Horizon Workspace at Scale:

Deploying to 15,000 VMware Employees

Andrew Hawthorn, VMware

Bhavin Mathia, VMware

Vishesh Nirwal, VMware

EUC5004

#EUC5004

2

Agenda

Why Horizon Workspace?

What We Did (The Process)

Architecture of the Solution

Best Practices

Lessons Learned

Value of the Solution

Q&A

3

IT’s Objective for End User Computing Infrastructure

Deliver the right business apps and data to

user devices in a way that is efficient and

secure for IT and productive for the end user

4

The Requirements We Used to Have…

Change is hard and highly managed

Software implemented from the center out

Difficult to adjust to users needs

Control Through Ownership People you employ

Using a network you

own to connect to…

Using software you own on a

Windows desktop you own

An application you own,

running on a server you own

5

What the World Wants Now…

Control & Governance are Becoming More Challenging

Inability to track, control or secure information assets

Can not remove access you didn’t grant

Serious compliance concerns

Apps live in many

clouds and are easily

procured without IT

Always connected, via

3G, 4G and public or

personal wifi

Non-owned devices and

multiple non-Windows OSs

Employees, contractors

outsourcers, partners

citizens, students

6

How to Optimize Delivery of EUC Services

Manage

users, not

devices

Embrace

co-ownership

Architect for

change and

continual

improvement

Prioritize

end user

experience

Treat mobile

as a first-

class citizen

7

VMware Horizon is the Platform for Workforce Mobility

Broker: Manage & secure

centrally and broker services

to your workforce by policy

300

Transform: Transform

desktops, diverse

apps and data into

centralized services

Deliver: Empower your

workforce with flexible

access across devices,

locations and connectivity

8

What We Wanted to Accomplish

Improve the productivity of the employees as

well as provide secure collaboration with

contractors, clients, partners, etc.

Improve security of the entire system

Deliver the freedom employees want (BYOD) with

the security and control IT needs Horizon

Workspace will

help prepare IT

for the end of

the post-PC era

and embrace

the BYOD

movement. Reduce IT costs:

• Optimize application licenses

• Utilize existing infrastructure, resources and skills

• Reduce helpdesk calls: application access, password resets

9

The Challenges – How Big Was the Problem?

VMware

IT

15k Employees

59k Partners

2+ Devices Per Employee

50+ Internal/

Custom Apps

15k Logins

Per Day

4+ File

Repositories

80+ SaaS Apps

• Siloed access management

• Multiple file repositories

• Heterogeneous application portfolio

• Difficult audit & compliance

• Weak security

• Manual provisioning

• Lack of device support

• Increased license costs

• Huge support costs

Problems

10

Today: 18K Users, 88 Web Apps and 31 View Pools

11

How Did We Get Here?

First Month Second Month Third Month

Week 1-2

Start Small (12 people)

Week 5-6

Rollout to IT (500 people)

Validated Architecture

Week 7-8

Establish production processes

Week 3-4

Develop usage patterns

Initial processes

Months 36

Rollout By Department

12

How Many IT Admins Would You Expect Run This System?

13

Horizon Workspace: Staffing

Reasons

• Runs on industry standard platforms

• Works well with existing vSphere infrastructure

• Out of the box functionality

• Operational efficiencies achieved with

appropriate architecture and minimum scripting

Answer:

2 FTE

just

Equivalent to

14

Horizon Workspace Solution Components

• vSphere

• vCenter

• vCenter Operation Manager

• vCenter Site Recovery Manager

• View

• PostgreSQL

• Active Directory

• RSA Authentication Manager

• RSA Secure-ID

• HP BL460 G8

• EMC Isilon

• EMC VNX 7500

15

Horizon Workspace Architecture

Mobile Users

Web Client

Gateway

Service

Connector

Data

Internal Users/Clients

Configurator

https://horizonwork

space.vmware.co

m/web

Port: 443

Internal VIP

Port: 443

External VIP

gw1 to gw4 conn1 and conn6

8443

RSA

Kerberos

RSA

AD

LDAP

443

svc1 and svc2

Postgress Database postgres-db1 (Active) postgres-d2 (Standby)

5432

5432

Preview-vip

Port 80

Preview 1 to 3

443

443

Port

443

443

443

80, 443, 7071, 7072

data1 to data11

ldap-vip

Port 8443

16

Scale-Out Architecture

All supported with 3 ESX servers: 90 vCPUs, 250 GB vRAM, 2 TB

block storage, 3+ TB NFS storage in use

17

Data Best Practices

• New users get synced to Workspace via

nightly script

• Every data node has a Class of Service

(CoS) attached to it

• Every CoS has one active directory

group entitlement

• Script automatically add users to one of

these security group based on their Geo

Data Provisioning

Disk Quota Mgmt.

• By default all users gets 5 GB quota

User Group

5 GB

20 GB

• Weekly script for users at 80% capacity to

get a bump in quota

18

View Pools Best Practices

31 pools

External

Internal

Connector

US

19

Horizon Workspace: Application Catalog

20

Application Best Practices

• On-board app in pre-production environment

• Supported use cases (SP SSO, IDP SSO & application logout)

• Dual mode authentication

• User provisioning to apps

NEW APP

• Set-up app for production

• Set-up group

• Entitle users as per access policy

• Communication for new app in workspace

PRODUCTION

• Set-up app in workspace for QA & UAT environments

• Verified support use cases

QA / UAT

21

The Horizon Suite: Centralized Admin and Unified Workspace

Horizon Management

User Management

Policy Management

Apps Management (Web, Mobile)

Desktop Management

File/Data Management

Authentication

& User Sync

Entitled Data,

Apps & Desktops

VMware View

Files/Data

On-premise Apps

Public & Enterprise

Mobile Apps

SaaS Apps

Authentication

Unified

Workspace (Files, Apps,

Desktop, Mobile)

Any Device

(Desktop, Web,

Mobile, VMware

View, MVP)

22

VMware Horizon Workspace Serves Both IT and End Users

Get access to a secure

workspace that contains the

user’s files, apps, and Windows

desktops on any device

END USERS

Provision, populate,

manage and secure the

workspace remotely across

all users and devices

IT ADMINS

23

Lessons Learned

Design decisions are important up front

• Data – determine the number of data nodes you need

• Data – How many Class of Services (CoS)?

• What are your storage (Data BLOB needs) requirements?

• Data, Apps, View entitlements – how can you automate?

• Highly available environment – make every node redundant

Understand your usage patterns

• 95% of users are fine with 5gb storage

Solidify processes before rolling out to masses

Operational efficiencies can be done with

minimal scripting

Once deployed, minimum administration

• Admin needed for troubleshooting

• Admin needed to onboard an application

24

Results

Better User Productivity

Lower Help Desk Costs

Improved Security

Easier Compliance

85% reduction in time to access information.

BYOD / Mobile Access

No password resets

75% reduction in helpdesk tickets related to password resets

No extra overhead for Workspace

Strong passwords now applied to 88 applications uniformly

Enterprise-wide compliance strategy

Per-user auditing of application access

1 3 2 4

25

Results and Benefits

• Rolled out to 15,000 employees

• VMware employees are accessing over 72 applications, 6000 virtual desktops, and 4 TB of data through Horizon Workspace clients on iOS, Android, Windows and Mac OS devices

Results

Benefits

• End-users have one AD password and a single place to access, sync and share data

• Strong authentication if outside network

• Single administrative dashboard

• Single place to de-provision when employee leaves the company

405

50

January February March April May

Oracle EBS Service Tickets

Introduction of Horizon

“Nearly 90% drop in service tickets and that’s just one of

72 applications. Each of those tickets is an average of 30

minutes of helpdesk time. That’s an annual savings of

$63k—just for one application.”

Thirumalesh Reddy-IT Deployment Manager

26

What We Wanted to Accomplish

Improve the productivity of the employees as well

as provide secure collaboration with contractors,

clients, partners, etc.

Improve security of the entire system

Deliver the freedom employees want (BYOD) with

the security and control IT needs

Reduce IT costs:

• Optimize application licenses

• Utilize existing infrastructure, resources and skills

• Reduce helpdesk calls: application access, password resets

27

Questions?

Documentation and Technical Resources:

http://www.vmware.com/products/desktop_virtualization/horizon-

workspace/resources.html

Other VMware Activities Related to This Session:

HOL:

HOL-MBL-1304

Horizon Workspace - Explore and Deploy

Group Discussions:

EUC1005-GD

Workspace with Rasmus Jensen

THANK YOU

Horizon Workspace at Scale:

Deploying to 15,000 VMware Employees

Andrew Hawthorn, VMware

Bhavin Mathia, VMware

Vishesh Nirwal, VMware

EUC5004

#EUC5004