VDI Wars – Attack of the Clones

ClonesCentralization of desktops seems to be a topic de jour.  As organizations struggle to gain control of their information while users insist on pretty much open season for BYOD, bringing desktops into a more secure and controllable data center seems like a good way to manage corporate intellectual property while also providing a consistent experience to users across a range of devices.

However, a single installation of Windows 7 is no small beast.  If you are trying to provide the organization with a few thousand such cloned images, then you had better make sure that your storage system is up to holding so many large chunks of desktop.

Each of these systems then needs managing — and applications being installed then makes each image “unique”.  More to the point, each of them then needs backing up, just in case the worst happens. The impact on storage becomes major: the impact on the network and available backup windows for more business-critical activities is immense.

But Windows 7 is Windows 7 — each person will be accessing essentially the same basic files of executionables, dynamic link libraries and device drivers as each other.  Therefore, in essence, all that is required is a single golden image that can be shared between all users.  Sure, the applications required by each user may be different and they will be creating information that is different — but these two issues can be dealt with.

For example, in the majority of cases in a mid-sized to large organization, physical PC desktops will already be storing data to a network drive.  This should also be done where the desktop image is centralized — abstracting the data away from the desktop provides better data availability should the desktop itself become corrupt or there be a technology failure.

Dealing with applications is more difficult — each desktop will need its own registry to hold the details of the applications that are installed.  Most approaches store that registry with the image, meaning that each image is then unique within that application set.

Sure, it is possible to create a set of “golden” images which hold sets of applications for groups of specific users, so creating a minimum set of desktops, but this is a bit inelegant and can be restrictive where a specific user requires access to a specific application.

Another way to look at the problem is to use deduplication of the images.  As stated above, Windows 7 is Windows 7 (or Windows XP is Windows XP, if that is more your wont), and by applying file-based, or better still, block-based deduplication, the overall size of the images required to support a large estate of VDI images can be reduced heavily.

However, there is an even better way to do this — a company called FSLogix uses an abstraction of the registry which then allows for a single image to be created that has all applications installed with it and each user has their own “virtual” registry ascribed to them.  Through this means, it is possible to just use the one image and then spin up a copy of it as required as a user comes in to use it.  As the user creates data, it is stored on the network drive, so does not impact the image itself: as they log out, the image can be spun down and de-provisioned, so using no resources.

This also means that backup and restore are based on just the one image and the associated virtual registries – so providing more capabilities for your business-critical backup activities.

Another company with a finger in this pie is Numecent: it has a technology that it calls “cloudpaging” which enables it to stream Windows applications to a range of devices in a secure manner and use their native power to run them, so avoiding the need for a central VDI store.  Cloudpaging is a highly efficient means of streaming applications, giving fast start-up times for an application from scratch.

This approach means that VDI images don’t need to be stored, managed and backed up — but it could, however, have a high-ish hit on wide area networks if the mobile workforce suddenly decides to use a set of applications all at the same time.

VDI can be a very good way to regain control of data and security within an organization.  However, if badly planned, it can cause untold headaches.  With storage and network resources needed for managing the business’ more critical needs, a better planned approach to minimize such impact may be called for.

Image credit: JD Hancock (website) / CC-BY

About the author
Clive Longbottom