Vdi as art

    Our way to virtual desktop infrastructure from experiment to product engineers' creative work. We approached the project with enthusiasm, thanks to which we enjoyed the process of implementation and aesthetic enjoyment of the result. Want a roadmap? Welcome to cat.



    In the scientific language, the basis of life - Aristotle would call it the energy of life - is just the desire for self-expression, and Art constantly presents new forms for its achievement.
    Oscar Wilde

    The word " Art " historically has several meanings that perfectly describe our experience of meeting and introducing VDI technology: to the satisfaction of customers and for the benefit of our own business. The first meaning goes back to the Latin "experimentum" - experience, trial. It all starts with the experiment. Our VDI campaign was no exception.

    The second meaning is more applied: torture (from the old Slavic “iskus”). And this, of course, refers to the implementation phase. But the main thing is that art is understood as a form of artistic activity. And it succinctly describes the stage of creating and launching a product on the market. So, our way to VDI: from experiment, through suffering - to the product of the creative work of engineers.

    In our case, the transition to cloud infrastructure was due to a number of objective factors. And the process itself was step-by-step, from simple to complex, which made it possible to implement it painlessly and gain the necessary experience, which formed the basis of this article. And we started by calculating the need for VDI itself.

    VDI: to be or not to be?


    VDI is being actively implemented by companies that are talking about "farms" for thousands of jobs. This is due to the high cost of implementation and a long payback period (the cost of renting one virtual station from $ 25 a month for a basic package). Mostly, the implementation decision is made in a situation where it becomes more difficult to manage the infrastructure of user workstations than to implement and administer a VDI solution. Security issues come to the fore.

    When hundreds (and even more than a thousand people) work for a company - it becomes very difficult to control them. Especially if people are dispersed like ours (administrative and technical offices in Moscow, two partner sites in the Czech Republic, dozens of secondary remote jobs from the taiga to the British seas, where you can use your own equipment. The number of potential threats increases many times. And this has become we decisive factor: the number of less than two thousand people is the geographical distribution and security requirements have served as a powerful stimulus to experiment c VDI.

    in addition, we took Take into account the following advantages of VDI:

    • Improving infrastructure manageability (centralized software upgrade without taking into account the specifics of various workstations). With a sharp growth of the company, it can be problematic to configure all workstations in accordance with the requirements of information security. Such situations arise during mergers / acquisitions of companies, when hiring a large number of remote employees and / or volunteers (for various public events), when the company has inaccessible facilities (geologists, oil workers, etc.) or just a wide network of small regional offices .
    • the ability to configure common policies - ban external drives, disable screenshots and unauthorized copying. Technical support works with billing, helpdesk and office suites, so we need to protect them by restricting access only from office locations.

    After a careful analysis of our tasks and possible risks, we decided to transfer all employees to work with VDI, access is through corporate thin clients.

    Despite the fact that VDI just allows you to safely use personal equipment (BYO practice - “bring your own”), we did not save, we were reinsured and allowed only corporate devices.

    Our company is constantly expanding (during this time we increased the presence of our employees at partners in the Czech Republic, opened a new representative office in Moscow, which houses the newly created sales department, financial services), so this scheme allowed us to scale quickly and economically. A thin client is cheaper to maintain than a PC or laptop. And storing data on corporate servers provides not only data safety, but also better protection of the working infrastructure, as it is more reliably isolated.

    Thin clients were bought by our European partner at 150 euros apiece. Then at the general meeting (the conference "Clouds Without Borders" ) we distributed them to employees. And away we go ....

    Measure seven times and ... measure again


    In such projects, the implementation process takes relatively little time. The most risky and time-consuming stage is the task analysis and solution planning. It can take from a month to a year. On average, Russian practice shows that a project is fully implemented in three to six months: data is collected, a prototype is introduced, and a productive launch starts. Europeans, on the other hand, spend 6-9 months only on analytics, logically assuming that nature is not mistaken and it will not be possible to make a full-fledged idea faster.

    But to implement a qualitatively described project is quite possible in a month. But before that you need to answer many questions:

    • What applications are used?
    • What access roles are needed?
    • How much RAM is allocated to users?
    • How much disk space?
    • What speed do you need?
    • What OS or OS - in percentage terms - do your users use? Why is this percentage exactly this?

    Why, for example, 15 percent are on Windows 7, and the rest are on Windows 10? You need to understand what prevents everyone from moving to the top ten: maybe there is an application that is not adapted for this version of the OS?  

    We approached the project creatively, thanks to which we enjoyed the implementation process and aesthetic enjoyment of the result. In our case, PoC was created in the manner of an “experiment on the subject of a rationalization proposal.”



    With a limited budget and a week allocated for implementation, we met four days: the Popular EU server in the standard configuration (139 euros per month), the Windows Server DC Edition licenses (from 130 to 150 euros per month), the RDP license (about 6 euros per month per user), thin clients themselves (150 euros apiece). Total price of a workplace is about 160 euros per person. Plus office suite and antivirus.

    There are no boundaries for perfection


    The experiment paid off, no one was hurt. But with further analysis, we decided that we needed a more reliable, secure and scalable solution, so we transferred the whole location (100 workstations, SIP-telephony) to VDI using VMware.



    The main advantages of this solution:


    So, after PoC “on the knee” we implemented a complete system using one of the best turnkey solutions on the market. Then no one assumed that our work would grow into a full-fledged commercial project without the use of WMware products.

    Black swans


    VDI usually involves server virtualization, access to office equipment, and management of mobile devices, which is why today experts prefer to use the more capacious term EUC ( end-user computing ), which describes everything from virtual workstations, printer management protocols to the management of corporate mobile phones and tablets.

    Most of the problems are related to insufficient analysis of user needs. We implemented VDI gradually, from small control groups of users to entire locations, so we found out the main problems in the early stages. The main issues that arose:

    • Does not print a local printer;
    • The webcam is not forwarding;
    • The end client does not connect to the virtual workstation.

    The problems were local in nature and were solved manually with subsequent translation to other machines. In general, the functionality and capabilities of WMware left a good impression. But we decided not to stop and follow the precepts of the classic:

    Everything, everything that threatens
    death, is fraught with mortal hearts
    Inexplicable pleasures -
    Immortality, maybe a guarantee,
    And happy is the one who, in the midst of excitement,
    could gain and know them.


    Per aspera ad ... aspera


    After all available employees were transferred to VDI, we analyzed the growth prospects and came to the disappointing conclusion that ready-made solutions are too expensive for us. One workstation came out at about $ 350, including the cost of support for a year (the cost of a thin client, VMware vSphere 6 Standard licenses, server rental, software licenses). The next step was to reduce costs by switching to Open Source.

    Due to the general mistrust of large players in cloud storage , on-premises solutions dominate in Russia .


    On-premises are offers from Citrix or from VMware, quest solutions (HP), Dell EMC, 2X, and a standard Windows terminal server. The last scenario - if you need to save money and if there are relevant specialists in the team.

    The choice between Citrix and VMware is a religious matter. VMware has the ability to quickly deploy applications, and if the deployment speed of applications is not critical, but you need a large farm, then Citrix is ​​preferable. In the deployment speed of virtual workstations between these two monsters, parity.  

    Prices for ready-made solutions are suitable only for large market players or government agencies. If it’s about a small commercial firm, she’d better buy cloud virtual machinesand rent workstations until a business development vector is clearly defined and an understanding comes that it is possible (expedient) to deploy a hybrid solution: the core is on its own hardware, and the expansion is at the expense of cloud resources. The advantages of this solution:

    • Scalability at bursts of "personnel activity";
    • Security issues are flexibly resolved: from https to two-factor authentication;
    • Ability to deploy any SaaS application using containers.  

    A hybrid solution can be implemented on VMware, unlike Citrix, which are developing towards the security and management of mobile devices. There is a solution from Amazon, but they use the same protocol as VMware.

    Many protocols hardly perform non-obvious tasks (using webcams, microphones, and other devices). Consistently recognized HDx from Citrix and PCoIP from VMware partners Terra Dici .

    In turn, an unhealthy attitude towards Open Source solutions was based on rumors and biased opinions about such projects. Over the past few years, large companies such as Intel, IBM have invested millions of dollars in them. Open Source solutions are successfully implemented by many well-known brands: Volkswagen, Walmart, AT&T, PayPal, Bloomberg and significant objects of the CERN level . As a result, over the past few years, Open Source has experienced a quantum leap in terms of security, functionality, and stability.

    Migration


    A large number of different protocols: Spice, VNC, RDP - create a field for technical creativity that attracts us with an abundance of options, opportunities ... Well, in addition, we have assembled a strong team of OpenStack developers who know and love their job. This is important because this solution requires serious competence within the company, and it is irrational to allocate individual employees for servicing and maintaining VDI.


    In terms of functionality, OpenStack is on par with on-premises solutions.

    There are a lot of modules, work with hands - even more, but this is far "not horror-horror-horror!" as it may seem.

    To get away from being tied to VMware, we selected Leostream as a connection broker, entered into a partnership agreement with them, and using the Hystax Acura platform   we will transfer the VMware infrastructure to OpenStack, thereby completing the experiment on implementing VDI in the company. This migration technology, which we mentioned in the previous paragraph, has been the subject of discussion in the global OpenStack community. Its description was presented to Russian IT specialists at the recently held World Data Center Forum., and in November, my partners and I will show it in Sydney (Australia). When the move is successfully completed, we will receive the system at an affordable price. And we formalized the experience gained and the existing experience as a commercial product , whose creation process we presented to your attention.

    The material was prepared with the participation of Roman Verbitsky, Khamzet Shogenov and Vsevolod Weiner.

    Also popular now: