By: Frank Ohlhorst dnu
F5 networks brings added oomph to VMware Virtual Desktop Infrastructure deployments with its Application Ready Solution for VMware View 4.5, an add-on capability for F5's BIG-IP Edge Gateway that consists of a set of best practices, guidelines and policies for speeding deployment and optimizing performance. This solution, which is part of a line of application-specific add-ons from F5, can save time by eliminating the need for much of the manual configuration associated with pushing out a new application to the field.
The BIG-IP Edge Gateway is offered as a hardware appliance that incorporates multiple hardware and software technologies designed to improve connectivity between remote users/sites and the data center by optimizing throughput and reducing latency through improved packet compression, packet de-duplication and local caching.
Perhaps the biggest demand for WAN optimization solutions comes from the consolidation market, where enterprises are looking to roll branch offices into the data center and consolidate desktop PCs with a shift toward offering PCs as a service. Those transformations increase the demand placed on data center resources and increases the demand for bandwidth.
Increased traffic demand is usually met by purchasing additional bandwidth. However, that can prove to be an expensive and inefficient way to move data to remote offices or mobile workers. The better solution is to first maximize the throughput of any existing connectivity options in place, and that is the goal of a WAN optimization and acceleration product.
Based on my tests, the F5 solution offers a solid option for achieving this goal in the context of VMware View 4.5 deployments. What's more, I saw no challenges with using a BIG-IP Edge Gateway to replace independent VPN hardware, act as a single sign-on solution appliance, shape traffic, accelerate applications and improve connectivity management and provide access policies.
Testing the BIG-IP Edge Gateway
I took a detailed look at F5's BIG-IP Edge Gateway appliance to see how the technology works and what benefits it can offer in the real world. F5 offered me access to two devices, one located in Seattle, the other one located in London, using both remote desktop access and the product's browser-accessible consoles. I was also able to examine a physical device at F5's Seattle offices and attend some basic training on how to deploy and use the BIG-IP Edge Gateway.
As the product name implies, the unit is installed at the edge of the network, becoming the communications sentry or gateway between remote/external users and the network. The product incorporates many features, including a high performance SSL VPN, which adds a layer of security to remote access, without complicating things for the user. I found it quite simple to install the client application, which was also very easy to use. As a matter of fact, the client application simplifies access to the data center and could prove to be a real time saver for remote users.
Typically, a device that is chock full of features and capabilities can be difficult to manage and troubleshoot; however, F5 has moved far away from the days of RS232-based consoles, telnet and a CLI, and now offers a management GUI. I found the GUI-based management intuitive- the device offers context-sensitive help, ample deployment wizards and a coherent dashboard design that eases deployment, setup and usage. Nonetheless, don't kid yourself, the BIG-IP Edge Gateway is not a plug-and-play solution; you must understand network design and concepts to properly use the device.
VMware View Enhancements
I looked at the new features offered for View 4.5, which are geared toward performance and ease of use. First and foremost is single sign-on capabilities. With SSO, I was able to configure the desktop client to access a VMware View session with a single set of credentials. Behind the scenes, I was able to define the various sign-on credentials and relationships needed to initiate a session; those credentials were associated with a user's master set of credentials, allowing the user to sign on and access his or her VMware View session with a single log-on and password. That eliminates the need to separately log into a VPN, remote access client, the server and VMware View- a major time saver.
In practice, the BIG-IP Edge Gateway caches sign-on credentials and enables authentication pass-through during the log-on process. If the connection drops, the user will automatically be re-authenticated; this helps to keep sessions live and prevents disconnects from leaving active View sessions in limbo, until an administrator manually shuts them down. Another benefit is that the user experiences a faster, easier log-onâremoving one of the biggest complaints associated with VDI.
The BIG-IP Edge Gateway provides enhanced support for the PCoIP display protocol, which is used by VMware View 4.5. Those enhancements include a DTLS (Datagram Transport Layer Security) feature, which improves the security of PC over IP communications transport, without impacting performance. Further enhancing connectivity is the BIG-IP Edge Gateway's support of automatic TCP fallback, which maintains a connection between the client and the VMview session if a high-performance UDP (User Datagram Protocol) tunnel cannot be established. Under testing, the performance enhancements were readily apparent; screen updates and key strokes exhibited no lag over a simulated WAN connection, showing that the optimization does indeed benefit remote users of VMware View 4.5.
The BIG-IP Edge Gateway offers enhanced scalability for VMware View 4.5 solutions, thanks to the products LTM (Local Traffic Manager), which optimizes local traffic and allows the server to offload CPU-intensive functions, such as load balancing, health monitoring, session persistence, and SSL (Secure Sockets Layer) server functions used by VMware View connection brokers. For the most part, LTM is automated and required very little setup on my part and offered features that allow VMware View hosts to handle more connections and support more active sessions, as well as improving traffic performance.