Why Citrix + AHV provisioning path and management is superior to VMware Horizon

In this post, I’ll contrast and compare the different management and provisioning path architectures between Citrix on Nutanix AHV using Machine Creation Services (MCS) and two leading VMware Horizon options. While there is always numerous options within deployments the examples here will be based on the best and leading alternatives. I’ve prepared a 5,000 and 25,000 user examples to illustrate how a common sized environment would look versus one at a larger scale. This will display the difference in how things scale and whether complexity increases or remains low.

The reason to look at this is to help understand how failures, patching, upgrades and human error might affect the resiliency of the provisioning path and management interface. If the control plane is down for the underlying hypervisor the VDI broker layer will not be able to provision or manage the desktop VMs. This can have serious implications for users as they may be unable to access resources if they are disconnected or logoff and when they return there are not enough available desktops due to a control plane issue.

On the operations side, this is an important discussion also, because organizations demand simplicity in architectures. They do not want solutions that are complex to set up and maintain. So I will also look at how many management interfaces the alternatives impose on admins and point any areas of concern.

 

Citrix + AHV 5,000 User Example

In the first example, we are looking at 5,000 XenDesktop users deployed on Nutanix AHV hypervisor. XenDesktop communicates directly to the AHV cluster via the Prism cluster IP address and utilized API calls to perform actions. Prism is the distributed management interface and runs as a service in the Nutanix controller VM (CVM) on each node. This means that Prism is always available during upgrades and should a node, CVM or a service fail one of the other nodes will accept incoming connections to Prism and API calls.

In the sample diagram below I’m showing XenDesktop connecting to a single AHV cluster running all 5,000 desktop VMs. This is to showcase the power and flexibility that AHV and Prism provide. AHV does not have a maximum cluster size limit like legacy hypervisors impose. With Prism running on every node in the cluster the management and provisioning operations for VMs and the cluster scale out linearly with the cluster. This means that there is no difference in the performance of provisioning or management operations whether a cluster is 3 nodes or 80 nodes. This allows architects to design for large clusters when applicable without any concerns over imposed cluster size limitations.

Should there be valid reasons the 5,000 desktops could be split into more than one cluster. Reasons for doing so might be workloads that don’t mix well or adversely affect desktop density or the desire to divide into distinct failure domains.

Pros:

  • No Single Point of Failure (SPOF) for provisioning or management
  • Node or VM counts do not limit cluster sizes
  • Linear performance of control plane
  • Highly available control plane and provisioning path
  • Simple architecture that easy to deploy, manage and operate

Cons:

  • VMware Horizon does not support AHV

VDI provisioning path.001

 

VMware Horizon 5,000 user example

In this first VMware Horizon example, we are looking at the classic way of deploying vCenter server. This scenario does not matter if you deploy Windows or vCenter appliance variations. In this classic method vCenter is a single point of failure (SPOF). This means that the environment can be severely impacted during upgrades and failures that take vCenter offline for more than a few minutes.

Another significant constraint to call out is that VMware does not recommend building blocks of infrastructure that host more than 2000 desktops. This means that each block will consist of a vCenter server and one or more vSphere clusters. In our 5,000 user example, this architecture forces us to have 3 vCenters and the number of clusters below them is open to how the architect wants to design based on requirements. By limiting the scale of each vCenter, VMware is keeping the performance and responsiveness within acceptable limits. But this approach, when scaled becomes inefficient because you are using additional resources and the number of items to manage and update continues to scale as you add users.

Pros:

  • Fairly simple to deploy and is well understood after long VMware history
  • Widely supported by applications

Cons:

  • vCenter is Single Point of Failure (SPOF)
  • vCenter is limiting factor of 2,000 desktops per vCenter
  • VMware composer SPOF for linked clone provisioning

VDI provisioning path.003

 

VMware Horizon 5,000 user example w/vCenter HA

 

