You are on page 1of 28

Enterprise Desktop Strategy – White Paper

Enterprise Desktop Strategy


Application and Desktop Virtualization
White Paper

Joe Jessen
Analyst – Desktop Virtualization
September 2009

Copyright © 2009 Gotham Technology Group, LLC. All rights reserved.


All other marks are property of their respective owners

Application and Desktop Virtualization Page i


Enterprise Desktop Strategy – White Paper

Contents

Executive Overview .............................................................................................................................................. 1


Decoupling the Desktop ....................................................................................................................................... 2
Hardware ............................................................................................................................................................ 2
Operating systems and Infrastructure ................................................................................................................. 4
Applications ........................................................................................................................................................ 5
User Data ........................................................................................................................................................... 6
Maintenance and Support................................................................................................................................... 7
Application and Desktop Options ....................................................................................................................... 9
Physical Desktop with traditionally installed applications .................................................................................... 9
Physical Desktop with Streamed Applications .................................................................................................. 10
Physical Desktop with Isolated / Virtualized Applications ................................................................................. 11
Presentation Virtualization ................................................................................................................................ 12
Virtual Desktop Technology .............................................................................................................................. 13
Operating System Streaming ............................................................................................................................ 14
Solution Selection Process ................................................................................................................................ 15
Mapping Available Technologies ...................................................................................................................... 15
Defining Use Case Scenarios and Requirements ............................................................................................. 17
Match technologies with Use Cases ................................................................................................................. 20
User Profile Virtualization ................................................................................................................................. 24
Next Steps – Enterprise Desktop Product ........................................................................................................ 25
About Gotham .................................................................................................................................................. 26

Application and Desktop Virtualization Page ii


Enterprise Desktop Strategy – White Paper

Executive Overview
Distributed computing continues to challenge large organizations, exponentially increasing in
complexity with the growth of portfolios of applications and devices. Today’s work environment is
both global and agile, with employees working in any number of environments, including homes,
client sites, even the local coffee shop. As this diversity increases, so do the challenges of compliance
and risk requirements regarding distributed data.
Current state of the art solutions look to blend and balance the controlled stability of a centralized
computing environment with the rich application portfolio of the personal computing platform. Two
complimentary technical movements are making this possible, virtualization and centralization.
Virtualization creates distinct areas for applications and data to reside, removing dependencies on
hardware and the environment. Centralization pulls data and the program code operating against it
into data center environments, leaving only interface issues to end user devices.
Virtual Desktop Infrastructure (VDI) solutions are now presenting organizations with an alternative to
deploying traditional PC desktops. VDI follows the trend of server consolidation and virtualization
where workloads are moved from physical devices to virtual instances hosted in the corporate data
center. Implementing a managed desktop solution that incorporates traditional and virtual desktops,
an organization should expect to gain greater flexibility in delivering workspaces to users while
reducing hardware, software, and maintenance costs of supporting this new infrastructure.
An organization’s typical position on application and desktop virtualization revolves around
implementing a process to identify user profile characteristics to map the ideal desktop solution.
Typically they will have multiple options available to ensure the user experience is optimized for any
given user. This document details the process and plan to reduce the total cost of ownership while
providing the best possible user desktop experience.

Application and Desktop Virtualization Page 1


Enterprise Desktop Strategy – White Paper

Decoupling the Desktop


As consultants we have had the opportunity to assist in the planning and implementation of strategic
technology solutions at many firms. The most challenging solutions, not surprisingly, involve the
deployment of a corporate desktop.
As the primary interface, the desktop typically consumes over one third of companies’ IT budgets and
resource allocations, to ensure that users can complete their required business tasks. We have seen
many organizations spend countless hours performing system image rebuilds, and application and
operating system upgrades, with the goal of standardizing the environment, without ever achieving
the reduction in maintenance and support (hidden or soft costs) they expected.
These organizations will continually fail to achieve their TCO goals as long as they continue the
legacy approach to desktop management. There must be a complete shift in thinking about the end
point computing device, how it’s built, and how it’s managed.
The challenge before us is how to assist organizations in creating a more dynamic and scalable end
point computing environment that maintains the power and personalization of today’s desktop
environment combined with all of the controls once experienced with mainframe computing.
In the next section, we present six models organizations can use to deploy desktop services to users.
Getting to one of these models, the individual elements that make up the desktop computing
environment need to be decoupled and managed as unique items. These elements include: hardware,
operating systems, applications, user data and maintenance and support.

HARDWARE
The computing hardware is the layer on which most organizations have historically standardized.
Procurement of one machine type from a single vendor for all users reduces the complexity of

