Adventures in home working

1. The network load balancer is going through a period of change
2. The concept of a load balancer is still relevant
3. However load balancers need to do more to earn their living, reducing cost, increasing security and optimising traffic
4. The load balancer of the future is best thought of as an Application Delivery Controller
5. Traditional role
   1. better utilisation of data centre resources
   2. high availability when front ending replicated application resources
   3. typically passive from the perspective of the application
6. Why the change
   1. 9 out 10 apps rolled out in 2008 are web based or have a significant web component
   2. My note – compare this with the number of apps used/installed by end users – I think we will see continued high use of client apps, trivial to the enterprise but important to the user
   3. often web apps are very network intensive, often 3x the bandwidth of the client server apps they replace
   4. facebook alone consumed more bandwidth in 2007 than the whole of the internet in 2000
   5. A 30 minute streamed video uses more bandwidth than 100 emails a day for a year
   6. Users are being pulled further away to their applications
      1. globalization, flexi working, branch expansion, mobility, web 2 etc
      2. security, compliance, consolidation …
7. Future role
   1. needs to understand applications, user usage patterns and network traffic
   2. they need to optimise performance, security and cost
   3. application functionality
      1. Load balancing, to minimise latency, distribute load, direct users to where capacity is available, to provide disaster recovery
      2. Content switching
      3. Attack protection, for example resisting a DOS attack, whilst still servicing real traffic
      4. Surge protection, prioritisation of traffic – for example checkout is prioritised above browsing
   4. application performance
      1. enabling compression, which browsers support but many applications don’t
      2. content caching, can often increase performance by a factor of 10 or more depending on app of course
      3. TCP optimisation, buffering, keep alive
      4. performance monitoring, edge sight for netscaler
   5. cost reduction
      1. TCP connection offloading
      2. SSL offloading, hardware SSL offloading reduces web server load by generally a factor of 3
      3. Content caching
      4. Example they reduced the number of web servers MSN europe had serving adverts from 80 to 8
8. 75% of investment is focussed on network security
9. 75% of attacks are at applications
   1. Cross sight scripting, SQL injection etc
   2. An application firewall is mandatory for PCI, ie credit card handling, Payment Card Handling Data Security Standard

Delivered by Sumit Dhawan – Senior Director – Desktop Virtualization Group

Key points:

1. Current desktop process is slow, complex, insecure and costly to maintain
2. Task workers 30%, Office workers 55%, Mobile workers 15%
   1. Office workers seems to me to be way to broad a classification
   2. Office workers are characterised as needing a “personalized” environment
3. Task workers
   1. Standard work environment
   2. Fast startup/low cost
   3. Data security
   4. Compliance and control
   5. XenApp is a great solution for these users
   6. Seems to me that this description above does apply to lots of office workers as well, even consumerized use cases.  In my case for example for enterprise applications – I would be happy with the above, so long as my client was a non locked down laptop
4. Mobile workers
   1. Frequent travel and offline work
   2. Unmanaged or lightly managed laptop
   3. XenApp is a great solution for these users
5. Office workers
   1. Mainly work in the office
   2. Inter office roaming
   3. Office day extenders
   4. Assumption that XenDesktop is the solution for these users
   5. Citrix believes XenApp is the way to deliver the apps to these users
   6. My concern over this positioning is that it also kind of assumes a person works at a desk, rather than someone else’s desk (shoulder to shoulder) or in a conference room or some other collaborative space
   7. 1st generation VDI – which maps to my maturity level 1 – has mainly been for customers who wanted to solve mainly security related issues, at least these were the projects that succeeded
   8. Lots of talk about the ability for users to personalise, for example installing Active X controls.  But no explanation as to where these personalisations get persisted if you are using provisioning server!
      1. Given this lack of a persistence solution, its unclear to me how XenDesktop differs from XenApp Presentation Virtualization
   9. Discussion of the slow degradation of windows desktops over time.  Its not clear what causes this, however does it automatically follow that the same issues won’t occur when a PC is assembled every day from components, perhaps even worse if the components are virtualized (ie multiple copies of dependant components).  However using XenApp published applications would be cleaner.
      1. However if XenApp published applications are being used how does a user add their own apps or add active x controls, or outlook add-ins etc.
   10. Repeated the benefits of using XenApp published apps, ie you can get up to twice as many XenDesktop users per server.
6. Customer example
   1. Collier County public school
   2. 10,000 students, 1000+ staff, about 9,000 remote students
   3. Early adopter of desktop virtualization
   4. A customer that was caught in the “hype cycle”
   5. Deployed maturity level 1, didn’t get beyond the pilot
   6. Rolling out to about 50% of users
   7. Key message – use cases are key!!
7. Costs
   1. Will this cut costs?
   2. For procurement costs Citrix believe PC is $1100 VDI is $1400, but by extending the life of the PC this cost increase will be reduced
   3. Lots of other cost discussion didn’t get covered, although they believe that TCO saving is 40%

