Project Virtual Reality Check

Project Virtual Reality Check #DUTCHVMUG Jeroen van de Kamp CTO j.kamp@loginconsultants.nl Ruben Spruijt CTO rsp@pqr.nl

Project Virtual Reality Check. Jeroen van de Kamp: j.kamp@loginconsultants.nl @thejeroen Ruben Spruijt rsp@pqr.nl @rspruijt

.

Agenda. Introduction Conclusion Phase 1,2,3 Impact Application Virtualization on VDI Unpublished results: VDI and AntiVirus

VDI in praktijk.. Who s administering/building VDI? Who s on Windows XP? Who s on Windows 7? Who s on VMware vsphere v4.x? Who s on VMware vsphere v5.x? Who s on the others? Who s doing/considering stateful/persistent VDI? Who s doing/considering stateless/non-persistent VDI? Who s doing/considering central/shared storage? Who s doing/considering local storage?

Introduction.

.

. Performance Analysis & Review VDI + SBC

Independent & Unbiased.

Latest Gear.

~1000.

www.projectvrc.com.

.

VRC Publications. Phase I, II: Virtualizing TS/RDS/XenApp Phase III: VDI bestpractices (Windows XP / Windows 7) Phase IV: Application Virtualization and VDI Phase V: Impact and Bestpractices AntiVirus on VDI (in progress)

Test platform VRC. Server Brand/Model CPU Memory Disk RAID level RAID controller HPDL380G6 2 x Intel Quad core 5500@2.67GHz Nehalem (16 logical cpu!) 96 GB DDR3 8 x 146Gb, 820.2Gb, dual port 10.000RPM Serial SCSI RAID-5 with online spare HP Smart Array P400i, with 512MB and Battery Backed Write Cache NIC NC373i Gigabit Adapters, Broadcom 5708

Login VSI Turn-Key Benchmark for SBC + VDI (hosted) Considered Industry Standard (driven by Citrix!) Protocol independent Standard workloads: light, medium, high & multimedia Data randomization Used by: Citrix, MS, Dell, HP, Cisco, VCE, EMC, Intel, Quest, Panologic, Atlantis, Fujitsu, Virsto, Hitachi, Datacore, McAfee, CSC, FusionIO, Unidesk

Single Server

Configuration 1

Start the Test

Saturation

Single Server

Configuration 2

Start the Test

Saturation

SBC (RDS/TS/XenAPP) Terminal Server Terminal Server AD File Share Logging Hypervisor

VDI XP XP XP XP AD File Share Logging Hypervisor

VSI (Standard) Workload Office: Outlook, Word, PowerPoint Excel PDF printer & Adobe PDF Internet Explorer (multiple sites + Flash Video) FreeMind (Java)

VSI (Standard) Workload

. VRC Phase I+II: RDS Workloads on Hypervisors

Conclusions Phase I & II. Virtualization RDS/XenApp: Yes we can! Virtualizing X64 RDS Workloads Yes! (not higher density) Best-Practices No vcpu overcommit + 2vCPU minimum On Nehalem = 4vCPU/VM sweet spot Dedicated Host Update Best-Practices ASLR & TPS Intel Nehalem: impressive Hyper-Threading + EPT-D = Doubling Capacity

VRC Phase III WinXP / Win7 VDI Workloads

. VSI vs VRC Optimizations

. Project VRC must emphasize that it is crucial to test and validate optimizations in your own VDI deployment Disable services Win7 default Win7 VSI opt Application Experience V Base Filtering Engine V Background Intelligent Transfer service V Diagnostic Policy service V Function Discovery Resource Publication V Offline files V Superfetch V V TCP/IP NetBios Helper Themes V Windows Defender V V Windows Search V V Windows Update V V Windows Firewall V WLAN Autoconfig V Windows media player Network Sharing Service V Routing and remote Access V HomeGroup Provider V Internet Connection Sharing V Media Center Extender Service V Net.Tcp Port Sharing Service V Win7 BP opt

Conclusion I/O s.

VIRUSSCANNER and VDI ; TOTAL I/O s.

