While F5 supports the whole range of the Horizon Suite, this reference architecture focuses on the Horizon View component of VMware’s overall End User Computing solutions.
F5 APM VE, optimized for VMware Horizon View, delivers secure access, traffic management, and simplified deployment for VMware Horizon View
clients. F5 is able to deliver several capabilities unique to the APM/Horizon View solution, including:
• Single namespace, which reduces the burden on administrators of managing user access to a globally distributed VDI, while ensuring that users are always securely connected to their preferred desktop at the appropriate data center.
• PCoIP proxy, simplifying Horizon View architectures, and delivering hardened security and increased scalability. (BTW, F5 was the first vendor to provide this functionality.)
• Secure remote and local access, and integration with AAA services, and single sign-on (SSO) which streamlines the user experience, while improving both security and productivity.
A conflict emerges when people/consumers/employees are accumulating devices (average person carries 3) and want to use those for work while organizations are in the process of consolidating infrastructure and the amount of devices they need to manage.
http://stevenduque.com/wp-content/uploads/2010/10/too-many-devices.jpg
http://media.scmagazine.com/images/2013/03/14/device101_354590.gif
http://www.fedtechmagazine.com/sites/default/files/imagecache/articlelarge/data-center-consolidation-gov.png
As you can see, providing employees with anywhere, anytime access is the top reason for VDI interest. Other important areas include the ability to centrally manage desktops to boost efficiency, reduce the cost in upgrading or purchasing desktop computers, the ability to automate and have a robust disaster recovery plan, providing enhanced control over data security along with no limitation on end point devices.
http://blogs.forrester.com/david_johnson/13-04-01-has_vdi_peaked_a_change_in_the_adoption_drivers_sheds_new_light_and_new_life
While F5 supports the whole range of the Horizon Suite, this reference architecture focuses on the Horizon View component of VMware’s overall End User Computing solutions.
F5 APM VE, optimized for VMware Horizon View, delivers secure access, traffic management, and simplified deployment for VMware Horizon View
clients. F5 is able to deliver several capabilities unique to the APM/Horizon View solution, including:
• Single namespace, which reduces the burden on administrators of managing user access to a globally distributed VDI, while ensuring that users are always securely connected to their preferred desktop at the appropriate data center.
• PCoIP proxy, simplifying Horizon View architectures, and delivering hardened security and increased scalability. (BTW, F5 was the first vendor to provide this functionality.)
• Secure remote and local access, and integration with AAA services, and single sign-on (SSO) which streamlines the user experience, while improving both security and productivity.
Operational Complexities of VMware View
There are a number of benefits customers will enjoy with a Horizon View optimized F5 APM VE, deployed with Horizon View, including:
• Enhanced cost-efficiency and flexibility – The new APM/Horizon View solution will help organizations build virtual desktop environments more cost-efficiently, enabling them to deploy joint solutions at a variety of price points, thereby enabling a broader range of customers access to industry-leading access and security technology, regardless if they are just starting a VDI deployment, or scaling globally to tens of thousands of desktops.
• Technology leadership – By aligning efforts, F5 and VMware offerings are easier to manage and configure for optimum results.
The F5 BIG-IP Virtual Edition (VE) secure appliance acts as a full proxy between the client and all of the View components. Authentication connections and PCoIP traffic (from external clients) are all terminated on the appliance before being proxied to the relevant internal component.
The BIG-IP authenticates the View client’s identity with the Microsoft® Active Directory® service before passing the username and password to the View Connection server. The BIG-IP provides high availability and load balancing services for the Connection Servers.
The BIG-IP can provide SSL offload for the client authentication traffic, saving CPU resources on the View Connection Servers by forwarding traffic to the Connection Server unencrypted.
The BIG-IP replaces the PCoIP proxy functions of the View Security Server role, eliminating a layer of infrastructure and simplifying management of the solution.
The VMware Horizon View specific configuration is performed using an F5 supplied iApp® template, which creates all the configuration items required to manage the View application traffic. The created configuration follows the tested best practice design and dramatically reduces the time to deploy the solution.
FYI: You’ll notice that there are multiple pods in these diagrams – this is the full solution. In this View RA specfic solution, there would probably only be 1 pod.
Deploying LTM, GTM and APM for View requires thoughtful consideration to the different configuration options. For someone who is not familiar with View or BIG-IP, the process can take longer than necessary. How do you provide all the functionality of a BIG-IP to power users, but take out the configuration complexity that would otherwise slow down deployment?
In order to solve this, F5 uses iApps. iApps are pre-configured packages of settings designed for specific applications that enable very rapid deployment of BIG-IP in optimal settings.
F5 has invested significant time, effort and joint testing work with VMware to design and maintain an iApp for VMware View that saves significant time when deploying F5’s application delivery services for View. Additionally, by leveraging the iApp wizard-like environment, manual mistakes are avoided – saving both, time and money.
F5 iApp for VMware View can reduce the amount of time it takes to deploy application delivery services from days to less than 1 hour.
Improved Experience/SSO/BYOD
While VMware View supports all endpoint devices (e.g. laptop, tablet, smartphone, etc.) natively, F5 provides hardened security.
Lets take a look at the Products that Citrix have… now lets look at the closest competitor in each category…
Now lets look at which of these technologies Citrix developed themselves… They only get credit for XenApp (AKA Metaframe)
Citrix have a very powerful Marketing engine where they change product names faster than they change their underwear…
Citrix offer “good” but not “great” solutions in each category
F5 has technical superiority over Citrix
F5 has market share over Citrix
F5 / VMware Ecosystem is extremely strong
Helps give customers confidence to virtualize mission critical apps.
Removes performance issues caused by the Network.
We are already selling to the same customers thru the same channel
Citrix are afraid that we might compare notes… THEY SHOULD BE
View requires SSL for its connections, and is normally handled by letting the connection servers terminate SSL.
However as is well known in the networking world, having generic CPUs perform SSL termination is not the most cost effective way to handle large volumes of SSL. Function-specific devices with SSL cards are much faster at this, for a fraction of the cost. As such, offloading SSL encryption/decryption from VMware View Connection Servers (which have generic CPUs) and asking LTM to perform that function instead (using its SSL ASICs instead) allows you to run much higher SSL volumes though a relatively small and inexpensive server infrastructure. This in turn means that you have much higher virtual desktop density on your View connection servers. It’s all about economics here.
Hardware and Virtual Edition both provide unique value to customers; we are in a unique position to help customers migrate to the cloud
Comply with Strict Security Corporate Policies
View Security Server can scale to 2000 users. It is tied in a 1:1 relationship with the Connection Server in the internal security zone. In order to scale beyond 2000 users there is a requirement to place a load balancer in front of multiple View Security Servers which are each tied in a 1:1 relationship with their own Connection Servers in the internal security zone.