This example is just an alternative to the previous one in that I’ve inserted the new vCenter High Availability (HA) option that was released in vSphere 6.5 recently. The vCenter Server Appliance (vCSA) must be utilized if you want to use this HA option. The sizing and architectures are the same. The primary difference is the availability of vCenter in this alternative. To deploy the vCenter HA config you are required to deploy 3 vCSA VMs for each vCenter that you want to be highly available. There will be an active, passive and witness VM in each deployment. Multiply this out with the three blocks required to deliver 5,000 users and we now have nine vCenter appliances to deploy, manage and upgrade.
This adds a lot of complexity to the architecture for the benefit of increasing the resiliency of the provisioning path and management plane.
Pros:
  • HA option provides resiliency for vCenter features
Cons:
  • Complex to deploy, manage & understand
  • vCenter HA option uses lots of resources with 3x virtual appliances each
  • Unclear how vendor plugs may work in this architecture
  • vCenter is still limiting factor for 2,000 desktop VM limit per vCenter
  • As design scales complexity increases by having so many management points

VDI provisioning path.004

 

Citrix + AHV 25,000 User Example

In this and the following examples, I have now scaled the number of users to 25,000 to see what effects this has on the different architectures and management experience. For the Citrix and AHV architecture, nothing changes here other than the number of users. Citrix can accommodate the large number of users within a single deployment. On the AHV cluster side of things, I have elected to evenly divide the users between four different clusters. I could have chosen a single cluster but that felt extreme, architects can also choose more clusters if that meshes with their requirements. Within Citrix Studio, each AHV cluster will be configured as an endpoint that can be provisioned against.

The point is that in the architecture organizations can accommodate large numbers of users with a small number of clusters of which all benefit from highly available provisioning and management controls. Each AHV cluster can be managed via the Prism interface built into the cluster or a Prism Central can be deployed to allow for global management and report. An important thing to note is that Prism Central is not in the provisioning path so does not have any effect on our architecture explained earlier.

Pros:

  • No cluster size limits provides flexibility to account for budget savings and ability to meet requirements.
  • Highly available architecture at all levels with simplicity baked in.
  • Small number of clusters reduces node counts by saving on the number of HA nodes for additional clusters.
  • Global management functions without affecting provisioning redundancy via Prism Central.
  • Single Citrix deployment and management point for all users.

Cons:

  • VMware Horizon cannot benefit from AHV

VDI provisioning path.002

 

VMware Horizon 25,000 User Example

Now taking a look at the expanded user environment with VMware Horizon architecture you can see that I’m showing the vCenter HA alternative. I think that if you have the option for a highly available control plane most will select that option so I’m not showing the classic single vCenter option.

The architecture is the same but you will notice a few things now that the user count has been scaled up to 25,000. We can no longer deliver that many users from a single Horizon installation (Pod). The maximum users within a pod are 10,000 so we now require three Horizon installs to meet our user counts. To be honest having three Horizon pods does affect the broker management experience but in this scenario has really no bearing on the cluster count or design.

Following the 2,000 users per vCenter rule we will need 13 vCenters to meet our 25,000 user requirement. To keep things clean the diagram shows just a single cluster attached to each vCenter but the 2,000 users could be split between a few clusters under each vCenter if that made sense.

You can see from the diagram that deploying 13 vCenters in HA configuration requires 39 vCenter appliances to be deployed and configured. Yes that’s right, Thirty-nine!! Just think about the complexity this adds to troubleshooting and upgrades. Each one of those appliances must be upgraded individually and within a short window to not break functionality or support. Upgrades now may force you to upgrade Horizon, Horizon agents, clients, vCenter and vSphere all within a single weekend. That’s a lot of work, best you could do is do one of the pods per weekend and now you’re exposing your staff to three weeks of overtime and loss of their weekends.

Pros:

  • HA option provides resiliency for vCenter features

Cons:

  • Crazy Complex to deploy, manage & understand at this scale
  • vCenter HA option uses lots of resources with 39 virtual appliances being deployed
  • Unclear how vendor plugs may work in this architecture
  • vCenter is still limiting factor for 2,000 desktop VM limit per vCenter
  • Three vCenter linked mode view to see entire infrastructure view
  • Three different Horizon management consoles to configure and control users
  • Composer is an SPOF for linked clone provisioning per Horizon Pod

VDI provisioning path.005

 

VMware Horizon 25,000 users on VxRail

In this last example, we are going to adjust the previous example and look at what would change if it was deployed on VxRail appliances that utilize VSAN for storage. The Horizon and vCenter / vSphere architecture would be the same the only thing to highlight is what is added by VxRail.