SBC vs VDI VDI SBC

Phase III - Conclusions Windows 7 more than Windows XP Boot, First Loop Windows 7 less than Windows XP Second Loop, Idle Best practice: Use VRC Optimizations fix page file A/V HIMP - RedBull

. VRC Phase IV: AppVirt Impact on VDI

Project Virtual Reality Check: Phase IV. Jeroen van de Kamp: j.kamp@loginconsultants.nl @thejeroen Sven Huisman: shu@pqr.nl @svenh Ruben Spruijt: rsp@pqr.nl @rspruijt

Impact of Application Virtualization on VDI. VSIMax Local vs Streaming I/O Impact

Application Virtualization Test Setup. 3 major AppVirt vendors: Citrix Application Streaming (XenApp 6.0) Microsoft Application Virtualization (App-V 4.6) VMware ThinApp (ThinApp 4.6) Office 2007 suite virtualized as 1 package Deployment Scenarios: streamed precached shared cache

VDI. 7 7 7 7 AD File Share Logging Hypervisor

Please Note!. Project VRC s goal is to investigate overall performance impact of AppVirt in VDI. Project VRC does not recommend virtualizing the Microsoft Office suite as an overall best practice.

VMware ThinApp.

Streamed vs. Local installed %. Locally Installed 100 XenApp Streaming 56 App-V RTSP 77 ThinApp Streaming 74

Pre-cached vs. Local installed %.

streamed vs. Local installed % - upd.. Update: Citrix Application Streaming (November 2011) VSImax 56 >> 61..

Typical Streaming Scenario. Office Locally Installed Outlook Word PowerPoint Streamed Apps Excel PDF Reader Freemind

Typical Streaming Scenario (%) *. (100) (56) (77) (74) (*) Some Apps are locally installed

Project VRC IV Conclusions. Worst/worse case scenario or reality? Impact VSImax Full Virtualization : up to 20-40% Typical Streaming Scenario Impact: 5-10% Streaming apps = up to 22-45% less READ I/Os Streaming apps = up to 20-45% more WRITE I/Os Application Virtualization IS key in Optimized (virtual) Desktop

One more thing...

. VRC Phase V: AV Impact on VDI

VDI & AntiVirus

A couple of questions. Who is using AV in VDI statefull? Who is using AV in VDI stateless? Who does a scheduled/manual scan during production hours?

VIRUSSCANNER: TOTAL I/O s

Jonathan Meunier

Anti-virus solutions Microsoft Forefront Endpoint Protection 10 Trend Micro OfficeScan 10.5 DeepSecurity 7.5* McAfee Move AV 2.0 Endpoint protection* Symantec Endpoint Protection 12.1

Normal VSI results

Default Install ForeFront..

Protect desktop VM s AV directly installed on the VM s FEP, TM OfficeScan Manager, agents on the VM s SEP Manager, Security VM, agents on the VM s Deep Security Move

ForeFront Endpoint Protection AV AV AV Image Deploy VM 1 VM x Hypervisor

Symantec Endpoint Protection Deployment of the agents Manager Agent VM 1 Agent VM x Linked to AD Hypervisor

McAfee Move AV Deployment of the agent Manager SVM Win 2k8r2 SVM Win 2k8r2 idle Agent VM 1 Agent VM x Hypervisor

Trend Micro Deep Security Deployment of the agent Manager AV vshield AV vshield SVM Linux VM 1 VM x FilterDriver Hypervisor vshield Appliance

DISCLAIMER! Results will change!!! Results are only about performance during production, does not say anything about Quality of security features Impact of maintenance Etc Context: AV is tested Stateless: VM s are reset before every test

Jonathan Meunier.

ForeFront 2010 Custom 1 Incoming files only Custom 2 Incoming Files behavior monitoring disable Network inspection disable Heuristics Disabled Custom 2

Trend Micro Office Scan Behavior Monitor Disable TM Best Pactices Max Layer Scan Compressed files = 1 Scan OLE object Max Layer = 1 Disable IntelliTrap

Baseline Response Time

Total IO s

Total Read IO s

Total Write IO s

Total Write IO s @ 60 sessions

Conclusions Testing AV is complicated VRC system is balanced: CPU/MEM/DISK IO AV + Stateless??!! Image is not fully scanned after resets AV agents loose registration/connection in central manager after reboot Licensing/Certificate issues CPU impact on boot or Service do not start

Conclusions Offloading introduces Response time Latency Offloading architectures are complicated Do AV vendors fully understand VDI? (discussion performance versus functionality) AV+AppVirt Availability Best Practices

More info:. www.projectvrc.com www.twitter.com/projectvrc www.loginconsultants.com (VSI) www.pqr.nl

One more thing...

Win een AR-Drone.