After VMworld in San Francisco it has been hectic weeks for me. There were many key inputs that I have received from this great event where 22,500 best of the tech. minds gathered. End User Computing and VMware Horizon View have always been one of my core interest areas. And I tried as much as possible to attend the best of the EUC sessions there. One of them was Business Process Desktop (BPD). Previously I discussed about Horizon View Reference Architectures in some of my blog posts: HP StoreVirtual VSA with View | Mobile Secure Desktop Reference Architecture with Horizon View and I was encouraged by the followers of this blog to talk about them more. This time I chose Horizon View BPD Ref. Architecture. Having worked with some of the top BPO’s like GE, Convergys & vCustomer in their technology division in India, I have always experienced huge amount of work that goes in managing user applications and desktops. VMware has come up with the View Reference Architecture for BPOs last year and I see quite a business value proposition on the same. A similar talk was there on one of the VMworld session as well this year. Let’s dig down to it see what it consists of and why this Ref. Architecture makes sense, especially if you belong to the BPO IT community…
The driving factors in case of BPO:
- Low cost and yet effective service output from locations like India , Philippines.
- Different time zone work.
- Ready to go market capability.
- Low cost infrastructure availability for the BPO business.
- Quality, expertise and efficiency on the particular deliverables.
Usually in BPOs I have experienced these requirements:
- Large number of desktops, usually in a number of thousands.
- Multiple applications due to different client/customer requirements.
- Local data storage
- Shift based rotation of work (employees work on different shifts on the same machines for different accounts)
- Every shift worker may have different requirement on the same desktop. Say the first shift may work on just Spreadsheet whereas the following shift may work on heavy duty image processing for some insurance clients.
- Data security
- High availability of desktops and applications
- Easy troubleshooting of desktops and applications and low downtime.
We are already aware about the benefit of Virtual Desktops (VDI) and Application Virtualization products like VMware View, Citrix XenDesktop, VMware ThinApp, Citrix XenApp and it is quite natural to map the benefits of these to the requirements of a BPO setup. But here I am going to talk about How To Architect a VMware Horizon View BPO Solution. I also would like to embed a video here by Rory Clements who is based out of VMware’s Palo Alto office and is an End User Computing Group Manager.
Some of the issues that BPD solution will address for you are:
A) Data loss prevention through centralized data storage: Since these are virtual desktops data no more resides on the user end point devices
B) Two Factor Authentication: You really cannot rely on mere password authentication however it may be Kerberos enabled. You need at least two factor authentication.
C) Compliance Adherence: with the use of VMware vCenter Configuration Manager HIPAA like compliance are met. Read more about vCenter Configuration Manager here: http://www.vmware.com/products/vcenter-configuration-manager/ and on HIPAA: http://www.dhcs.ca.gov/formsandpubs/laws/hipaa/Pages/1.00%20WhatisHIPAA.aspx
Uptime: Desktops accessible from anywhere, load balancing function with F5 Big-IP kind of appliances, redundancy to avoid data and production uptime loss.
Remote Management: Desktops pools of thousand and more desktops can be deployed instantly, patch/security management centrally possible, almost no onsite help is required, centralized troubleshooting made easy.
These are some of the standard components that VMware recommends to have while architecting a BPD/BPO solution and I will state the reasons why the recommend so:
Core Horizon View Components:
1. VMware vSphere (including vCenter Server): This will provide the base core virtualization infrastructure required to host the View Management components like Composer, View Connection server etc. and most importantly your user virtual desktops. This build the core layer on top of which the VDI layer will be built.
2. Horizon View Components:
A) Connection Server/ Horizon View Manager: This will enable the clients to connect to the virtual desktops, create desktop pools, setting up centralized policies, security restrictions etc.
B) View Composer: As the name suggests it composes a pool of desktops from a master desktop image, decouples user data, applications etc. from the OS layer.
C) View Persona Management: Decouples the user profiles from the OS layer and enabled the users to have their own customized profiles available from any desktop, anywhere.
*** Note: You can also use Liquidware Labs ProfileUnity or AppSense instead of View Persona Management for the Profiles Management. Up to you and your business budget.
- VMware ThinApp: ThinApp is a small yet powerful and often under-estimated utility to decouple your applications from the virtual desktops. It creates bubbles of applications allowing the application run from anywhere without having to depend on Windows Registry etc.
- VMware vShiled Endpoint Security: This provides the next generation antivirus and anti-malware security solution to the virtual desktops by offloading the key tasks to a virtual appliance instead of loading it to the client component or agent in a traditional AV solution.
- vCloud Networking & Security Edge & App: For both the virtual data centers and application level security.
- vCenter Configuration Manager: For compliance and regulatory requirements as described above.
- vCOPS for View and/or Liquidware Labs Stratusphere Ux: For Virtual Desktops Monitoring, Validation and Diagnostic Solution.
- F5 Big IP: For load balancing
- Safenet Authentication Manager & Indigo Identityware -InSession: For SSO with RADIUS to enable centralized authentication.
- McAfee MOVE or TrendMicro Deep Security: For Agentless AntiVirus solution customized for Virtual Desktops.
(Some customers use Microsoft Forefront Endpoint Protection as well, however that it not agentless!)
- Microsoft DFSR: For Centralized File Server based File Share Replication between site to site.
- Avaya/Cisco/Microsoft Lync/Mitel: For Unified Communication.
- EMC Avamar or Commvault Simpana 9: For backup and restore.
- Teradici PCoIP and Microsoft RDP with Riverbed SteelHead WAN Optimizer (since RDP is not very ideal for WAN environment natively): For Desktop Display Protocol.
You may choose to go for Persistent or Non-Persistent, Floating or Dedicated Pool of desktops depending on the requirement, types of applications used etc. It varies from one customer to another customer in the BPO workspace. So, there is no hard and fast rule.
Also in terms of Application Virtualization, some may choose Citrix XenApp as a natural choice because of it’s long success but then again it comes with few server component to support XenApp as well which will definitely add to the cost factor. So, unless you have very specific application virtualization requirement which ThinApp cannot handle, go for it; or else stick to ThinApp. You can use Liquidware Labs FlexApp too, but again it comes with additional price tag. Using Microsoft SCCM is a complete NO-NO for the virtual desktops due to high IO utilization, up to 30-40%! So, it’s a better practice to apply the patches in the Gold Image and then use the Recompose Function.