Manage Your Virtual Desktop with Layers by John Whaley, CTO MokaFive



Similar documents
Fast and Effective Migration from Novell to Windows Active Directory with VMware Mirage WHITE PAPER

WHITE PAPER. Citrix XenDesktop. Cost savings with centralized virtual desktops.

Simplify Suite in a VDI Environment

How To Plan A Desktop Workspace Infrastructure

Intelligent Laptop Virtualization No compromises for IT or end users. VMware Mirage

Desktop Virtualization in the Educational Environment

Increasing Your VDI Project s Return on Investment Using Workspace Virtualization

Introduction to cloud computing. Clou

APPLICATION VIRTUALIZATION TECHNOLOGIES WHITEPAPER

Simplifying the Desktop Transformation with HP and Liquidware Labs

The Definitive Guide to Desktop Layering

Real World Considerations for Implementing Desktop Virtualization

How To Protect Your Cloud From Attack

TCO Savings with Desktop Virtualization

Accelerating Microsoft Windows 7 migrations with Citrix XenApp

Deployment Guide: Unidesk and Hyper- V

Double-Take Replication in the VMware Environment: Building DR solutions using Double-Take and VMware Infrastructure and VMware Server

Streamlining Patch Testing and Deployment

Successfully managing geographically distributed development

Tamanna Roy Rayat & Bahra Institute of Engineering & Technology, Punjab, India talk2tamanna@gmail.com

VMware End User Computing Horizon Suite

Endpoint Virtualization Explained:

Stateful Inspection Technology

Week Overview. Installing Linux Linux on your Desktop Virtualization Basic Linux system administration

Demystifying Virtualization for Small Businesses Executive Brief

Desktop Application Virtualization and Application Streaming: Function and Security Benefits

Streamlining BEA WebLogic Server Application Development. With VMware Infrastructure 3. With VMware Infrastructure 3

Chapter 2 TOPOLOGY SELECTION. SYS-ED/ Computer Education Techniques, Inc.

Business Virtualization

Fault Tolerant Servers: The Choice for Continuous Availability on Microsoft Windows Server Platform

Zone Labs Integrity Smarter Enterprise Security

Virtualization Reduces the Cost of Supporting Open Industrial Control Systems

The Key to Cost-Justifying VDI

W H I T E P A P E R. Best Practices for Building Virtual Appliances

Overview. Timeline Cloud Features and Technology

How To Get A Client Side Virtualization Solution For Your Financial Services Business

Information. Product update Recovery. Asset manager. Set console address Create recovery point. Client properties

Endpoint Management and Mobility Solutions from Symantec. Adapting traditional IT operations for new end-user environments

Introduction. Setup of Exchange in a VM. VMware Infrastructure

WHITE PAPER Achieving Continuous Data Protection with a Recycle Bin for File Servers. by Dan Sullivan. Think Faster. Visit us at Condusiv.

What Do You Mean My Cloud Data Isn t Secure?

Northwestern University Dell Kace Patch Management

System Planning, Deployment, and Best Practices Guide

How can I deploy a comprehensive business continuity and disaster recovery solution in under 24 hours without incurring any capital costs?

Windows 7, Enterprise Desktop Support Technician

INTRODUCTION. Ryan White, Vice President of Business Development, DTI Integrated Business Solutions

VMware Horizon FLEX 1.5 WHITE PAPER

Introduction. Options for enabling PVS HA. Replication

How To Choose Help Desk Software For Your Company

Windows 7, Enterprise Desktop Support Technician Course 50331: 5 days; Instructor-led

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

CA Desktop Management Suite r11

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

Windows Embedded Standard 7 Technical Overview

VMware Mirage Web Manager Guide

Navigating Endpoint Encryption Technologies

The evolution of virtual endpoint security. Comparing vsentry with traditional endpoint virtualization security solutions

Consulting Solutions WHITE PAPER Citrix XenDesktop Citrix Personal vdisk Technology Planning Guide

