F5’s VMware Horizon View Reference Architecture
•Transferir como PPTX, PDF•
3 gostaram•2,919 visualizações
While F5 supports the whole range of the Horizon Suite, this reference architecture focuses on the Horizon View component of VMware’s overall End User Computing solutions. F5 APM VE, optimized for VMware Horizon View, delivers secure access, traffic management, and simplified deployment for VMware Horizon View clients. F5 is able to deliver several capabilities unique to the APM/Horizon View solution, including: • Single namespace, which reduces the burden on administrators of managing user access to a globally distributed VDI, while ensuring that users are always securely connected to their preferred desktop at the appropriate data center. • PCoIP proxy, simplifying Horizon View architectures, and delivering hardened security and increased scalability. (BTW, F5 was the first vendor to provide this functionality.) • Secure remote and local access, and integration with AAA services, and single sign-on (SSO) which streamlines the user experience, while improving both security and productivity.
Recomendados
Mais conteúdo relacionado
Mais procurados
Mais procurados (20)
Destaque
Destaque (20)
Semelhante a F5’s VMware Horizon View Reference Architecture
Semelhante a F5’s VMware Horizon View Reference Architecture (20)
Mais de F5 Networks
Mais de F5 Networks (15)
Último
Último (20)
F5’s VMware Horizon View Reference Architecture
- 1. F5’s VMware Horizon View Reference Architecture
- 2. © F5 Networks, Inc 2 How Many? The average person carries 2.9 devices* HOW MANY DEVICES DO YOU CARRY? Companies Consolidating Devices People Accumulating Devices
- 3. © F5 Networks, Inc 3 VDI – The Reasons Why Drivers for desktop/application virtualization, thin client, or blade PC technologies? 11% 10% 20% 21% 27% 43% 46% 51% 55% 55% 0% 14% 16% 21% 22% 23% 36% 38% 45% 48% 48% 53% Q3 2012 Q3 2011 Supporting employees to work from anywhere Increasing manageability, patching Lowering costs Providing flexible remote access Disaster Recovery Better security Improving compliance Reducing PC energy consumption Supporting access for tablets BYOPC Programs Enable Apple Mac computers Base: 981 (2011) & (2012) North American and European IT decision-makers Source: Enterprise and SMB Hardware Survey, North America and Europe, Q3 2011 & Q3 2012
- 4. © F5 Networks, Inc 4 Complexity Operational complexity of traditional architecture Performance Poorer than expected performance Security Multiple points of access control Mobility Lack of mobility between devices and applications Reliability Unreliable user experience Keys to a Successful VDI Deployment Complexity Operational complexity of traditional architecture Performance Poorer than expected performance Change Desktop Deployment Management Policies Need Low Priority Costs Initial Capital Barriers Central Management Granular Control Security Policy Driven Access Control Agility Disaster Recovery BYOD Mobile Workforce Cost Savings Efficient Benefits
- 5. © F5 Networks, Inc 5 Horizon View Complete desktop and application virtualization + HORIZON SUITE Intelligent Services Framework Secure • Fast • Available Horizon View VM VDI Horizon Mirage Horizon Workspace Anywhere, any service, any device Intelligent Dynamic, agile, adaptive Horizon Mirage Horizon WorkspaceHorizon View Centralized layered image management for local deployment Multi-device workspace for IT services Complete desktop and application virtualization Support for VMware validated solutions • Mobile Secure Desktop • Business Process Desktop • AlwaysOn Desktop • Branch Office Desktop Intelligent traffic management and security • Local and global traffic management • Multi-site and multi-pod deployments • Access management and data center firewall Unique F5 solutions • Single Namespace • Username Persistence • Native PCoIP Proxy • CAC Support
- 6. © F5 Networks, Inc 6 Complex User devices VMware Horizon View Virtual desktops & apps Fragmented application access and policy management Load Balancer View Security Servers Firewall View Connection Servers User experience impacted by latency, lack of persistence, poor reliability Firewall
- 7. © F5 Networks, Inc 7 Simple BIG-IP Access Policy Manager APM TCP 443 UDP 4172 TCP/UDP 4172TCP 80 Authentication Logging/Reporting Desktops Connection Servers Internal APM SSL Decryption Authentication High Availability PCoIP Proxy DMZ Logging/Reporting TCP 80 Internal View Clients External View Clients VMware Horizon View • Secure VDI • Advanced AAA & Endpoint security • Traffic management • Scalable –200,000 concurrent users • Offload/replace Security Server INDUSTRY FIRST HARDENED SECURITY INCREASED SCALABILITY SIMPLIFY VIEW VDI
- 8. © F5 Networks, Inc 8 Consolidate
- 9. © F5 Networks, Inc 9 Easy iApp for VMware View Configure network for VMware View automatically • Admin answers simple, goal-based questions • iApp for VMware View configures network based on Admin’s input Benefits • Faster (minutes instead of days) • Reduces errors • Replicates to groups of servers easily BIG-IP Are You Using VMware View Security Servers?
