Академический Документы
Профессиональный Документы
Культура Документы
BRKVIR-2002
Cisco Public
Abstract
Many companies are pursuing virtual desktops to enhance data protection, improve disaster
recovery, increase agility, enable mobility, support bring your own, migrate to Windows 7, and
more. Shortly, hosted virtual desktops are expected to exceed 10% of the current 500 million
enterprise desktops. What will companies gain? What will they give up? To start off, we'll cover
the application trends and VDI drivers behind the growth and the commonly used solutions and
technologies with a review of Cisco Virtual eXperience Infrastructure (VXI). For enterprise
Collaboration, well review the implications of deploying hosted virtual applications and desktops
on interactive voice/video and corporate communications/streaming. For the enterprise
workspace, we'll address thin, hybrid, and thick client strategies for various types of users
addressing their general benefits and/or limitations. For Borderless Network, well look at the
implications of deploying hosted virtual desktop on existing network services like call control,
bridging, Quality of Service (QoS), Content Delivery Networks (CDN) streaming, multicast
streaming, WAN acceleration, campus switching, printing, etc. We'll cover how to deliver the
virtual desktops over the WAN using acceleration with details on the network bandwidth and
latency requirements and expectations. For Data Center, we'll review how to plan design data
center compute, storage, network, load balancing, and security for large scale hosted
applications and desktops. Lastly, well put it all together with architectures for large scale highly
available hosted virtual desktop deployments. The primary takeaways for attendees will be how
to: 1. Scale the data center 2. Secure hosted virtual desktop 3. Preserve the user experience
while centralizing client/server applications. 4. Reduce the Total Cost of Ownership (TCO)
BRKVIR-2002
Cisco Public
Housekeeping
We value your feedback- don't forget to complete your online session
evaluations after each session & the Overall Conference Evaluation which
will be available online from Thursday
Visit the World of Solutions and Meet the Engineer
Visit the Cisco Store to purchase your recommended readings
Please switch off your mobile phones
After the event dont forget to visit Cisco Live Virtual:
www.ciscolivevirtual.com
BRKVIR-2002
Cisco Public
BRKVIR-2002
Cisco Public
Collaboration
Borderless Network
Data Center
Architectures
Strategy
BRKVIR-2002
Cisco Public
Overview
Overview
Virtual Desktop Models
O/S Desktop
Guest App
App
Guest OS
Synchronized
Desktop
Apps
Apps
OS
OS
OS
Hypervisor
Main OS
Display Data
Server
Application Streaming
Application
Apps
App
OS
App
OS
Server
OS
App
Display Data
OS
Presentation
Server
Overview
The Network Is the Desktop
Keyboard, Video, Mouse
Thin
Client
Broker
Large OS
Many local applications
Compute
Vulnerable
Storage
Constant patching
Data backup
Complex management
Software distribution
delivery challenges
Skilled local support staff
required
Network
Cisco Public
Overview
Hosted Application/Desktop Early Adoption
Regulated Industries
Task Workers
Finance
Government
Healthcare
Banking
Data Protection
Disaster Recovery
Capabilities
Flexibility/Mobility/Ubiquity
Faster application time to market
Moves, Adds, Changes
Real estate
BYOD
BRKVIR-2002
Retail
Education
Cost of Ownership
Use Cases
Call centers
Consultants
Off shore development
Partners/Extranet
Windows 7 migrations
Cisco Public
Overview
Moving Through VDI Rather Than To VDI
Centralized
Client/Server
Display Desktop
Pervasive Network,
Flash, Ajax, JS,
HTML5
Distributed Client
Efficient Server
Distributed Client
Centralized Server
WAN
Acceleration
Limited
Networks
Virtual
Desktop
Pervasive
Hypervisor
Distributed
Client/Server
Distributed Creation
Centralized Data
Distributed Creation
Centralized Data
BRKVIR-2002
Enterprise
Centralized
Creation/Data
Cloud
Distributed Creation
Integrated Data
Distributed
Creation/Data
2005
Distributed
Cloud Web
Desktop
2010
2013 Cisco and/or its affiliates. All rights reserved.
2015+
Cisco Public
Software
Software
Broker Desktop Entitlement
Non-Persistent or Pooled - Generic virtual desktop assigned to users on a
per session first come first server basis and then returned to the pool (possibly
with profile removed) or destroyed
Persistent or Assigned - Permanently assigned to a user statically or by first
to connect
Personalized Non-persistent Abstracted persona applied to non-persistent
desktops
Pool of Virtual
Desktops
Machines
Entitle Group to
Assign
Desktop
Pool
Entitle User to
Desktop
Assign Individual
Template
BRKVIR-2002
Cisco Public
Software
VMware and Citrix Components
Function
VMware View
Citrix XenDesktop
View Client
Citrix Receiver
Desktop Agent
Broker Provisioning
Composer / Thinapp
Broker Routing
Connection Server
Broker Proxy
Security Server
Portal
View Portal
Administration
View Administrator
Personalization
Hypervisor
VSphere ESX
XenServer
Orchestration
Virtual Center
XenCenter
BRKVIR-2002
Cisco Public
Software
Desktop (OS) Virtualization
Remote Connections Directed by Broker
Agent
Agent
Agent
Agent
Agent
Agent
Agent
Agent
VM
Guest #1
VM
Guest #2
VM
Guest #3
VM
Guest #4
VM
Guest #5
VM
Guest #6
VM
Guest #7
VM
Guest #N
VMTools
VMTools
VMTools
VMTools
VMTools
VMTools
VMTools
VMTools
ESX
Service
Console
Fibre
Channel
VMKernel
iSCSI
NFS
NAS File
VM
Network
Service
Console
LAN
VC Mgmt
IP Data Networks
16
Software
Display Protocol Server Components (Agent)
VMware Tools
Broker Agent
Multimedia
Redirector
(Windows Media
and Flash)
Rich Sound
Server (Analog
Mic/Skr)
USB
Virtualization
Server
BRKVIR-2002
Cisco Public
Software
Thick Desktop Display Protocol Clients
BRKVIR-2002
Cisco Public
Software
Example Direct Mode Broker Exchange
<broker version="3.0">
<broker version="3.0>
<?xml version="1.0"?>
<configuration>
<id>CN=dc1-p,OU=Applications,DC=vdi,DC=vmware,DC=int</id>
<broker version="3.0">
<result>ok</result>
<name>dc1-p</name>
<desktop-connection>
<offlineSSOdisabled>false</offlineSSOdisabled>
<type>sticky-lc</type>
<result>ok</result>
<broker-guid>c4b2711c-55aa-4b2a-9e5a-31f61e7ee566</broker-guid>
<state>disconnected</state>
<id>CN=dc1-p,OU=Applications,DC=vdi,DC=vmware,DC=int</id>
<authentication>
<session- <address>10.87.121.28</address>
<screen>id>COMPANY\jifrench(cn=XXX,cn=foreignsecurityprincipals,dc=vdi,dc=vmware,dc=int)/0@c
<port>3389</port>
<name>disclaimer</name>
n=XXXX,ou=servers,dc=vdi,dc=vmware,dc=int:RDP:3389</session-id>
<additional-listeners>
<params><reset-allowed>true</reset-allowed>
<additional-listener name="MMR">10.87.121.28:9427</additional-listener>
<param><reset-allowed-on-session>true</reset-allowed-on-session>
</additional-listeners>
<name>text</name>
<user-preferences>
<protocol>RDP</protocol>
<values><value>Welcome
<preference<user-name>jifrench</user-name>
name="height">0</preference>
to the Cisco Iselin NJ VDI Lab</value></values>
</param>
<preference<password>YzZmNGFlMTMt</password>
name="width">0</preference>
</params>
<preference<domain-name>COMPANY</domain-name>
name="useForThinClient">false</preference>
</screen><preference<enable-usb>true</enable-usb>
name="alwaysConnect">false</preference>
</authentication>
<preference<enable-mmr>true</enable-mmr>
name="screenSize">Windowed</preference>
C1
WAVE
WAN
WAE
ACE
Broker
UCS
NAS
</user-preferences>
</desktop-connection>
</broker> </broker>
User Data
CIFS
Cisco Public
20
Software
Application Virtualization (Terminal Services)
Remote Connections Directed by Broker
Virtual
App
Instance
#1
Virtual
App
Instance
#2
Virtual
App
Instance
#3
Virtual
App
Instance
#4
Virtual
App
Instance
#5
Virtual
App
Instance
#6
Virtual
App
Instance
#7
Virtual
App
Instance
#8
Virtual
App
Instance
#N
Fibre
Channel
LAN Interface(s)
iSCSI
CIFS/NFS
Application Data
NAS File
IP Data Networks
21
Software
Hosted Desktop with Streamed Virtual Application
Display Connection #1
Empty Windows Virtual Desktop #1
Agent
Display Connection #N
Empty Windows Virtual Desktop #N
Agent
VMTools
VMTools
Windows OS
Windows OS
Desktop
Profile
Data
Cisco Public
22
Software
MultiUser Hosted Shared Desktop (HSD)
Desktop
Challenge
Windowing
Broker
Security (AAA)
Monitoring
Publishing
Routing
Display
Desktop
Data Center
Storage
Display
Windows 2008 R2
Desktop Experience
BRKVIR-2002
Cisco Public
Co-Located
Storage
Software
Published Desktop
Desktop
Challenge
Windowing
Broker
Security (AAA)
Monitoring
Publishing
Routing
Display
Desktop
Data Center
Storage
Display
Display
Display
Display
Display
Display
Cisco Public
Co-Located
Storage
Software
Presentation Desktop
Presentation
Publishing
Access
Hosting
Data
Interactive
Voice/Video
SIP/Web
Hosted
Client/Server
Applications
And
Desktops
Display
Display
Display
Display
Web
Web
Desktop
Challenge
Windowing
Broker
Security (AAA)
Monitoring
Publishing
Routing
BRKVIR-2002
Web
SAAS
HTML5
Cisco Public
Software
Web, Collaboration, & Application Publishing
BRKVIR-2002
Cisco Public
Cisco Collaboration
Apps
Contact
Center
UC Mgr
DESKTOP
VIRTUALIZATION
Borderless Network
Cisco Jabber
Identity
Services
Engine
Adaptive
Security
Appliance
Any Device
Virtual Desktop End-points
WAAS
vASA
Routing
(ISR)
Nexus
1000v
Unified
Fabric
Unified
Computing
System
Network
Services
Collaborative Workspace
AnyConnect
HYPERVISOR
vWAAS
Wireless
Wired
Unified Access
STORAGE
Validated Designs, Services, Training and Support
BRKVIR-2002
Cisco Products
Cisco Public
Collaboration
Communications
Peer to peer
Real time experience
Call Admission
Control
Telephony
Client
Collaboration
Forms of Hosted Applications
PX
Call
Control/Proxy
Media
Services
PY
Poor
Experience
Client to server
Mix of real time and
bulk transfer
Allow all
Display
Client
Client/Server
Connection
Broker/Proxy
Virtual
Desktop
Poor
Experience
Browser
Client
Web/Streaming/SAA
S
Client to server
Network tolerant
Mostly bulk transfer
Presentation
Server
Google.com
Quad/DMS
Web/SAAS
Ironport
Salesforce.com
Webex.com
Azure.com
BRKVIR-2002
VXC 6215
Cisco Public
Zoho.com
Collaboration
History of Network Services
Unified Communications
Virtual Experience Client (VXC) Zero
Client
Cisco IP Hard Phone
Borderless Network
Wireless
WAN / PSTN
WAAS
WAAS
Data Center
Si
Si
Si
Si
Broker
Stream
Server
Partners
Broker
UCS
Broker
Stream
Server
Storage
Storage
UCS
Storage
BRKVIR-2002
CUCM
Encoder
Cisco Public
CUCM
Collaboration
Desktop Video Call Before VDI (BV)
Unified Communications
Cisco Unified Personal
Communicator (CUPC) or any
softphone
Branch call control, voice
gateway, and voice mail
Media is peer to peer within
sites or across MPLS sites
WAN / PSTN
Borderless Network
QoS provides low latency
queueing
Call Admission Control (CAC)
Business applications
protected
Si
Si
Si
Si
Data Center
Centralized Call Control with
Cisco Unified Communication
Manager (CUCM) on UCS
BRKVIR-2002
CUCM
Cisco Public
CUCM
Collaboration
Virtual Desktop Video Call After VDI (AV)
Unified Communications
Centralized call control
Broken call admission control
High client CPU
Poor video
Out of Sync Audio
WAN / PSTN
Borderless Network
Best effort queue
Bandwidth up to 150 Mbps
Media hair-pinned through data
center
Server farm network loaded
BRKVIR-2002
Si
Si
Si
Broker
Data Center
High server CPU
Si
Broker
UCS
Storage
CUCM
Storage
Cisco Public
UCS
CUCM
Collaboration
Live Streaming Video Before VDI (BV)
Unified Communications
PC has local browser with
media player
Borderless Network
CDS and/or multicast split
video in a display protocol
resulting in one stream per
user on the WAN
Bandwidth/experience is
native 100/300/700 kbps
QoS protects business
applications and other traffic
Data Center
Encoder sources a single
stream to CDS which unicasts
or multicasts to scale
CDE
CDE
WAN / PSTN
Si
Si
Si
Si
Stream
Server
Stream
Server
Encoder
BRKVIR-2002
Cisco Public
Collaboration
Live Streaming Video After VDI (AV)
Unified Communications
Zero/thin client with display protocol
client only needs capacity to decode
Borderless Network
CDS and multicast cannot split video
in a display protocol resulting in one
stream per user on the WAN
CDE
Bandwidth/experience varies
depending on display protocol &
streaming format
CDE
WAN / PSTN
Data Center
Stream sourced from encoder
Broker
UCS
Si
Si
Si
Si
Stream
Server
Stream
Server
Storage
Storage
Encoder
BRKVIR-2002
Broker
Cisco Public
UCS
Collaboration
Interactive Media Solution
Leverages the existing network
services for voice, video, data
Data Center
Cisco
VXME
User Desktop
Media
Flow
Cisco UC
Manager
Desktop Virtualization
Protocol
Signaling
Cisco Public
Collaboration
Software Strategy for Virtual Environments
Virtualization Experience Media Engine
(VXME)
Software that enables Jabber to run in
virtualized environments
Conferencing
BRKVIR-2002
Cisco Public
Collaboration
VXC 6215 or Windows Based Software Stack
Applications
Web/HTML5
UI (Video Render/SRST/EM)
OAM&P/ Serviceability
CSF2G
Enhanced Call Control
SIPPC, CC API, Media Engine
Accessories Manager
Hardware Operating
Platform
System
OEM
Display
USB
DECT
RDP
Client
VmWare
View
Browser
AnyConnect
VPN
A/V
Device Manager
Blue
Tooth*
Citrix
Receiver
EnergyWise
Client
CDP
LLDP
IPv4
MediaNet
Client Framework
IPv6
Cisco Public
Collaboration
Any Device with Cisco Jabber
Desktop
Presence
& IM
BRKVIR-2002
Mobile
Voice
Video
Thin Clients
Conferencing
Cisco Public
Messaging
Collaboration
What Do End Users Need?
Call Center or Clerical
Professional
Design Professional
Administrative
Rich Media
Graphics or Custom
Remote/Task Worker
Knowledge Worker
Power User
Thin Clients
BRKVIR-2002
Capable Clients
Cisco Public
Collaboration
Client Strategy Depends On Hosted Applications
User
Hardware
OS
Software
Execution
Storage
Security
Life (Yrs)
Zero
Task
Chip
Firmware
None
All remote
None
Low risk
7-10
Thin
Task/Knowled
ge
Limited
Hardened
Display
All remote
None
Low risk
5-7
Hybrid
Knowledge
Capable
(possible
media
offload)
Hardened
General
(Linux or
Windows
Embedded)
Display
Rich Media
Web
Client/Server
remote
Rich media
local
Transient
Encrypted
Medium
risk
5-7
Thick
Knowledge or
Power
High End
Open
General
(Windows,
Linux, Mac)
Unlimited
Mostly local
Some remote
Persistent
High risk
3-5
1.
2.
3.
4.
Cisco Public
40
Collaboration
UC Accessories Exclusively Designed with Cisco
Logitech UC Keyboard
K725-C with Logitech
Mouse M525-C
Logitech Webcam C920-C
BRKVIR-2002
Cisco Public
Collaboration
VXC Feature Comparison
VXC 2100 Series
VXME
VXC 6215
Form Factor
Backpack Integrated
Tower
Standalone
Software
Tower
Standalone
Platform
Zero Client
Zero Client
2111 PCoIP
2112 HDX,RDP
2211 PCoIP
2212 HDX,RDP
Citrix XenDekstop,
VMware View
UC Protocol Support
(add on)
N/A
N/A
Software
HDX, RDP
PCoIP (Q1CY13)
UC Client Support*
CUPC, Connect
CUPC, Connect
CUPC, CUCILync
CUPC, CUCILync
Voice
Yes
Yes
Video
No
Yes
Monitor Support
Single or Dual,
1920x1200
Varies based on
underlying HW
Single:2560x1600
Dual:1920x1200
PoE
PoE
PoE
N/A
No
Via IP Phone
Via IP Phone
Standard Video
HD Capable*
BRKVIR-2002
Cisco Public
Collaboration
VXC Manager OR Wyse Device Manager (WDM)
BRKVIR-2002
Cisco Public
Collaboration
Traditional Network Services Work For All Clients
Unified Communications
Softphone in VXI runs native
locally
Supports Survivable Remote Site
Telephony (SRST) supported
Use local services (gateways,
call control, vmail, etc.)
No voice hairpinning
CDE
CDE
Network
Borderless Network
Use local internet access
Use CDS/ACNS/WAAS to cache,
split, and/or multicast streaming
media
Provide QoS for rich media
WAAS
Broker
Data Center
Offload server CPU
Offload server bandwidth
BRKVIR-2002
WAAS
Si
Si
Si
Stream
Server
UCS
Si
Storage
CUCM
Broker
Stream
Server
Storage
Encoder
Cisco Public
UCS
CUCM
Borderless Network
Borderless Network
Universal Power Over Ethernet (uPoE) 60 Watts
Country Specific
Wall Plugs with UPS
Global Common
Power Cable
Catalyst 4500
OPEX
CAPEX
Borderless Network
Decoding the VDI Protocol Stack
VMware View
Application
PCoIP
4172
Underlying
Protocols
Microsoft
RDS
RDP
3389
BRKVIR-2002
ICA/HDX
2598/1494
TCP
UDP
Deployment
Considerations
Citrix XenDesktop
No client-side or server-side
hardware dependency
Announced hardware specification
for 3rd parties
Standards-based as well as
proprietary encryption models
RC5 or SSL encrypted
Cisco Public
Borderless Network
Display Protocol Considerations Checklist
Network
Channels
Inband
Out of band
Voice
USB headset
Analog microphone/speaker
Graphics/Video
Quality Lossy or lossless
Streaming - Windows Media, Adobe
Flash, QuickTime, or SilverLight
Acceleration
Encryption
Compression
USB
Headset
Print
Drive
Security
BRKVIR-2002
Print
Print server
Printer location
User mobility
2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Borderless Network
Display Protocol Summary
Protocol
Vendor
Transport
Bandwidth without
WAAS
(Approx)
Bandwidth with
WAAS
(Approx)
Microsoft
TCP 3389
384 Kbps
96 Kbps
Independent Computing
Architecture (ICA)
Citrix
120 Kbps
60 Kbps
PC over IP (PCoIP)
Teradici /
VMware
Media UDP
50002/4172
Control TCP
50002/4172
192 Kbps
192 Kbps
BRKVIR-2002
Cisco Public
Borderless Network
Display Protocol Channels
Display protocols operate at the
session layer
Display
Protocol
TCP
Cisco Public
USB
Video
Sound
Print
Borderless Network
Fundamental Problems with In-Band Channels
Mixing interactive and bulk
transfer traffic types in a
single TCP connection
Client copies file from local
USB with packets #1 and #2
Client clicks with packet #3
Display Client
Display Server
Remote
Virtual
Desktop
Local
Desktop
Display Client
2 BRKVIR-2002
Display Agents
Cisco Public
Tools
53
Borderless Network
Wyse/VMware TCX (like Multistream ICA)
Out of band media
Rich Sound on UDP 6901
USB Redirection on TCP 17185
URL Redirection
Content Source accessed by Thin Client
Complete network and CPU Offload on the
Server
MultiMedia Redirection
Rendering Redirection (Transcoding)
Content opened and decoded by the Server
Local
Desktop
Decoder
Display Client
B
Remote
Virtual
Desktop
BRKVIR-2002
Display Agent
Tools
Borderless Network
WAN Acceleration Increases User Density 27x
Data Redundancy Elimination (DRE) eliminates redundancy within or between
flows
LZ compression eliminates redundancy within flows
TCP Flow Optimization (TFO) fills the pipe over high latency links
Transport Data De-duplication No byte pattern crosses the network twice
Unidirectional DRE for display protocols and video streaming
Origin Connection
Origin Connection
WAN
Optimized
Connection
DRE CACHE
DRE CACHE
LZ
Decode
BRKVIR-2002
Window Scaling
Large Initial Windows
Congestion Mgmt
Improved
Retransmit
2013 Cisco
and/or its affiliates.
All rights reserved.
LZ
Encode
Cisco Public
Borderless Network
WAAS Citrix XenDesktop Feature Expectations
Feature
Function
Session reliability
No MMR
BRKVIR-2002
Cisco Public
Borderless Network
WAAS Citrix XenDesktop Situation Expectations
Variable
Implication
Bitmap graphics
Cisco Public
Borderless Network
WAAS Citrix XenDesktop Experience Expectations
Variable
Implication
BRKVIR-2002
Cisco Public
Borderless Network
WAAS Performance Results for ICA and RDP
Latency Reduction
Native
Bandwidth Reduction
With WAAS
Native
60
300
50
250
40
200
60%
faster
30
20
60%
faster
10
Kbps
Seconds (s)
With WAAS
150
50%
Improvement
100
70% Improvement
50
ICA
RDP
ICA
RDP
Cisco Public
Borderless Network
WAAS Reduces MMR Bandwidth up to 99%
Rich Media Streaming w/ MMR (Direct Connect)
BW Optimization for VIEW MMR Traffic
50
45
40
35
30
25
20
15
10
5
0
0:50
0:53
0:56
0:59
Overall BW Consump.: 20 MB
1:02
1:05
1:08
1:11
1:14
Original (MB)
1:17
1:20
1:23
1:26
Optimized (MB)
1:29
1:32
PCoIP Session
RDP Session
Solutions Setup
2 Concurrent View Clients
Display Protocol: RDP and PCoIP
View Deployment Mode: Direct Connection
BW/Latency: T1/80 ms
Play Time: 5-6 Minutes of Repeat Tracks
BRKVIR-2002
Cisco Public
Borderless Network
Virtual Desktop Print Options
1. USB attached printer via display protocol USB extension
2. Centralized print server
C2
P1
WAVE
WoW
WAN
WAE
UCS
NAS
CIFS/MSRPC
PS/PCL Files
RDP
PS/PCL
CIFS/MSRPC
CIFS/MSRPC
Origin Connection
BRKVIR-2002
Optimized Connection
2013 Cisco and/or its affiliates. All rights reserved.
Origin Connection
Cisco Public
Print
Server
Borderless Network
Quality of Service in a Cisco VXI Network
Protocol
Desktop Virtualization Protocols
RDP7
PCoIP*
TCP/UDP Port
TCP 3389
TCP & UDP 50002
& UDP 4172
TCP
DSCP af21/CoS 2
DSCP af21/CoS 2
af21/CoS 2
DSCP
ICA/HDX
Session
TCP 1494
DSCP af21/CoS 2
Session Reliability
TCP 2598
DSCP af21/CoS 2
Web Services
TCP 80
DSCP af21/CoS 2
TCP 32111
TCP 9427
DSCP af11/CoS 1
DSCP af31/CoS 4
TCP 445
TCP 2000
DSCP af11/CoS 1
DSCP cs3/CoS 3
UC Signaling (SIP)
TCP 5060
UC Signaling (CTI)
UC Media (RTP, sRTP)
TCP 2748
UDP 16384 - 32767
DSCP cs3/CoS 3
DSCP ef/CoS 5
Cisco Public
Borderless Network
Quality of Service in a Cisco VXI Network
Ports Used During Classification for QoS
ip access-list RDP
permit tcp any eq 3389 any
ip access-list PCoIP-UDP
permit udp any eq 50002 any
ip access-list PCoIP-TCP
permit tcp any eq 50002 any
ip access-list PCoIP-UDP-new
permit udp any eq 4172 any
ip access-list PCoIP-TCP-new
permit tcp any eq 4172 any
ip access-list ICA
permit tcp any eq 1494 any
!
ip access-list View-USB
permit tcp any eq 32111 any
ip access-list MMR
permit tcp any eq 9427 any
!
ip access-list NetworkPrinter
permit ip any host 10.1.128.10
permit ip any host 10.1.2.201
!
ip access-list CUPCDesktopControl
permit tcp any host 10.0.128.125 eq 2748
permit tcp any host 10.0.128.123 eq 2748
In testing done, the markings were done on the Nexus 1000v whenever possible
BRKVIR-2002
Cisco Public
Borderless Network
Quality of Service in a Cisco VXI Network
These example provides a guideline for deploying QoS in a Cisco VXI
Network
Class-maps
Policy-map
class-map type qos match-any CALL-SIGNALING
match access-group name CUPCDesktopControl
class-map type qos match-any MMR-STREAMING
match access-group name MMR
class-map type qos match-any TRANS-DATA
match access-group name RDP
match access-group name PCoIP-UDP
match access-group name PCoIP-TCP
match access-group name PCoIP-UDP-new
match access-group name PCoIP-TCP-new
class-map type qos match-any BULK-DATA
match access-group name View-USB
match access-group name NetworkPrinter
BRKVIR-2002
Borderless Network
Quality of Service Validation with MMR
Viewing QoS Policy Statistics
DC-WAN#show policy-map interface
GigabitEthernet0/0
Service-policy input: HQ-LAN-EDGE-IN
Class-map: MMR-STREAMING (match-any)
3532 packets, 5249960 bytes
30 second offered rate 9000 bps, drop rate 0
Match: dscp af31 (26) af32 (28) af33 (30)
0 packets, 0 bytes
30 second rate 0 bps
Match: access-group name MMR
3532 packets, 5249960 bytes
30 second rate 9000 bps
QoS Set
dscp af31
Packets marked 3532
BRKVIR-2002
Serial0/0/0:0
Service-policy output: WAN-EDGE
Class-map: MMR-STREAMING (match-any)
5456 packets, 8052828 bytes
30 second offered rate 393000 bps, drop
Match: dscp af31 (26) af32 (28) af33 (30)
5456 packets, 8052828 bytes
30 second rate 393000 bps
Match: access-group name MMR
0 packets, 0 bytes
30 second rate 0 bps
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 5456/8052828
bandwidth 5% (76 kbps)
Exp-weight-constant: 9 (1/512)
Cisco
Public
Mean queue
depth:
25 packets
Borderless Network
DMZ Deployments
AnyConnect aggregates enterprise display, telephony, and web
DMZ secured with a firewall (ASA)
Client
Network
ASA
SLB
Proxy
ASA
SLB
Broker
UCS
ISE
ISE
AnyConnect Tunnel
Display Protocol
over HTTPS
Display Protocol
BRKVIR-2002
Cisco Public
Borderless Network
Bring Your Own Device (BYOD)
Use Case Requirements
Design Requirements
Telephony
Client/Server
Local Apps/Data
VDI
VPN
MDM
Yes
Yes
Yes
No
Yes
Yes
No
Yes
Yes
No
Yes
Yes
Yes
Yes
No
Yes
Yes
No
Yes
Yes
Yes
No
Yes
Yes
No
No
No
Yes
Yes
No
No
Yes
Yes
No
Yes
No
VDI or Not
Offers access to legacy hosted client/server apps
Allow display only access to client/server with no local
data
Cisco Public
67
Borderless Network
VDI Firewalls
Non-Persistent desktops
Intranet
Apps
Apps
OS
OS
OS
BRKVIR-2002
App
OS
Secure Hypervisor
App
ISE
Internet
Guest Net
Cisco Public
Extranet
Data CenterCompute
Data Center
Considerations
Storage Scale
Compute
Cost
Performance
Scale IOPS
Scale
Power/Cooling
Space
Security
Cabling
Monitoring
IP address management
BRKVIR-2002
Cisco Public
Data Center
Statelessness For Automation & Efficiency
Application virtualization decouples
application from OS (i.e. ThinApp,
AppV, Provisioning Server, etc.)
Hypervisor decouples OS from
compute hardware
UCS Service Profile decouple server
from BIOS
Nexus Port Profile decouples cabling
from server
APP
APP
APP
APP
AppVirt
AppVirt
AppVirt
AppVirt
OS
OS
Hypervisor
Server
BIOS (UCS Service Profile)
Port Profile
Network (LAN/SAN)
BRKVIR-2002
Cisco Public
Compute
UCS Blade Servers
B22 M3
B200 M3
B230 M2
B420 M3
B440 M2
Slots
CPU
E5-2400
E5-2600
E7-2800
E5-4600
E7-4800
Cores
16
16
20
32
40
DIMMs
12
24
32
48
32
Max GB
384GB
soon)
512GB
1.5TB
1TB
Disk
2 x 2.5
2 x 2.5
2 SSD
4 x 2.5
4 x 2.5
Raid
0/1
0/1
0/1
0/1/5/6
0/1/5/6
Integrated I/O
Dual 10Gb
Dual 20Gb
No
Dual 20Gb
No
Mezz
BRKVIR-2002
Cisco Public
Compute
UCS Virtual Desktop Densities
Blade14
Server
CPU
Server
Memory
Desktop
Configuration
Per
Blade
Per
Chassis
Per Domain
20 Chassis
B200-M1
48 GB
WinXP 512 MB
128
1,024
20,480
B200-M1
96 GB
WinXP 512 MB
160
1,280
25,600
B200-M1
192 GB
WinXP 1024 MB
150
1,200
24,000
B250-M1
384 GB
WinXP 1024 MB
332
1,328
26,560
B250-M2
192 GB
Win7-32 1.5 GB
110
440
8,800
B230-M2
512 GB
Win7-64 2.0 GB
175
1,400
28,000
B200-M3
384 GB
Win7-64 2.0 GB
184 HVD
225 HSD
1,472
29,440
BRKVIR-2002
Cisco Public
Compute
CPU Considerations for Virtual Machine
CPU class
CPU class is affected by number of cores, CPU clock speed, amount of cache
memory and CPU virtualization technology
Cisco Public
Compute
Example CPU Capacity Planning
Planning
Windows XP 150-250 MHz
Cisco Public
Compute
Example CPU Capacity Planning
Planning
Windows XP 150-250 MHz
Cisco Public
Compute
Example Memory Capacity Planning
Compute
Forms of Hosted Desktops
Characteristic Hosted Virtual
CPU Use
Memory Use
Storage IOPS
Personalization
Cost
High
High
High
High
High
Hosted
Shared
Medium
Medium
Medium
Medium
Medium
Published
Low
Low
Low
Low
Low
Web
Low
Low
Low
Low
Low
Cisco Public
79
Compute
C240 M3 Graphic Processing Unit (GPU) Support
C240 M3 Slot Support
NVIDIA GVX K1
4x Entry Level Kepler GPUs
Slot 2
Slot 5
130W
OS Support
NVIDIA GVX K2
Hypervisor Support
225W
BRKVIR-2002
Cisco Public
Compute
GPU Dedicated and Shared
Hypervisor
Virtual Machine
Virtual Machine
Hypervisor
Guest OS
Apps
NVIDIA
GPU
RemoteMachine
Virtual
Protocol
NVIDIA Guest OS
Driver
Remote
Apps
Protocol
NVIDIA
Driver
Remote
Apps Guest
Virtual
OS
Machine
Protocol
Translation
Execution
Readback
Remote
Guest
OS
Apps Driver
API Capture
(DX9)
Protocol
Remote
Apps
API Capture Driver (DX9)
Protocol
NVIDIA
Driver
NVIDIA
GPU
NVIDIA GPU
Guest OS
Virtual
Machine
Shared GPU
Knowledge User
Hypervisors
Microsoft Server 2008 Hyper-V with
RemoteFX
Vmware ESX with View Planned
Cisco Public
Compute
Full NVIDIA VGX GPU
Shared GPU
Designer, Power or
Knowledge User
Virtual
GPU
Manager
Hypervisors
XenDesktop 5.x
Virtual Machine
Hypervisor
Hypervisor
Device
Emulation
Framework
Guest OS
Virtual
Machine
Remote
Apps Guest
Virtual
OS
Machine
Protocol
Resource
Manager
Remote
Guest
OS
Apps USM
NVIDIA
Protocol
Remote
Apps
NVIDIA USM Protocol
NVIDIA USM
XenDesktop 6.x
Microsoft TBD
Vmware TBD
State
GPU
MMU
BRKVIR-2002
Graphics
Commands
NVIDIA GPU
Cisco Public
Per-VM
Per-VM
Dedicated
Per-VM
Dedicated
Channels
Dedicated
Channels
Channels
Remote
Display
Data CenterStorage
Storage
Overview
Type
File Access
Virtual machine
User data
Profile
Virtual applications
Storage
Storage Area Network (SAN)
Network Attached Storage (NAS)
Direct Attached Storage (DAS)
File System
Block Transport
Data Deduplication
BRKVIR-2002
Storage
Master, Replica, and Clone
Operations
Refresh Clean desktop, Pristine image
Recompose Migrate existing desktops from one
version to the other
Re-Balance Re-locate desktops to enable efficient
usage of the storage available (add more storage or
retire existing array)
Cisco Public
Storage
NFS Linked Clone Storage Consumption
Replica is a full
clone
Linked clone
consumes
<10%
Linked clone
bloats over time
