Windows Infrastructure

Windows Infrastructure
Year Zero Server Estate
•
Approximately 40 Virtual Servers, 116 Physical Servers, running Windows NT4.0, 2000, 2003 and
2008R2. We also had a pair of Novell Servers deployed....
•
Backups – Full Backups direct to tape every night, Backup window of 13 hours.
•
Patching/Firmware – Was sporadic, no centralised management
•
Security – AV, Internet access, USB device proliferation
•
Active Directory – 2 Domain Controllers, Prone to BSoD, Corruption occurred frequently
•
Software Licensing – No Inventory Tool, no up to date Asset Management database
•
Messaging – 2 old Exchange 2003 Servers serving 3000 Mailboxes, no governance of Email.
•
No specific Server standards during deployment
•
Developers were using VMware Server for building Dev & Test boxes, which soon migrated in
PseudoProduction Servers. PC’s with Labels saying “Do not switch off....”

Windows Infrastructure
Year Zero Desktop Estate
•
Approximately 2500 Desktops, running Windows XP, and Windows 2000 Professional
• 400 Desktops less than 3 years old, Approximately 32 different models of PC’s, and 16 Builds of
Desktop OS
•
No standard application delivery model. (SCCM, GPO, Scripts, Manual)
•
70% Desktops allow Domain Users to be Local Administrators
•
Machines can take 20-30 minutes from power on to ready state – extra coffee break for staff!
•
Service Desk staff constantly doing PC builds, an estimated cost of £7000 per week.
• Each site visit to deploy software costs £340. (not including Taxi’s.....)
•
GHA staff are unable to move office without IT involvement, this causes delay and a lack of business flexibility
•
After an analysis of Service Desk calls, software and support costs, it was calculated that each
Desktop was costing GHA £760 per year, to support.

Windows Infrastructure
Server Platform - Issues addressed
• In Summary deployment of technology to standardise and consolidate the infrastructure currently in place. vSphere 4.x, Symantec NetBackup, Trend Deep Security, NetIQ, SCCM/SCOM, F5 BIG-IP, Cisco UCS and
EMC VNX, Exchange 2010.
•
Default Server Platform switched to virtual on vSphere
• Conversion of all but 7 Physical Servers (Domain Controllers, Backup Server and Legacy Exchange)
•
On last assessment we were at 95% Virtual on the Server Estate
• Reduce DataCentre Racks required from 24 to 12
• Active Directory Redesigned, and NetIQ DRA implemented for AD Management
•
Consolidated 26 Windows File Servers to 1 Windows File Server
– to be migrated to NAS Appliance
• Implemented Change Management process for Patching of OS on Servers & Desktops
•
Implemented New Backup Solution on Symantec NetBackup with Netbackup 5000 Appliances
• Implemented Microsoft SCOM 2007 for Monitoring of the entire estate
• Switched Anti-Virus from Symantec to Trend
•
Implemented Microsoft SCCM 2007 for Inventory/Asset Management, Patching and Software deployment
• Deployed Blackberry Enterprise Services
•
Deployed new Internet Filtering solution to replace obsolete Surfcontrol
• Deployed F5 BIG-IP Load Balancers to remove SPoF and provide resiliency across many applications
• Implementation of Server Standards, to provide consistency.

Windows Infrastructure
Desktop Platform – Virtual Desktop
• Leverage current technologies in use, specifically vSphere, to provide a platform for the Desktop estate.
• Facilitate flexible working, home working and ability to move Office without IT involvement as Endpoints are now stateless.
• Increase Security – Data stays in the Data Centre.
• Reduce the Carbon footprint by nearly 10,000 tons or the equivalent of over 1600 cars over 3 years
•
Increased performance will reduce login time, and provide an additional 5 hours productivity per month.
•
Reduce need for Onsite rebuilds.
• Solution should allow rich-multimedia services to continue to operate
• A Centralised and standardised Desktop will aid in the diagnosis of issues, speeding up resolution of incidents logged on the Service Desk, as well as allowing easier Application testing.
• A Switch to Virtual makes the migration to Windows 7 an easier proposition, once User training is completed.

Windows Infrastructure
rd
rd
rd
rd
Copyright © 2010 Unidesk Corporation. All Rights Reserved. www.unidesk.com
rd

Windows Infrastructure
Unidesk – Virtual Desktop Management, was that solution.