Each of the clusters that provide resources for each 2,000 user block would be a VxRail cluster. These clusters have a VxRail virtual appliance VM that runs on it and is used for appliance management and upgrades. Given this scale, we now see that each of the 13 clusters will have its own dedicated VxRail manager and does not offer a global management function that Prism Central offers. VxRail manager is not in the provisioning path, but does add to the complexity of managing this type of deployment and should be considered before selecting.

Pros:

  • Same as previous example

Cons:

  • Same as previous example
  • 13 Different VxRail managers adds needed complexity
  • VxRail is an SPOF as a single VM running on each cluster for management operations
  • VxRail includes additional software that potential exacerbates this further. (Log Insight, ESRS, etc.)

VDI provisioning path.006

 

Conclusion

Just to wrap up my thoughts and examples here is that whether you’re designing a small or large scale VDI environment it’s important to understand how the management and provisioning structures will function. These are important to how highly available the solution is and what level of effort will be required to support it from day 2 and on. The resiliency and simplicity that Citrix offers when connect to Nutanix AHV cannot be rivaled by any other alternatives today.

 

About Brian Suhr

Brian is a VCDX5-DCV and a Sr. Tech Marketing Engineer at Nutanix and owner of this website. He is active in the VMware community and helps lead the Chicago VMUG group. Specializing in VDI and Cloud project designs. Awarded VMware vExpert status 6 years for 2016 - 2011. VCP3, VCP5, VCP5-Iaas, VCP-Cloud, VCAP-DTD, VCAP5-DCD, VCAP5-DCA, VCA-DT, VCP5-DT, Cisco UCS Design

Read More

Operational processes for keeping your VDI or PVS gold image updated

I often get asked about “How do I keep my gold image update to date” in a VDI environment. Does not matter if we are talking about VMware View or Citrix XenDesktop, customers of both have similar questions. The fact is you work from some master image for these technologies and you need a good process for keeping them up to date and releasing new updates. So I have put together some thoughts on this and want to try and make this a collaborative effort. So if you have something that works for you share with others in the comments or get a message to me.

 

What needs to be done

There needs to be some form of cadence when you update an image so that things do not get missed. I don’t care if you have just one image or if you have multiple to keep updated, You’re going to miss things if you don’t have a process. So I’ve put together a list to start of what might need to be updated each time you do gold image maintenance.

  • Operating System patches
  • Application updates
  • Antivirus Definitions – there’s better ways than this :)
  • Add or remove applications
  • Version tracking

 

Gold Image updates

This is the part I would like to hear feedback from others on. These are the major steps that I think should be accounted for in image management. I’ve broken them down into steps and explained my thoughts on them.

Clone image – This seems pretty obvious but wanted to make sure it was clear. You could just update your existing image but I personally make a clone of the image and perform my updates on the new clone. This clone will ultimately become the new gold image once the updates are done. I do this rather than just updating the existing and continuing to add more and more snapshots to it. I tend to keep a few versions around in case I have to roll back and also keep additional older versions on some type of backup media.

OS updates – Also a bit of an assumption here but you need some regular schedule of OS patching. This might mesh with your normal desktop patching schedule or might be specific to this. But you need to set a schedule for performing these updates. You should know if it will be done once a month will you be applying all patches, what if something of high concern comes out and you are required to update in between your regular updates.

You might manually go in and run windows update manager or maybe you have a tool for this. I read a post from Sean Massey a VMUG member from Wisconsin that he came up with for using WSUS you can read here.

Application updates – Almost no customer can completely keep applications from being installed into their images. There are just some applications that work better in the image than being presented by other methods or being virtualized in some manner. You will either need to update these at the same time you are doing the other updates or have their own schedule. To cut down on your maintenance activities I would look at doing them all in the same window when possible.

Antivirus updates – I’m not a fan of installing AV products into your gold images but if you must than look for ways to optimize the process. Vendors like Symantec have guides for using their products in VDI environments that deal with how to install, update and setup scans. There should also be guidance around how you should be updating definitions and such. Do you leave auto updates on or just update in the image update process? This will help with operations and performance. The better way would be to adopt a AV product that can scan at the hypervisor level and utilize the vShield Endpoint features from VMware.

