AnilDesai.net

Cloud Computing, Virtualization, .NET / SQL Server Development; Consultant / Author / Speaker

Archive for July, 2007

VDI Benefits without VDI: Desktop Management

Jul 28

Posted by Anil Desai in Best Practices, Desktop Virtualization / VDI | 1 Comment

This article was first published on SearchServerVirtualization.TechTarget.com.

Quick: Think of the five systems administration tasks you most enjoy doing! If you’re like most techies, desktop management probably didn’t make the list. It’s probably right up there with washing the car or mowing the lawn (a whole different type of administration challenge). Caring for and feeding client-side computers can be a painful and never-ending process. Therefore, it’s no surprise that Virtual Desktop Infrastructure (VDI) technology is capturing the eyes and ears of IT staff.

But does VDI provide a unique solution? Or, can you get the same benefits through other practices and approaches? (If you’ve read the title of this Tip, there’s a good chance you can guess where I’m going with this.) Over the years, a variety of solutions for managing desktop and notebook computers have become commonplace. In this article, I’ll outline some problems and solutions. The goal is not to discredit VDI, but to look at options for achieving the same goals.

Deployment and Provisioning

  • Problem: Rolling out new desktop computers can be time-consuming and labor-intensive. Using VDI, provisioning is much faster since standard base images can be quickly deployed within the data center. Users can then access the images from any computer or thin client.
  • Alternative Solution(s): Automated operating system deployment tools are available from OS vendors and from third-parties. Some use an image-based approach in which organizations can create libraries of supported configurations and then deploy them to physical or virtual machines. When combined with network boot features, the process can be completely automated. Additionally, there are server-based options such as Microsoft SoftGrid for automatically installing applications as they are requested.

Desktop Support and Remote Management

  • Problem: Managing and troubleshooting desktop systems can be costly and time-consuming in standard IT environments, as physical access to client machines is often required. With VDI implementations, all client operating systems, applications, and configuration settings are stored centrally within VMs within the data center. This reduces the need to visit client desktops or to have physical access to portable devices such as notebook computers.
  • Alternative Solution(s): While VDI can sometimes simplify support operations, IT departments still need to manage individual operating system images and application installations. Remote management tools can reduce the need for physical access to a computer for troubleshooting purposes. Some solutions use the same protocols (such as the Remote Desktop Protocol, RDP) that VDI or other approaches would use. Products and services also allow for troubleshooting computers over the Internet or behind remote office firewalls. That can help you support Mom, who might not be authorized to access a VM image in your corporate data center.

Resource Optimization / Hardware Consolidation

  • Problem: Desktop hardware is often under-utilized and hardware maintenance can be a significant cost and management burden. By combining many desktop computers on server hardware, VDI can be used to increase overall system resource utilization. Additionally, client computers have minimal system requirements, making them more cost effective to maintain over time.
  • Alternative Solution(s): VDI takes the “server consolidation” approach and applies it to desktop computers. Standard client computers are minimally utilized, from a resource standpoint. Desktop hardware, however, tends to be far cheaper than data center equipment. And, with VDI client-side devices are still required, although they are “thin”. When data center costs related to power, cooling, storage, and redundancy are factored in, it can be hard to beat to cost of a mid-range desktop computer. Through the use of application virtualization and solutions such as Citrix and Microsoft Terminal Services, organizations can increase the effective lifecycle of desktop hardware. Windows Server 2008’s version of Terminal Services provides the ability to run single applications (rather than entire desktops) in a virtualized environment, thereby providing the benefits of centralized application management with scalability. There are potential compatibility issues, but they may be offset by the ability to support many more users per server.

Supporting Mobile Users and Outsourcing

  • Problem: Maintaining security for remote sites, traveling users, and non-company staff can be a significant challenge when allowing the use of standard desktop or notebook computers. VDI helps minimize data-related risks by physically storing information within the data center. Even if client devices are lost or stolen, information should remain secure and protected.
  • Alternative Solution(s): For some types of remote users, it might make sense to provide isolated desktop environments via VDI. However, these users would require network access to the VMs themselves. Multi-factor authentication (using, for example, biometric devices) and encrypted connections (such as VPNs) can help protect network access from standard desktop computers. Network Access Control (NAC) is a technology that can help prevent insecure machines from connecting to the network. And, carefully managed security permissions can prevent unauthorized access to resources. All of these best practices apply equally whether or not VDI is being used. Finally, there’s no substitute for implementing and following rigid security policies, regardless of the technical approach that is used.

Managing Performance

  • Problem: Desktop operating systems and applications can never seem to have enough resources to perform adequately, leading to shorter upgrade cycles. Using VDI to place desktop VMs on the server, systems administrators can monitor and allocate system resources based on the resource needs of client computers.
  • Alternative Solution(s): In theory, VDI implementations can take advantage of highly-scalable server-side hardware, and it’s usually easier to reconfigure CPU, memory, disk and networking settings for a VM than it is to perform a hardware upgrade on a desktop computer. The drawback with the VDI approach is that applications or services that consume too many resources could potentially hurt the performance of other systems on that same server. Load-balancing and portability can help alleviate this, but administrators can also use other techniques such as server-based computing to centrally host specific resource-intensive applications.

Workload Portability

  • Problem: Operating systems and applications are tied to the desktop hardware on which they’re running. This makes it difficult to move configurations during upgrades, reorganizations, or job reassignments. With VDI, the process of moving or copying a workload is simple since the entire system configuration is encapsulated in a hardware-independent virtual machine.
  • Alternative Solution(s): When entire desktop configurations need to be moved or copied, the VDI approach makes the process easy since it’s based on virtual machines. When using standard desktop computers, however, the same imaging and conversion tools can be used to move an OS along with its applications to another computer. As these hardware-independent images can be deployed to both physical and virtual machines, this also provides IT departments with a seamless way to use VDI and standard desktop computers in the same environment.

Summary

Ask not whether VDI is a solution to your desktop management problems, but rather whether it is the best solution to these challenges. VDI offers benefits related to quick deployments, workload portability, centralized management, and support for remote access. Few of these benefits are unique to VDI, though, so keep in mind the alternatives.

VDI Benefits without VDI:Managing Security

Jul 27

Posted by Anil Desai in Best Practices, Desktop Virtualization / VDI | No Comments

This article was first published on SearchServerVirtualization.TechTarget.com.

What do leaky faucets, fragmented file systems and failed hard disks all have in common? We want to fix them! As IT professionals, most of us pride ourselves on our problem-solving abilities. As soon as we hear about an issue, we want to find the solution. Every once in a while a technology offers new solutions to problems you may not have recognized. VDI addresses raises and addresses some important issues that are related to IT management. But, is VDI the only solution to those problems?

Whether or not you agree that VDI technology will make inroads into replacing traditional desktop computers, all of the recent press on the technology helps highlight the typical pain that’s being seen in IT departments. From security to supportability to regulatory compliance, there’s clearly a need for improvements in IT management. For many environments, however, it’s possible to find solutions by using other approaches and practices.

For the record, I certainly don’t oppose the use of virtualization for desktop environments, and I think it most likely will find a useful role in many environments. However, in order to justify the costs and technology investments, it’s worth understanding other options. The point of this article is that VDI is not required in order to solve many IT-related security problems. Let’s look at some problems and alternatives.

Securing Desktop Data

  • Problem: Data stored on corporate desktop and notebook computers is vulnerable to theft or unauthorized access. By using VDI to physically store all of this data on virtual machine images in the data center, chances of data compromise are reduced. The reason for this is that information is that sensitive data is never actually stored on a desktop or portable computer. If the system is lost or stolen, organizations don’t have to worry about losing information since it is not stored on the local hard disk.
  • Alternative Solution(s): Securing data is a common challenge in all IT environments, and many solutions are available. Sensitive information, in general, should be stored in protected network locations. File servers should adhere to security standards to prevent unauthorized access or data loss. In this scenario, the most important data is already secured within the data center. For protecting local copies of information, there are several hardware and software-based solutions that can be used to encrypt the contents of desktop and notebook hard disks. An example is Windows Vista’s BitLocker feature. Even with VDI, you would have the need to protect local copies of VMs for traveling users.

Data Protection

  • Problem: Backing up and restoring important data on client machines takes significant time and effort. When using VDI, all of the contents of the desktop and notebook computers are actually stored in the data center (usually on a dedicated storage arrays or network-based storage devices). Since all of the data is stored centrally, systems administrators can easily make backups of entire computer configurations (including the operating system, installing applications, data, and configuration settings). The no longer have to really on network-based backup agents that require the computer to be powered on and accessible in order for the data to be copied.
  • Alternative Solution(s): Hardware failures or accidental data modifications on client-side computers are potential problems, but there are many backup-related solutions. I already mentioned the importance of storing critical files on data center servers. By using automated restore tools, users can quickly be restored to service, even after a complete hardware failure. While VDI might seem to help in this area, when backing up entire VMs and virtual hard disks, you’re actually protecting a lot of unnecessary information. For example, each virtual hard disk that is backed up will include the entire operating system and all of the installed program files. These types of files could be much more easily restored using installation media or by reverting to an image-based backup. Users should understand the importance of storing information in network environments. File synchronization (such as the Windows Offline Files feature) can be used to automatically support traveling users.