Course Description. Course Audience. Course Outline. Course Page - Page 1 of 12

W H I T E P A P E R. Symantec Enterprise Vault and Exchange Server November 2011

Symantec Backup Exec 11d for Windows Small Business Server

Global Outsourcing / Infrastructure Management. Instinct 2.0. Bridging the Gap between the Disparate Needs of Organizations and End-Users

How VMware Mirage Complements and Extends Microsoft System Center Configuration Manager TECHNICAL WHITE PAPER

Maximizing Flexibility and Productivity for Mobile MacBook Users

Symantec Workspace Virtualization 7.6

ICT Professional Optional Programmes

Data Protection Simple. Compliant. Secure. CONTACT US Call: Visit:

Getting the Most Out of VMware Mirage with Hitachi Unified Storage and Hitachi NAS Platform WHITE PAPER

Is VDI Right For My Business?

"Charting the Course to Your Success!" MOC D Windows 7 Enterprise Desktop Support Technician Course Summary

Enterprise Data Protection

Finding the Right Cloud Solution for Your Business

The BYOD Opportunity. Say Yes to Device Diversity and Enable New Ways to Drive Productivity WHITE PAPER

Convergence of Desktop Security and Management: System Center 2012 Endpoint Protection and System Center 2012 Configuration Manager

How bare-metal client hypervisors will mean the end of agent-based Windows management

Desktop Virtualization Strategy

BEST PRACTICE GUIDE TO SYSTEMS MANAGEMENT. With Kaspersky, now you can. kaspersky.com/business Be Ready for What s Next

Unicenter Desktop DNA r11

NetScreen s Approach to Scalable Policy-based Management

Maximizing Your Desktop and Application Virtualization Implementation

EUCIP - IT Administrator. Module 2 Operating Systems. Version 2.0

WHITE PAPER Guide to 50% Faster VMs No Hardware Required

Symantec Enterprise Vault and Symantec Enterprise Vault.cloud

Maximizing Configuration Management IT Security Benefits with Puppet

StarWind iscsi SAN Software: Implementation of Enhanced Data Protection Using StarWind Continuous Data Protection

Seven Requirements for Hybrid Web Delivery Getting the best of both on-premises and SaaS

Transcription:

WHITE PAPER Manage Your Virtual Desktop with Layers The problem is that desktops are monolithic. Everything the hardware, operating system, corporate applications, user-installed applications, plugins, user data are all mixed up together so it is difficult to manage or control one without affecting the others. Desktop management is becoming more and more challenging. Today employees are far more tech-savvy than they were just a few years ago. This has led to greater productivity, but also increased the demands on technology. Employees need flexibility to be productive. They expect to have access to information wherever they go, whether they are in the office, at home or on the road. People want to be able to install their own browser plugins and drivers for their home printers. They expect to be able to do research on Google, network on LinkedIn, pay their bills online, and connect with friends on Facebook anytime. The distinction between work life and home life is blurred people work from home, and do personal tasks at work. Business needs also present their own set of technology challenges. Regulations such as Sarbanes-Oxley, HIPAA, and the data breach notification laws that exist in most states, make security breaches very costly. Malware has become increasingly vicious and an attack can instantly cripple an organization and cost millions of dollars to clean up. Furthermore, the current economic climate introduces a whole other set of difficulties. Today s IT organizations have to do more with less: Budgets have been frozen and hardware refresh cycles have been extended. Additionally, there are more temporary and contract workers, which in turn introduces new provisioning and de-provisioning issues. And despite all these circumstances, IT is expected to move more quickly than ever to keep up with the accelerating pace of business. The problem is that desktops are monolithic. Everything the hardware, operating system, corporate applications, user-installed applications, plugins, user data are all mixed up together so it is difficult to manage or control one without affecting the others. For example, locking down the operating system may make it more secure, but that could prevent the employee from installing an application or plugin he or she needs to be productive. To further complicate the situation, different parties are 1

often responsible for different components. The hardware may be employee-owned, while the operating system is provided by a desktop engineering group, the corporate applications are supplied by the department, and the security updates are controlled by yet another group. Desktop virtualization has been heralded as a panacea to these problems. By separating the software from the hardware, desktops become easier to manage. However, simply moving the desktop into a virtual machine does not solve the fundamental issue of managing the desktop, nor the fact that different parties are responsible for different parts of the desktop and these parties have conflicting concerns. Traditionally these issues have been resolved by either locking down the desktop, reducing functionality and thereby end-user productivity, or by giving each user their own unique desktop instance, which leads to image sprawl and makes them difficult to manage. But there is another way. VIRTUAL LAYERS Just as you can use virtualization to separate software from hardware, you can similarly use virtualization to separate a desktop into virtual layers that can be managed individually. These layers are dynamically composited to provide a single unified view of the system. For example, you can separate the desktop into a layer for the operating system, a layer for targeted corporate applications, a layer for user applications and a layer for user data. Each of these layers are kept separate and can be managed individually, but to the user it looks and feels like a traditional desktop. Managing virtual desktops with layers means you no longer need to individually manage, patch and update thousands of separate copies of the operating system simply manage your one golden image which all users share. Separating the desktop into layers gives you power. The fundamental power of virtualization comes from adding a level of abstraction. This allows you to easily add, remove, update and rollback individual components. It also empowers you to reuse the same components across different instances. Applying this technique within the desktop gives you flexibility and leverage on a fine-grained basis. You can use the same base operating system image for everyone and then layer customizations on top. This means you no longer need to individually manage, patch and update thousands of separate copies of the operating system. Instead, you simply manage your one golden image which all users share saving you from a management nightmare. Likewise, any applications that are not distributed to all users perhaps due to licensing restrictions can be placed in a layer and targeted to only the users entitled to the application. The OS and application 2

layers are sourced from the golden image on every boot, which means they are always up-to-date. If an image gets corrupted or attacked by malware, the user can immediately recover by restarting their desktop. This also avoids the problem commonly referred to as Windows rot - the tendency for a Windows installation to get slower and slower over time. When the user-installed applications are separated from the user documents and the user breaks their system by installing incompatible software, they can easily recover by reverting or rolling back the user applications layer and nothing else. Separating the user personality into its own layer(s) apart from the system layer also allows each user to have their own customizations (if permitted) by automatically layering them on top of the standard IT-provided system image. When the user-installed applications are separated from the user documents and the user breaks their system by installing incompatible software, they can easily recover by reverting or rolling back the user applications layer and nothing else. The rest of the system, including the latest changes to their documents, remain unaffected. Backups become much easier and more efficient as well by simply backing up the user layer, you can get an efficient backup of just the user personality without the overhead of backing up the whole system, and thus recovering from a crash also becomes much easier. By splitting the user layer into user data (which is backed up) and ephemeral datawhich is not backed up), backups become even more efficient because they can skip temporary data such as Web caches or mail files that are also stored on the mail server. Virtual layers are an application of a well-known principle in systems design called separation of concerns. Separation of concerns means that you decompose a complicated problem into a set of meaningfully-distinct pieces that you solve individually, then compose the solution from the individual parts. Virtualization is the key technique that allows this separation while still providing a composite view of the whole. TECHNIQUES FOR VIRTUAL LAYERS There are a number of products available today that provide the ability to separate out a Windows installation into various layers. The most basic products allow you to capture the user profile as an independent layer that can be managed separately from the rest of the system, so for example you can use the same user profile on different Windows installations. More advanced products are able to layer applications, use different policies for each layer, and even automatically capture user-installed applications into a layer. Approaches for achieving layering can be categorized in three areas: 1. What view does the virtualization provide: isolated or layered? 2. Who can see the virtualized view: a single process, a collection of processes or the whole system? 3. What is being virtualized: filesystem, registry, services, kernel drivers? Common techniques for layering include user profile redirection using registry hooks or reparse points, application virtualization, kernel drivers or file system filter drivers. Every product has its own set of pros and cons, but in general, the lower the layering hooks into the system, the more compatible the layering will be with a wider variety of programs and system services. Thus, layering techniques that leverage kernel components will be more compatible in general than pure user-space techniques. 3

The approach or product you use needs to support your desired use case. For example, if you are using a completely locked-down desktop where the user cannot install applications and can only save into the My Documents folder or a network share, a product that only handles the user profile may be adequate. However if you want to support more sophisticated use cases where the user personality includes installed applications, plugins, and printer configurations, you will likely need a more sophisticated product. ISOLATION VS. LAYERING Layering does not provide isolation but is more compatible and makes integration with other components easier. It is important to draw a distinction between two different attributes provided by virtualization: isolation and layering. Virtualization is sometimes used to isolate processes from the rest of the system, to avoid conflicts or improve manageability. For example, with application virtualization you can bundle an installed application into a single executable that can run on multiple systems without installation or conflicting with other installed software. Application virtualization achieves this by isolating the application from the rest of the system, bundling the necessary pieces of the operating system and other libraries into a single unit. Although there are benefits to isolation, it has some drawbacks as well. Some interfaces are very difficult or impossible to adequately virtualize, such as applications that make use of kernel drivers, services, DCOM, etc., and thus are not compatible or do not work with application virtualization. In addition, because the applications are isolated, it is often difficult to get virtualized applications to integrate with each other; for example, copying-and-pasting from one virtualized application to another may not work correctly. Layering does not provide isolation but is more compatible and makes integration with other components easier. WHAT TO LOOK FOR IN A LAYERING SOLUTION When evaluating a layering solution for managing your desktops, there are a few things you should consider: #1. Does it work with your existing administration techniques? Even when you are using a layering solution, you will still need to integrate with your existing IT processes, tools, agents, and techniques at least until you have moved to an entirely layered solution. A good solution should allow you to seamlessly use your existing infrastructure for patch management, updates and software distribution. #2. Do users need to do anything differently? Changing user behavior is even more difficult than changing IT processes. Users need to be productive, so a good layering solution should not require the users to do anything differently. Solutions where users must save their documents in a different place, complete an extra step before going offline, or are restricted from installing plugins, will lead to frustration and lost productivity even perhaps to the rejection of the system or finding creative ways around it. 4 #3. Does the solution allow different people to manage different pieces? The reality of today s desktop is that different people are responsible for different pieces. A good layering solution will be separable so different people can create and manage indivdual aspects of the system without introducing extra processes or interdependencies.

#4. Does the solution amortize the cost of IT across many users? One of the primary drivers of virtualization, and layering in particular, is the ability to do something once and have it automatically apply to a large number of endpoints in a variety of situations. A good layering solution should make it easy to manage a single layer and leverage the work you have done for other users, allowing you to scale easily, and thereby improving responsiveness and saving you time and money. SUMMARY Managing virtual desktops definitely has a set of challenges. Even after moving the desktop into a virtual machine, you have conflicting requirements from users, IT and business, and the monolithic nature of the desktop means you either need to lock it down or allow customizations and suffer image sprawl. Leveraging virtualization to divide the desktop into layers allows for a separation of concerns such that the system can be decomposed into individually-managed components while still giving the end-user the unified view to which they are accustomed. Virtual layers reduce the management burden, allowing easier management and better scalability on the IT side, while simultaneously giving users the flexibility to do whatever they need to be productive. John Whaley is responsible for the technical vision of MokaFive. He holds a doctorate in computer science from Stanford University, where he made key contributions to the fields of program analysis, compilers, and virtual machines. He is the winner of numerous awards including the Arthur L. Samuel Thesis Award for Best Thesis at Stanford, and has worked at IBM s T.J. Watson Research Center and Tokyo Research Lab. John was named one of the top 15 programmers in the USA Computing Olympiad. He also holds bachelors and masters degrees in computer science from MIT and speaks fluent Japanese. MokaFive 475 Broadway Street, 2nd Floor Redwood City, CA 94063 http://www.mokafive.com MokaFive, LivePC, and the MokaFive logo are trademarks of MokaFive, Inc. All other product or company names may be trademarks of their respective owners. 002.002.009 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information