QA testing – So you have done all your updates are you going to just put that image back into service? Well some will but I would recommend that you spend time testing and putting the updated image through some type of QA process. At minimum I would create a check list of things that you can test the image against, maybe a list of web sites or running applications that are common in your environment. Don’t forget to do some basic user tasks like web browsing, flash, java etc. To accomplish this I would recommend you create a new temp desktop pool and use the updated image. This would allow you to test the image as it will be used by your customers, rather than just testing by using the VM directly.

Update tracker – So you’ve done all these updates now what? Well I bet by lunch you will have forgotten what you all updated. This means that you will need a method for tracking what was updated in the image. To accomplish this I think a few things need to be done. The first is come up with some type of version tracking for your gold images. I think something as simple as tracking versions works for most and incorporating them into the naming convention, examples below. Also to track version info I think you should incorporate the version number into the build in some method. I have seen customers add a registry key with the version info in it. This is a good idea because you can look at this if you need to confirm what version a user is running if needed.

  • windows7-gold-V3
  • gold-image-version5

The last part of tracking updates is some type of a change log or build sheet. When you make updates and changes I think you need a way to see what is in the current version being used and what was in previous versions. This would help in troubleshooting and also audits. A simple idea that I had was to create a spreadsheet for this tracking. I’ve created a simple Google doc that you can use as a starting point and build from for your environment. You can access the doc direct via this link.

 

Conclusion

To wrap things up these are a few of my thoughts on this. I’m sure others have some great ideas and if we share, this list can be updated and become a great resources for others to use.

 

 

 

About Brian Suhr

Brian is a VCDX5-DCV and a Sr. Tech Marketing Engineer at Nutanix and owner of this website. He is active in the VMware community and helps lead the Chicago VMUG group. Specializing in VDI and Cloud project designs. Awarded VMware vExpert status 6 years for 2016 - 2011. VCP3, VCP5, VCP5-Iaas, VCP-Cloud, VCAP-DTD, VCAP5-DCD, VCAP5-DCA, VCA-DT, VCP5-DT, Cisco UCS Design

Read More

My EUC suite comparison for VMware vs Citrix

In my day job I spend a lot of time working with Enterprises developing strategies around their End User Computing (EUC) services. Once the strategy is developed it usually leads to the design of the EUC offerings. It is increasing evident that just being good at VDI is no longer acceptable. The following are services or requirements that are rapidly becoming table stakes for many customers.

  • Application presentation – any app to any device
  • Mobile app and data management (MDM, MAM)
  • Enterprise fie sync and share

As many Enterprises and smaller customers evaluate offerings from Citrix and VMware they are increasing looking for a vendor that can provide solutions to satisfy their requirements. They do not want to have to use solutions from multiple vendors that do not integrate well together.

The following comparison is based on the product versions listed below. After the table I have broken each evaluation point out and explained why I rated them equal or why one won in my eyes. This does not intend to sway your view to or from either vendor, I am simply trying to shine light on how they stack up. Not every customer needs all of these capabilities at the start and might be able to wait for them to mature or could use a hybrid solution with the best parts from both vendors.

  • VMware Horizon Suite (View 5.3, Mirage 4.3 and Workspace 1.5)
  • Citrix XenDesktop (XenDesktop 7 and XenApp 6.5)

 

  • VDIVDI
  • Physical PC managementPhysical PC management
  • EUC PortalEUC Portal
  • Mobile ManagementMobile Management
  • File sync & shareFile sync & share
  • Application optionsApplication options
  • NetworkingNetworking
  • VMware Horizon Suite

  • VDIyes
  • Physical PC managementyes
  • EUC Portalyes
  • Mobile Management
  • File sync & share
  • Application optionsThinApp
  • Networking
  • Citrix XenDesktop

  • VDIyes
  • Physical PC management
  • EUC Portalyes
  • Mobile ManagementRequires XenMobileyes
  • File sync & shareRequires ShareFileyes
  • Application optionsXenAppyes
  • Networkingyes

About Brian Suhr

Brian is a VCDX5-DCV and a Sr. Tech Marketing Engineer at Nutanix and owner of this website. He is active in the VMware community and helps lead the Chicago VMUG group. Specializing in VDI and Cloud project designs. Awarded VMware vExpert status 6 years for 2016 - 2011. VCP3, VCP5, VCP5-Iaas, VCP-Cloud, VCAP-DTD, VCAP5-DCD, VCAP5-DCA, VCA-DT, VCP5-DT, Cisco UCS Design