Managing System Updates

  • Problem: Systems administrators spend a lot of time in keeping systems up-to-date with security updates and related patches. Part of the challenge is in dealing with remote machines that must be connected to the network and be properly configured in order to be maintained. With VDI, guest OS images are located in the data center and can be accessed by systems administrators whether or not the VM is being used.
  • Alternative Solution(s): The VDI approach still requires each user to have access to a single operating system. The OS itself must be secured, patched, and periodically maintained with other types of updates. Most vendors have tools for automatically deploying updates to large numbers of computers. These same methods can be used with or without VDI. In addition, features such as Network Access Control (NAC) can help ensure that only secure computers are able to access the network.

Summary

VDI approaches can help increase security in many different situations. But, VDI is not the only option for meeting these needs. IT automation tools and practices can help address problems related to data protection, security of client-side data, and ensuring that network systems remain free of malware and other infections. When deciding how and when to deploy VDI, keep in mind the alternative approaches.

Windows Server 2008 Component Posters

Jul 23

Posted by Anil Desai in IT Tips | No Comments

While Windows Server 2008 (formerly code-named, “Longhorn Server”) is still several months from release, it’s never too early to start learning about the new features that will be included in the platform.  As you might guess, five years of development has lead to a wide array of improvements.  To help sort out the details, TechNet Magazine published a couple of posters in its July, 2007 issue.  You can also download the posters in PDF format.  It’s hard to take in all at once, but you can zoom in on sections of interest to find more useful details.  And, if there’s ever any doubt about your level of techiness, you can print them out and proudly display them in your cube/office!

Security to the Extreme?

Jul 22

Posted by Anil Desai in Fun Stuff, IT Tips | No Comments

A friend recently tipped me off to Microsoft Support Knowledge Base Article ID 276304, “Error Message: Your Password Must Be at Least 18770 Characters and Cannot Repeat Any of Your Previous 30689 Passwords”.  As the title suggests, the error message this addresses is:

Your password must be at least 18770 characters and cannot repeat any of your previous 30689 passwords. Please type a different password. Type a password that meets these requirements in both text boxes.

Personally, I try to keep my passwords well under 10,000 characters.  With thee requirements, brute force hacking would have to be pretty efficient to compromise security.  Fortunately, seeing this problem in the real world is rather unlikely, and it only applies to Windows Server 2000.  So, you can rest easy if you choose to use slightly shorter Windows passwords.

Online Backup Options

Jul 17

Posted by Anil Desai in IT Tips | 1 Comment

There are plenty of reasons to perform frequent backups.  While most people seem to think of hardware failures first, it’s far more common for people to accidentally delete or modify files.  Regardless of the cause, it’s helpful to be able to roll-back to earlier versions of files.  While modern operating systems provide various methods of creating backups, there’s one problem: Protecting the backups themselves.  In the past, I used to back up to DVDs and have friends keep copies at their houses.  It’s not an elegant solution, but it does provide some level of “off-site” protection.  The problem is maintaining the backup media with updates and performing a restore process (the latter of which would likely cost me a beer or two).  Clearly, there’s room for improvement.

One excellent option is to back up your data to the Internet.  A few years ago, bandwidth and storage limitations would have made this process difficult and costly.  Today, there are numerous online sites that provide backup services.  Some provide free trials or a limited amount of space that is available almost instantly.  For more information and reviews on available options, see:

Or, just visit the various vendors’ web sites (they’re usually pretty good about telling you what features they can provide).

I’ve tried several of these products, but I’ve been using Mozy for over a year, and I’ve been really happy with it.  Here are some benefits:

  • Off-site protection: Data is transferred to an Internet data center that probably has better power, networking, and cooling support than my home office.
  • Efficient file transfers: The Mozy client determines binary-level difference in files.  It then compresses and encrypts the data before transferring it to an online server.
  • Automated operations: Most backup clients are able to monitor for file changes and then send them periodically or based on a schedule.  The main benefit is that the weak link in most backup plans (humans) are eliminated.
  • Convenient Restore Options: Mozy provides the ability to perform restores using Windows Explorer integration (i.e., by right-clicking a file and choose a prior version), by using their web site, or by using a drive icon that allows you to browse directly to your files.  Compare that to tape backups, and it’s easy to see the benefits.
  • Revision tracking: Mozy lets you restore from previous versions of files.  This, to me, is a useful feature.  Again, it’s far more likely for me to accidentally modify or delete a file than it for an entire hard disk to fail.
  • A non-intrusive client: The last thing I want to install on my computer is a memory hog or something that will scan every file I use.  Mozy works on a scheduled basis, so it minimizes the overall impact.  Usually, I don’t even notice it.

Of course, many of those features apply to other products and services.  Some client software was either buggy or overly-intrusive (in my opinion), so that’s certainly something to keep in mind when you evaluate online backup solutions.

