Managing PCs has always been painful, but the job has gotten considerably nastier thanks to an endless parade of application upgrades, operating system patches, and anti-threat updates. Even with network-based installation and patch management tools to ease the burden, IT spends far too much time at the desktop itself, dealing with shenanigans involving personal software, multiple versions of Java or ActiveX controls, driver or DLL conflicts, malware infections, misconfigured hardware, and more.
The promise of desktop virtualization technology is to centralize applications at the datacenter to make them easier to manage and provision — stretching hardware resources and keeping nagging software conflicts to a minimum in the bargain. In some cases, the same technology helps accomplish all three, bringing greater control and flexibility to IT without users mourning the loss of “their” beloved desktops.
At first blush, desktop virtualization sounds a lot like terminal services such as those provided by Citrix Systems, where servers run the applications and give users remote access. All the user’s terminal or PC does is present the updated screen display and permit input via keyboard and mouse.
Desktop virtualization, on the other hand, is a new way of delivering the individual PC environment that white-collar workers demand and love. In essence, servers host an entire desktop environment specific to each user.
The early versions of desktop virtualization were blade servers such as those offered by ClearCube Technology and IBM that simply moved the processing guts of a PC to the datacenter and left the input and display at the user’s desk. But the latest versions use the PC at the user’s desk for much of the processing. Dubbed “desktop streaming,” this approach retains the benefits of central management without throwing away the desktop’s power. The needed code is streamed to disk and memory cache for just that session, ensuring that there’s nothing for the user to mess up or alter.
A few providers go beyond desktop streaming to application streaming, where IT can send out the runtime cache for individual apps as needed. This reduces the number of unique user images to maintain and provides better insight into which application licenses are really needed.
Building a better thin client
The greatest benefit of desktop virtualization is the ability to provision PCs and other client devices with software from a central location. IT can manage a large number of enterprise clients from the datacenter, rather than at each user’s desk, reducing on-site support and increasing control of application and patch management.
At its simplest, virtualization on the application server side reduces hardware costs by letting one server provision multiple desktop clients, rather than having one server per desktop client, says John Humphreys, an IDC analyst. And virtualization also adds the ability to move desktop environments and hosted applications as needed for load-balancing or fail-over. To make existing terminal services and blade systems work with virtual machines, established providers such as Citrix and ClearCube have developed broker technology to let IT manage the mapping to virtual resources.
Citrix, ClearCube, and Wyse Technology now support the use of VMware and Microsoft virtual machines on blades and other application servers. VMware also offers VDI (Virtual Desktop Infrastructure software), which makes server-hosted virtual machines accessible to users through the RDP (Remote Desktop Protocol).
Bell Canada uses VDI to provision desktops to call-center users, letting them work in other locations or even at home without burdening IT support.
Streaming to the desktop
Virtualization at the application host server can make thin clients more efficient to deploy, but many organizations are wedded to having real PCs at users’ disposal despite the support costs. Desktop streaming is emerging as one of the most efficient ways to support this model without incurring the usual bloated desktop support costs.
A growing number of vendors — including Ardence, Propero, Stream Theory and Wyse — offer desktop streaming software that provisions the entire desktop environment from a server to a desktop PC (or thin client).
Altiris, AppStream, and Microsoft (through its recent acquisition of Softricity) have pushed the concept to the next level, streaming applications rather then a complete desktop environment. This allows greater flexibility in what is provisioned, because IT can create a basic operating system image and then individual images for each application, and combine them as needed on the fly. You don’t need a separate desktop image for each combination of applications.
With both desktop and application streaming, the provisioned operating system and applications use the client’s local resources, without the overhead of permanent installation on the client.
Typically, a set of stub services is transferred to the local cache at connection time, and other resources are streamed as needed.
Streaming does delay initial application access, acknowledges Bill Washburn, operations analyst at California State University at San Marcos, which uses Altiris’ technology. “But once the application is installed, people say it’s the best they’ve ever seen it run,” he says.
One big advantage of streaming is that IT has fewer images to maintain. That benefit applies in spades to application streaming products from Altiris and Microsoft.