Read More

Announcing the launch of The Virtual News – Get your Virtualization fix

I’ve been building a list of blogs and news sites that I read on a regular basis for sometime now. To this point I have been using a RSS reader that sync’s with Google reader to keep things centralized and backed up in case I have an issue. This works pretty well for myself but in talking with peers about what I’ve been reading lately there seemed to be a need for something the community could use as a central point to find good articles. There are obviously other sites like this for different topics but to my knowledge nothing for the Virtualization segment existed.

So today I would like to introduce The Virtual News to the public. Its in a public Beta phase I would say for now. My dream for the site is to become a central location where the community can share good articles with others interested in Virtualization related information. I look forward to the day that others are sharing great links via the site and I will discover bloggers and others writing content that I am interested in.

I welcome any suggestions or comments on the function, look and idea of the site.

http://www.thevirtualnews.com

About Brian Suhr

Brian is a VCDX5-DCV and a Sr. Tech Marketing Engineer at Nutanix and owner of this website. He is active in the VMware community and helps lead the Chicago VMUG group. Specializing in VDI and Cloud project designs. Awarded VMware vExpert status 6 years for 2016 - 2011. VCP3, VCP5, VCP5-Iaas, VCP-Cloud, VCAP-DTD, VCAP5-DCD, VCAP5-DCA, VCA-DT, VCP5-DT, Cisco UCS Design

Read More

Citrix Receiver for Apple Mac has arrived

You may not even know what Citrix Receiver for the Mac will do for you. But if you do then you are probably pretty happy today. So if you have a Bring your own computer program with Mac users or you would just like a more seamless process to run Windows apps on your Mac. Then this new receiver from Citrix will be worth testing.

So what does Citrix Receiver for Mac do? Well along with Citrix XenApp and Dazzle, you will be able to search for and run all of your favorite Windows apps as if they were locally installed on your Mac. You will be able to select your apps with Dazzle (kind of a iTunes looking enterprise app store), you can then launch your apps from the Applications folder. You can even drag those windows apps to the doc and run them from there.


About Brian Suhr

Brian is a VCDX5-DCV and a Sr. Tech Marketing Engineer at Nutanix and owner of this website. He is active in the VMware community and helps lead the Chicago VMUG group. Specializing in VDI and Cloud project designs. Awarded VMware vExpert status 6 years for 2016 - 2011. VCP3, VCP5, VCP5-Iaas, VCP-Cloud, VCAP-DTD, VCAP5-DCD, VCAP5-DCA, VCA-DT, VCP5-DT, Cisco UCS Design

Read More

How to optimize Windows XP for XenDesktop

I found a new white paper released from Citrix today that talks about steps you can take to really optimize your XP images. Sure everyone thinks about things like turning off a few unused services, screen savers and power saving features. But this paper takes a deep dive into a list of settings that you can manually change and explains others that are available in the XenConvert optimizer tool from Citrix. Head on over to Citrix and grab the doc here.

  • Offers a better alternative than replacing the default user profile (which isn’t supported and doesn’t help for users that already have profiles)
  • Makes a distinction between private mode (1:1) and standard mode (1:many) desktops
  • Provides the actual registry keys/values for all optimizations (to ensure that all settings can be set by Group Policy or login scripts)
  • Gives best practices for optimizing the user profiles (like installing UPHclean)
  • Excludes configurations and steps that don’t help (like defragmenting a disk before performing a volume copy)
  • Details what registry changes are included in the XenConvert Optimizer tool (so you know what all those checkboxes are doing)

About Brian Suhr

Brian is a VCDX5-DCV and a Sr. Tech Marketing Engineer at Nutanix and owner of this website. He is active in the VMware community and helps lead the Chicago VMUG group. Specializing in VDI and Cloud project designs. Awarded VMware vExpert status 6 years for 2016 - 2011. VCP3, VCP5, VCP5-Iaas, VCP-Cloud, VCAP-DTD, VCAP5-DCD, VCAP5-DCA, VCA-DT, VCP5-DT, Cisco UCS Design

Read More
Page 1 of 212
%d bloggers like this: