OpenStack is changing the equation for virtual desktops and has the potential to turn VDI on its head.
Sneaking up through the ranks of open source software, OpenStack is increasingly being used to control large pools of compute, storage, and networking resources throughout a datacenter. Why not use it for your virtual desktop environments, as well?
6. Premier Connection Broker
management platform for
hosted desktops for over
10 years.
Large organizations with complicated
use cases require additional
management capability and control
settings provided by Leostream.
7. Hundreds of organizations rely on
Leostream Connection Broker and DaaS
to make desktop virtualization work.
8. • Physical and virtual
desktops (HDI and VDI)
• Red Hat, VMware,
Microsoft, and Citrix
virtualization platforms
• Viewing protocols include
HP RGS, SPICE, NX,
RDP/RemoteFX, HDX/ICA,
Exceed onDemand, VNC,
and PCoIP
• Windows and Linux
remote desktops
Enterprise-Ready Approach
to Connection Management
11. OpenStack software controls
large pools of compute, storage,
and networking resources
throughout a datacenter
Open Source!
Commercial versions available:
VMware, HP, Mirantis, etc.
OpenStack
Overview
12. Nova - Compute
Cinder – Block storage
Swift – Object storage
Comprised of Individual
Projects Addressing Specific
Functionality
Glance - Imaging
Horizon – Dashboard
Neutron - Networking
13. OpenStack
Hypervisor Support
Any option is just fine if you’re
managing VDI/DaaS!
http://docs.openstack.org/developer/nova/support-matrix.html
KVM
Most feature-rich option
Default hypervisor in many
OpenStack distributions
Commercial Hypervisors
VMware vSphere
Citrix XenServer
Microsoft Hyper-V
17. Users can be grouped into Projects or Tenants
Projects can include quotas, to limit compute, storage,
etc., used by a particular tenant
For DaaS environments, this allows the MSP to separate
and track resource allocation per customer
Multi-tenant
18. Build custom images for each customer or use case
Spin up new desktops from these images in minutes
On-Demand Availability
19. Provide private network for each tenant/customer
Each tenant can have its own IP address scheme
Instances are isolated within their defined network
Security groups define Firewall rules
Networking
20. Avoids commercial licenses associated with other
VDI stacks
Many hypervisors are free!
Less Expensive
21. Leostream allows you to manage
and connect users to desktops in an
OpenStack cloud.
Managing OpenStack
Clouds with Leostream
22. How to manage boot and login
storms
How to provide adequate
performance for the applications
and desktop connection
How to get users connected to their
desktops
Considerations when
building VDI/DaaS in
an OpenStack cloud
1.
2.
3.
23. How to manage boot and
login storms
Schedule instances to be
created and powered on
before high demand begins
Power down or terminate
instances that are no longer in
use or needed
Cluster the connection broker
that processes user logins
1.
24. How to provide adequate
performance
Use instance size appropriate to
installed applications
Use a display protocol with
adequate performance
2.
25. How to get users
connected to their desktops
Choose a connection broker
that supports your
environment
Consider if you will host
Windows and/or Linux Oss
Make sure the broker
supports your chosen display
protocol
3.
26. What Can You Do With
Leostream/Openstack
Integration?
Leostream leverages the OpenStack APIs to:
1
Manage the inventory
of instances (desktops)
in OpenStack
2
Provision new
instances from
existing images
3
Assign public IP
addresses to new
instances
28. Pools of OpenStack instances based on use cases
Parameters that determine how the users
connection to their instance is established and
managed
Rules that indicate which pools users may access
Use a Connection Broker
to Define…
30. Conclusion
OpenStack clouds are viable solutions for hosting
VDI or Desktops-as-a-Service
Any hypervisor is suitable for desktop workloads
Key to delivering desktops is choosing an
adequate display protocol and connection broker
31. Get Started
with a Free
30 Day Trial
Free Leostream trial at:
www.leostream.com
Notas do Editor
Hello, and thank you for joining the Leostream webinar “How to make OpenStack VDI and Desktops-as-a-Service a reality”!
Here’s the agenda for today. Some of you are familiar faces, but OpenStack is such a hot topic that there are some new names in the crowd. For those of you who are not familiar with Leostream, we’ll start with a brief overview of who we are, and why it is we feel we’re capable of speaking about VDI and DaaS.
Then, we’ll give a quick overview of OpenStack. The intent here is only to make sure everyone is on the same page. While we’re well versed in VDI and DaaS, we are not (nor will I claim to be!) an expert in OpenStack.
But, what I can tell you is why OpenStack is a good solution for VDI. And, of course, we’ll demonstrate how VDI can be set up and managed using OpenStack and our own Leostream Connection Broker.
First, who is Leostream!?
Simply put, Leostream is a software vender that specializes in connection management platforms for hosted desktop solutions. Over 10 years ago, we launched our flagship product the Leostream Connection Broker and, since then, we have been helping large organizations around the world turn VDI (or any other hosted resource management) into a reality.
Our focus has always been exclusively on connection management, meaning knowing which desktop or other resource to connect the user to based who that user is and where they are located. Because we’ve kept our focus laser sharp on connection management, we’ve become very good at it. Our Connection Broker platform is the most flexible, vendor-neutral product on the market.
All that to say, when it comes to managing VDI and DaaS, we know what we’re talking about!
Here you see just a few of our customers. Because our focus is on solving the tough problems, are customers have always been the big names in the major verticals such as Finance, Oil & Gas, Semi-conductor design, and Healthcare. Our connection broker is used to manage VDI deployments with upwards of 10,000 users, with typical deployments in the thousands.
All that to say, we know how to handle scale!
So, what is the Leostream Connection Broker? Well, it’s an enterprise ready approach to connection management. OK, great, what does that mean? It means doing more than just VDI, and doing it in a way that makes it easy to scale and build resilient systems.
At Leostream, our customers are building complex hosted desktop systems that often include a mixture of physical systems (be those workstations, HP Moonshot Systems, or desktops) and virtual machines. They may even have a mixture of virtualization platforms in their datacenter.
But, one thing they almost always have is a mixture of Windows and Linux operating systems on the remote side. We are one of the few Connection Brokers on the market that can manage both types of operating systems side-by-side. To facilitate different types of remote operating systems, we support a wide range of display protocols, many of which are high performance protocols such as HP RGS. How can we do all this? By architecting the Connection Broker in a way that it manages the end points without interfering in the data path of the user’s connection.
Here’s the key to the last few slides: We’re been working with complicated hosted desktop environments for years, and we have a solution that can manage those environments efficiently and with the required flexibility..
Just quickly, even if you are new to Leostream, rest assured that the other major technical players in the industry are not. We have strong partnerships with many of the other companies in the VDI space, from thin client venders, to workstation and virtualization venders, to display protocols and SSL VPN vendors.
OK, enough about Leostream! Let’s get into the topic you’re all here to hear about, starting with a little about OpenStack!
Again, our goal in this overview is just to make sure everyone is on the same page and has a general idea of what OpenStack is. So, on that note, what is OpenStack?
OpenStack software is cloud control software. By that, I mean that it controls pools of compute, storage and networking throughout a datacenter. It effectively turns your data center into a cloud. But, what does that mean, “turning it into a cloud?” I think of it in terms of utilization and orchestration. When you transform to a cloud, you maximize utilization of resources (all those compute, storage, and networking bits) and provide on-demand access to applications, which can include, as it turns out, desktops.
As I’m sure you’re all well aware, OpenStack is open source, which is openly awesome. Open source software fosters flexibility, by not locking you into a particular stack (similar to the flexibly we provide at Leostream.) It has a large community of developers contributing to the code base, which gives it a peer-reviewed structure that increases reliability. And, with the code open to anyone, security flaws are typically uncovered and addressed faster, and feature implementation and deployments are faster.
Maybe you’re uncomfortable with open source? Well, OpenStack has a number of enterprise contributors, several of which provide a branded version of OpenStack. So, you can have open source and a commercial SLA. Major Win!
So, when I say OpenStack, what do you actually get? The OpenStack software consists of over 10 different projects, each with a focus on a particular aspect of the datacenter. The oldest (and some would argue, most production ready) projects are the items required for DaaS and VDI, and they’re what you see in the figure (which I admit I borrowed from the OpenStack website.)
Nova handles Compute. It is the project that ultimately runs your desktops (or servers, if you want to think of them that way.) Cinder and Swift handle storage. But, when you’re looking at desktop workloads, really Cinder’s block storage is the way to go. Each desktop is a persistent volume that can be attached to a running instance. (Persistent storage is important for desktops. Imagine if your laptop lost all your data every time you rebooted it!)
The Glance project handles imaging. These are the tools that allow you to create a master image of a customer’s desktop, and then quickly provision new on-demand instances (meaning desktops) from that image.
Neutron is a network service for OpenStack. It provides tools that can build per-tenant private networks, for example, which is handy for multi-tenant environments (more on that, later!)
Lastly, I mention Horizon, which is the Dashboard project. It provides a UI on top of your OpenStack cloud, where you can create images, instances, networks, and more. But, as we’ll show, it’s not the UI you’ll use to manage VDI or DaaS.
Recall I mentioned that OpenStack is cloud control software? It controls the compute, but does not provide the bits that run the compute. That is the job of a hypervisor.
OpenStack supports a wide range of hypervisors (remember that “flexibility” benefit of being open source!) By and large, most current OpenStack deployments use KVM., which makes sense: Open source hypervisor for an Open Source management stack.
KVM is noted in the OpenStack documentation (you see that little link at the bottom of the slide) as being the mostly highly tested and supported hypervisor for OpenStack, with commercial hypervisors from the likes of VMware, Citrix, and Microsoft coming in second.
But, when it comes to the features you need to successfully manage VDI or DaaS, the feature sets provided by any of the hypervisors are adequate. For example, that same OpenStack doc indicates that the live migration feature isn’t support for VMware. Well, for desktop loads, that’s probably OK. Servers may need to be up 100% of the time, but desktops usually have some downtime (everyone sleeps!)
The key when choosing your hypervisor is just to think about what you may already have in-house vs. what may come with the OpenStack distribution you decide to use.
OK, obligatory complicated picture!
You’ll noticed when I talked about open source software that I didn’t list “simplification” as a benefit. This picture shows just one example of how to architect the underlying compute and storage nodes. It happens to be taken from the HP Helion OpenStack documentation (which I did simply because our demo uses the HP Helion OpenStack Community edition. That’s not a plug, it’s simply done because HP is a partner of ours.)
On that note, here’s where having a good OpenStack partner, such as Canonical, SUSE or Mirantis, can help you out. There are a lot of considerations to take into account, and hardware to potentially purchase. Distributions like HP Helion OpenStack Community have proof-of-concept versions that can be installed on a single box, giving you a test environment to just play around with. But, never use those for production.
OK, enough on OpenStack basics. Just keep in mind that OpenStack software is cloud management software that allows you to maximize utilization for compute, storage, and networking in your data center, and that it provides an API that can be used to build tools that allow end users to provision and access the resources they need. Moving on!
What about OpenStack makes it good for VDI and DaaS?
We’re going to look at four key aspects. Don’t worry if you didn’t get a chance to read these. We’re going to cover them individually in the next four slides.
First, multi-tenancy.
Almost the first thing we hear from an MSP who wants to sell Desktops-as-a-service is, “Is your solution multi-tenant”?
It goes without saying that if you are managing desktops for independent organizations, you need to keep those desktops isolated. It’s not like they wander around each other’s private datacenters! If you’re an IT administrator looking to manage a private cloud for your own organization, maybe multi-tenancy isn’t as important, but you could think of the different departments in your organizations as being different tenants.
The key here is that, right now, I’m talking about isolating management and tracking of the resources. I’m not talking, yet, about isolating networks (we’ll get to that.)
To support multi-tenant management in OpenStack, you can leverage their concept of Projects (or tenants, go figure). If you separate you instances and images by projects, you can easily track resource consumption for individual customers. Projects also allow you to set quotas, so you can ensure that particular customers don’t overstep their allocate resource usage, or negatively impact other customers.
Again, the key (particularly if you’re an MSP) is to track resource usage per customer, so you can bill them appropriately, and using OpenStack projects to separate your customers can help you do that.
I mentioned during my OpenStack overview (somewhat in passing) that a key aspect of turning a data center into a cloud is the fact that end users can request and quickly receive access to new hosted resources. Using OpenStack, you get on-demand available for desktops.
Simply spin up a base instance using your operating system of choice, install the applications that your end users need, and then create an image from that instance. Now, when on-boarding new employees, you just spin up a pre-configured desktop from one of your images. Create an image for each use case (and each customer, separated by projects) and new users can be off and running in minutes.
This scenario also allows you to host legacy other one-time-use applications. Fir example, you can spin up a new desktop with the required application and tear that instance back down when the user is done. Using this concept of a pool of preconfigured one-time use desktops allows you to provide the user with the resource they need, without using up compute and storage resources.
A quick aside on using your operating system of choice. Do keep in mind that different OpenStack distributions have verified different operating systems, and you always have to keep Microsoft licensing in mind. That typically means using a Windows Server OS as a desktop, and that’s usually OK. You can configure them to look more like a Windows client OS, and most applications install with no issues. Because it’s a desktop, though, you want to do a one-to-one mapping of user to instance. I’m not talking about Microsoft RDS, in this webinar.
OK, let’s switch back to multi-tenancy and talk about the network. You want your desktops to act as if they are actually located in different data centers so that customer data stays isolated. Thankfully, the OpenStack networking tools can do that.
In OpenStack, you’ll define private networks for each tenant, including IP address ranges, subnets, and routers (all the things you’d have in a physical network), and then you provision customer desktops into the appropriate virtual private cloud.
Only instances within a given internal network, or those on subnets connected through interfaces, can access other instances in that network.
So, how do end users connect to their desktop? You can do a couple things. One, if your VPC has access to the external network, you could assign a Floating IP address to the instance, and use that to connect to the desktop. Alternatively, you can look at VPN solutions, including VPN-as-a-Service.
A last thing to keep in mind is security groups. Security groups allow you to define firewall rules that block or unblock ports, port ranges or traffic types, which is particularly important if you have an instance that is available on the internet!
Finally, let’s talk about money. Classical VDI has been stymied because of the cost and complexity surrounding building that solution. Implementing OpenStack may not solve the complexity issue, but it sure can address some of the cost. Because it’s open source, you avoid the commercial licensing fees associated with other VDI stacks or DaaS solutions. And, because cloud management software helps you maximize your data center usage, you mayb e able to scale down on hardware requirements.
Now, I haven’t run the numbers, and I’d be curious to learn if anyone has. So, please, keep us posted as you start defining your data center and looking at your costs.
Which brings us to Leostream!
So, we just finished up with four reasons why OpenStack is suited to delivering VDI and DaaS. Now, say you’ve decided to take the plunge. What are a few things you should think about when designing your solution?
Again, don’t bother reading these now, we’ll cover them in the next slides.
First, boot and login storms. Consider a 9-5 office with 200 employees, all of whom are logging in within minutes of each other. This is your login storm (and potentially boot storm, depending on how your environment is configured.)
When designing your VDI or DaaS solution, make sure you schedule instance to be created and powered on before users arrive, and you may want to schedule the instances to be terminated or powered down when the users leave. The key is to find a desktop management tools that has the flexibility to schedule events around your customer’s use patterns, so that users are never left waiting for their desktop to boot. (No one likes waiting for their desktop to boot!)
To handle login storms, also make sure your connection management tool (your connection broker) can handle the load. You do not want a brokering solution that is a single point-of-failure, or that can’t scale to handle login storms. Some key things to look for are connection brokers that can be easily clustered (so the loss of one broker doesn’t mean users can’t log in) and a connection broker that is not in the data path of the user’s connection (so the broker doesn’t influence the user’s desktop connection).
On that note: Performance, performance, performance! If the user’s hosted desktop connection lags or the compute chokes then the user can’t get their job done. To keep your users happy and productive, inventory the different use cases you need to satisfy (from task workers, to knowledge workers, to power users) and make sure you provide them with an instance sized appropriately to their needs (without wasting compute by providing them too much.)
In the connection broker that manages your deployment, create pools of instances for each use case, and make sure your broker solution assigns the correct users to the appropriate pool. Then, you just need a display protocol that’s up to the task.
Task workers may be fine accessing Excel over RDP. But, a knowledge or power worker may need more oomph, such as from HP RGS or PCoIP. Research your options, but try to use a high performance protocol only when it’s really needed, as they do bring licensing costs into the picture.
Finally, it’s one thing to spin up desktops in your cloud. It’s another to get the user connected to that desktop. That’s the job of a connection broker, which even the OpenStack documentation admits they don’t provide.
The key is to find a broker that handles all your use cases, whether those include Windows or Linux desktops, a mixture of different display protocols, or different types of client devices. Enumerating your brokering needs before you start to build your design will help you choose a broker that future-proofs your deployment.
As I mentioned, there is a one page blub on implementing VDI with OpenStack, and it points out that the one thing OpenStack doesn’t provide is a connection broker. That is where Leostream comes in. A connection broker focuses on desktop provisioning and connection management. It provides the interface that your end users will use to log in.
When looking at our broker, or any broker, that manages OpenStack VDI, the key is to ensure that it does so using tight integration with the support OpenStack API.
That API allows us (and you) to inventory instances in OpenStack. These instances are your desktops. It also makes it easy to provision new instances from existing images, and assigns correct IP addresses to instances.
So, how to build OpenStack VDI in four easy steps! (OK, the last step is easy, at least!)
First, determine the architecture for your OpenStack cloud. As I mentioned, there are a number of very good OpenStack experts who can help you with this, if you’re not already one of those experts. Then, as you onboard customers, make sure to place each in their own OpenStack project, which means defining the project and the network!
Work with your customer to enumerate as many use cases or user groups as possible, and build a master desktop and image that can be used to provision desktops for those users. Now is the time to investigate display protocols.Finally, when that is complete, configure your connection broker to manage the day-to-day. See, easy!
Let’s dig into that final step. How do you configure your connection broker?
First, build pools of desktops for each of the use cases or user groups you identified. Pools can contain persistent desktops (for example, if you have administrative users that need a dedicated desktop) or temporary desktops (remember that use case I mentioned about hosting legacy applications?)
After you have your pools, think about how users connect to those desktops, and how long they are allowed to use it. The types of parameters that define the connection depend on the display protocol you’ve selected. The rules that decide how long a user has access to the desktop point back to the use cases (for example, persistent vs temporary desktops.)
Finally, after you have all your pools and have defined all the ways you want to control access to those pools, you need to associate those pools with users. Ideally, you want control over what pools you give the user access to based not only on who they are, but also where they log in from. Consider a healthcare worker who is logging in from the hospital versus from home. You may want to offer them a different desktop with different levels of access to patient data, and make sure you can lock down USB devices when they are home. A good connection broker gives you this kind of flexibility.
Which takes me to our demonstration, always my favorite part of a webinar!
And, that’s it! Hopefully, if we haven’t convinced you that OpenStack is a viable solution for VDI and DaaS, we’ve at least gotten you thinking about it. Remember, though, that the missing link is the connection broker (and potentially display protocol), so keep us in mind when you start exploring VDI.
And, you can do that by downloading a free trial! We’re here to help you along the way.