National Science Lab Testing, and Liking, New VDI Deployment

By Chris Preimesberger  |  Posted 2011-01-07

National Science Lab Testing, and Liking, New VDI Deployment

Virtual desktop and thin-client manufacturers have been banging promotion drums about their products for more than a decade, yet they haven't seen optimal sales numbers. That finally may be changing in 2011.

In just the last year or so, a number of longtime VDI (virtual desktop infrastructure) skeptics have come around to admitting that the time may finally be right for virtualization to go big time in the enterprise desktop world. IT managers, their budgets frozen or lessened in the tough macroeconomy of the last two years, are seeing some better numbers for 2011, and VDI deployments are on many wish lists.

Virtualization is now about two years into being a data center staple; corporate cubes and home and remote offices appear to be next.

The main reasons for this change of opinion: 1) general weariness of the three-decades-old Windows client-server/licensing model, especially cyclical operating systems upgrades and frequent security patching; 2) much-improved overall system bandwidth (read that: broadband); and 3) vastly improved VDI hardware and software.

And don't forget what might be the No. 1 reason in many people's minds: better control of corporate data stores. They're all legit reasons for a corporate desktop revolution. And it appears to be happening.

A prime example of where corporate VDI might be going exists at the federal government's Lawrence Livermore National Laboratory in Livermore, Calif., where IT project manager Robin Goldstone is currently testing a ground-breaking 250-seat, 1,250-account deployment consisting of a joint Citrix/Kaviza software package.

Kaviza, a relative newcomer in the virtual desktop business, makes a Java-based application that is installed on a server with a hypervisor-Citrix Xen or VMware ESX 4.1 or later-which enables enterprises to run Windows XP, Vista or Windows 7 across multiple desktops from one or more company servers. Citrix, of course, has a long list of software products, but for this deployment it supplied the Xen hypervisor and its HDX virtual desktop app.

LLNL is one of the most celebrated think tanks in the world. Its scientists are working on numerous projects involving global nuclear and environmental security, weapons development, geophysical studies, and complex integration projects.

"It's a unique use case. Kaviza actually made some modifications in their software to accommodate this use case. Indeed, there are other customers that have a similar need for this sort of sandbox disposal desktop environment that we built here," Goldstone said.

VDI not replacing corporate desktops-yet

LLNL is not using the Citrix/Kaviza virtual desktops in place of employees' standard desktops. Yet.

"It's a secondary desktop that any user can bring up on their screen; that desktop is outside of enterprise network boundaries," Goldstone said. "Essentially, we had to limit access to certain external sites, due to our own security posture, and that's including blocking access to things like [Google's] Gmail and Facebook.

"We've had overwhelming feedback from our employees that they require that access, for just incidental personal use as well. Plus, there are plenty of legitimate business reasons to access social networking resources."

When she looked at the risks it was introducing into the IT environment, Goldstone came up with a model "where we could provide that access outside our corporate boundaries, yet everyone could have one on their desk.??í"

After securing permission to test the VDI environment, Goldstone and her staff installed the Citrix client on each corporate computer.

"Employees can fire this [virtual desktop] up either through a browser URL or through a little desktop shortcut, which results in launching the Kaviza client, which is a little Java application," Goldstone said. "The Java app gives them a log-in window, they put in their username and password, that gets sent back to the Kaviza provisioning server, and then the provisioning server sends back a Citrix configuration file that gets executed by the Citrix client. Up pops a desktop as a window on the user's desktop."

National Science Lab Testing, and Liking, New VDI Deployment

title=Desktop Within a Desktop} 

This is really a desktop within a desktop, Goldstone said.

"One of the nice things is that the Citrix client is available for all of our regular desktop platforms. We have users here on Windows, Macs and Linux desktop, and we always try to make sure that our enterprise solutions can accommodate all of our 'customers.'"

Once the employees have their corporate window up on their desks, they still have access to Internet Explorer and Firefox browsers from their local desktop. From there, they can go to Websites that the lab doesn't allow them to access internally, Goldstone said.

"It's by design a non-persistent environment, so anything they download during their session, when they log off-poof, it's gone. The [local] desktop is destroyed, and a new one is created," Goldstone said. "However, we do let them have a little persistence in the form of bookmarks, browser settings and such."

To be clear: Documents saved inside the Citrix/Kaviza virtual desktop window stay on the corporate server; most other documents on each local client get zapped when the session ends. There are exceptions to this: When specific types of documents are identified ahead of time, they can be transferred across the two environments, Goldstone said.

"We don't allow USB or drive mapping," she said. "We do allow printer mapping; it's a nice thing to be able to print to your local printer. The only way you can move documents back and forth [between the two environments] is to e-mail say an attachment from your personal account and your lab e-mail account, or vice versa. Or you could FTP, potentially."

Goldstone said that this system can be made available for corporate partners and contractors, but typically those people bring their own corporate laptops into the office to do their work. Historically, the IT staff has had to connect those to the LLL system on an individual basis, and as any network admin knows, that's tedious business.

"We're currently working on a guest network-a virtual network-for plugging those in quickly and easily," Goldstone said.

LLNL eventually wants 1,000 seats

Currently, LLNL's is a pilot program with 250 active users and licenses for as many as 1,250 people.

"Part of the test is to find out what a reasonable ratio is because I can't give one of these to everybody-we have 5,000-plus knowledge workers," Goldstone said. "People log in and log out throughout the day, and the desktops get shared. Kaviza has implemented an idle time out for us, so that when someone conscientiously logs out, that desktop gets destroyed and a new one gets created.

"Likewise, if they just disconnect or leave the window open on their desk, eventually it'll hit the idle timeout and be put back in the pool."

Eventually, LLNL would like to have 1,000 virtual desktop seats, Goldstone said. The testing will be concluded "soon," she said, and it looks very much as if the lab will buy the whole setup and run with it.

While checking out VDI systems, Goldstone looked at VMware's desktop software, PC/IP, and saw that there was only a client for Windows.

"We've been very impressed with the performance of the Kaviza desktop and the Citrix HDX [high-definition user experience] protocol, combined with the ability to deploy it to all our users," she said.

Rocket Fuel