Application and Desktop Virtualization Page 2


Enterprise Desktop Strategy – White Paper

supporting the device once it has been deployed. System lifecycles vary, especially in large enterprise
environments, so inevitably, multiple machine types, with similar but not exact images of the
operating system, are supported.
PC vs. Thin Clients
Many organizations that have adopted server-based computing models (i.e., Terminal Services,
Citrix) to deliver user applications have also chosen to deploy thin client devices where no local
application processing is required. These organizations have benefited from the reduced support
required to maintain these devices and the working environment lends itself to being accessed from
multiple locations, including, potentially from the user’s home. The apparent downside to this model
is that the user must always be connected to the corporate network to get their applications and data.
PCs and laptops are the only options for organizations that have either not adopted a server based
computing model or have a large population of users who work disconnected from the corporate
network. In these scenarios it is best to establish a standard configuration specification from a single
vendor, ensuring the specifications meet the organization and application needs, for example:
 Graphical display
 Memory
 Network connectivity
 Operating System
 Peripherals
Server based computing (SbC), Virtual Desktop Infrastructure (VDI), and Application Streaming and
Virtualization are all technologies that enable thin client devices to look and feel just like standard
PCs and laptops. Thin client devices significantly reduce the hidden costs of supporting the end point
computing device, such as shadow support staff (i.e., co-worker support), floor space, power and
cooling costs, transportation, travel, turnover, and time off for training. Organizations should
consider replacing PCs with thin clients wherever the applications and user data can be accessed
through server based computing solutions (Citrix and Terminal Server) or through a Virtual Desktop
infrastructure.
Organizations can realize some of the following benefits when implementing thin clients:
 Centralized support – Support of the device is done through native remote control utilities,
reducing the need to send help desk engineers to visit the end user. Failed devices can be replaced
by a non-technical user in locations where no technical staff exists.
 Centrally Managed Device Images– Embedded operating systems (Linux or Windows) are
deployed and managed from a centralized console.
 Easier Patch Management – Patches are provided by the hardware vendor, usually within 48
hours of release from the operating system vendor, and are centrally deployed.
 Increased Device Lifespan – The lifespan of thin clients is typically six to eight years, which
reduces the number of devices that need to be refreshed annually.
 Increased Security – With no local hard disks, no data lives on the physical device. Deployment
of these devices to remote or public locations can be done with less concern of intellectual
property or patient data loss.
 Protected Operating Environment – The operating systems are protected from the user making
any changes and are typically read-only, reducing the likelihood of the device becoming infected
by malware or viruses.
Application and Desktop Virtualization Page 3
Enterprise Desktop Strategy – White Paper

 Reduced power consumption – Thin clients use less than 10% of the power of standard PCs.
WYSE provides the following sample of a comparison between 1,000 PCs and 1,000 thin client
users connected to a centralized server environment over a one year period.

1,000 PCs Number of Devices 1,000 Thin Clients + Servers


70.51 Kilowatts consumed per hour 7.14
146,660.80 Kilowatts consumed per year 14,851.20
$13,111.48 Energy costs per year $1,327.70

OPERATING SYSTEMS AND INFRASTRUCTURE


Since its earliest adoption in the business environment, IT has made significant strides to deploy and
maintain a standard PC operating system image that suits the needs of the organization. Users are
initially given little or no ability to customize the interface of the machine which is in complete
opposition to the concept of personal computing. As a result, IT is overwhelmed with requests to
grant users additional access to their desktops. With these additional privileges, the possibility of
local system and network corruption increases significantly. Creating and maintaining a centrally
managed operating system environment that is also flexible to meet the user’s needs is what is
required.
Operating System Images
Creating a single operating system image that is separated from any applications or hardware
specifics reduces the amount of maintenance and storage of such images. Additionally, a single
application- and hardware-agnostic image can be used on nearly all physical and virtual platforms.
Microsoft has an extensive set of guidelines (http://technet.microsoft.com/en-
us/library/bb456439.aspx) for developing operating system images, which Gotham recommends
following. These guidelines also include integration with Active Directory Services, and Group
Policy Objects (GPOs).
Operating System Distribution
There are several solutions that can be leveraged for creating, deploying, and managing operating
system images. Depending on the size and complexity of the environment, organizations may find
one or a combination of solutions can meet their needs.
 Scripted Install – A traditional method for operating system implementation, it utilizes local (CD)
or network-based source files of the operating system in conjunction with a setup script. This
method performs a native installation of the operating system but may require a technician to
interact with the installation for it to complete. This process may be used in environments where a
local operating system is required, but hardware and peripherals are unknown prior to the
deployment, allowing the install routine to automatically identify the hardware correctly.
Applications can be added to this process through additional automated scripts or software
distribution tools.
 Image Install – Image installations are a method where a completely configured desktop machine,
including applications, is prepared for deployment by first removing the personalized information
(for example, machine name) and then creating a single file of that imaged machine. The image is
copied to the destination device locally or through the network where it is extracted on the local
hard disk. Personalization scripts are then run to finalize the installation.

Application and Desktop Virtualization Page 4


Enterprise Desktop Strategy – White Paper

 OS Streaming – These solutions load a pre-configured image of the operating system from a
central network location to a LAN-attached PC, a thin client device, or a virtual desktop. The
operating system is never installed on the local device and uses RAM and the local disk (if any)
for temporary files. When the device is rebooted, the central image is reloaded, so any changes
made by the user are lost, unless they have been stored in their roaming profiles or network file
shares.
 OS Virtualization – Leveraging hypervisor technology, OS Virtualization loads multiple
instances of the operating system on network servers from a single image source. The user
interface is delivered using a presentation protocol such as Citrix’s ICA or Microsoft’s RDP.
Users have the same user experience as a locally installed operating system, regardless of their
connectivity to the network or the configuration of the local device.
 Server Based Desktops – Microsoft Terminal Server enables delivery of server-based desktops
and applications to end users using PCs or thin clients. Citrix XenApp (formerly Presentation
Server) provides added features and functionality that many enterprises take advantage of.
Citrix’s ICA protocol has clients that run on all Windows and non-Windows desktop operating
systems and has historically been used as the primary method of deploying applications to remote
users.
Desktop Policies and Security
Group Policies
Central to the desktop design is the method by which the operating environment is configured and
controlled. Machines that are members of the Active Directory domain can leverage security policies
defined in Group Policy Objects (GPOs) and login scripts. Implemented in a hierarchical manner, the
top GPOs should provide the most stringent lockdowns with subsequent policies allowing additional
functionality as necessary.
Organizational Units (OU) within Active Directory can be used to group common machine types or
user types to ensure that proper security policies are implemented. It is recommended to limit the
number of OUs and Security groups that control the configuration of the desktop so as to keep the
complexity of supporting the environment to a minimum.
Active Directory tools can also be implemented to assist in creating and managing Group Policies.
Many of them have the capability of testing the effects of policies before they are implemented into
production.
Privilege by Application, not by User
To ensure the integrity of the working environment, desktop policies should restrict users from
making permanent system configuration changes. Changing the privilege state of the user or
configuring the Run As feature in Windows XP and above should be done to allow the specific
application to run. This method will maintain the system integrity while ensuring applications will
function.

