The promise of desktop virtualization technology is to centralize applications at the datacenter to make them easier to manage and provision -- stretching hardware resources and keeping nagging software conflicts to a minimum in the bargain. In some cases, the same technology helps accomplish all three, bringing greater control and flexibility to IT without users mourning the loss of "their" beloved desktops.
At first blush, desktop virtualization sounds a lot like terminal services such as those provided by Citrix Systems, where servers run the applications and give users remote access. All the user's terminal or PC does is present the updated screen display and permit input via keyboard and mouse.
Desktop virtualization, on the other hand, is a new way of delivering the individual PC environment that white-collar workers demand and love. In essence, servers host an entire desktop environment specific to each user.
The early versions of desktop virtualization were blade servers such as those offered by ClearCube Technology and IBM that simply moved the processing guts of a PC to the datacenter and left the input and display at the user's desk. But the latest versions use the PC at the user's desk for much of the processing. Dubbed "desktop streaming," this approach retains the benefits of central management without throwing away the desktop's power. The needed code is streamed to disk and memory cache for just that session, ensuring that there's nothing for the user to mess up or alter.
A few providers go beyond desktop streaming to application streaming, where IT can send out the runtime cache for individual apps as needed. This reduces the number of unique user images to maintain and provides better insight into which application licenses are really needed.
Building a better thin client
The greatest benefit of desktop virtualization is the ability to provision PCs and other client devices with software from a central location. IT can manage a large number of enterprise clients from the datacenter, rather than at each user's desk, reducing on-site support and increasing control of application and patch management.
At its simplest, virtualization on the application server side reduces hardware costs by letting one server provision multiple desktop clients, rather than having one server per desktop client, says John Humphreys, an IDC analyst. And virtualization also adds the ability to move desktop environments and hosted applications as needed for load-balancing or fail-over. To make existing terminal services and blade systems work with virtual machines, established providers such as Citrix and ClearCube have developed broker technology to let IT manage the mapping to virtual resources.
Citrix, ClearCube, and Wyse Technology now support the use of VMware and Microsoft virtual machines on blades and other application servers. VMware also offers VDI (Virtual Desktop Infrastructure software), which makes server-hosted virtual machines accessible to users through the RDP (Remote Desktop Protocol).
Bell Canada uses VDI to provision desktops to call-center users, letting them work in other locations or even at home without burdening IT support, notes Martin Quigley, senior solutions adviser for adaptive infrastructure at Bell Systems & Technology, which manages Bell Canada's call centers. "RDP is quite thin," he notes, so it does not burden the network. But Quigley looks forward to the next release of VMware's underlying ESX technology, which will support load balancing across servers, making it easier to maintain performance levels as user demands change. (Currently, this is a manual process.)
At Duncan Regional Hospital in Duncan, Okla., the number of desktops more than doubled to about 500 in the past two years. Rather than lobby for money to hire more desktop support techs, CIO Roger Neal decided to deploy ClearCube thin clients and keep the physical management in a central location -- and get more from his existing staff. When ClearCube began supporting VMware virtual machines in 2006, Neal began reconfiguring his blade servers to run three virtual machines per blade, so he wouldn't need more blades as the demand for desktops increased. He also saw desktop support calls drop by 40 percent, which he attributes to centralized PC management.
Streaming to the desktop
Virtualization at the application host server can make thin clients more efficient to deploy, but many organizations are wedded to having real PCs at users' disposal despite the support costs. Desktop streaming is emerging as one of the most efficient ways to support this model without incurring the usual bloated desktop support costs.
A growing number of vendors -- including Ardence, Propero, Stream Theory and Wyse -- offer desktop streaming software that provisions the entire desktop environment from a server to a desktop PC (or thin client).
Altiris, AppStream, and Microsoft (through its recent acquisition of Softricity) have pushed the concept to the next level, streaming applications rather then a complete desktop environment. This allows greater flexibility in what is provisioned, because IT can create a basic operating system image and then individual images for each application, and combine them as needed on the fly. You don't need a separate desktop image for each combination of applications.
With both desktop and application streaming, the provisioned operating system and applications use the client's local resources, without the overhead of permanent installation on the client. For example, financial services firm Russell Investments Group saw application deployment shrink from four weeks to 1.5 weeks after it began using Microsoft's SoftGrid, says Greg Nelson, an IT analyst at the company.
Typically, a set of stub services is transferred to the local cache at connection time, and other resources are streamed as needed. "When you run an application, you need only 15 to 20 percent to start using it, so it can be network-delivered," says David Grescher, director of marketing for SoftGrid at Microsoft.
Streaming does delay initial application access, acknowledges Bill Washburn, operations analyst at California State University at San Marcos, which uses Altiris' technology. "But once the application is installed, people say it's the best they've ever seen it run," he says.
