VDI is one of many ways that end users can access, run, and use client operating systems like Microsoft Windows and applications that run on these operating systems. VDI stands for virtual desktop infrastructure, and it’s been around for a while now and has been a “hot” solution for some companies for about a decade. Back in the days of Windows Server 2008 R2, I actually wrote a book about VDI and related solutions; it was called “Understanding Microsoft Virtualization Solutions, From the Desktop to the Datacenter” (Microsoft Press, 2010) and you can download it here in PDF format. Here’s how I defined Microsoft-centric VDI at the time I wrote my book:
Microsoft VDI is an architectural model composed of a number of components, including Hyper-V, Remote Desktop Services, Microsoft Desktop Optimization Pack (MDOP), and Microsoft System Center products. Microsoft VDI enables entire desktop operating systems such as Windows 7 Enterprise to run on a hypervisor server located in a datacenter and be delivered to users as virtual desktops using RDP. By deploying a Microsoft VDI infrastructure, users can access either their own personal virtual desktop, which they can customize as desired or a shared pool of identically configured virtual desktops.
Of course, the underlying architecture of VDI has changed a bit since then, particularly for VDI solutions built using Microsoft’s Windows Server platform. So some of this book is a bit obsolete now unless you’re an enterprise still running Windows Server 2008 R2 (and there are still lots of these out there). Also, recent advances in cloud computing have radically changed remote desktop computing in new and exciting ways. Still, VDI remains a desirable solution for many companies.
But has Microsoft’s own VDI solution evolved that much in the intervening years? Not really. Several years ago Microsoft started pushing private cloud as “the” solution for all your enterprise computing needs with Microsoft’s System Center as the foundation for building a private cloud in your datacenter. They soon realized, however, that most customers preferred a hybrid solution that involved both the datacenter and hosted cloud solutions, so hybrid cloud replaced private cloud as the watchword. Now it’s everything Azure — Microsoft Azure-this, Microsoft Azure-that, and so on. I often wonder what’s coming next out of Redmond’s marketing machine.
So is good old VDI basically dead as a solution? Not at all! There are numerous corporate scenarios where VDI is still a good fit and perhaps the best fit for your company’s needs. For example, the benefits of VDI as a solution include the ability for users to be able to:
- Centralize all desktop deployment, updating, and management in the datacenter.
- Provision virtual desktops dynamically on demand from gold images.
- Work from home or at offsite contractor locations.
- Personalize their own virtual desktop by configuring it and installing applications.
- Access shared pools of identically configured virtual desktops.
- Hot-desk between different desktop PCs.
With all these potential benefits, it’s worthwhile exploring VDI as a solution for the needs of your own business. The question though is: Which approach to implementing VDI should you follow? To answer this question I asked expert James Rankin to explain how he implements VDI solutions for Windows 10 for his customers. James is an end-user computing consultant from northeast England, a specialist in application and user virtualization, current CTA and ACA (his blog can be found here). I recently talked with James about the current slate of VDI solutions in the marketplace and about his novel (and successful) approach to implementing VDI in the enterprise.
MITCH: Last year in a guest editorial for our WServerNews Weekly Newsletter, you mentioned that most enterprises that are deploying Windows 10 and especially those doing virtual desktop infrastructure deployments are following the wipe-and-reload route instead of performing in-place upgrades with their Windows 7 or 8.1 desktop systems. You also said that to prevent end-user disruption from such deployments, enterprises needed to “nail down a process for detaching your applications, data, and user profile settings away from the OS so they can be easily preserved in the regular upgrades.” You then told us that Microsoft’s vision for doing this, which involves SCCM, UE-V, Enterprise State Roaming and Desktop Bridge, “isn’t really doable for a lot of environments, especially those with a lot of legacy applications.” Can you explain for us in more detail what you feel are the inadequacies of Microsoft’s approach for implementing VDI with Windows 10?
JAMES: I think that in a few years Microsoft’s “stack” of technologies will be able to cope with this, but at the minute, they’re just not quite ready.
The Windows Store for Business would be the main portal into the business applications, and at the moment it appears to be very buggy. There are a lot of products that provide similar “app portal” functionality — Citrix Storefront, RES IT Store, VMware Horizon View Portal, etc. — and at the moment Microsoft is playing catch-up in terms of stability, functionality, and reliability. I’ve got no doubt that this will improve with time, but just now, it’s not really enterprise-ready, in my opinion. If enterprises already have investments in other “app portals,” then often they tell us they’re very tempted to stay with them, although this could possibly change over time once the Windows Store for Business reaches feature parity.
Of course, you could just use App-V instead and deliver the applications through the App-V infrastructure pieces — and, of course, it is now baked-in to the Windows 10 OS — but unless you’re already an App-V house and/or have App-V skills, it can be a bit daunting. Packaging applications through App-V isn’t the easiest of the virtualization tools out there, and some applications just plain don’t want to be packaged (I’m thinking the monstrous ones like ArcGIS). If you want to use App-V, clients usually end up employing a packager or outsourcing it to one of the “packaging houses” out there — it’s not generally something that can be done full-time by “ordinary” IT staff.
I suppose you could also leverage SCCM and the App Catalog and natively install all your applications, but this again has overhead. But it also raises the point — and this is one that we see an awful lot now — that some legacy applications just don’t play nicely, either on Windows 10 or with the other applications in the image. When you come across applications like this — and every enterprise seems to have at least one — then you have to rethink what you’re doing. Often, people end up using App-V to “isolate” the problem apps or siloing them out onto Citrix XenApp or RDSH servers — and that again has a cost in terms of resource, both for infrastructure and the skills required.
So at the moment, we use Cloudhouse as a sort of “bridging” technology to deal with these problem applications, and also to virtualize everything else in the same fashion. There are other solutions that offer very similar functionality — Numecent Cloudpaging and Turbo.net would be the other ones I’d consider for this kind of job. The main advantages we find with Cloudhouse is that it is very easy to package applications — we had one customer who was quoted six months to remediate a legacy app and we did it in Cloudhouse within a week. So it’s easy enough for admins to package their applications up and get everything delivered in the same way. It also has the option to save the packages directly into Microsoft Azure, so you don’t have any infrastructure overhead, and you can deliver apps and app updates to mobile devices without them ever having to come in to the office. (Although there is an on-premises offering for those who can’t jump to Azure just yet.) Finally, you pay for the apps on a monthly basis, so you can easily use this as a stopgap measure until the other technologies measure up to your requirements. As I said, there are a few players that fit this area, but we’ve had good experiences delivering apps through Cloudhouse recently.
From a profile perspective, Enterprise State Roaming looks compelling but has a few caveats. You need a Premium Azure AD subscription, and it only works with Universal Windows Apps, meaning that you’d have to convert all your applications using the Desktop Bridge to get going. UE-V isn’t a bad technology, but it requires management and maintenance, and we’re trying to deliver a “hands-off” simple solution so that IT can get on with improving things rather than firefighting. Which is why we instead choose to use FSLogix Profile Containers where possible, because it’s essentially just an improved version of Microsoft’s User Profile Disks technology. The profile is mounted to a VHD file, and this also gives the benefits of improving Outlook performance for Office365 users and Windows Search performance in general. The main driver for us in this area is simplicity, but if users have complicated roaming solutions, we’d look at something else like UE-V, AppSense, RES, or another of the “heavier” profile management solutions.
So in summary, I think Microsoft has the right vision — they’re building a stack to cope with the demands of Windows 10 and the update process, but it’s just not there yet. It may well eventually get there, but right this moment, and especially for people who just want to get to Windows 10 with the minimum of change or disruption, we’re finding they need a few bits of tech to smooth the road.
MITCH: OK, since you’ve already mentioned Cloudhouse and FSLogix Profile Containers, let’s step back for a bit and try to help our readers get the big picture of the “stack” of third-party products and services you generally use to implement VDI solutions for the customers you work with. In your WServerNews guest editorial, you described this stack by saying, “We use Cloudhouse, FSLogix Profile Containers, AppSense DataNow, a custom monitoring service, and UniPrint as the ‘stack’ for most of our customers to maintain a rapid migration even if it means a lot of reimaging.” Could you start off by explaining briefly the function or functions of each one of these products/services as it pertains to implementing VDI solutions?
JAMES: Sure! Cloudhouse is the key part for us, as it allows us to rapidly package up applications — particularly difficult legacy applications — and deliver them to endpoints (such as non-persistent VDI) in a rapid fashion. What we find great about this is Cloudhouse can package them directly into a managed service in Azure, and therefore there is no requirement for the client to put together any backend infrastructure to support these applications. All we need is an agent on the endpoint, and we can deliver the applications — and application updates — very easily. Because we like to use the Azure-based model, there’s also no requirement for mobile devices to even connect to the internal network to get the applications or updates. We realize that an Azure-based model may not work for everyone, so there is the option to host it internally if required (which obviously requires infrastructure components to support it). There’s a lot of tech in this space, and we also recommend other solutions when we have particular needs, but in general, we usually find Cloudhouse a pretty good fit. It can also be used just for specific applications that are problematic. There’s no need to package up everything, so it fits into existing deployment mechanisms as well. If you did want to package everything, though, it’s very easy to create packages, which is another reason we are fans.
FSLogix Profile Containers is another bit of tech that sits alongside a bunch of similar solutions (UPD, LiquidWare Labs ProfileDisks, etc.), but again, we find that it’s nice and simple to use. You mount a VHD across the network that captures everything from the user profile, and because it’s a single file you’re addressing for the profile rather than hundreds of smaller network-based ones, it’s quick and easy to implement. Again, there’s no back-end infrastructure to support it — you install an agent, set up some GPOs to manage it, and away you go. Obviously, because it captures the entire user profile there are storage implications, but if you have the storage to support it, it’s a nice easy fix to providing a roaming profile solution that captures everything — standard roaming profiles are limited to %APPDATA%. Of course, if Microsoft in their wisdom decides to increment another profile version number, it makes things tricky (you have to migrate the existing profile across to the new one), but we’re hoping they’re not going to do this so often, and we have a bunch of scripts that can help in the event that they do. Again, simplicity and sustainability are our main drivers towards this.
AppSense DataNow is part of AppSense’s wider product suite, but we love this because it has the ability to capture user data — even the data that users put outside of normal profile areas — and sync it across to the network ready for easy migration. It’s available as a standalone product (which is good because the full suite is expensive!), and again, needs very little infrastructure — a single virtual appliance and the rest is taken care of via GPOs. As I said, we like it because it makes migrations so easy, it catches all of the user’s data and then can synchronize it back down to upgraded or reimaged endpoints in the background or on-demand. It’s also a full EFSS (Enterprise File Share and Sync) tool as well, but we find it really useful just from the data migration perspective, and that’s a big plus with Windows 10. You could also even use it to completely replace redirected folders if you wanted to, but that’s something we haven’t explored fully yet.
A lot of enterprises already have simplified printing solutions, but for those who haven’t, we normally recommend UniPrint Infinity. Like many of these print solutions, it provides driver-free printing, and it allows you to deal with the problems of printing and speed that you get when you adopt cloud-based services. It’s also fully Server 2016 compatible, which is a big plus for our clients connecting to XenApp solutions.
And of course, you always need a monitoring service. I find monitoring is a bit “done to death.” There are loads of vendors out there but none of them offer any killer features that make them stand out from the rest. And there’s always the learning curve associated with monitoring software. I love Lakeside SysTrack, for example, but it’s a seriously non-trivial product to learn and implement. So we’ve teamed up with a custom solution that’s being offered by an associate of ours because we feel that taking the complexity out of monitoring — by handing a lot of it off — is really the only killer feature we can find at the moment. I can’t really go too deeply into the technical details, but it’s based on Lakeside tech, and the key is that the monitoring and the infrastructure to provide the monitoring is done via a cloud-based service that you can consume according to your needs. So again, it reduces your need for skilled resources, it is managed externally, and you can ramp it up or scale it down dependent on your needs as a business.
And together we think this sort of stack gives you a good bridge towards Windows 10 migration issues, it makes things simpler, and there isn’t any form of lock-in. And I think these are the things that probably free up IT departments from fighting fires, and instead let them look for new ways to improve the business itself — which is really the goal of an IT department!
MITCH: Thanks, James, that’s a helpful overview! Can you show us how you might implement your Windows 10 VDI stack solution for a typical fictitious company?
JAMES: Of course! But we’ll need to do a whole other article for that.
MITCH: OK!
For more on how to use the custom VDI stack, see the second part of my interview with James.