Windows Infrastructure
Profile
Mgmt
Client Mgmt
App
Mgmt
Storage
Footprint
Image/OS
Mgmt
Copyright © 2010 Unidesk Corporation. All Rights Reserved. www.unidesk.com

Windows Infrastructure
Application Management
Any application
Versioning
Rollback
User/Machine Personalization
Local profile utilized
ALL settings retained
Data and Apps stored separately
User installed apps supported
Storage
Footprint reduction
Storage Tiering
TCP based Replication
OS / Image
Management
Single Image Management
Image Sharing
Version Control &
Rollback
Copyright © 2010 Unidesk Corporation. All Rights Reserved. www.unidesk.com

Windows Infrastructure

Windows Infrastructure
Personalization 1
Personalization 2
Personalization 3
App 1 (shared)
App 2 (shared)
Windows (shared)

Windows Infrastructure
Unidesk
Management
Appliance
Virtual appliance serves
GUI, maintains policy & configuration
Administrator
End Users
Brokers
Unidesk
Master CachePoint
Virtual appliance stores common layers
Unidesk
Virtual
Desktops
Unidesk-composited desktops hosted on existing VMware infrastructure
Unidesk
CachePoint
Virtual appliance stores only the layers need by desktops it hosts
Personalization
Layer Backups
Regular backups of desktop personalization layers for recovery purposes

Windows Infrastructure
Compute Resources.
• A high density, easy and flexible Blade Server Solution is required.
• VDI VM’s will be 1vCPU, and 1.5GB RAM
• Experience tells us, Windows XP RAM can be overcommitted by 40%. Windows 7 less so at 25%
•
When deploying Blades, the following is critical;
• Power distribution
• Network connectivity - simplify
•
Easy of Management
• NehalemEX has been benchmarked at 16 VM’s per Core, we’ve aimed for 12 VM’s per Core
•
Long-term support
Solution deployed, Cisco UCS
•
16x B230 Blades with Intel Nehalem-EX X7560, Each with 256GB RAM (32 x 8GB DIMMS)
• DR solution provided by 7x B230 (same spec) – to provide basic Desktop and Applications (email, critical apps), for a more specific amount of users.
• Each Blade should provide CPU Resources for 256 VM’s at 100%, total of 4096 VM’s across the estate.
• With an average of 9.8 VM’s per Core, we have room to allow for maintenance of Blades / ESXi Hosts without affecting the overall capacity of the estate.
• Each Blade should provide RAM Resources for 170 VM’s, however with the RAM over commit expectations we should be able to expect 238 VM’s if Windows 7, 212.
In practice, this solution allows slack, and would only need to run 156 VM’s per Blade, when capable of 256 VM’s per Blade in extreme circumstances.

Windows Infrastructure
Thin Clients / Networking Planning
•
The Broker of choice was VMware View, and therefore PCoIP would be utilised.
• Thin Client Management of Teradici hardware based solutions, would be done via Teradici Management
Console, whether the kit was Wyse, Devon, Leadtek, Cisco or Samsung
• In the end, Wyse P20 provided a hardware PCoIP solution, with a better all-round multimedia and network performance in our specific environments.
•
Wyse and Teradici during the pilot provided excellent onsite support. Engage with both, and we found they were more than happy to get involved.
•
Highly recommended are the Tweaks to the VM Operating System recommended by Teradici and VMware.
• https://www.vmware.com/pdf/view-46-architecture-planning.pdf
• http://myvirtualcloud.net/?page_id=1562

Windows Infrastructure
VM Software Configuration / Licensing
• Windows OS configuration is critical to a responsive VDI solution. Use the VMware supplied GPO’s, with other tweaks recommended online.
•
Registry tweaks
– Disable NTFS Last Access timestamps, Indexing/Windows Search
• Anti-Virus is a problem for VDI Deployments.
• .
Deployed Trend Deep Security Manager for
VDI Clients and also for the Server Estate
•
Update management of AV is now simply 20 Appliances, not 2500
Desktops.
•
With AV Storms, its not necessarily the
Storage that collapses, but the Host, if every VM (250!), try to aggressively access the Disk. DSM will have an Appliance on each host, and checks each VM in order, not all at once.
• At present, Trend DSM requires vShield
Endpoint client deployed in VM. This will be integrated within VMTools on next release
• Microsoft Licensing.
Not as difficult as it once was, but is still capable of tripping up.
•
VDA Licensing - Non-Microsoft Endpoints
• SA Licensing - Microsoft Endpoints

Windows Infrastructure
It’s all about the IOPS
•
Storage Capacity.
Each VM would have a viewable capacity of 40GB, however, saving of local data would be restricted.
With Unidesk, only the following is required;
Total disk spaced used by VM for boot image & pagefile
Total Space used by CachePoints only (VMDK)
Total Storage Used for Personalization Backup Cache
Total Storage required for Unidesk CPs and VMs
3.6GB
13.7TB
927GB
18.25TB
•
Storage Performance
• Average Workload IOPS
Normal User: ~10 IOPS Web Apps and Office / Email Use 80%
Power User: ~22 IOPS Database users, IT Staff, M/media teams 15%
5% Heavy User: ~40 IOPS Report generating staff
•
Maximum IOPS Usage
Loading IOPS = Normal (.8*10), Power (.15*22), Heavy (.05*40)
16,000 + 6,600 + 4,000
1600 Users
300 Users
100 Users
= 13.3 IOPS (Average)
= 26,600 IOPS
• Solution deployed, EMC VNX 5700 (x2)
•
Sub-lun movement of data allows for larger LUNs, and a more simplified allocation of Storage, and allowed a more cost effective use of SSD and SAS drives.
•
Integration with VMware and Cisco UCS, will allow for a single management platform for orchestration of administration tasks.
• VNX also brings additional Storage to host the Server, and Messaging Estate, as well as a NAS front-end for replacing the File Services.

Windows Infrastructure
Copyright © 2011 Unidesk Corporation. All Rights Reserved. www.unidesk.com
UCS

Windows Infrastructure
Headline Savings
•
A flexible environment free of location based restrictions
• Solution will work without any Security concerns of moving data on USB sticks, VPN restrictions and is compatible with many endpoint devices, PC’s, Mac’s or iPads (particularly popular with Senior Management....)
•
Faster User provisioning
– Desktop, Applications, and can be easily tailored to users. Estimated 1 hour as opposed to 10 days for a new user and PC to be actioned.
•
Free up Frontline IT Staff for more proactive Service Management
• Desktop CapEx for this solution are £420 per Desktop (with estimated lifespan of 5 years), estimated support costs will be £220 per year. CapEx saving on new PC’s of £880 per PC over 3 years, with estimated OpEx savings of
£540 per year.
• To deploy and manage Desktops as we were was costing over £1m per year, after this deployment, the costs are estimated at £550,000. Over 3 years, and with the solution costs in place, that is a saving of over £1.3m
• Energy Savings over 3 years, approx 13,000,000KWh, or £1.8m
• It is estimated that it will take GHA only 11 months to get full ROI.......

Windows Infrastructure
Documents to support design solution.
UCS Configuration
Deploying ESXi on UCS B-Series http://www.cisco.com/en/US/docs/unified_computing/ucs/sw/b/os/vmware/install/VMWARE-esxi-install.html
Cisco Unified Intelligence Center
Cisco UCS Platform Emulator http://docwiki.cisco.com/wiki/Cisco_Unified_Intelligence_Center http://developer.cisco.com/web/unifiedcomputing/ucsemulatordownload
EMC VNX Configuration
EMC Best Practices for vSphere http://www.emc.com/collateral/software/white-papers/h6340-powerpath-ve-for-vmware-vsphere-wp.pdf
Chad Sakac – Performance Troubleshooting http://www.emc.com/events/2011/q1/03-31-11-chads-choice.htm
Thin-Client Configuration
VMware View PCoIP Network Sizing Guide
TN-EN.pdf
http://www.vmware.com/files/pdf/VMware-View-PCoIP-Network-Sizing-Guide-IG-EN.pdf
VMware View PCoIP Zero Client Optimization Guide http://www.vmware.com/files/pdf/VMware-View-PCoIP-Zero-Client-Optimization-Guide-
VMware View Configuration
View 4.6 Architecture Planning
Thin Print GPO Configuration https://www.vmware.com/pdf/view-46-architecture-planning.pdf
http://www.vmware.com/files/pdf/VMware-View-ThinPrintGPOConfig-IG-EN.pdf
Trend AV / View Configuration
VDI Anti-Virus Considerations http://communities.vmware.com/servlet/JiveServlet/download/15248-2-58796/3098_VMW_09Q4_TN_AntiVirus_EN_P11_R2.pdf
Windows Optimisations
XP Guide http://www.emc.com/collateral/software/white-papers/h7168-performance-optimization-windows-xp-vdi-wp.pdf
http://www.mikes.eu/download/view-winxp-optimizations.pdf
Windows 7 Guide http://www.vmware.com/files/pdf/VMware-View-OptimizationGuideWindows7-EN.pdf
Email: iain.balmer@tatacommunications.com
GHA Contact
Email: marchino.sisi@gha.org.uk