Traditional Desktop computing using thick clients where every client has a local operating system and locally installed applications is probably the hardest to manage and most underutilised asset in companies today. Managing a distributed PC environment including patching, deploying applications, providing support and provisioning PCs to new users (whether it is 1 new joiner or a group of new users, through an office move, outsourcing, acquisition or merger) is extremely time consuming and inefficient. It staff needs to be on site and able to support users which takes time away from working on other projects that can lead to either increasing company revenue or saving the company money.
This complex environment has become extremely expensive to support and maintain. More than 70% of the total cost of ownership of a desktop is spent on operational activities associated with managing the PC: managing end-users, hardware maintenance and repairs, provisioning and upgrading PCs, and software installations. With PCs so dispersed across an organisation and with so many of them, IT struggles to keep track of those devices, keep them patched and updated, and troubleshoot connectivity issues. And in addition to the high cost the PC is underutilised. Typically a user is only logged on for 8 hours per day and the PC sits idle while users are in meetings, traveling, or performing other duties.
Service levels for end users can be low and unplanned downtime from OS/hard drive failures or virus and malware infections is high. End users tend to be tied to device in order to access their desktop so often a user has to sit at the same physical PC to access the applications and data required for their job. This can complicate organisational changes such as MACS (Moves, Adds and Changes) and limit the user’s flexibility. Many organisations are looking for ways to improve employee productivity by making a users personalised corporate desktop available anywhere and at anytime and from multiple devices.
Maintaining control over data and information that resides on individual PCs is almost impossible. When data resides locally the threat of intellectual property or sensitive information walking out the door or being lost is always a major concern. Lost or stolen laptops can end up costing organisations millions of dollars and expose the organisation to litigation. Plus Government and industry regulations such as HIPPA, SOX and Basel II have steadily increased the need for organisations to protect and safeguard private information, tightly control access to this information and provide a more trustworthy business environment
And again all of these things contribute to the operating cost of the desktops. And this is possibly the biggest pain point with maintaining the desktop. VMware decouples software from hardware, inserts a virtualisation layer or hypervisor that allows you to run multiple “virtual machines” on a single server – increasing the utilisation of the server and creating virtual machines that are isolated from each other. The virtual machines share the benefit of powerful server and the isolation ensures that the applications behave well and if one machine becomes corrupted it will not effect the group. And this has really transformed the data center. By partitioning physical servers into multiple virtual machines. Each virtual machine represents a complete system, with processors, memory, networking, storage. Multiple virtual machines can share physical resources and run side by side on the same server. Operating systems and applications can run unmodified in virtual machines and can be managed as a group increasing utilisation and optimising your infrastructure. Now how does this concept apply to the desktop?Just as virtualisation Decouples software from Hardware, desktop virtualisation separates the OS, applications and data from a local device, and encapsulates the image in a file that are run on a centralised server or servers in the data center. Multiple desktop VMs are isolated on fully utilised powerful servers and managed as a group in the data center where they can be protected and backed up and resources can be dynamically allocated as needed. This transforms a static desktop device into a portable stateless desktop environment that is highly available and accessible using almost any device over any network connection. And since the complete desktop image is captured, the user has the full feature rich experience as if the OS and apps where installed locally. The user interfaces are all the same and everything just works. No need to retrain users. And this emergence of the transformed “stateless virtual desktop” has lead to the creation of a complete end to end integrated solution from VMware – called Virtual Desktop Infrastructure or “VDI”. VDI is an end to end solution with no single point of failure. Designed with both the IT administrator and end user in mind. VMware VDI is built on virtual desktops running on the VMware VI3 platform. VMware’s mature and proven virtualisation infrastructure. VMware Virtual Desktop Manager is a component of VMware VDI which is installed on servers (or virtual servers) in the data center. VMware VDM securely connects clients to the virtual desktops. This process is generically known as connection brokering. The logic controlling which virtual desktop a client should connect to is handled by VMware VDM. This makes the process of connecting to VMware VDI simple for the end user and tightly controlled for the IT administrator. VMware VDI includes VMware VDM 2, VMware VI3 and VMware Virtual Center.
And this end to end integrated solution elegantly and simply solves the problems plaguing the traditional desktop model.
Now Management is Simplified and streamlined : Upgrades, patches and backups are done from a single location increasing the success rates while reducing desktop IT maintenance and support costs. No longer is IT required to be on site to handle PC help desk issues because these can be managed centrally. IT resources can be reallocated to other projects helping to reduce the maintenance costs of PCs. Desktops are deployed and provisioned rapidly in minutes rather than days by deploying hardware independent virtual machines from templates. End users benefit from improve end user Service Level Agreements (SLAs): unplanned downtime is minimised and accelerating recovery in case of OS failures because a user is not tied to a device now their desktop is tied to their identity and their personalised stateless virtual desktop is available using a wide variety of devices and can be accessed securely over the public internet using a browser. This ensures continuous availability of service for end users in the event they cannot physically make it into the office Data and information is removed from local devices where it may be susceptible to theft of loss and is stored in secured and protected data centers. Protecting intellectual property and enabling companies to remain compliant with regulations like HIPPA, Basel II and SOXs. When is it a good time to move to VDI?…. If you have a HW update scheduled consider moving to VDI and thin clients. Thin clients normally have a 7 – 9 year lifecycle, minimal moving parts , ideal for rugged environments such as Healthcare or MFG. Thin clients can further reduce opex costs by using about 1/10 the power of a typical fully loaded PC. Many organisations are planning to migrate to Vista over the next year and many times this means upgrading desktop HW. This is an ideal time to move to a virtual desktop environment. You can deploy VISTA as a Virtual Desktop and repurpose and extend the life of your desktop HW and break the upgrade cycle. If you need to ensure the integrity of the company data by establishing proper access to critical information then a centralised VDI model can help you meet requirements subject to government-imposed standards such as SOX or HIPAA. And if you software developers in house you can keep your IP safe and secure in the data center and provide a virtual desktop for developers. During a Merger and Acquisition, you need to provide groups of people immediate access to key business applications such as accounting or CRM. With a VDI you can deploy a virtual desktop in minutes. People today are very mobile and have a need to access their desktops and applications from home, on road or remotely. VDI is ideal to provide these remote or mobile workers secure access to their workspace when and where they want.  VMware VDI includes 3 main components, VI3, Virtual Center and Virtual Desktop Manager VMware Infrastructure 3 is a feature-rich suite that delivers proven efficiency, availability, and dynamic management needed to create a responsive platform for your virtual desktop environment. – The suite includes award winning ESX server hypervisor with advanced features such as: Distributed Resource Scheduler or “DRS” or to dynamically balance capacity and ensure service levels
High Availability or HA for application availability independent of hardware and operating systems
VMotion allows you to Migrate live virtual machines across entirely separate physical servers and conduct non-disruptive maintenance of IT environments.
Consolidated Backup – Centrally perform full image backup of virtual machines to simplify management of IT resources.
Virtual Center is a central management service for configuring, provisioning and managing distributed virtual environments.
VirtualCenter lets you rapidly provision virtual machines and monitor performance of physical servers and virtual machines. VirtualCenter intelligently optimises resources, ensures high availability to all applications and desktops in virtual machines and makes your IT environment more responsive and Virtual Desktop Manager 2 – integrates with your existing desktop infrastructure such as Active Directory or SecureID , allows users to securely connect to their virtual desktops in the data center and gives IT administrators an easy, secure and cost-effective way to manage and deploy desktops. The foundation of VMware VDI is VI3 – a robust, proven and mature virtualisation platform deployed in all of the Fortune 100 companies and 90% of Fortune 1000. We have over 20K customers worldwide and the number continues to grow. No other desktop virtualisation solution offers VMware’s enterprise class performance, reliability, and seamless integration on a single virtual infrastructure. With this end-to-end solution from VMware, companies can apply powerful tools traditionally reserved for mission critical server based applications in the data center to desktop infrastructures such as Disaster recovery – previously not a possibility for desktops – now is available using VMware VDI because the desktops are centralised and can leverage shared storage technology. Organisations are able to offer desktops a heightened level of business continuity, making use of VMware Distributed Resource Scheduling capabilities to Dynamically allocate IT and balance computing resources to provide the highest priority users such as traders in financial service industry assured availability. Automatic failover ensures HA and VMware HA provides pervasive, cost-effective protection within your virtualised desktop environment without the cost or complexity of traditional clustering solutions The centralised desktop images can easily be moved from server to server using VMotion without disrupting end-user activity. This helps to keep desktops running even when server hardware goes down. This is an enterprise class virtualisation solution and scales to meet the demands of any size company – VDI servers can be grouped together for redundancy and no single point of failure. VMware VDM is an enterprise-class virtual desktop management server. It is a key component of VDI because it manages the connections between the remote clients and their centralised desktops. We will spend some time in this presentation, covering the functionality of VMware VDM. VDM has an intuitive web based interface, integrates with existing infrastructure such as Active Directory and allows you to rapidly deploy and provision desktops. Built in security ensures that your data center is protected and traffic is encrypted. VDM servers can be grouped together in an array to scale and for no single point of failure. VDM is designed for organisations large and small and Multiple VDM servers can support thousands of users and provide for a resilient and redundant platform for managing the connections between devices and virtual desktops. Virtual Desktop Manager (VDM) installs on Windows 2003 server, integrates with Active Directory and has A simple web-based interface to manage your virtual desktop environment. You can access VDM remotely and and manage your virtual desktops, such as assigning different desktops to users or groups and setting virtual desktop policies. From this interface virtual desktops are created as pools or groups so the administrator can manage collectively and can set policies for each group or “pool”. For example from this interface you can decide the “Min/Max Number of VMs or desktops in pool”, “Number of Avail desktops that are always available” or set “log off policies” meaning the VDM interfaces with Virtual Center to control the VI3 platform and can suspend a virtual desktop if a user logs off and then resume the desktop when they reconnect. This is a great feature if a user is working on a project on their virtual desktop and wants to continue working on the same project uninterrupted from a different device at home, the policy can be set to suspend his session and resume when he logs back in. This allows him to pick up right where he left off. VMware Virtual Desktop Manager 2 is tightly integrated with Active Directory and AD authentication is a pre-requisite for Virtual Desktop Manager. The Virtual Desktop Manager verifies user credentials against the Active Directory. Once the user has authenticated the Virtual Desktop Manager Connection Server maintains a session for the user. Once the user has been authenticated, the Virtual Desktop Manager Connection Server will manage SSO into virtual desktops without prompting the user again. Typically customer already maintain users in the Active Directory. VMware Virtual Desktop Manager references these user accounts instead of relying on an internal directory or database of users. There are many benefits of this approach: VMware Virtual Desktop Manager will support authentication against complex multi domain configurations. Many customers have user accounts in different domains and use domain trusts to authorise access to resources in the Windows infrastructure. VMware Virtual Desktop Manager will support these sophisticated configurations by default. User management processes do not have to be disrupted by implementing VMware Virtual Desktop Manager. These include creating user accounts, resetting passwords and changing NT permissions for users to groups. For example, if the process for resetting a user password is that the user calls the helpdesk, this can continue without having to retrain the helpdesk administrators. User account policies, such as password complexity or expiration are also retained. Users in VMware Virtual Desktop Manager can reuse any existing group policy in the domain. By referencing domain accounts directly, VMware Virtual Desktop Manager does not need to use third-party or inbuilt replication systems. This means there is no risk of data becoming out of sync and removes any computational overhead of user-data replication. It is possible to configure strong two-factor authentication using SecurID, in addition to AD authentication. Two-factor authentication is often a requirement for users who access the VDI environment from an un-trusted client or over an un-trusted network. SecurID is not available in the beta product. From the powerful VDM server, the administrator is able to quickly provision, deploy and assign virtual desktops There are three types of desktop assignment in VMware VDM 2. Individual Desktops: This is a static 1-2-1 relationship between a user and a specific virtual desktop. This can be a good configuration for power users, where the desktop is specifically configured for a particular user. This can include specific applications, data access and resource (e.g. RAM) allocations. Individual Desktops give a high degree of customisation for the user. Also, VMware VDI offers "Smart pooling" capabilities: More easily manage large numbers of centralised desktops to automatically assign and provision new desktops as needed.Smart Pooling helps organisations in a number of ways. We’ll go into the two options for smart pooling: persistent and non-persistent pools. The overall benefits include more rapid desktop deployments, desktop policies for greater control, as well as easier management of many VDI desktops. With non-persistent pools, the desktop allocation is to any desktop in pool. The desktop is returned to pool for re-allocation at logoff. This capability is particularly important to organisations with transactional workers in cases such as call centers. The users can work with a standard desktop template. IT can more efficiently manage the number of desktops needed for a given pool. Non-Persistent Pools:The non-persistent pool also contains multiple hosted virtual desktops, which are initially identical and cloned from the same template. The VDM Connection Server will allocate entitled users to a virtual desktop from the non-persistent pool, on request. This allocation is not retained when the user logs off the desktop and the virtual desktop is placed back into the non-persistent pool for re-allocation to other entitled users. When the user logs on to the non-persistent pool on subsequent occasions, the VDM Connection Server will connect the user to any virtual desktop in the non-persistent pool. Non-Persistent Pools provide the most efficient many-2-many configuration. Simple automated mechanisms for cloning and deploying the virtual desktops reduce initial effort and the virtual desktops are re-used by many different users. Non-Persistent Pools are a good solution for hoteling shift workers. 
With Persistent Pools, the desktop allocation is to any desktop in pool. A dedicated desktop is provided for subsequent connections. This case is often useful to organisations that want to ensure all desktops users work from a standard corporate template when their VDI desktop is first assigned. This capability helps organisations deploy VDI rapidly and ensures consistency across desktop templates from the beginning. Yet, end users get to keep their desktop from that point forward. Persistent Pools:The persistent pool contains multiple hosted virtual desktops, which are initially identical and cloned from the same template. This is typically a many-2-many relationship. When a group of users is entitled to the persistent pool, every user in the group is entitled to any of the virtual desktops in the pool. The VDM Server will allocate users to a virtual desktop, as requested. This allocation is retained for subsequent connections. When the user connects to the persistent pool on subsequent occasions, the VDM Connection Server will connect the user to the same virtual desktop that they were initially allocated. Persistent Pools provide a simple automated mechanism for initial cloning and deployment of the virtual desktops but allows the users to customise their desktop in a personal way. The initial administration effort is less than with Individual Desktops, because only a single template and entitlement is required to provision a virtual desktop for every user in a large group. VMware VDM encrypts the connection data stream by default. An SSL connection is established between the VDM Client and VDM Connection Server over HTTPs. The desktop connection is tunneled through this connection to give maximum security to data. The VDM Security Server (included) may he optionally deployed in a DMZ the SSL connection is established between VDM Client and VDM Security Server. This is used to secure a connection from an untrusted network such as the Internet for when remote users are connecting. This ensures that at no time is there a direct connection from the user into the data center. These security servers can be clustered together for failover and no single point of failure. 
The VDM Client is an application used to connect clients to VDM Connection server and to virtual desktops. The user enters the URL of the VDM Connection Server and their AD credentials into the VDM Client. Alternatively, end users may use a browser to access their VDI desktop. VMware VDI can be enhanced using thin clients. Thin clients can reduce the TCO of a VMware VDI deployment because the ongoing support and maintenance costs of thin clients is generally less than that of traditional PCs. VMware VDM 2 support XPe and Linux clients, which provides support for many of the thin clients on the market. The WYSE S10 and V10L devices are also supported. 
Summary of key features. VMware VDM is tightly integrated with VMware VirtualCenter. VDM is able to interact with VirtualCenter to control the VI3 platform. For example VDM can suspend a virtual desktop if a user logs off and resume the desktop when the user reconnects. VMware VDM is able to create new virtual desktops from template on-demand and then delete the virtual desktop when it is no longer required. The VDM Administrator console connects to both Active Directory and VMware VirtualCenter so that an administrator can easily assign virtual desktops to users or user groups. VMware VDM connects clients to the virtual desktops. This process is generically known as connection brokering. The logic controlling which virtual desktop a client should connect to is handled by VMware VDM. This makes the process of connecting to VMware VDI simple for the end user and tightly controlled for the IT administrator. VMware VDM is integrated with Active Directory. Users are able to authenticate to VMware VDM using the same credentials used to logon to a physical PC in the corporate domain. There is no complex configuration to setup this integration and all user accounts remain in the Active Directory. This means that there is no need to change standard procedures for creating passwords, setting permissions or resetting passwords (i.e. no need to re-train the helpdesk). When the user has authenticated they will be seamlessly logged on to the virtual desktop, this is called single sign-on (SSO). VMware VDM is tightly integrated with VMware VirtualCenter. VDM is able to interact with VirtualCenter to control the VI3 platform. For example VDM can suspend a virtual desktop if a user logs off and resume the desktop when the user reconnects. VMware VDM is able to create new virtual desktops from template on-demand and then delete the virtual desktop when it is no longer required. The VDM Administrator console connects to both Active Directory and VMware VirtualCenter so that an administrator can easily assign virtual desktops to users or user groups. VMware VDM is designed for enterprise deployment. The service can be scaled horizontally to accommodate large numbers of users and to provide high availability in the case of a failure. VMware VDM can take full advantage of VMHA. VMware VDM 2 can be configured across a DMZ to provide secure access from un-trusted networks (such as the Internet). The VDM Security Server can be installed in the DMZ, isolated from the internal network, and proxy connections to the VDM Connection Server. The VDM Security Server also encrypts the data stream between the virtual desktops and the clients so that users can securely access sensitive data. The data itself never leaves the data center. How Customers use VMware VDITypically we have found that customers deploy VDI for 3 reasons, Centralise their environment or replace their desktop, Disaster Recovery or business Continuity and ease the management of transactional workers. Centralised Desktop Management:Use VMware VDI to replace traditional PCs with virtual desktops that run on servers in the data center, makes them easier to control and manage. Administrators can provision new virtual desktops in minutes, and give end-users their own complete, unmodified desktop environments, eliminating the need for retraining. Unlike a shared services model where a single OS is used for multiple applications such as Windows Terminal Services, VMware VDI creates isolated Virtual Desktops so VDI has none of the application compatibility problems. Disaster Recovery & Business Continuity:VMware VDI extends the proven power of VMware Infrastructure 3 to the desktop, and VMware VDI customers enjoy the reliability, data protection and disaster recovery capabilities that have traditionally been available only for server applications. Features such as automated failover ensure high availability for virtual desktops, and you can leverage shared storage to back up your desktops, just as you would with server data. Site-wide disaster recovery mechanisms ensure rapid restoration of service after an unplanned outage—without the need for duplicate hardware. Transactional User Management:VMware VDI is ideal for delivering cost-effective desktop services to fixed-function workers at branch offices, call centers and other locations. Controlling access to confidential data is easier because all virtual desktops and their data can be stored inside the firewall. | 