Russell Investments' Nelson says that although desktop and application streaming should theoretically use more network resources than terminal services do, that's not always the case. For example, printing and working with large files can swamp the network in a traditional terminal services architecture. Desktop and application streaming can avoid that by using local printers and local storage.
Simplifying management
One big advantage of streaming is that IT has fewer images to maintain. That benefit applies in spades to application streaming products from Altiris and Microsoft.
For example, CSU's Washburn says that Altiris' Software Virtualization Solution solves a long-standing annoyance with SPSS's statistical software. Each year, a new license key is issued and must be updated at every user's desktop. But with Altiris' software, Washburn simply updates the server copy, which is provisioned to users automatically when they call the application.
Although the technologies from Ardence, Propero, Stream Theory, and Wyse centralize applications and data, they also let users store data locally as well (a PC's C drive is remapped to become its D drive when their software runs). Moreover, because Altiris' and Microsoft's application streaming tools let you set up applications in their own virtual layer or session, IT can avoid the regression testing across the whole application set whenever a program is modified or added, says Russell Investments' Nelson.
With the solutions offered by Altiris, AppStream, and Microsoft, the client PC can have its own operating system and applications installed, while the server pushes centrally provisioned applications into local desktop caches. In this fashion, IT can distribute resources selectively. For example, Russell's Nelson installs Windows along with applications that act as extensions to the operating system (such as Adobe Acrobat Reader, Apple QuickTime, and Java) on local PCs -- plus Microsoft Office and a few other frequently used applications -- on local PCs. Then he uses SoftGrid to provision other applications as streams.
This selective approach can also help balance performance, notes CSU's Washburn. Were Washburn to deliver everything as streams, it would take client PCs five minutes or more to boot up -- a nonstarter. So he installs core applications on the PCs the old-fashioned way, using Altiris' remote deployment tools, and provisions less frequently used programs via application streaming.
Yet another variation is to combine application streaming with terminal services. At Alamance Regional Medical Center in Burlington, N.C., senior network administrator Andy Gerringer uses both Citrix and SoftGrid to provision desktops. Citrix is used in the usual manner to deliver server-based applications as individual sessions. But Alamance also uses Citrix to provide access to a SoftGrid desktop environment for terminal users. Essentially, the Citrix session runs the SoftGrid virtual machine. "SoftGrid and Citrix complement each other very well," Gerringer says.
Conflict resolution for applications
Application streaming comes with a significant side benefit: eliminating application conflicts. The application streaming tools from AppStream, Altiris, and Microsoft separate application-specific support files such as DLLs and libraries from the underlying operating system. Altiris separates just the support files, keeping the applications with the operating system, whereas AppStream and Microsoft keep each app and its support files together in one virtual layer or package.
These programs manage the communication among the layers and the underlying operating environment, so both Windows and its users think they are working on a single environment. By separating each application into its own virtual layer (or package, as some call it), these products prevent software conflicts common with homegrown software and some commercial applications. And user-installed applications can't conflict with IT-provisioned applications in the virtual layers, says Microsoft's Grescher.
For example, before adopting SoftGrid, recalls Alamance's Gerringer, the medical center had to maintain separate servers for ill-behaved apps, forcing users to switch among multiple systems from their terminals. "By summer 2005, the problem got too big to manage anymore the old way," Gerringer says.
The problem? Different versions of Java used by various specialty health care apps prevented simultaneous usage, as did the embedding of different versions of the Crystal Reports reporting tool in other applications. (If Crystal Reports 4 is running, Crystal 5 cannot run, for example.)
Now that Alamance uses SoftGrid, users get a unified desktop environment, with the ill-behaved apps corralled so they can no longer cause trouble.
The new reality of virtualization
Desktop and application streaming require IT to think differently about tasks that they've done for years, notes Neal of Duncan Regional Hospital. "It takes a little more thought in the rollout," he says. For example, his support staff now has to keep an eye on the blades that serve the desktop environments, because a broken fan can cause them to overheat, knocking out multiple users in one blow. His staff also must monitor disk usage for each blade, because 80GB is shared among three users.
Virtualized desktops can be provisioned to specific client hardware, so a particular call-center terminal always uses the same virtual machine on a specific blade. But they can also be provisioned to specific users, based on user log-in, so the client device running them could be anywhere. That can pose a challenge for setting up access to printers and departmental file servers, depending on how mobile users are, observes Bell's Quigley.
Quigley notes another issue that can puzzle support staff: Users connecting from home may not get their DNS address resolved properly, so IT tends to assign a fixed IP address to get around that issue. But the Windows virtual machines are rebooted each night to deal with memory leaks, and the IP address for that virtual machine might no longer match what is set up in the remote user's home system.
Nonetheless, early adopters all agree that these relatively minor issues are far outweighed by the benefits of central administration of fewer desktop images. As IDC's Humphreys says, "There are some really pragmatic reasons that this is taking off."