IGEL is number 3 in thin clients

1. Access is diversifying, computing is centralising – at least that IGELS idea
2. Do PC cards to pu in legacy PCs, traditional thin clients, thin tablets and up to quad head clients
3. Target 5 minute rollout per device!
   1. Connect device to KVM
   2. How to configure
      1. define profiles for each location
      2. deploy profiles to locations
      3. when the device plugs into the network it picks up its profile
      4. profiles can be defined based on
         1. mac address
         2. ip address range
   3. Use hot spares
   4. XPe devices need to have centrally managed domain join to remove need for admin visit to device
4. Great user experience
   1. Delivering a total PC experience through a single protocol is like a square peg in a round hole
   2. No protocol translations
   3. IGEL support multiple protocols, web mainframe, voip, multi-media, java
   4. Direct connections to reduce latency – eg voip lots of latency because traffic goes client to server to voip switch to client, not client to client
5. Try to avoid management tools that open additional firewall ports and try to avoid protocols like PXE to rebuild thin clients – some router config issues apparently
6. Modern thin client images can be between .5G and 1G, especially XPe, an update is a big deal unless you have caching appliances or a fan out infrastructure.  Even better don’t re-image when you can avoid it
7. Resilience
   1. If device can run web apps or java then this can be a fall back
8. Cost
   1. Some users don’t need a windows desktop, just let the terminal access the applications directly

A few random notes about this session:

1. Applications run businesses
2. Doesn’t mention multiple classes of apps
   1. Enterprise defined
   2. Business area defined
   3. Team defined
   4. End user defined – work related
   5. End user defined – personal
3. Doesn’t mention that there may be different approaches to these different classes of apps
4. It seems to me that the:
   1. primary benefit delivered by the desktop is that it provides services to the applications that allow them to work together synergistically. 
   2. As a secondary benefit it provides a way to navigate to and lauch applications either from the desktop or start menu and to swicth between running applications
   3. Finally it provides a way to access applications by navigating their associated files, and to manipulate these files
   4. Do we get all of these benefits when we deliver all apps via XenApp?  Probably not as seamlessly as we are used to
5. Easy call is an interesting option for low end telephony integration, no presence, web meeting integration etc , but lots of other useful telephony integration
6. key features in next release
   1. Inter isolation communication – this is key – see points above
   2. Differential updates for offline apps – this is useful, even if we pre-cache images and stream with provisioning server
   3. Streaming via HTTP[S] – not before time!
7. XenApp multi-media – Project Apollo – will feed into XenApp and XenDesktop
   1. This is a must have feature now
   2. Vista Aero remoting
   3. WPF remoting – isn’t this the same as Vista Aero remoting?
   4. Flash acceleration
   5. OpenGL
   6. Enhanced audio codec support (not great on XenApp today)
8. Long term approach
   1. Ask
   2. What are the capabilities of the client
   3. What are the capabilities of the network
   4. What are the requirements of the app
   5. make sensible decisions
9. XenApp and Server 2008
   1. Leverages the new WTS architecture
   2. Leverages server 2008 security
   3. XPS printing
   4. Special folder redirection, eg if a users my documents is on their laptop then when they save to my documents in XenApp it gets saved on the laptop
   5. Clear type font support
   6. Microsoft strategy – get more people using presentation virtualization, NOT compete with Citrix
   7. 25% more users on XenApp than on Server 2008 terminal services
   8. IPv6 support

These are the key things that I took away from the iForum keynote by : Mark Templeton at Edinburgh.

