VMware Horizon View & Pivot3 vSTAC VDI (MSD) Ref. Architecture Demystified

Off-late Converged VDI Appliance Solutions have raised quite a bit of interest in the Enterprise and SMB segments both because of their inherent benefits and features they carry like No SAN required, easy to deploy etc. There are three primary appliance vendors around there: Pivot3, Nutanix and V3 Systems. They work almost similar fashion in a scale out manner, except V3 System offering Desktops As A Service or Cloud Model with their unique Cloud Orchestration Layer for Desktops in the Cloud. Interesting Feature, indeed! But for that I will come back to you in another post. Here I am going to explain and simplify the “Mobile Secure Desktop” Reference Architecture of VMware View (or Horizon View, whatever you name it!) with Pivot3 vSTAC VDI Appliance. To refresh your memory, I spoke about Pivot3 in couple of my earlier posts. Pivot3 is the first one to get certified for “VMware Rapid Desktop Program”. They advocate the “Serverless Computing” model with their Patented vSTAC OS concept. They have if not the best, at least top notch VDI Converged Solution offering Horizon (VMware) View VDI complete solution.

This post tries to demystify the MSD Ref. Architecture

Ref Arch1
Let’s look at the diagram from Top to Bottom approach. The steps below are almost same in any VMware View Mobile Secure Desktop Solution.Pivot3 has developed a wonderful, scalable, easy to deploy VDI Hardware Appliance (see the Pink Color Devices stacked together) which has VMware vSphere 5.1 and (as of now it supports up-to VMware View 5.1; I haven’t heard from them if it has extended it’s support for Horizon View 5.2 as well) VMware View standard components Installed and Preconfigured.Ref Arch2
_____________________________________________________________________________________________
The Infrastructure Layer:It consists of:
1. A separate Management Cluster of two nodes (or two hosts) hosting VMware vSphere HA/DRS (ESXi Cluster with vCenter) and VMware View Components and other Virtual Appliances essential for Mobile Secure Desktop Solution. Two Physical Hosts with VMware ESXi installed on them are what constitutes the Management Cluster. And this Management Cluster hosts these Virtual Machines (or Service Appliances):
a. VMware vCenter with View Composer: To provide the HA/DRS facility within the Management Cluster. View Composer software (part of VMware View Suite) also gets installed on the same vCenter VM to facilitate creation of Linked Clone Virtual Desktops Machines. This is a small piece of Windows Installer which gets installed on a Non-Appliance based vCenter Server.
b. VMware View Connection Server: To provide the Connection Broker Service for the VDI Clients and other VDI services. Usually a pair or more of View Connection Servers are provisioned for redundancy and load balancing purpose. It also holds the View Connection Manager console which is used for Management of VMware View VDI environment.
c. VMware View Security Server: To act as PCoIP DMZ Proxy and facilitate external clients to reach to View Connection Server through a secure path. They are as well implemented in a pair or more for the same reason.
d. SQL Server: To hold the databases of View Connection Server and others (as necessary).
e. Trend Micro Deep-Security Manager Virtual Appliance: To enable security solutions like Anti-malware, Firewall, Log Inspection to the Virtual Desktops trough vCenter integration and Agentless scanning. This VM will facilitate management of all the different Deep-Security Virtual Appliances sitting on three Pivot3 vSTAC VDI Appliances.
f. vCOPS: VMware vCenter Operations Manager provides various dashboard and Microsoft SCOM like features for the entire virtual environment including the virtual desktops.
g. vShield Manager: VMware vShield Endpoint provides anti-virus and anti-malware functions to virtual desktops through vSphere Integration. These Endpoint Virtual Appliances sit on the three Pivot3 vSTAC VDI Appliances and the vShield Manager will manage them through a centralized console.h. Microsoft Active Directory Servers (A pair: Primary and Secondary): To provide centralized LDAP or Directory Services for Client Authentication and User Management.i. View Adapter: To enable vCOPS for VMware View environment. Also facilitates the dashboard feature.j. Certificate Authority (CA): Windows CA provides secure access to the devices and services within a Windows Active Directory Domain. Since we are deploying a Mobile Secure Desktop Solution with BYOD adoption, CA plays an important role. It closely integrates with the Active Directory Services to provide Certificate Services.k. RADIUS Server: For Single Sign On (SSO) and Centralized Authentication for the users to login and access the virtual desktops from various mobile devices. You may have a separate VM for SSO as well.l. Print Server: Your infrastructure may accommodate a Print Server as well facilitating virtual desktop users printing facilities and ThinPrint features. Or you may connect to an existing Print Server as well, depending on your architectural design.

2. And then there is VDI Cluster:

Apart from all the roles above mentioned, every vSTAC VDI Appliance from Pivot3 also has embedded ESXi installed. These three devices together form the VDI Cluster and each of these three devices hold these VMs:

a.Trend Micro Deep Security Virtual Appliance

b. vShield App Firewall.

c. vSTAC Operating System: These vSTAC OS are in turn connected through the 10Gbps Network Port which is part of every vSTAC VDI appliance. This redundant 10Gb is used for Storage Network. These three vSTAC OS aggregates the local storage into a pool of aggregate storage (something like iSCSI SAN) and present to the vSphere ESXi Layer as iSCSI DataStore (iSCSI SAN). All the Desktop VMs are stored under these datastores.

SAS Tier and SSD Tier: The old Pivot3 boxes (non R2 appliances) had a series of SAS drives and also a series of SSD drives. These tiers support RAID5/6/6E level. In the new Pivot3 vSTAC VDI R2 appliances, however SSD tier has been withdrawn and they are using the new CBRC (Content Based Read Caching) feature.

3. There is also a “Stress Client Cluster” which is used to test the performance and reliability of the VDI Offering. The Stress Client Cluster consists of Three ESXi Hosts and a bunch of Test VMs from where you run your testing applications and tools.

I was hoping to give more insight on the test results etc. But perhaps it is better to not elongate the post. I advise to look for the Official Reference Architecture here: http://www.vmware.com/files/pdf/partners/pivot3/Pivot3-MSD-Reference-Architecture.pdf for further reading.