Category Archives: Windows Desktops

My VDI Story….why I like VMware View and Unidesk

Years ago, when I was hired by my current employer in 2007….I was brought on as a Microsoft and Citrix delivery engineer focusing primarily on AD/Exchange and Citrix Presentation Server/XenApp technologies and projects.  While I’m here, let me also say this, one of the best days of my professional career was the final day of my last Exchange 2003 to 2007 migration.  Fortunately, I had been and was being trained on EMC and VMware products and began to focus more and more on those types of projects….and so on that final day, I purged everything I ever knew about Exchange and it was glorious.

OK, back to VDI….though I was able to move away from Exchange, I was still the “Citrix guy” which was fine as I enjoyed working with Citrix who had been doing “VDI” long before it was cool with MetaFrame, then Presentation Server, and then XenApp.  Prior to late 2009/early 2010, XenApp was our primary desktop/application virtualization platform and then Citrix XenDesktop 4.0 came out and more customers began talking about deploying virtual desktops to their end-users.

To that end, I built a portable lab and even took it across North Carolina to show it off in an attempt to feed the masses; to fuel their thirst and desire for virtual desktops.  And it worked!  Our first project (in which I worked with Citrix) was for approximately 300 Windows XP virtual desktops running XenDesktop 4.0, with applications published from whatever version of XenApp was out at the time (5 maybe) and hosted on XenServer infrastructure.

If you’re familiar with VDI technologies, how many times have you heard about the utopia goal of “one master image”? That’s what everyone shoots for and I can say with this project, because the applications were published from XenApp servers, we were able to achieve that goal, however (and I don’t want to say this necessarily as a negative), to conform to Citrix best practices, all machine “roles” were separated out so we had to the best of my recollection:

  • Citrix License Server
  • Citrix Web Interface Servers
  • Secure Gateway Servers
  • EdgeSight Servers
  • SQL Servers
  • Provisioning Servers
  • XenApp Servers

Maybe there were even dedicated Data Collectors…really it was a long time ago but I do remember seeing an environment diagram when all was said and done, 53 Servers/VMs were deployed to support the 300 Windows XP virtual desktops.

Our next XenDesktop project wasn’t nearly as big or complicated, just needed to deploy Windows XP VMs to a few computer labs, publishing applications from existing XenApp servers….and I thought that it went great until I checked back with the customer a few months later to find they weren’t using the XenDesktop environment at all.  Why?  Provisioning Server….they had a hard time wrapping their mind around how to use it, how to update images, etc.  I explained how it worked while I was onsite but I have found that there are times that, after I complete a project and leave, my customers are pulled in so many directions, put out so many fires, there is the potential for new technologies to sit unused and forgotten as IT staff focus on the “tyranny of the urgent”.  Despite my best efforts, I could not explain PVS in such a way as to make it easily understandable and XenDesktop ended up sitting there until we upgraded to version 5 and switched to MCS.

And so, you think to yourself….is there a better way to do VDI?

Then in late 2010, a customer requested a VMware View POC for 125 VMs.  Being the “Citrix guy”, I was selected as the best candidate to become the “VMware View guy”; perhaps some of you have had similar experiences.  Honestly, I was leery about VMware jumping into the VDI realm because I loved Citrix so much….surely this PCoIP cannot compare to ICA!  Surely VMware’s product is not nearly as mature as Citrix Xen!  But I went into the project trying to keep an open mind and did see almost immediately that I would not need 53 servers to support the environment.  I think we built 1 VDI vCenter server, 1 connection broker, and 2 ESX servers.  The problem however, was application delivery….this environment was unique in that no Citrix farm existed so we had 2 choices, install the applications onto the master image and/or using ThinApp.  We tried ThinApp, but it was “slow” to the end-users so we began to install the applications onto the golden image.  Once this process started, it became apparent that one master image would not be possible because of the mixture of applications needed for each department, but not just the mixture, but one application in particular required different configuration settings based on the department.

Though I didn’t need 53 servers, we did end up 11 gold images to support 125 virtual desktops….as you might imagine, this lead to a great deal of frustration and I wondered again, is there a better way to do VDI?  Is VDI worth doing at all at this time?

In late 2011, a coworker, after doing some research around VDI technologies, brought Unidesk to our attention.  He had seen their demo, had spoken to a sales engineer, and was very excited exclaiming that Unidesk could solve every VDI problem we had encountered with its layering technology; with Unidesk layers, we could achieve a single golden image yet build diverse virtual desktops for any purpose.  It really is a remarkable technology….I think of the layers as highly customizable blocks (kinda like Legos) which allow me to build any desktop my client may need without having to install any applications into the golden image.

Our first Unidesk installation was for the client mentioned above with 11 gold images for 125 virtual desktops in an effort to alleviate their pain points and we found, that we could deploy 125 virtual desktops with a single golden image (just the OS) while using the layers to customize the application settings and roll them out to the proper department quickly and easily. Unidesk saved the day by easing (significantly) the administrative burden of managing the virtual desktop environment….if Unidesk had not delivered on its claims, the customer was ready to go back to physical desktops and likely turned their backs on VDI for good.

Since that project we have, in effect, made Unidesk mandatory for all of our VMware View based projects and I can assure you, it has made my life easier and it has made the lives of dozens of IT administrators easier as well.  To date, I have not met an application (or anything really) I’ve not been able to layer in Unidesk….Unidesk really allows one to think outside the box when creating layers, it doesn’t necessarily have to contain an application….I’ve built a “mandatory profile” layer, a layer to put specific shortcuts on the desktop, layers for non-standard print drivers that are mapped through GPOs, you name it, you can probably create a layer out of it and apply it to your virtual desktops.

Layering is “so in” these days!  VMware, of course, has released their App Volumes which is similar in concept to Unidesk though their are some differences in the two.  If you are considering virtual desktops and even Citrix XenApp, I strongly advise you to research and check out these layering solutions, you will be glad you did.

In closing, here are some other random VDI thoughts:

  • Seems like App Volumes (or maybe even VDI in general) is pushing more towards non-persistent desktops.  Could this make a profile management tool such as Liquidware Labs Profile Unity more important?  Should Profile Unity be mandatory on VDI projects?
  • Hyper-V?
    • Folks have begun asking about using Hyper-V with Unidesk as opposed to vSphere in order to save $$, but does it really save $$?  And can I overcome my personal hypervisor bias?  🙂
  • VMware App Volumes
    • How does in work in production as opposed to Unidesk?
    • Can I use App Volumes on Citrix XenApp projects to replace Provisioning Server?
  • Integrating Mobility Management technologies
    • People connect to virtual desktops from so many devices….will VDI drive a demand for mobility management solutions like VMware AirWatch or Citrix XenMobile?

Leave a comment

Filed under Unidesk, VDI, VMware, Windows Desktops

Windows 7 VDI – Sits at Welcome screen “forever”

When deploying View/Unidesk based virtual machines for VDI, I like to use Group Policies to deploy printers….more specifically, I create printers using policies located under User Configuration | Preferences | Control Panel Settings | Printers.  Again, I have found this method of deploy printers pretty easy and reliable.

Recently, I’ve had issues with non-persistent desktops sitting at the Welcome screen for what feels like an eternity when you’re in front of a computer and staring at it.  I’ve seen persistent desktops take up to several minutes to finally complete whatever it is they’re doing and present the desktop to the end user.

Looking at the event log to investigate, I saw several events which stated the following:

The Winlogon notification subscriber <GPClient> took ### seconds to handle the notification event (Logon)

As you might expect, the number of seconds displayed in Event Viewer was the same time I was waiting for the computer to bypass the Welcome screen.  Googling the problem, I eventually saw that several people had the issue and that it was solved by disabling the “Point and Print Restrictions” GPO found at Computer Configuration | Policies | Administrative Templates | Printers

PP-GPO

A more detailed explanation of the Point and Print Restrictions policy can be found here.

Again, the problem seems to arise when using Control Panel Printer Preferences to map printers to non-persistent desktops…I’ve not experienced this issue in another scenario to  this point but after making this policy change (disabling Point and Print Restrictions), the time spent on the Welcome screen decreased dramatically.

Leave a comment

Filed under Active Directory, Microsoft, VDI, VMware, Windows Desktops

Virtual Floppy Disk for Windows 7

I was wondering if you could use a virtual floppy disk as virtual media through, in this case, the Dell Remote Access Controller (HP calls it iLO).  I downloaded the virtual floppy utility found below and used the virtual floppy as virtual media to upgrade the BIOS on a Dell PowerEdge 2950 server.

http://www.worthytips.com/virtual-floppy-drive-windows-7/

Don’t know if anybody cares, I don’t even know if I care, but if you ever need a virtual floppy disk for Windows, it’s there.

Leave a comment

Filed under Utilities, Windows Desktops

Upside Down Display on Dell Computers

As some of you may know, you can use the keyboard combination CTRL+ALT+ to scroll down internet sites.  Well, I was working at a Community College not too long ago when one of the IT technicians was working on a lab machine in which the display was “upside down”.  On some of the newer Dell models, this key combination will in fact, turn the display upside down.  I can only imagine the horror of the lab student as the key combination which had worked so many times at home, reversed the display on the lab machine.  I can see him/her looking over their shoulder, hoping nobody saw, and sneaking away as if nothing happened.  Luckily, the problem can be resolved by the keyboard combination CTRL+ALT+.  Rest easy computer lab student….

Leave a comment

Filed under Windows Desktops

Windows Vista/7 with Outlook 2007 and Riverbed Optimizations

Just passing along as FYI, but I ran into a situation last week when running Outlook 2007 on Windows Vista or 7. Using the default security settings shown below, a user could not create a new mail profile. It did not matter if you tried to create the profile using Exchange 2007 Autodiscover or Manually. When creating the mail profile, a domain authentication pop-up kept appearing and even thought the machine was joined to the domain and valid user credentials were entered, the authentication pop-up persisted. Ultimately, the user account would be locked out.

If we unchecked Encrypt data between Microsoft Office Outlook and Microsoft Exchange, you could successfully create a new mail profile. After the mailbox was opened for the first time, we checked the box once again, and the domain authentication pop-ups returned.

We also noticed that if changed Logon Network Security to Kerberos Password Authentication, you could leave the “Encrypt” option enabled.

So, to successfully create a new mail profile, launch Outlook, and use Outlook encryption successfully, we had to:
a. Disable the encryption option (when creating the profile, you could click More Settings and then the Security tab to disable)
b. Launch Outlook and let it build the mailbox
c. Close Outlook
d. Re-enable the Encryption option, remembering to also set logon network security to Kerberos Password Authentication.
e. Open Outlook

But really, who wants to go through all this to create a mail profile?

We had a test lab, duplicating our production environment (almost) and we could not duplicate the issue within the lab. Now, in production, the Exchange servers and the end users are in different physical locations. The Exchange servers run on ESX servers located in the “Co-Lo” datacenter. The lab existed within our office building, thus nothing was going over the WAN.

We went over to the datacenter with a Windows 7 machine to verify if our problem lied somewhere with the network setup/gear, and sure enough, our test machines worked just fine with Outlook’s default Encryption and logon network security settings.

The network traffic between the datacenter and office building is optimized with Riverbed appliances. In speaking Microsoft on this issue, it turns out that, when running Outlook 2007 on Windows Vista or 7, the optimization Enable MAPI Exchange 2007 Acceleration needs to be disabled to use Outlook 2007’s default security settings.

At this time, I personally cannot verify that the issue is resolved by disabling this optimization, I only have Microsoft’s “word” as the network team wants to open a case with Riverbed to discuss the issue further. However, as soon as I hear any additional information concerning this issue, I’ll pass it along. Again, I just wanted to pass along the information. If you have additional information, please leave a comment, I’d love to hear them.

4 Comments

Filed under Microsoft, Windows Desktops, Windows Server