Expect about a
50% savings
depending on
desktop
type/use
BRKVIR-2002
Cisco Public
Storage
Example Desktop Storage Planning
Planning
Windows XP 5-10 IOPS
Storage
Acceleration
Agent
Agent
Agent
Agent
VM
VM
VM
VM
Guest #1 Guest #2 Guest #3 Guest #N
VMTools
VMTools
VMTools
VMTools
Hypervisor
Shared
Storage
Cache
Optimizations
Deduplication
Compression
Coalescing
Content-Awareness
Cisco Public
89
Storage
Planning
Storage Requirements
Total number of desktops
Type of desktops (persistent, nonpersistent)
Size per desktop
OS for desktop
Worker workload profile
Storage growth horizon
Disaster recovery, backup, and data
protection requirements
Size of NAS (CIFS) home directories
Roaming profiles
Transport De-duplication
Transport workload mobility solutions
Shared storage replication acceleration
(SRDF, SnapMirror, etc.)
Workload mobility acceleration (Clone,
VMDK access, etc.)
BRKVIR-2002
Planning
Consider DAS for Non-Persistent Desktops
Use shared storage with RAID and
replication for persistent desktops and user
data
Use Linked Clones or File Level Flex
Clones for storage capacity
IOPS (4096 Bytes/IOP)
WinXP 5-10
Win7 10-20
15K RPM drive 200 IOPS
SSD drive 10,000s IOPS
Reads versus writes
Network
Deployment Considerations
WAN Edge
WAN Edge
DC-1 Core
DC-2 Core
VDI
VM
1
VM
2
Apps
VM
3
VM
4
VM
5
Data
VM
6
VM
7
VM
8
VDI
VM
9
VM
10
VM
11
Apps
VM
12
VM
13
VM
14
Data
VM
15
VM
16
VM
17
VM
18
Cisco Public
Network
Nexus 1000V Virtual Switch Architecture
Virtual Appliance
VSM-1 (active)
Network
Admin
Back Plane
VSM-2 (standby)
Supervisor-1 (Active)
Supervisor-2 (StandBy)
Linecard-1
Linecard-2
NX-OS
Data Plane
Linecard-N
Modular Switch
VEM-2
VEM-1
Hypervisor
VSM: Virtual Supervisor Module
VEM: Virtual Ethernet Module
NX-OS
Control Plane
Hypervisor
VEM-N
Hypervisor
Server
Admin
Hypervisors: vSphere (shipping); Win8/Hyper-V (planned)
BRKVIR-2002
Cisco Public
93
Network
Advanced Features of the Nexus 1000V
Switching
Security
Network Services
Provisioning
Visibility
Management
BRKVIR-2002
Virtual Services Datapath (vPath) support for traffic steering & fast-path off-load
Cisco Public
94
Network
Securing VDI with Cisco Virtual Security Gateway (VSG)
Persistent virtual workspace for the
doctor
Flexible workspace for Doctors
assistant
Maintain compliance while supporting
IT consumerization
Server Zones
Healthcare
Portal
Database
Application
Virtual Security
Gateway (VSG)
IT Admin
HVD Zones
Records
Assistant
Doctor
Guest
ASA
Network
iT Admin
Guest
Doctor
Cisco AnyConnect
Reference Architecture:
Cisco Public
95
Network
vWAAS Out Of Path With vPath
Interception based on port-profile
policy configured in Nexus 1000v
Virtual
Desktop 1
vWAAS
Virtual
Desktop 2
Bidirectional Interception
Capture display traffic inbound
Capture desktop protocol traffic outbound
vPATH
Nexus 1000V
VMware ESXi Server
Cisco UCS x86 Server
BRKVIR-2002
Cisco Public
vCenter Server
Network
Security Options
Patching
Persistent desktop versus non-persistent desktop
Virus Scanning
Virtual machine virus scanning
VMSafe service in vSphere
NAS (file server) based virus scanning
Network or proxy based virus scanning (Scansafe/Ironport)
Zoning by User/Group
Application
Desktop
BRKVIR-2002
Cisco Public
IO Planning
Sample Bandwidth Planning
Storage (in and outbound)
20 IOPS per desktop at 4K Bytes EA
671 Kbps EA (assume 1 Mbps)
1 Gbps for 1000 HVDs in UCS blade chassis
Assume 1 Mbps per HVD
UCS Chassis
APP
APP
APP
APP
AppVirt
AppVirt
AppVirt
AppVirt
HVD-1
HVD-1000
Hypervisor
Server
BRKVIR-2002
Display
Network (LAN/SAN)
Storage
Total
Cisco Public
Desktop
Protocols
Architecture
Architecture
Large Scale Virtual Desktop Architecture
Branch
Thin Clients or display protocol
clients
WAN Acceleration (1 connection
per HVD/HVA)
Disp Protocols
Theatre
Desktop
Centers
App Protocols
Corporate
Application
Data Centers