1. It’s started late!
2. 1 Million Citrix servers currently in operation, in 200,000 companies
3. Citrix NetScaler sits in front of many large scale web sites today, 75% of Internet users touch NetScaler every day
4. Citrix are pushing support for Apple products going forward
5. Nice slide – you are here, your apps are there, and your users are somewhere else
6. Business issues
   1. Globalization
   2. Offshoring
   3. tele-working
   4. Mobility
   5. Green
7. IT issues
   1. Consolidation
   2. Security
   3. Compliance
   4. Business continuity
   5. Green
8. Not just think different – DO different
9. Citrix takes inspiration from TV
   1. Simple, fast and on demand
   2. Device, network and application independence
   3. Content security and access control
   4. Dynamic capacity
   5. Predictable operating and capital costs
10. However I would make the point that even with all the above, there are still:
    1. PVR’s
    2. youtube
    3. DVD’s
    4. BBC iPlayer
    5. etc
11. Doesn’t change my view that one solution will not meet all requirements, and to be fair Citrix understand that in their model of Controllers, gateways, repeaters and receivers
12. Citrix are promoting a move from the DATA centre to a DELIVERY centre, not sure myself that much changes, data centres have always been delivery centric.
13. Citrix approach – follow the users and the applications —> the web is number 1 for new applications
    1. This means put lots of effort into application layer network services – Citrix NetScaler, 20,000 enterprise deployments so date.  5x (10x for MPX) performance improvement, with increased security and lower server load
14. Relationship with Microsoft stronger than ever
15. The end user experience, requires a lot of focus on the delivery network and associated services
    1. Single signon
    2. Security
    3. Appsharing and collaboration
    4. Integrated telephony
    5. performance monitoring
    6. …
16. Over 50% of employees are in branch office
    1. Citrix branch office repeater
       1. Application delivery staging, for virtualized streamed applications
       2. Windows branch services, file, print, DNS, AD
       3. WAN optimisation
       4. Ok – but where is Citrix provisioning server branch repeater services!
       5. This is a nice integrated appliance, but how does it compete with Cisco WAAS or Riverbed?
17. Citrix app receiver
    1. A universal software client, everything else is a plugin
       1. acceleration, security, virtualization, monitoring, web collaboration, technology, user support, third party extensibility
       2. This is a trend I am seeing everywhere, including Symantec/Altiris and VMware, Firefox
18. Citrix workflow studio
    1. Works within a single Citrix product, between Citrix products and because its Microsoft Windows Workflow Foundation it can orchestrate Citrix and third party products
19. Xen Desktop
    1. A Xen desktop with no applications – ie all apps delivered by XenApp uses half the resources of XenDesktop with apps.  ie twice the users per server.
    2. Upgrade from XenApp to add XenDesktop license for 95$ (enterprise or platinum?)
    3. Not clear what advantage XenDesktop gives over XenApp other than “personalization” also not clear what the real cost difference is.

I’ve been trying to work through the key questions that need to be answered about VDI by anyone comparing it to the obvious alternatives, these being:

1. A laptop
2. A physical desktop
3. A client side virtual machine, copied or streamed to the PC
4. A web application portal
5. A server hosted desktop

Whilst I can see use cases where all of the above are great solutions, it’s not immediately obvious how the decision making process should work in the enterprise.  To start off here’s a short discussion of the  alternatives:

1. A laptop’s a great solution for someone who doesn’t want to work a fixed work locations, but rather wants the flexibility to work shoulder to shoulder with a colleague, work in conference rooms, hotels, the back garden etc.  Clearly it’s also the only solution for people working with unreliable or no network connection.  I see this workstyle being pretty standard for many knowledge workers going forward.
2. A physical desktop seems most at threat from VDI, it doesn’t offer any particularly compelling attributes, until you start to think about the future of the desktop.  Practically unlimited encrypted storage, low power consumption, support for operating system streaming or iSCSI boot, massive computational capacity.  If someone could figure out how to drive real productivity improvements by using all that storage and processing power then we might easily see the desktop swing back into favour.  Even if the desktop PC continues to be used pretty much as it is today It’s not unreasonable to consider the desktop as essentially a VDI client, streaming OS, Apps and Environment on demand in a very VDI like way but just without all of that server and storage infrastructure.
3. I’ve used client side virtual PCs for years, but I wouldn’t want to do all my work on one.  My gut feel is that this will change by 2009 when we will see client side hypervisors readily available and these hosting one or more personal VMs and an enterprise VM thats either streamed to the client, along with streamed apps and environment or just managed as if it were a physical PC, just easier to fix.
4. A web application portal is my favourite way to get at all the “enterprise” applications that I use.  I have no desire to go back to using an enterprise desktop.  Just give me my personal laptop and Internet access and I’m away.  CSC provides me with a portal that fronts expenses, procurement, email, collaborative services etc, and I get a backup solution for my PC that provides an Internet accessible web site for me to access/recover all my documents in the event of a hardware failure or loss/theft of my laptop.
5. A server hosted desktop, most often XenApp provides a locked down environment that meets the needs of many users, and at a price point that VDI can’t reach.  Of course for enterprises that just want to publish applications, it provides a great solution for that too.

Ok after rambling through the alternatives I think I’m ready with my list of key questions:

1. Do you need a solution that costs less than the money you will save by replacing desktop PCs?  If yes then it’s unlikely that VDI is for you unless the desktop PCs are particularly difficult to support, like those in remote branch offices or home locations.  The marginal saving of removing a PC is pretty low when automated tools are used for management.
2. Do your users really want a desktop?  Lots of users who are using a PC as their client device don’t want another desktop, they just want the applications published to them and integrated into their desktop experience.  Microsoft recently ran a trial of their Server 2008 product which offers secure Internet access to applications with “seamless windows” and a full published desktop.  Most users just wanted to use seamless applications.  As I explained above in CSC we just publish web applications.  As consumerization takes hold expect lots of users to prefer to use their own PC for access and look to the enterprise just for the apps they need.  Of course publishing a full desktop costs more, but it does offer a more secure environment and a more controlled end to end user experience.
3. Do you really want windows applications?, if your users needs are simple – and many people looking at VDI keep saying all my users need is email and Office – then perhaps all they really need is a good web email and a well integrated web office suite, and that’s way cheaper than any virtual desktop solution.
4. Do you already have a well managed desktop environment in place?  if you do it’s fairly easy to just deploy a VDI environment to essentially just “provision virtual machines” from that point onwards you might well find it’s cheaper to manage them like every other PC on your network.  You can’t do this with XenApp so unless you already have a well managed XenApp environment in place you will probably find that XenApps infrastructure cost advantage is written off by increased OS and Application management costs.
5. Do your users need to personalise their desktop?  lots of people seem to think that users want VDI because they want to “personalise” their desktop.  Well by personalise most people mean installing applications and many enterprises frown on that.  It might be better to provide two environments,  one that’s locked down and includes enterprise applications and another that’s essentially personal.   This is expensive if you use VDI to provide both of these, or use VDI for one and XenApp for the other, but its not too bad if you provide your users with an allowance to go buy their own laptop and then provide them with VDI, a client side VM, XenApp or a web portal.
6. What are your availability needs? An office full of desktops and laptops can offer a very high level of aggregate availability (for example 95% of an offices PCs might reasonably be available 99.999% of the time) but a VDI or Server hosted desktop environment won’t deliver this level of availability to the desk without a lot of investment.  Not many people need this level of availability, but if you do it’s an important consideration.
7. When does VDI make sense?  Even if VDI isn’t the right solution today, its going to get cheaper – of course PC’s are going to get cheaper – or at least use less power – and more secure and easier to manage as well.

Ok so I’ve rambled on a bit more,  if you answered the questions above and still want VDI it’s likely that you have a lot of expensive desktop PCs to replace and/or you want to increase security, flexibility and agility and you want to do it now.

Time for me to offer up what I thinks going to happen:

1. A lot more laptops,  I think perhaps 30-50% in many enterprises
2. Initially a lot of edge cases where VDI makes really good sense, you might say “the places that traditional desktops and laptops find hard to reach”
3. Some enterprises that have very large desktop user populations today, who don’t have a rich mobility requirement, but do have a large and complex legacy application portfolio will be tempted to move to VDI now
4. Users who do get VDI will get a smartphone as well, or at least get access to email, presence, IM etc on their own smartphones.  perhaps the smartphone will have a bunch of virtualized client applications on its USB drive that can be accessed from any PC, including the VDI client software
5. Within a year VDI costs will have fallen a bit, but not enough.  Desktop PC TCO will have fallen as well and security and manageability will have increased making VDI more expensive again, but with fewer advantages.
6. The app streaming, environment streaming and OS streaming infrastructure that represents the most sophisticated VDI implementations today, will support desktop PCs and ultimately portables as well.  At this point client device choice matters a lot less, and of course it’s then not either or.  It’s simply a matter of right device, anytime, any place.  if I’m a laptop user but I need to quickly access a large file I can run up a VDI environment on demand, laptop gets stolen no problem, just spin up a VDI session for a week and then stream everything back to my new laptop when it arrives.

I’m at Citrix iForum in Edinburgh today,  the conference starts tomorrow and lasts for two days.  There are a couple of CSC people giving talks.  I’m not speaking but I will definitely be listening.  I’ve got a few objectives from the next two days:

1. I want to get a general update on the Citrix portfolio, especially the edge appliances
2. I want to get a broader perspective on VDI, listening to the perspectives of RES, Appsense, the thin client hardware vendors and Citrix themselves.  I have a pretty clear view already, but I want to test it
3. I want to spend some time writing a couple of blog posts, thinking a bit and structuring my thoughts
4. I want to have a rest, and get some walking in – I’ve been over worked for the last few months and I can feel it!