For example, CSU’s Washburn says that Altiris’ Software Virtualization Solution solves a long-standing annoyance with SPSS’s statistical software. Each year, a new license key is issued and must be updated at every user’s desktop. But with Altiris’ software, Washburn simply updates the server copy, which is provisioned to users automatically when they call the application.
Although the technologies from Ardence, Propero, Stream Theory, and Wyse centralize applications and data, they also let users store data locally as well (a PC’s C drive is remapped to become its D drive when their software runs). Moreover, because Altiris’ and Microsoft’s application streaming tools let you set up applications in their own virtual layer or session, IT can avoid the regression testing across the whole application set whenever a program is modified or added, says Russell Investments’ Nelson.
With the solutions offered by Altiris, AppStream, and Microsoft, the client PC can have its own operating system and applications installed, while the server pushes centrally provisioned applications into local desktop caches. In this fashion, IT can distribute resources selectively.
This selective approach can also help balance performance, notes CSU’s Washburn. Were Washburn to deliver everything as streams, it would take client PCs five minutes or more to boot up — a nonstarter. So he installs core applications on the PCs the old-fashioned way, using Altiris’ remote deployment tools, and provisions less frequently used programs via application streaming.
Yet another variation is to combine application streaming with terminal services. At Alamance Regional Medical Center in Burlington, N.C., senior network administrator Andy Gerringer uses both Citrix and SoftGrid to provision desktops.
Conflict resolution for applications
Application streaming comes with a significant side benefit: eliminating application conflicts. The application streaming tools from AppStream, Altiris, and Microsoft separate application-specific support files such as DLLs and libraries from the underlying operating system.
These programs manage the communication among the layers and the underlying operating environment, so both Windows and its users think they are working on a single environment. By separating each application into its own virtual layer (or package, as some call it), these products prevent software conflicts common with homegrown software and some commercial applications. And user-installed applications can’t conflict with IT-provisioned applications in the virtual layers, says Microsoft’s Grescher.
The new reality of virtualization
Desktop and application streaming require IT to think differently about tasks that they’ve done for years, notes Neal of Duncan Regional Hospital. “It takes a little more thought in the rollout,” he says. For example, his support staff now has to keep an eye on the blades that serve the desktop environments, because a broken fan can cause them to overheat, knocking out multiple users in one blow. His staff also must monitor disk usage for each blade, because 80GB is shared among three users.
Virtualized desktops can be provisioned to specific client hardware, so a particular call-center terminal always uses the same virtual machine on a specific blade. But they can also be provisioned to specific users, based on user log-in, so the client device running them could be anywhere. That can pose a challenge for setting up access to printers and departmental file servers, depending on how mobile users are, observes Bell’s Quigley.
Quigley notes another issue that can puzzle support staff: Users connecting from home may not get their DNS address resolved properly, so IT tends to assign a fixed IP address to get around that issue. But the Windows virtual machines are rebooted each night to deal with memory leaks, and the IP address for that virtual machine might no longer match what is set up in the remote user’s home system.
Nonetheless, early adopters all agree that these relatively minor issues are far outweighed by the benefits of central administration of fewer desktop images.
IBM announces new provisioning software
Meanwhile, IBM announced new virtualization software that’s designed to help deploy and install software on tens of thousands of servers, laptops, desktops or even wireless devices.
Tivoli Provisioning Manager 5.1 uses technology that IBM acquired from Rembo Technologies in June to help customers reduce the time involved in upgrading systems, in some cases cutting upgrade times by days, said Dave Lindquist, IBM Tivoli chief architect. Lindquist said the software automatically senses when a network can handle a software upgrade and begins the job when sufficient bandwidth is available.
One feature in Provisioning Manager 5.1 allows software distribution over long distances and with many thousands of endpoints through network peering, a grid-computing approach, Lindquist said. Files such as e-mail applications or video clips could be downloaded from a local server or a nearby desktop instead of from a centralized location.
The new version will be available Sept. 30 and will be priced at US$1,100 per managed processor and $65 per managed client, IBM officials said.