- 10. © F5 Networks, Inc 10 Efficient Desktop Laptop Smartphone Tablet
- 11. © F5 Networks, Inc 11 Enabling Scenario Functionality Value L2TP SSL and VPN, AAA functionality Secure access to View servers over public networks. Replaces View Security Server and removes Windows from the DMZ. Load balancing, policy and global traffic management Scale View when multiple Connection Servers are required. Global Load Balancing Route View traffic globally. User Name Persistence Faster session login and restoration without re- opening applications. SECURITY & FIPS COMPLIANCE SYSTEM SCALABILITY MULTIPLE DATA CENTERS PERFORMANCE
- 12. © F5 Networks, Inc 12 Why F5 for View? Increased Scalability Increased Availability Strengthened Security Simpler Architecture to Manage Engineered Specifically for View Easier for End Users
- 13. © F5 Networks, Inc 13 Options Description List Price per unit 24x7 Support Throughput Concurrent SSL VPN Users Concurrent VDI "Access" Users BIG-IP Virtual Edition: View special APM (5M) $ 95 Self Service 5M 10 10 BIG-IP Virtual Edition: View special APM (25M) $ 2,000 24% of list 25M 10 50 BIG-IP Virtual Edition: View special APM (200M) $ 4,000 24% of list 200M 10 250 BIG-IP Virtual Edition: View special APM (1G) $ 10,000 24% of list 1G 10 1,000
- 14. © F5 Networks, Inc 14 Solution Citrix Superior alternative Desktop Virtualization Citrix XenApp Citrix XenDesktop View Server Virtualization Citrix XenServer vSphere Datacenter Virtualization CloudPlatform vCenter vCloud Director Application Delivery Citrix NetScaler BIG-IP Local Traffic Manager (LTM) Web App Firewall Citrix NetScaler App Firewall BIG-IP Application Security Manager (ASM) SSL VPN Citrix NetScaler Gateway BIG-IP Access Policy Manager (APM) Edge Delivery Citrix Cloud Bridge BIG-IP Edge Gateway Datacenter HA NetScaler GSLB function BIG-IP Global Traffic Manager (GTM) Web Application Acceleration NetScaler Web 2.0 Application Optimization F5 AAM Better Choice
- 15. © F5 Networks, Inc 15 F5 BIG-IP is the Foundation for App Delivery F5 makes VDI better Proven choice for End User Computing Market leader in Application Delivery Optimize the User Experience Simplify Infrastructure Unify Security & Access Control Strengthen Availability Reduce Cost Positioned to meet end users’ needs
Notas do Editor
- A conflict emerges when people/consumers/employees are accumulating devices (average person carries 3) and want to use those for work while organizations are in the process of consolidating infrastructure and the amount of devices they need to manage. http://stevenduque.com/wp-content/uploads/2010/10/too-many-devices.jpg http://media.scmagazine.com/images/2013/03/14/device101_354590.gif http://www.fedtechmagazine.com/sites/default/files/imagecache/articlelarge/data-center-consolidation-gov.png
- As you can see, providing employees with anywhere, anytime access is the top reason for VDI interest. Other important areas include the ability to centrally manage desktops to boost efficiency, reduce the cost in upgrading or purchasing desktop computers, the ability to automate and have a robust disaster recovery plan, providing enhanced control over data security along with no limitation on end point devices. http://blogs.forrester.com/david_johnson/13-04-01-has_vdi_peaked_a_change_in_the_adoption_drivers_sheds_new_light_and_new_life
- http://www.business2community.com/tech-gadgets/why-vdi-is-ideal-for-small-and-medium-businesses-0492717
- While F5 supports the whole range of the Horizon Suite, this reference architecture focuses on the Horizon View component of VMware’s overall End User Computing solutions. F5 APM VE, optimized for VMware Horizon View, delivers secure access, traffic management, and simplified deployment for VMware Horizon View clients. F5 is able to deliver several capabilities unique to the APM/Horizon View solution, including: • Single namespace, which reduces the burden on administrators of managing user access to a globally distributed VDI, while ensuring that users are always securely connected to their preferred desktop at the appropriate data center. • PCoIP proxy, simplifying Horizon View architectures, and delivering hardened security and increased scalability. (BTW, F5 was the first vendor to provide this functionality.) • Secure remote and local access, and integration with AAA services, and single sign-on (SSO) which streamlines the user experience, while improving both security and productivity.
- Operational Complexities of VMware View
- There are a number of benefits customers will enjoy with a Horizon View optimized F5 APM VE, deployed with Horizon View, including: • Enhanced cost-efficiency and flexibility – The new APM/Horizon View solution will help organizations build virtual desktop environments more cost-efficiently, enabling them to deploy joint solutions at a variety of price points, thereby enabling a broader range of customers access to industry-leading access and security technology, regardless if they are just starting a VDI deployment, or scaling globally to tens of thousands of desktops. • Technology leadership – By aligning efforts, F5 and VMware offerings are easier to manage and configure for optimum results.
- The F5 BIG-IP Virtual Edition (VE) secure appliance acts as a full proxy between the client and all of the View components. Authentication connections and PCoIP traffic (from external clients) are all terminated on the appliance before being proxied to the relevant internal component. The BIG-IP authenticates the View client’s identity with the Microsoft® Active Directory® service before passing the username and password to the View Connection server. The BIG-IP provides high availability and load balancing services for the Connection Servers. The BIG-IP can provide SSL offload for the client authentication traffic, saving CPU resources on the View Connection Servers by forwarding traffic to the Connection Server unencrypted. The BIG-IP replaces the PCoIP proxy functions of the View Security Server role, eliminating a layer of infrastructure and simplifying management of the solution. The VMware Horizon View specific configuration is performed using an F5 supplied iApp® template, which creates all the configuration items required to manage the View application traffic. The created configuration follows the tested best practice design and dramatically reduces the time to deploy the solution. FYI: You’ll notice that there are multiple pods in these diagrams – this is the full solution. In this View RA specfic solution, there would probably only be 1 pod.
- Deploying LTM, GTM and APM for View requires thoughtful consideration to the different configuration options. For someone who is not familiar with View or BIG-IP, the process can take longer than necessary. How do you provide all the functionality of a BIG-IP to power users, but take out the configuration complexity that would otherwise slow down deployment? In order to solve this, F5 uses iApps. iApps are pre-configured packages of settings designed for specific applications that enable very rapid deployment of BIG-IP in optimal settings. F5 has invested significant time, effort and joint testing work with VMware to design and maintain an iApp for VMware View that saves significant time when deploying F5’s application delivery services for View. Additionally, by leveraging the iApp wizard-like environment, manual mistakes are avoided – saving both, time and money. F5 iApp for VMware View can reduce the amount of time it takes to deploy application delivery services from days to less than 1 hour.
- Improved Experience/SSO/BYOD While VMware View supports all endpoint devices (e.g. laptop, tablet, smartphone, etc.) natively, F5 provides hardened security.
- Lets take a look at the Products that Citrix have… now lets look at the closest competitor in each category… Now lets look at which of these technologies Citrix developed themselves… They only get credit for XenApp (AKA Metaframe) Citrix have a very powerful Marketing engine where they change product names faster than they change their underwear… Citrix offer “good” but not “great” solutions in each category F5 has technical superiority over Citrix F5 has market share over Citrix F5 / VMware Ecosystem is extremely strong Helps give customers confidence to virtualize mission critical apps. Removes performance issues caused by the Network. We are already selling to the same customers thru the same channel Citrix are afraid that we might compare notes… THEY SHOULD BE
- View requires SSL for its connections, and is normally handled by letting the connection servers terminate SSL. However as is well known in the networking world, having generic CPUs perform SSL termination is not the most cost effective way to handle large volumes of SSL. Function-specific devices with SSL cards are much faster at this, for a fraction of the cost. As such, offloading SSL encryption/decryption from VMware View Connection Servers (which have generic CPUs) and asking LTM to perform that function instead (using its SSL ASICs instead) allows you to run much higher SSL volumes though a relatively small and inexpensive server infrastructure. This in turn means that you have much higher virtual desktop density on your View connection servers. It’s all about economics here. Hardware and Virtual Edition both provide unique value to customers; we are in a unique position to help customers migrate to the cloud
- Comply with Strict Security Corporate Policies View Security Server can scale to 2000 users. It is tied in a 1:1 relationship with the Connection Server in the internal security zone. In order to scale beyond 2000 users there is a requirement to place a load balancer in front of multiple View Security Servers which are each tied in a 1:1 relationship with their own Connection Servers in the internal security zone.