application is not suited for a

Citrix/Terminal Server environment, we determine if the user can be placed in a virtual desktop or

have to remain on a Physical desktop. The Application Profile will drive this decision, but

requirements such as access to local data will affect the virtual desktop decision. Once a decision has

been made to put the user in a virtual desktop environment we then follow the same decision criteria

for operating system and application virtualization as was done in the Offline Access tree.



USER PROFILE VIRTUALIZATION

Having multiple desktop solutions available adds an additional challenge for organizations, which is

the centralization and management of a user’s profile. A user’s profile consists of application and

registry settings, files, and folders that are made available to them upon login. There are significant

benefits to having individual user profiles:

User’s application and profile changes do not affect another profile’s customization

Multiple users can work on the same device, each with their own personalizations

Settings are centrally stored between the logoff and logon time and can be accessed from any

device on the network (roaming profiles)

Making personalization available to the users, regardless of the desktop platform is the challenge.

Active Directory and Windows allow a user to store two profiles; Desktop and Terminal Server.

Along with group policies and folder redirection, an organization can manage the core of a user’s

session personalization. As a profile is used, it can grow significantly from its original size and is

sometimes prone to problems that result in end user issues such as slow logon/logoff times and

corruption in the profile.

To address these potential issues, organizations have turned to solutions that centrally manage and

maintain the user’s profile. These solutions streamline the profile creation process by taking the

settings and putting them into a database, and removing the reliance on Active Directory to store and

enforce the policies. These solutions are able to differentiate between physical and virtual desktops

and terminal server sessions and can provide the same personalization without having to store

multiple profiles for the same user.

It is recommended that organizations consider a profile virtualization solution as part of the desktop

strategy.



Next Steps – Enterprise Desktop Product

Organizations should strive to create and deploy a consumable Enterprise Desktop product offering.

Organizations need to develop this product in the way an outside vendor providing hosted desktop

services would. This will provide organizations with a model built on end-to-end costs as that product

is designed to maximize capital investment.

Organizations need to develop:

A method for identifying and segmenting clients for whom this product is an appropriate solution

A process for assembling and delivering the product

It is recommended to choose an initial use case or business unit and moving them through this process

in such a way as to create a template for subsequent deployments.

The target business unit (TBU) will be profiled for network connectivity, application portfolio, and

data access requirements. A quantitative analysis of these elements will indicate which product will

be the most appropriate low-cost fit. Products will be established and versioned based on current

knowledge and requirements for the TBU.

The target business unit should have a solid potential consumer for physical and thin client desktops.

The template for developing fit needs to recognize both appropriate and inappropriate uses for the

models.

The template process must take in key elements of the TBU’s environment and assign a best fit

desktop platform. Key elements will include the application profile, the location of the data sets

needed by the applications, and the available network bandwidth between users and these elements.

It is also important to plan for any use case structures that exist for this offering. Use cases may

include situations such as

Working at the home office

Working from a traveling or remote office

Working from a hotel

Working from home

Once these elements have been assembled, an initial product offering can be assembled to meet the

spectrum of needs. Fit can begin to be measured across this template. This initial offering can then be

tested across a pilot community at the TBU. Once the process structure is complete, make necessary

template changes to improve the template process for use by additional businesses.



ABOUT THE AUTHOR

Joe Jessen is an Analyst for Desktop Virtualization and Director of Professional Services for Gotham

Technology Group.

Joe has extensive practical experience in enterprise solution implementation, system integration,

network architecture, and security. Joe was formerly a Manager of Citrix Consulting Services and

Global Director of Server Based Computing for FutureLink an international Application Service

Provider.

ABOUT GOTHAM TECHNOLOGY GROUP

Gotham Technology Group, LLC, is in the business of providing guidance and direction to IT

professionals. With offices throughout the New York Tri-State area, Gotham serves clients based

throughout the Northeastern United States, and delivers good and services across the globe. Gotham’s

Practices include Application Development, Infrastructure, Security, Staff Augmentation, Storage,

and Virtualization.

Gotham Technology Group, LLC Main Phone Number: (201) 474-4200

www.gothamtg.com

New Jersey Office

1 Paragon Drive

Montvale, NJ 07645

New York City Office

888 7th Avenue

New York, NY 10106

Connecticut Office

4 Research Drive, Suite 402

Shelton, CT 06484

Copyright © 2009 Gotham Technology Group, LLC.

All rights reserved.

This document contains information that is confidential and is the

property of Gotham Technology Group. It may not be copied,

published or used, in whole or in part, for any purpose other than

expressly authorized by Gotham Technology Group.

http://www.gothamtg.com/