Cisco Public
Architecture
Fault Domains
Client
Client 1 user
Broker Up to 1000
Storage 1 to 10,000
LAN
BRKVIR-2002
WAE
WAN
WAE
ACE
Broker
Cisco Public
UCS
Storage
Architecture
WAAS NFS Transport DeDuplication
Client LAN attached terminal
Storage
NFS from ESX to NAS
C1
C2
C3
UCS
WAE
Network
WAE
NAS
RDP
NFS
BRKVIR-2002
Origin Connection
Optimized Connection
Cisco Public
Origin Connection
Architecture
Remote NAS WAAS NFS Storage Acceleration
Display protocols are
challenged by rich media
BRKVIR-2002
WinXP
NFS Origin
NFS Optimized
Action
Percent
Optimized
Boot
204
2.922
98.61%
Login
91.781
1.938
97.89%
Office
201
3.584
98.26%
Web 5X
21.5
0.433
98%
On demand
Flash
3.333
0.062
98.18%
Cisco Public
RDP
NFS
Replication
WAN
#1
WAN
#2
Event
NAS fails over to replicated
NAS using L2 extension or
Route Health Injection (RHI)
WAAS enables desktops to run
from NAS in remote data
center
View Clients maintain display
protocol connection with
stationary compute VM
r1
Si
r3
r2
Si
e1
c1
e3
r7
Si
Si
r5
c2
r9
r6
Server
Farm 1
Server
Farm 2
f1
r8
f2
r10
e2
BRKVIR-2002
r4
e4
Cisco Public
UCS
WAE
IP Network
WAE
UCS
Cisco Public
RDP
NFS
Replication
WAN
#1
WAN
#2
Event
NAS fails over to replicated
NAS using L2 Extension or
Route Health Injection (RHI)
WAAS efficiently migrates
desktop VMs to backup
compute following storage
Client VMs can preserve IP
with RHI, L2MP, or request
new IP through DDNS
r1
Si
r3
r2
Si
e1
c1
e3
r7
Si
Si
r5
c2
r9
r6
Server
Farm 1
Server
Farm 2
f1
r8
f2
r10
e2
BRKVIR-2002
r4
e4
Cisco Public
BRKVIR-2002
Cisco Public
Strategy
Strategy
Approach
Centralized when you can
Communications Email
Productivity Office, Wiki
Information Management File, Sharepoint, iDisk, etc.
Business applications Client/Server
Business intranet web
Print
BRKVIR-2002
Cisco Public
Strategy
Considerations
Business
Identify worker types (i.e. Task, Knowledge, Power, etc.)
Pursue when it makes business sense
Address security and compliance requirements
Consider the workspace (not just a desktop)
Consider the employ onboarding and off-boarding workflow
Design
Fault domains
Disaster recovery
Shared storage scalability
Application concurrency
Per application requirements (One bad app ruins a bushel!)
Rich media or graphic intensive applications have many caveats
Stateless desktop is the goal
BRKVIR-2002
Cisco Public
Automation
Employee Onboarding
Single request from user, using Cisco Cloud Portal (CCP)
Approved by Manager
With Automation
Install Applications
Manual Process
take several days
Before:
Secure it
Automated
Self-service
On-demand
within minutes
Secure it
Ready for use
After:
Conventional VDI
Manual provisioning
Hard to control utilization
High provisioning & ops cost
Extended provisioning time
Configuration risk
BRKVIR-2002
Cisco Public
Experience
Unify
Operate
BRKVIR-2002
Cisco Public
Customer
Needs
Virtualized collaboration
Troubleshooting virtual
desktops
BRKVIR-2002
Cisco Public
Customer
Needs
Citrix XenDesktop
Citrix XenApp
Cisco Public
Virtualized collaboration
Troubleshooting virtual
desktops
BRKVIR-2002
Customer
Needs
Virtualized collaboration
Troubleshooting virtual
desktops
BRKVIR-2002
Cisco Public
Customer
Needs
Virtualized collaboration
Troubleshooting virtual
desktops
BRKVIR-2002
Cisco Public
BRKVIR-2002
Cisco Public
Questions?
BRKVIR-2002
Cisco Public
Collaboration
Borderless
Network
Ruins$100
a bushel
Up to 90% bandwidth
$100
savings
DAILY
Wyse
$100
DOUBLE
Profile virtualization
$200
$200
VXC
1494$200
and 2598
$200
IOPS
Task$200
worker
$300
VXI
Web, Telephony,
$300
and Display
4172 and
$30050002
$300
$400
$400
$400
$400
$400
$500
$500
$500
$500
$500
$1000
$1000
$1000
$1000
$1000
$2000
$2000
$2000
$2000
$2000
BRKVIR-2002
Data Center
Pot Luck
Cisco Public
124
BRKVIR-2002
Cisco Public
Call to Action
BRKVIR-2002
Cisco Public
126
BRKVIR-2002
Cisco Public
127