AlwaysOn Desktop Maximum Availability, Mobility and Security for VMware View with F5 Networks H O W -T O G U I D E Solution Overview Architecture & Design Validation Result Design Components Solution Overview The VMware View AlwaysOn Desktop provides an innovative way for IT to provide business continuity and high availability for end-users within organizations that require constant access to desktops, applications, and data without sacrificing mobility or end-user experience. F5 enhances the VMware View AlwaysOn Desktop by improving availability, mobility, and security. Availability • Intelligent local and global traffic management within and between datacenters for HA and DR • Global access management through single namespace support • Seamless and improved user experience with username persistence Mobility • Support for all endpoint device (zero clients, tablets, laptops, etc.) • Access to existing session when switching devices Security • Hardened access security using high-performance FIPS-compliant SSL VPN • Centralized access control for all application including View • Simplified login process for users AlwaysOn Desktop 2 Solution Overview Architecture & Design Validation Result Design Components Architecture & Design This simplified network diagram represents a typical View deployment using F5 BIG-IP solutions. F5’s Application Delivery Controllers (ADCs) are a critical component in the AlwaysOn Desktop design. In addition to providing standard load balancing, the ADCs provide intelligent routing based on source IPs, geolocation, username, or latency. This ensures that the user is always routed to the preferred site, and only in case of a site failure, routed to the next available site. Furthermore, BIG-IP Local Traffic Manager (LTM) and BIG-IP Access Policy Manager (APM) work with the F5 iRules® scripting language, which allows administrators to configure custom traffic rules. F5 Networks has tested and published an innovative iRule that maintains connection persistence based on the username, irrespective of the device or location. A user can change devices or locations and log back in to be reconnected to a desktop identical to the one last used. This method of providing persistence across multiple View pods is available only as a feature of VMware View when deployed with BIG-IP LTM and BIG-IP APM. AlwaysOn Desktop 3 Solution Overview Architecture & Design Validation Result Design Components Validation Result The architecture consists of two identical View pods in an active-active configuration. Each View pod consists of two virtual machine clusters—the management cluster and virtual desktop cluster for scalability purposes. Each pod is self-sufficient, i.e., all management components, including Active Directory (AD), View Connection Manager, Security Server, etc. are built into each site. This allows complete redundancy between the two pods and ensures that the environment will be able to deliver desktops even if one site goes down completely. The infrastructure is front-ended by F5 BIG-IP Application Delivery Controllers to efficiently route traffic between the two sites. Depending on the organization’s needs, traffic can be routed by source IPs, geolocation, latency, or user ID. Furthermore, application traffic is managed within each site to provide optimal utilization of server resources. The View pods are built based on the standard, highly scalable reference architecture published by VMware. AlwaysOn Desktop 4 Solution Overview Architecture & Design Validation Result Design Components Design Components The VMware View AlwaysOn Desktop solution leverages the following F5 BIG-IP components: • F5 BIG-IP Local Traffic Manager (LTM) BIG-IP LTM is an Application Delivery Controller system that provides intelligent load balancing and traffic management. It also brings advanced application security, acceleration, and optimization to both VMware View and all your enterprise applications. • F5 BIG-IP Global Traffic Manager (GTM) BIG-IP GTM is a high-performance DNS solution that gives you full control over global site routing and security. It uses pre-defined business policies to intelligently and automatically route user access to applications based on a wide variety of active data. • F5 BIG-IP Access Policy Manager (APM) BIG-IP APM is a flexible, high-performance access management and security solution that provides unified global access to all your business-critical applications and network. All products can run on the same hardware platforms and share the same ultra-high performance Traffic Management Operating System (TMOS). They are available in a wide variety of physical hardware platforms as well as virtual editions for vSphere. AlwaysOn Desktop 5 VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.com Copyright © 2012 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc., in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies. AlwaysOn Desktop 6