6. Microsoft Virtualization --- From the Datacenter to the Desktop Management Desktop Virtualization Application Virtualization Presentation Virtualization Server Virtualization User State Virtualization Folder Redirection Roaming Profiles Microsoft ® Virtual Desktop Infrastructure Microsoft ® Enterprise Desktop Virtualization
11. Connection Brokering Architecture 1.Connect to MyPersonal Desktop 2.Get Target Machine 5.Return Target Machine 4.Query/ Start VM 6.Redirect To Machine 7.Connect to Machine Active Directory 3. Query Personal Desktop for User VM RD Redirector Connection Broker Client TSV TSV TSV VM Hyper-V RDV Host Agent
15. MED-V v2 Architecture Policy Windows Virtual PC ConfigMgr Client MED-V Client Virtual Image Windows Client Workstation MED-V Admin Console Export MED-V Admin Console Package Wizard System Center Configuration Manager Deploy Packages
16. 展现层虚拟化技术 --- Windows Server 2008 R2 Remote Desktop Services Remote Desktop Services allows a user to access applications, data and even an entire desktop running on a remote computer over a network. The client access device can either be a full rich Windows personal computer, or a thin client (such as Windows CE device).
17. Remote Desktop Services Architecture RD Web Access RD Session Host RD Gateway RD Connection Broker Active Directory® Licensing Server RD Virtualization Host RD Client
19. App-V for RDS RD Session Host App-V Management Server RD Client RD Virtualization Host
20. Remote Desktop Virtualization H o st (RDVH) RD Client Personal Virtual Desktops Pooled Virtual Desktops RD Connection Broker Active Directory
21. Personal / Pooled Virtual Desktops Personal Virtual Desktops Pooled Virtual Desktops
22. RDS Roles Explained Role Function RemoteApp Publishes applications with just the application UI, and not a full desktop UI RD Session Host Hosts centralized, session-based applications and remote desktops RD Virtualization Host Hosts centralized, virtual-machine-based (virtual) desktops on top of Hyper-V for VDI environment RD Connection Broker Creates unified administrator experience for session-based and virtual-machine based remote desktops RD Gateway Allows connection from clients outside the firewall, using SSL, and proxies those to internal resources RD Web Access / RemoteApp & Desktop Connections (Windows 7) RD Web Access provides Web-based connection to resources published by RD Connection Broker. Supports traditional web page, as well as new RemoteApp & Desktop Connections RD EasyPrint Simplifies printing to a local printer, and supports legacy and new print drivers without the need to install those on the host
33. 1 - Sequence the application Microsoft Application Virtualization Sequencer Streaming Server Rapidly packages applications by monitoring its installation. The Sequencer optionally optimizes the virtual application package for streaming. The admin has the option to make the virtual application available for streaming or create an MSI wrapper for Standalone Mode delivery Windows Application CD Windows Application Installer Unpackaging Linearization Optimization & Compression Virtualized Application MSI Standalone
37. App-V Sequencer 3rd Party Solution App-V Management Server (content) App-V Management Console App-V Terminal Server Desktop PC Content Server Standalone Mode (MSI) Streaming Server (RTSP) IIS Server (optional) (HTTP) Standalone Mode (MSI) OR App-V client reads on launch, runs app local or via TS. App-V client reads on launch, runs app local or via TS. Sequenced app and place on Content share. IIS Server (optional) (HTTP) Virtual App is loaded into cache and icons and files are available to user. Virtual App is delivered to the client (RTSP/Http/ MSI/ESD). Use 3 rd party interface for publishing to IIS 3 rd party ESD or Standalone Mode. 3rd party (ESD) Use App-V Mgmt Console to import package from Content share, create application, and assign to AD Security Group. Package is available for Streaming , 3 rd Party ESD, or Standalone distribution.
Virtualization in an IT environment is essentially the isolation of one computing resource from the others. By separating the different layers in the logic stack, you enable greater flexibility and simplified change management —you no longer need to configure each element for them to all work together. In a traditional hardware/software stack, all of the elements are bound together, required specific configuration to allow the components to properly interact with each other. Creating new capability entails procuring and configuring the hardware, software and interfaces. In a virtualized stack. Each element is logically isolated and independent. Adding new capability can be as simple as replicating an OS and application instance on existing hardware that has excess capacity. Perhaps the best way to understand Virtualization in a practical application is to look at the most common use, machine virtualization. Machine Virtualization is where an Operating System and Application are packaged together to form a virtual machine, which is then hosted on a physical server running a host operating system or Hypervisor (a thin layer of software that provides the basic interface with the hardware). The most important concept to understand is that this virtual machine (OS+App) is operating independent from the OS on the physical server. In fact, multiple virtual machines can run on a single physical server, while providing the isolation and security as if they were each on their own discrete hardware.