In addition to providing personal-level service, many companies also focus on enterprise-level services.  There are some issue, as well.  For example, in the United States, upstream bandwidth is quite limited.  Transfer a few gigabytes of data can take a long time.  Overall, though, backing up over the Internet is an excellent (and available) option.  Check it out, and let me know what you think!

P.S.  If you decide to try Mozy, please use my referral code: https://mozy.com/?code=CJM3BB (we’ll both get an extra 250MB of free storage space).

Update: I recently subscribed to the Mozy service to get unlimited storage.  It took about 5 days, but I ended up backing up 15GB of data over the Internet.  Overall, the process went very smoothly.

My E-Mail Setup: Outlook + GMail + a Personal E-Mail Address

Jul 13

Posted by Anil Desai in Virtualization | 2 Comments

Almost two years ago, I switched from using my ISP-provided e-mail account to using GMail as my primary mail account.  I also decided that I never wanted to go through the pain of switching accounts again, so I also decided to get my own domain name.  I’m really happy with this setup, and I thought I’d outline how it all fits together. 

Benefits

Before we dive down into the technical details, here are the major benefits of this configuration.

  • Automatic backups:  Both my ISP-based POP account and GMail hold copies of my e-mail messages.  This is in addition to my local Outlook message store (which I also back up over the Internet nightly).  Perhaps that’s overkill, but most of this stuff is automatic and costs very little.
  • E-mail access from anywhere:  When I travel, I can directly access my GMail account via the web interface.  The vast majority of the time, though I use Microsoft Outlook.
  • The ability to use Microsoft Outlook:  While web-based messaging systems provide some advantages, I greatly prefer using Microsoft Outlook.  The only issue with Outlook is that it doesn’t provide a way to synchronize multiple PST files (unless, of course, you rely on either an Exchange Server or your ISP’s POP/IMAP features to keep mail on the server).
  • Spam filtering: I generally receive about 400 spam messages per day (a dubious distinction).  By using GMail’s Spam Filter combined with Outlook 2007’s Junk E-Mail filter, I rarely see any of it. 
  • A permanent e-mail address:  I have my own permanent address that’s personalized and won’t have to change as I switch Internet providers.  And, this way spammers won’t have to bother to learn the address.  🙂
  • Archiving: To keep my Outlook PST file relatively small, I can archive off the data to another file.  If I need to find an old message, I can always search for it online using GMail.
  • Deletion of attachments: A single attachment can be larger than the next 500 e-mail messages combined.  I usually delete file attachments from Outlook messages or store them in the file system.  Should I need an attachment, I can always log in to GMail and download it.  That’s a pretty rare occurrence, though.

There are some other minor benefits, but I think that covers the main list.

Requirements

In order to set all of this up, I needed the following:

  1. A registered domain name
  2. An ISP to host the domain (~$4.00/month) and to provide POP3 access
  3. A GMail account (free)
  4. (optional) Microsoft Outlook (or any other e-mail client)

The costs are really minimal, especially if you go with a discount web host and if you’re already using Outlook or another e-mail client.

Configuration

Now, let’s look at the technical details.  If you’re unfamiliar with standards and protocols such as POP3 and SMTP, you’ll probably need to do some research before setting this up.  Otherwise, it should be fairly straight-forward.

So, the way inbound mail works is as follows:

image

  • The DNS MX record for my domain points to my ISP’s POP3 account, and all new mail is received there.
  • All inbound messages from my ISP are set to redirect to my GMail account.
  • GMail is configured to allow POP3 access and to automatically archive messages that are downloaded
  • Outlook is configured to use POP3 to download messages from GMail.  Once messages are downloaded, they’re automatically archived on the GMail server.

Outbound mail works like this: I set the Reply To address to my custom domain e-mail address and then send messages to GMail as my outbound SMTP server.  The benefit here is that all outbound messages are cached by GMail (so I can search them later or access them online).

A Little Quirk

There’s one minor issue with this configuration: When Outlook users see me messages, they look something like “Anil@domain.com on behalf of Anil@ISPAccount.com“.  All operations such as replying works just fine, but some people seem to be confused by it.  Other than that, I haven’t had any problems with the setup.

The Add-Ons

You can download and install the GMail Notifier or the Google Desktop to automatically receive notifications and/or previews of new messages as they arrive.

Customization Options

The same setup can certainly be created in a variety of different ways.  For example, you can use a web-based server other than GMail, and you’re certainly not tied to Microsoft Outlook in any way.  Overall, the approach should work fine for most people.

Conclusion

Overall, this e-mail setup works well for me.  It also costs a total of ~$4.00/month (a fee that I could probably eliminate by finding a free web host).  And, I get the benefits of web-based messaging (simplified access and online storage), with the convenience of using Microsoft Outlook.  Was this helpful?  Does it make sense?  Should I add more detail?  Post a comment!