APPLICATIONS
Access to applications and data is the core purpose of IT infrastructures and the desktop has
traditionally been tasked with hosting the application executables. Keeping the operating environment
performing at its peak, while hosting a complete application set has been one of the greatest
challenges IT has had to face. Traditional desktop deployments classify applications as core or line-
of-business (LOB). The core applications are those that all users require access to, whereas LOB
applications are only utilized by specific users or groups of users. Installing LOB applications locally

Application and Desktop Virtualization Page 5


Enterprise Desktop Strategy – White Paper

limits those users to working only on specific machines, preventing them from roaming or accessing
the applications remotely.
Once an application has been deployed to the desktop, the next challenge for IT is the maintenance of
the application. Code updates and patches are sometimes difficult to deploy and can possibly affect
other applications installed on the machine. For instance, some applications use commonly named
DLL files, which are expected to be on the local machine. One application may overwrite an existing
version during installation or update, causing a conflict with another application. (This is commonly
known as DLL-Hell.)
It is estimated that software product updating accounts for up to 55% of a desktop system's total cost,
whereas the initial purchase and support account for less than 45%. Electronic software distribution
(ESD) packages offer a cost-effective solution for automating the distribution and installation process.
In addition, ESD can provide capacity checking, auditing and management reports, and tools that ease
the initial installation of applications on the desktops. These solutions statistically achieve an 80%
success rate for first time installation of application packages and patches. The remaining failed
deployments usually require a desktop visit and possibly a manual installation by an engineer.
Application Streaming and Virtualization
Application Streaming and Virtualization solutions provide an alternative to the legacy ESD
solutions. These tools leverage the application packaging standards that were utilized with the ESD
solutions but instead of installing applications on the local machine, the application code is streamed
and then executed in protected memory space.
These solutions separate the application from the operating system as well as from other applications.
This application isolation eliminates the application conflicts that have been experienced in the past.
It also keeps the operating system clean, because the applications are never installed. Different
application and user security policies can be applied to individual packages, eliminating the need to
grant users elevated access on their desktops to ensure the applications will run.
Application updates and patches can be applied once to the centrally stored package and distributed
automatically to each user on their next launch of the application. In addition, previous versions of the
application can be stored for easy rollback in the event an application update causes an issue.

USER DATA
Management of users’ data is a daunting task for IT. Data lives anywhere a user has privileges – the
network, local hard drives, and portable devices (USB). A best practice is to keep all users’ data on
the network and allow nothing to be stored locally. Providing a dynamic desktop environment will
require the centralization of all application and user profile data. The user’s profile stores application
and user personalization and preferences. When configured, these preferences will load with every
user session regardless of the device they are logged into.
Roaming Profiles
A dynamic desktop environment should enable users to roam to any device, log on, and get access to
their applications and data. Roaming profiles, which allow users to save data that is typically saved in
their registry, along with profile folders that cannot be redirected (My Documents, Desktop,
Application Data, Start Menu), are one method for providing a consistent user experience for
Citrix\Terminal server environments.
A centralized user profile keeps application and user personalization in a central location and is
loaded upon logon. A roaming profile will be critical to those organizations implementing SbC and

Application and Desktop Virtualization Page 6


Enterprise Desktop Strategy – White Paper

VDI solutions, as these single image source solutions do not enable the user to make permanent
customizations to their working environment.

MAINTENANCE AND SUPPORT


Maintenance and support are the processes and tools organizations use to manage their desktop
environments. Determining the total cost of maintenance and support is difficult, as this area includes
most of the hidden costs of managing the desktop. Hidden costs, which can account for as much as
25% of the total cost of managing a desktop environment, typically include shadow (i.e., non-IT) staff
for support, floor space, power and cooling costs, transportation, travel, loss of user productivity, and
user time off for training.
Standards and guidelines establish organizational clarity on technology, business processes, and
procedures and are crucial to establishing a productive IT environment at a reasonable cost.
Technology standards include not only the technology itself, but also how that technology is
configured, managed, and supported. Standards must also be applied to the business processes and
procedures utilized in managing an organization's desktop environment, particularly if that
organization supports remote locations and users.
It is critical that an IT organization establishes consistent processes for diagnostics, maintenance,
backup/restore, disaster recovery, change and problem management and software distribution to make
the overall client/server environment more manageable and scalable.
The solutions in the IT department tool belt should include:
 Automated Inventory and Software Metering – These tools help maintain the application and
license inventory of an organization
 Data Backup and Disaster Recovery – Tools that maintain the integrity of the organization’s
data in the event of a system or storage failure, and the processes to recover from such a failure
 End Point Monitoring – Implemented in either a proactive or reactive mode, data collected from
the endpoint can enable the help desk to address user issues in a more timely manner
 Patch Management – Processes and tools for implementing application and system patches
 Remote Assistance – Decreasing the time to resolution can be achieved without an engineer
leaving his desk; remote assistance tools allow the help desk to take control of the end point
device and begin troubleshooting quickly
 Virus Protection and Repair – A requirement for local and network data protection
Support Levels
Defined support levels enable an IT organization to properly identify the resources required to
support an application or service and to ensure that all Service Level Agreements (SLAs) are being
met. Structured into three tiers; Help Desk, Operations Support, and Subject Matter Expert, these
resources represent a workflow on how and when an issue is escalated to the next tier.

Application and Desktop Virtualization Page 7


Enterprise Desktop Strategy – White Paper

Level 3
Subject Matter
Expert

Escalation
Level 2
Operations Support

Level 1
Help Desk

Level 1: Help Desk support is the first tier of the support structure and provides first-line, client-
facing support to the end-user. Level 1 support responsibilities include initial issue analysis, problem
definition, problem ticket routing, and low level issue resolution. The appropriate skill set, in
conjunction with the right tools, will aid the Help Desk in successfully performing its role. Level 1
support should also include automated tools that perform event-driven issue identification and
automatic routing to Level 2 – Operations Support.
Level 2: Operations Support is the intermediate tier in the support structure and handles all issues
forwarded from the Help Desk or from automatically generated alerts. Level 2 Support rarely
interfaces directly with the end-user community, but has the authority to engage IT Technical
Management when addressing issues. Level 2 support responsibilities include core network
infrastructure, network server support, and advanced issue resolution. The appropriate skill set, in
conjunction with the right tools, will optimize these processes. Level 2 Support also implements any
new technology that directly interacts with the environment.
The Level 3: Subject Matter Expert (SME) is the highest level of expertise within the organization.
SMEs are responsible for engaging directly with IT Technical Management, and serve as technical
liaisons with vendors and the user community. The SME must possess advanced networking,
operating systems, and server hardware knowledge and highly developed troubleshooting skills.
SMEs will also be responsible for the development, testing, architecture of all designs. They are also
responsible for validating the proper implementation of any new technology that directly interacts
with the environment.

Application and Desktop Virtualization Page 8


Enterprise Desktop Strategy – White Paper

Application and Desktop Options


Organizations have several options to deploy desktop services to their users. In this section we
identify six desktop models:
 Physical desktop with traditionally installed applications
 Physical desktop with streamed applications
 Physical desktop with isolated / virtualized applications
 Presentation virtualization
 Desktop virtualization
 Operating system streaming
Each solution has its own benefits to an organization, providing levels of flexibility, portability, and
security that meet the use case needs of its users.
As noted in the previous section, these models require exploring and managing the various
components of the desktop environment – hardware, operating systems, applications, user data, and
maintenance and support – individually.

PHYSICAL DESKTOP WITH TRADITIONALLY INSTALLED APPLICATIONS


In the physical desktop model, an operating system is installed on the hard drive of the device, and
applications are deployed using automated software distribution tools or manual installations.
 Local applications connect directly to data on the backend.
 Updates to the application require in place upgrades or complete redistribution of the application
package
 This model provides the user the flexibility to work off-line (such as with a laptop), but requires
more rigorous policies to ensure the applications and data are secure.

Application and Desktop Virtualization Page 9


Enterprise Desktop Strategy – White Paper

PHYSICAL DESKTOP WITH STREAMED APPLICATIONS


In the Streamed Applications model, an operating system is installed on the hard drive of the device,
and the applications are deployed to the device from a central location on the network and are run
from a protected area on the local machine. The machine’s system files and registry are not modified,
and the application performs using local resources.
 Applications connect directly to the data on the back end.
 Updates to the application package are performed from a central location. Upon the next launch
the user receives the updated application.
 Streamed applications can also be isolated from one another, allowing multiple versions of the
same application be run on a single device.
 This model provides the user the flexibility to work off-line (such as with a laptop), but requires
more rigorous policies to ensure the applications and data are secure. Streamed applications will
require to be cached to the local device before offline execution is possible.

Application and Desktop Virtualization Page 10


Enterprise Desktop Strategy – White Paper

PHYSICAL DESKTOP WITH ISOLATED / VIRTUALIZED APPLICATIONS


In the Application Isolation with Virtualization, an operating system is installed on the hard disk of
the device and a software hypervisor is installed. Application packages are distributed and executed in
the local virtual environment.
 Applications connect directly to the data on the back end.
 In this model, applications are explicitly isolated from the operating system which will allow for
multiple versions of an application to run, even if one of the versions is installed on the local hard
disk.
 This model provides the user the flexibility to work off-line (such as with a laptop), but requires
more rigorous policies to ensure the applications and data are secure.

Application and Desktop Virtualization Page 11


Enterprise Desktop Strategy – White Paper

PRESENTATION VIRTUALIZATION
With Presentation Virtualization, applications are installed and managed on centralized servers in the
data center; screen images are delivered to the users, and the users' client machines, in turn, send
keystrokes and mouse movements back to the server
 Applications can be installed locally or leverage application streaming and isolation solutions
 Multiple servers can act as a single resource (i.e., a server farm) to deliver applications and
desktops to client devices
 Common protocols ICA and RDP are used to connect to the back end servers. Both clients and
their protocols are available from traditional desktops and from thin clients
 Applications execute on the server so the client never communicates directly with the data on the
back end
 This model provides only connected user access to applications; there is no offline access
capability of this solution

Application and Desktop Virtualization Page 12


Enterprise Desktop Strategy – White Paper

VIRTUAL DESKTOP TECHNOLOGY


With Virtual Desktops, servers in the data center running a hypervisor host multiple instances of a
desktop operating system. Screen images are delivered to the users, and the users' client machines, in
turn, send keystrokes and mouse movements back to the server
 Desktop images are located on a central NAS/SAN
 Applications can be installed within the desktop image or leverage application streaming and
isolation solutions
 Multiple servers can act as a resource pool to deliver desktops to client devices
 Common protocols ICA and RDP are used to connect to the back end servers; both clients and
their protocols are available from traditional desktops and from thin clients
 Application execution is on the virtualized desktop instance so the client never communicates
directly with the data on the back end
 This model provides connected user access to desktops; there is limited offline access capability
of this solution

Application and Desktop Virtualization Page 13


Enterprise Desktop Strategy – White Paper

OPERATING SYSTEM STREAMING


In an Operating System Streaming solution, the desktop is stored as an image on a central NAS/SAN.
During the boot of the client device, a desktop image is provisioned to it and is streamed from the
data center to the endpoint device.
 The user experiences the same look and feel as a locally installed operating system, enabling
greater interaction with the underlining hardware
 Applications can be installed within the desktop image or leverage application streaming and
isolation solutions
 Applications connect directly with data on the back end
 This model provides connected users access to desktops; there is limited offline access capability
of this solution

Application and Desktop Virtualization Page 14


Enterprise Desktop Strategy – White Paper

Solution Selection Process


There are many desktop options and possible combinations, physical and virtual alike, and therefore
the development of a desktop strategy requires three distinct steps:
 Mapping the available technologies
 Define use case scenarios and their requirements
 Matching technologies with use cases
This section details the three steps in the process.

MAPPING AVAILABLE TECHNOLOGIES


Organizations may find that they will require the use of multiple solutions to satisfy the different use
case requirements. There are numerous options for application, desktop and presentation
virtualization. The following is a list of many the current solutions.
Technology Area/ Vendor Website Reference
Vendor-Product
Server Virtualization refers to uncoupling server operating systems from hardware hosts, allowing multiple isolated operating
system environments to share the same physical server
Citrix XenServer http://www.citrix.com/English/ps2/products/product.asp?contentID=683148&ntref=hp_nav_US
IBM Virtualization http://www-03.ibm.com/systems/i/os/
Microsoft Hyper-V http://www.microsoft.com/windowsserver2008/en/us/hyperv-main.aspx
Novell Virtualization http://www.novell.com/products/server/
Oracle Virtual Iron http://www.oracle.com/virtualiron/index.html
Parallels http://www.parallels.com/solutions/consolidation/server/
RedHat http://www.redhat.com/rhel/server/
Virtualization
Sun VirtualBox http://www.sun.com/software/products/virtualbox/get.jsp?intcmp=2945
VMware ESX http://www.vmware.com/products/vi/
VMware vSphere http://www.vmware.com/products/vsphere/
Desktop Virtualization refers to uncoupling a client operating system environment from underlying hardware, allowing end-user
workspaces to be hosted on servers and accessed remotely, or for corporate workspaces to be isolated from personal workspaces
on client machines.
2X Software http://www.2x.com/
3Par http://www.3par.com/solutions/utility_computing/vmware_vdi.html
Citrix XenDesktop http://www.citrix.com/English/ps2/products/product.asp?contentID=163057
ClearCube http://www.clearcube.com/controller/virtualization_solutions.php
Desktone http://www.desktone.com/
Ericom http://www.ericom.com/virtual_desktops.asp
Kaviza http://www.kaviza.com/virtual-desktop-Products/kaviza-vdi-in-a-box.html
Leostream http://www.leostream.com/products/overview.php
Microsoft http://www.microsoft.com/virtualization/products/desktop/default.mspx
MokaFive http://www.mokafive.com/products/products-overview.php
Neocleus http://www.neocleus.com/
Pano Logic http://www.panologic.com/

Application and Desktop Virtualization Page 15


Enterprise Desktop Strategy – White Paper

Parallels http://www.parallels.com/solutions/vdi/
Quest vWorkspace http://vworkspace.com/default.aspx
Red Hat http://www.redhat.com/rhel/desktop/
RES PowerFuse http://www.ressoftware.com/pm-products.aspx?PageID=70&menuid=1
RingCube vDesk http://www.ringcube.com/portal/content/products/vdesk/
Sentillion http://www.sentillion.com/solutions/remote-access.html
Sun Virtual http://www.sun.com/software/vdi/index.jsp
Desktops
Symantec EVS http://www.symantec.com/business/solutions/solutiondetail.jsp?solid=sol_infrastruct_op&solfid=sol_endpoin
t_virtualization
Teradici http://www.teradici.com/pcoip/pcoip-technology.php?gclid=CIPphNLdrJkCFQw9GgodgFhXJQ
Unidesk http://www.unidesk.com/
VDIworks http://www.vdiworks.com/new_vdi/?q=node/5
Virtual Computer http://www.virtualcomputer.com/Products+page
NxTop
VMware View http://www.vmware.com/products/view/
Presentation Virtualization refers to the delivery of applications and desktops over a common protocol that displays application
user interface on a client machine, but whose code is executed on a multi-user Windows server
2X Software http://www.2x.com/
Citrix XenApp http://www.citrix.com/English/ps2/products/product.asp?contentID=186
Microsoft Terminal http://www.microsoft.com/windowsserver2008/en/us/rds-product-home.aspx
Services
Quest vWorkspace http://vworkspace.com/default.aspx
Application Virtualization refers to the uncoupling of applications from host operating systems, dramatically easing deployment and
allowing the virtualized application to run in its own isolated sandbox
Citrix Application http://www.citrix.com/English/ps2/products/subfeature.asp?contentID=163987
Streaming
InstallFree http://www.installfree.com/products/overview/
Microsoft App-V http://www.microsoft.com/systemcenter/appv/default.mspx
Microsoft Med-V http://www.microsoft.com/windows/enterprise/products/mdop/med-v.aspx
Symantec EVS http://www.symantec.com/business/solutions/solutiondetail.jsp?solid=sol_infrastruct_op&solfid=sol_endpoin
t_virtualization
VMware ThinApp http://www.vmware.com/products/thinapp/
Operating System Streaming refers to uncoupling a client operating system environment from underlying hardware, allowing end-
user workspaces to be dynamically streamed from a central repository to local client machines.
Citrix Provisioning http://www.citrix.com/English/ps2/products/product.asp?contentID=683392
Server
Profile (Personalization) Virtualization refers to the isolation of the user’s application and environment settings, storing them in a
central location and applying them upon login to a physical or virtual desktop environment
AppSense EM http://www.appsense.com/products/environment_manager.aspx
Citrix Profile http://www.citrix.com/English/ps2/products/subfeature.asp?contentID=1686118
Manager
Liquidware Labs http://www.liquidwarelabs.com/products/profileunitypro.asp
Quest vWorkspace http://vworkspace.com/default.aspx
RTO VirtualProfiles http://www.rtosoft.com/Products/VirtualProfiles/VP.htm

Application and Desktop Virtualization Page 16


Enterprise Desktop Strategy – White Paper

ScriptLogic http://www.scriptlogic.com/products/desktopauthority/
Desktop Authority
Symantec EVS http://www.symantec.com/business/solutions/solutiondetail.jsp?solid=sol_infrastruct_op&solfid=sol_endpoin
t_virtualization
Tranxition http://www.tranxition.com/index.shtml
Tricerat http://www.tricerat.com/profile
SimplyProfiles
Wanova http://www.wanova.com/

DEFINING USE CASE SCENARIOS AND REQUIREMENTS


Best practice dictates the development of use cases to determine functional requirements. Use cases
are the specifications of a set of actions performed by a user on a system that yield a desired result.
Organizations typically utilize use cases during application functionality and scalability testing and do
not extend their use to application and desktop delivery.
Use cases can define basic functionality or contain detailed business processes.
Basic Use Cases
Basic use cases will enable orgnaizations to classify the user type requirements and map a specific
desktop solution to them. Some examples of basic use cases are below:
User Group / Type Requirements Solution
Business User  Office Productivity Applications Applications and Desktop hosted on Citrix XenApp
 Line of Business Applications
 Access to network file shares and
data sources
 No Administrator privileges
Network  Office Productivity Applications Desktop delivered through VDI Solution
Administrator  Network Tools Applications are a combination of XenApp hosted,
 Administrator Tools streamed, and local tools
 Administrator privileges required
Application  Office Productivity Applications Desktop delivered through VDI Solution
Developer  Line of Business Applications Applications are a combination of XenApp hosted,
 Development Tools streamed and local tools
 Administrative privileges required
Contractor  Office Productivity Applications Applications and Desktop hosted on Citrix XenApp
 Line of Business Applications

The desktop delivery use case should be used as both a strategic planning tool and to validate
functionality requirements. The desktop delivery use case is made up of three profiles: Application,
Access, and User Privilege.
Application Profile
The application profile is made up of business and technical criteria that determine the best suited
platform for applications to be delivered to the end user’s desktop device.
Major Criteria Sub Criteria Description
Operating System Which operating systems are required and supported by the application
Compatibility
RAM What are the physical RAM requirements for the application

Application and Desktop Virtualization Page 17


Enterprise Desktop Strategy – White Paper

Major Criteria Sub Criteria Description

License What is the use-license for the application: Named User, Concurrent or
Unlimited Use
Disk – Installation How much disk space does the application code occupy when installed
Footprint
Hardware – Identify the local and network hardware that the application is required to
Peripherals interact with.
Network Application Server Does the application require connectivity to a back-end application server to
function
Bandwidth – Data How much network bandwidth is required while the application is running
Bandwidth – UI How much network bandwidth is required for the UI to perform to acceptable
(Latency) levels
Connectivity Is connectivity to the datacenter (network) required for the application to
function
Database Does the application connect to a back-end database resource to function
File Share Does the application connect to a back-end file share resource to function
Printing Does the application need to print to local or network printers
Authentication Biometrics Does the application use a biometric device to authenticate the user
Directory Services Does the application use a directory service or ACL list to authenticate the
user
User Privileges What level of local and domain privileges does the user require to run the
application
Offline Use User requires access to the application when they are disconnected from the
network
Audio The application delivers audio content
Video High Resolution The application requires high resolution video to function
Multi – Monitor The application uses multiple monitors
Streaming Media The application delivers streamed audio and video content to the user
Software The application requires the existence of other software in order to function
Dependencies
Compliance Audit The application usage or data changes in the application requires to be
audited for corporate compliance
Standards The application falls under the guidance of such standards as: HIPPA, SOX,
PCI. Additional auditing and usage restrictions may apply

The application profile should be created when an application is first being tested and packaged for
the environment. The profile can be created in spreadsheet or database format. The criteria in the
table above have both business and technical criteria that would affect the outcome. Organizations
will have to determine if business requirements, such as auditing, will have stronger weighting in the
decision process, or if the decisions will be weighted on purely technical capability.
Access Profile
Applications and data need to be accessed by different people from different devices over different
connections, all with different levels of access that are governed by some set of standards and
governance. This may require an organization to provide different methods of access to the same
data; depending on the access scenario. The access profile is going to determine what level of access
will be required for the application or data set. Some of the questions that need to be answered when
defining the profile are:

Application and Desktop Virtualization Page 18


Enterprise Desktop Strategy – White Paper

 Who am I?
 What device am I connecting from?
 How am I connecting?
 What network access will I require?
 What network services will I need to access?
 What application and data services will I need to access?
The answers to these questions answered are the core of your access profile. Understanding the access
requirements for a particular application or user can have an effect on the decision on how that
application is delivered to the user. Applications that may have sensitive data tied to it, should be kept
away from local installations, or be put on machines that may be accessed while outside the corporate
network. Data Loss Prevention (DLP) initiatives should have some stated guidelines on data
classification and data protection solutions.
The access profile can be represented in a decision tree format, such as the one below:

A user (or use case) requests a network login. In the first decision, it is determined if the user will be
granted access to a desktop login. Short-term contractors or employees who do not access any
applications or data to perform their job function would not be granted access to the network.
If they are authenticated, then the device they are logging in from is checked if it is an organizational
asset or not. If the device is not an organizational asset, then no local apps or data should be allowed.
The user should be redirected to a Web Interface portal where they will be provisioned a Citrix or
VDI desktop.

Application and Desktop Virtualization Page 19


Enterprise Desktop Strategy – White Paper

Authenticated users on sanctioned devices will then be checked on how they are connecting to the
network. LAN/WAN users will be able to access their full application and data sets. Remote users
may be required to access their desktop through Citrix or VDI and may only have limited access to
applications and data from their local machine.
User Privilege
User privilege refers to the level of local administrative privileges that a user requires to perform their
job function, as defined in the use case. Elevated levels of user privileges allow the system’s user to
make changes to its configuration and install applications if necessary. We define these two decisions
as User Level and Admin Level. Network and system administrators and application developers are
two examples of such user types whose accounts will be granted administrative level access.
Tasks performed by these users may include making system-wide changes to their working
environment. In a multi-user environment, such as a Terminal Server with Citrix XenApp, those
changes could have an adverse effect on the other users accessing that server. In such cases, physical
desktops or virtual desktops would be the best suited environment for them.

MATCH TECHNOLOGIES WITH USE CASES


Once an organization has completed the task of profiling the applications and access requirements
and has clearly defined the desktop use cases, then we can map these requirements to specific
solutions.

Gotham has observed working with numerous clients that there is clear need to host multiple
solutions. We have found that the typical distribution of desktop use cases is approximately 20%
physical, 50% presentation virtualization, and 30% virtual desktop.

Application and Desktop Virtualization Page 20


Enterprise Desktop Strategy – White Paper

In order to reduce the complexity of maintaining multiple desktop delivery options, it is


recommended that an organization select a common application delivery solution. The application
streaming/virtualization solutions can provide a common platform for application delivery.
Applications can be packaged once and delivered to multiple platforms.
Desktop Solution Decision Tree
A decision tree will enable organizations to select the most critical criteria for determining the best
suited desktop solution for a particular use case. The following decision tree uses two decision
criteria; Offline Access and User Privileges.
Offline Access

In this step of the decision tree, we are using the user’s business need to work offline, or disconnected
from the network, as the root criteria for which a desktop solution will be deployed. If it is determined
from the first step that the user does not need to work offline, or that the application profile dictates
that their applications can only be accessed when connected to the network, then the model moves on
to the next major criteria – user privilege.

Application and Desktop Virtualization Page 21


Enterprise Desktop Strategy – White Paper

If it is determined that the user requires offline access, the next decision criteria is which operating
system does this user require, or on which operating system platforms are the applications supported.

The final decision in this process is how applications will be delivered to the user’s desktop. The
options are streamed/virtualized, isolated, or locally installed (traditional ESD). A dynamic and
efficient desktop solution will leverage streamed/virtualized applications as its method for software
delivery. If the application does not function while streamed or virtualized, then it can be considered
for isolation with a solution such as Microsoft’s Med-V or installed locally with traditional software
delivery tools.

User Privileges

The second major criteria chosen for this decision process is User Privileges. Similar to the user
privilege profile identified earlier, user privileges refers to the level of local administrative privileges
that a user requires to perform his/her job function, as defined in the use case. Elevated levels of user
privileges allow the system’s user to make changes to its configuration and install applications if
necessary. We define these two decisions as User Level and Admin Level.

After a User Level decision has been determined, we then look at whether the applications can be
supported in a Citrix/Terminal Server environment. This information would be obtained from the
Application Profile process. If the application set is suited for the Citrix/Terminal Server environment
then we follow the same application virtualization decision tasks as we did in the Offline Access tree.

Application and Desktop Virtualization Page 22


Enterprise Desktop Strategy – White Paper

If the User level is determined to be Admin Level, or the application is not suited for a
Citrix/Terminal Server environment, we determine if the user can be placed in a virtual desktop or
have to remain on a Physical desktop. The Application Profile will drive this decision, but
requirements such as access to local data will affect the virtual desktop decision. Once a decision has
been made to put the user in a virtual desktop environment we then follow the same decision criteria
for operating system and application virtualization as was done in the Offline Access tree.

Application and Desktop Virtualization Page 23


Enterprise Desktop Strategy – White Paper

USER PROFILE VIRTUALIZATION


Having multiple desktop solutions available adds an additional challenge for organizations, which is
the centralization and management of a user’s profile. A user’s profile consists of application and
registry settings, files, and folders that are made available to them upon login. There are significant
benefits to having individual user profiles:
 User’s application and profile changes do not affect another profile’s customization
 Multiple users can work on the same device, each with their own personalizations
 Settings are centrally stored between the logoff and logon time and can be accessed from any
device on the network (roaming profiles)
Making personalization available to the users, regardless of the desktop platform is the challenge.
Active Directory and Windows allow a user to store two profiles; Desktop and Terminal Server.
Along with group policies and folder redirection, an organization can manage the core of a user’s
session personalization. As a profile is used, it can grow significantly from its original size and is
sometimes prone to problems that result in end user issues such as slow logon/logoff times and
corruption in the profile.
To address these potential issues, organizations have turned to solutions that centrally manage and
maintain the user’s profile. These solutions streamline the profile creation process by taking the
settings and putting them into a database, and removing the reliance on Active Directory to store and
enforce the policies. These solutions are able to differentiate between physical and virtual desktops
and terminal server sessions and can provide the same personalization without having to store
multiple profiles for the same user.
It is recommended that organizations consider a profile virtualization solution as part of the desktop
strategy.

Application and Desktop Virtualization Page 24


Enterprise Desktop Strategy – White Paper

Next Steps – Enterprise Desktop Product


Organizations should strive to create and deploy a consumable Enterprise Desktop product offering.
Organizations need to develop this product in the way an outside vendor providing hosted desktop
services would. This will provide organizations with a model built on end-to-end costs as that product
is designed to maximize capital investment.
Organizations need to develop:
 A method for identifying and segmenting clients for whom this product is an appropriate solution
 A process for assembling and delivering the product
It is recommended to choose an initial use case or business unit and moving them through this process
in such a way as to create a template for subsequent deployments.
The target business unit (TBU) will be profiled for network connectivity, application portfolio, and
data access requirements. A quantitative analysis of these elements will indicate which product will
be the most appropriate low-cost fit. Products will be established and versioned based on current
knowledge and requirements for the TBU.
The target business unit should have a solid potential consumer for physical and thin client desktops.
The template for developing fit needs to recognize both appropriate and inappropriate uses for the
models.
The template process must take in key elements of the TBU’s environment and assign a best fit
desktop platform. Key elements will include the application profile, the location of the data sets
needed by the applications, and the available network bandwidth between users and these elements.
It is also important to plan for any use case structures that exist for this offering. Use cases may
include situations such as
 Working at the home office
 Working from a traveling or remote office
 Working from a hotel
 Working from home
Once these elements have been assembled, an initial product offering can be assembled to meet the
spectrum of needs. Fit can begin to be measured across this template. This initial offering can then be
tested across a pilot community at the TBU. Once the process structure is complete, make necessary
template changes to improve the template process for use by additional businesses.

Application and Desktop Virtualization Page 25


Enterprise Desktop Strategy – White Paper

ABOUT THE AUTHOR


Joe Jessen is an Analyst for Desktop Virtualization and Director of Professional Services for Gotham
Technology Group.
Joe has extensive practical experience in enterprise solution implementation, system integration,
network architecture, and security. Joe was formerly a Manager of Citrix Consulting Services and
Global Director of Server Based Computing for FutureLink an international Application Service
Provider.

ABOUT GOTHAM TECHNOLOGY GROUP


Gotham Technology Group, LLC, is in the business of providing guidance and direction to IT
professionals. With offices throughout the New York Tri-State area, Gotham serves clients based
throughout the Northeastern United States, and delivers good and services across the globe. Gotham’s
Practices include Application Development, Infrastructure, Security, Staff Augmentation, Storage,
and Virtualization.

Gotham Technology Group, LLC


Main Phone Number: (201) 474-4200
www.gothamtg.com

New Jersey Office


1 Paragon Drive
Montvale, NJ 07645

New York City Office


888 7th Avenue
New York, NY 10106

Connecticut Office
4 Research Drive, Suite 402
Shelton, CT 06484

Copyright © 2009 Gotham Technology Group, LLC.


All rights reserved.
This document contains information that is confidential and is the
property of Gotham Technology Group. It may not be copied,
published or used, in whole or in part, for any purpose other than
expressly authorized by Gotham Technology Group.

Application and Desktop Virtualization Page 26