什么是 VDI? VDI 是远程桌面连接和虚拟化的组合。虚拟服务器运行多个虚拟机( virtual machine , VM ),其上运行客户端操作系统,例如 Windows Vista 或 Windows XP 。用户远程连接到 VM ,得到其桌面环境。用户的本地 PC 运行瘦客户端,或者在很老的硬件上运行 Microsoft Windows Fundamentals ,或者运行 Linux ,作为远程桌面客户端。 VDI 完全隔离不同用户的虚拟环境,因为每个用户连接到一个单独的 VM 。有些环境使用静态 VDI ,其中用户总是连接到相同 VM 。另外一些环境使用动态 VDI ,用户动态连接到不同的 VM ,并且 VM 根据需要自动创建。不管采用哪一种模型,用户的数据都与 VM 分开保存,并且可以快速地提供应用程序。 除了提供集中化管理和方便的计算提供之外, VDI 还为用户提供了从任何地方到其桌面环境的访问,只要他们能够远程连接到服务器。 想像一下当今客户端计算机所面临的问题。你必须对计算机进行排错,并且可能需要重新安装。采用 VDI ,在桌面环境产生问题时,只需要删除 VM ,并使用一个临时的虚拟硬盘,在几秒钟内创建一个新环境。 VDI 还提供了增强的安全性,因为数据并没有本地存储在桌面计算机或便携式计算机上。
MED-V: Administrator-controlled, automated virtual machine (VM) image distribution and management for Windows desktops Key Scenarios for Using MED-V: Enable Legacy Applications and Accelerate Upgrades to New Operating Systems MED-V 的桌面虚拟化解决方案大致是这样的,管理员利用微软的 VPC2007 创建出一个虚拟机镜像,这个虚拟化镜像中包含了操作系统和一系列的应用程序。然后管理员可以把这个虚拟机镜像上传到 MED-V 服务器的网站上,这样其他的企业用户只需要有一个 VPC2007 作为客户端软件,就可以从 MED-V 服务器的网站上下载虚拟机镜像并运行其中的应用程序。
Architecture It all starts from a VPC image that encapsulates a corporate desktop environment: an operating system (OS), corporate applications, user data and any management tool commonly used on standard desktops. The VM can eventually be part of an AD domain This virtual image is loaded into a centralized repository (IIS-based) that holds all image versions The next part is the mgmt server – the brain of the system it enables admins to take the images from the repository, manage their version, associate them to AD user/group, and along with a usage policy deliver them to the client. All that and more features we’ll discuss later on are controlled from a single management console. Finally, the end-client has two parts The part that auth against the server, gets the usage policy, retrieves the image from repository etc The one that manage and controls the VPC session – start it, stop it, move to save-state, and takes care of the whole user-experience as we’ll talk in a minute
[Build 1] – The following slide provides a high level overview of the components in RDS. We will look at the new RDSH and RDVH technologies in depth later on. Remote Desktop Session Host Server provides a similar set of functionality as Terminal Server. RD Virtual Host Server is a hyper-v based server that is used to provide VDI functions. RemoteApp and Desktop Web Access Server provides a web based interface for RemoteApp enabled applications as well as one click access to virtual desktops. Highlight that you need Windows 7 on the client to take full advantage of Desktop Connections. RD Gateway to offer secure remote access to RDS servers and infrastructure All components require an RDS licensing server Permissions and policy is stored in Active Directory [Build 2] Remote Desktop Client gets connection information from the RD Web Access Server. If the client is outside the network the client connects through the RD Gateway server, if they are internal then can connect directly to an RDSH or RDVH server. In both cases the server that the client connects to is negotiated by the RD connection Broker. The connection broker plays a central role in RDS to make sure clients get connected to appropriate resources. It also helps clients reconnect to disconnected or interrupted session, and makes sure that clients are connecting to the correct servers for VDI resources. At a high level the remote client uses the RD Gateway to obtain access to the RDSH RD Session Host and RDVH servers. The RD Connection Broker connects clients to sessions and VMs on the RDSH and RDVH servers. All Remote Desktop Servers require validation with an RD Licensing Server.
RD Session Host is the well known Terminal Services experience with performance and compatibility improvements to allow a more seamless user experience. RemoteApp application are also hosted using RDSH. RDSH Server Role is installed on the Remote Desktop Session Server. Applications are installed on the server Multiple RDSH servers can be deployed along with a load balancing technology. Every server needs to be identically configured with the same applications. User requests an application from their desktop. The RDP client connects to the RD connection Broker which provides the best server to connect to in the RD server farm. If the Remote connection is interrupted the RD Connection broker can reconnect the user to the session they were last connected to.
Runs on Remote Desktop Session Host (RDSH) Enable Server Consolidation Mitigate Roaming Profile Issues Transform RDS into a dynamic system Designed for low bandwidth Requires separate App-V for RDS-CAL App-V provides application level virtualization. This separates the applications from the operating system so that they aren’t physically installed. (Registry Settings, Services, and installation files are stored on a virtual file system). Applications are virtualized per instance: Files (incl System Files) Registry, Fonts, .ini COM / DCOM objects Services, Name Space, Semaphores & Mutexes Applications do not get installed or alter the operating system Yet tasks process locally on the host computer (i.e. the RD Session Host ). App-V for RDS provides a management environment to stream applications to RDSH servers, which can be published either directly to the client or to a virtual desktop running on a Remote Desktop Virtualization Host (RDVH).
RD Virtualization Hosts: RDS provides the infrastructure framework to provide a consistent and high fidelity user experience. This means that the user doesn’t have to worry about where their virtual machine is stored. RDS infrastructure will make sure users are properly routed to the correct server. In the event of disconnection the user will be able to transparently connect to lost sessions. Taking advantage of devices and printer redirection, DirectX redirection, Audio Redirection, and Aero glass redirection features the remote desktop is presented to the user like a local desktop. 1)Personal Virtual Desktops. – Requires a virtual machine that is assigned through Active Directory. (Requires the Windows Server 2008 R2 ADUC MMC) 2)Personal Virtual Desktops will grow as more data is saved to them. 3)Virtual Desktop pool lets you group together common desktops. You need an RD Redirector for each RD Virtual Desktop Pool you decide to deploy. 4)Every time you disconnect from the RD Virtual Desktop Pool the VHD file for the Virtual Desktop is reset to a preconfigured state.
概述: Microsoft Application Virtualization (App-V) 能够使应用程序不必直接安装在最终用户计算机上便可供这些计算机使用。这是通过一个称为 “对应用程序进行排序” 的过程实现的,通过此过程,每个应用程序都可以在客户端计算机上其自己的独立虚拟环境中运行。排序的应用程序彼此隔离。这样可以消除应用程序冲突,但应用程序仍可以与客户端计算机进行交互。 App-V Client 具备允许最终用户在应用程序发布到计算机之后与应用程序进行交互的功能。客户端管理每台计算机上虚拟应用程序的虚拟运行环境。在计算机上安装客户端之后,必须通过一个称为 “发布” 的过程向计算机提供应用程序,这样最终用户就可以运行虚拟应用程序。此发布过程将虚拟应用程序图标和快捷方式复制到计算机上 — 通常复制到 Windows 桌面或“开始”菜单上 — 还会将程序包定义和文件类型关联信息复制到计算机上。发布还会向最终用户计算机提供应用程序包内容。 可以将虚拟应用程序包内容复制到一台或多台 Application Virtualization 服务器上,以便能够根据需要将虚拟应用程序包内容向下传输到客户端并以本地方式缓存。举例来说,如果您使用的是 Microsoft System Center Configuration Manager 2007 之类的电子软件分发系统,那么文件服务器和 Web 服务器也可以用作传输服务器,或者可以将内容直接复制到最终用户的计算机上。在多服务器实现过程中,如果要在所有传输服务器上维护程序包内容并使其保持最新,则需要一个全面的程序包管理解决方案。您可能需要向位于世界各地的最终用户提供许多虚拟应用程序,具体取决于您的组织大小。因此,管理程序包以确保所有用户无论在何时何地需要访问相应的应用程序时都可以获得这些应用程序成为了一项重要的要求。 价值: 帮助企业降低应用程序部署的成本,将应用程序以服务的形式提供,并且可以更好地管理企业中的桌面系统环境,提高 IT 人员的响应速度和企业员工电脑的可用时间,显著降低操作系统和整个应用程序管理生命周期内的总体拥有成本。 下载: App-V 前身是 SoftGrid 程序虚拟化 , 现在这个软件打包在 2 个软件中 , 一是最新的 SCCM ( System Center Configuration Manager ),里面包含 App-V ,二是 MDOP( 微软桌面优化包 )
Standard Operating System Environment: In standard OS environments, applications install their settings onto the host operating system, hard-coding the entire system to fit that application's needs. Other applications' settings can be overwritten, possibly causing them to malfunction or break.
The Virtual Application Environment: With application virtualization, each application brings down its own set of configurations on-demand, and executes in a way so that only it sees its own settings.
Side-by-Side Virtualization: Each App-V enabled application brings down its own set of configurations and can run side by side without the settings conflicting with each other—or the host operating system. Despite this separation, inter-application communication with other App-V applications and those installed locally is preserved, allowing for cut and paste, OLE, and all other standard operations.
The first part of this animation represents Full Infrastructure Mode which used to be called “Classic Mode”. The second part of the animation shows 3 rd party flow and Standalone.