Slashdot Mirror
Experiences with Replacing Desktops w/ VMs?
E1ven asks: "After years of dealing with broken machines, HAL incompatibility, and other Windows frustrations, I'd like to investigate moving to an entirely VM-based solution. Essentially, when an employee comes in in the morning, have them log-in, and automatically download their VM from the server. This gives the benefits of network computing, in that they can sit anywhere, if their machine breaks, we can instantly replace it, etc, and the hope is that the VM will run at near-native speeds. We have gigabit to all of the desktops, so I'm not too worried about network bandwidth, if we keep the images small. Has anyone ever tried this on a large scale? How did it work out for you? What complications did you run of that I probably haven't thought of?"
Do it in Linux - works perfectly and seamlessly!
There are a lot of complications using a VM - there's no 3D, no good audio etc.. Plus if your base computer does not fit into the HAL, you can't expect much out of the VM. I am actually surprised at this - a VM will give you the benifit of portability, but if that was your goal you'd be better off giving a laptop to all your employees.
Microsoft: "You've got questions. We've got dancing paperclips."
So we could get inline goatse, rather than obfuscated links and ascii art?
thin client be a cheaper and easier solution per seat?
Sounds like you want something like Citrix.
Although, what you could do is automagically have a standard WinXP workstation login on startup. Next, have VMWare in the startup folder so that it begins as soon as the computer logs in. Finally, have VMWare point to a disk image loaded on your server. The employees will then see a full-screen VMWare ready to authenticate on the network and begin their day.
If you really wanted to be fancy, have that image automagically map to a network drive on your SAN/NAS as the D:\ drive. Tell employees to use the D:\ drive to store all work-related documents.
It could work. But you'd be looking at maybe 5 minutes for the morning boot-up. Not to mention all the employees hammering the network for a 2~4gb image at 7am will really thrash the servers.
If you insist on doing this, go a bit further. Activate that WoL crap and autoboot the workstations at staggered times between 6am and 7am.
I'd rather you do it wrong, than for me to have to do it at all.
Because avatars on a forum of this size(or even anything approaching such) are a disaster waiting to happen? It only works for Digg because theirs are so small you're better off sticking with the default. And it works for GateWorld because you have to get a certain post number for a custom av and the mods fully delete posts.
Please, for the good of Humanity, vote Obama.
Get some Sun Microsystems SunRays. Seriously.. thats exactly how they work. Your session can be saved on server and resumed anywhere else you plug in your smart card. One server and all of the terminals you need.
Wouldn't setting up a terminal server and thin clients be cheaper and more efficient to manage? Granted, this puts processing in a central location rather than on the client side, but in an office environment, this should not be a problem, and should have the same performance as using the VM.
I guess you're a Neal Stephenson fan and want to work for the gov't?
LTSP.ORG does somthing similar. You run X clients on a common "server" and view it with an X server on almost anything with 64 megs or more of memory.
I work at a client site where I implement large software. I have my own laptop, which due to sadly lacking Oracle WAN performance, I primarily use as a dumb terminal to various Citrix apps, and Windows Remote Desktop at my home office where I can run Visual Studio, db-based apps etc.
This works great, with one major caveat. If the network starts stuttering, performance of remote desktop and citrix both suffer badly. Otherwise, the benefits are great: much reduced amount of sensitive data on laptop, access to a higher performance office machine, less app latency when talking to 'local' databases 2000 miles away.
-- "It's not stalking if you're married!" My Wife.
in terms of CPU cycles, that'll be a huge load on the servers while the desktops go underutilized (well actually, those VM players seem to be pretty piggy, you need 2G RAM or you'll max out the CPU) And the interactivity won't be as good as native Windows desktops.
What about the documents people create and edit, as well as apps they might want to download or install themselves? If they store them "locally", they'll be gonzo when you swap in a new image. There'll be some unhappy campers.
I'm a vmware/virtualization fan, but I don't think this is the best application. It seems to me that it would be smarter to use terminal services / citrix / a thin client approach
If you were going to use vmware, make a standard image and push it out to the local hard drives. don't update that image unless it is time to push out a new set of windows udpates/etc. if you need to update the image though, that is going to be *hell* on your network/file servers.
I think it makes more sense to run a virtualized server than a desktop.
Also, you might end up paying for 2x the XP licenses since you'd have to pay for the host + guest operating systems.
Evolution: love it or leave it
Well, you'd still be running Windows (if that's your poison), and so your users would still be subject to (say) all the Outlook or Explorer weaknesses and exploits. The main upsides I'd see are
(a) presumably all VMs have the same device model, so you'd be running the same image everywhere, and
(b) assuming you carfully partition out the users' data to a different volume, you can give them a "fresh" virtual machine (a fresh Windows registry!) every time.
Nice and useful, but still not bomb-proof.
Where I work, we have a domain so a user can log onto any computer and have their email & favorites all set up. In their profile, it automatically maps their departmental network drives and their personal network drive (where they're supposed to save their documents to). The normal programs are installed on every machine, and it's not hard to temporarily install any special programs they need on the machine they use in the event theirs in unusable. The only issue we have is that for some reason, no matter how much we tell them to save on the network, they apparently refuse to listen and save stuff on their hard drive. And then subsequently blame us if their hard drive dies and they lose data. But that's another story.
What's the matter, James? No glib remark? No pithy comeback?
Wouldn't this make your system a lot more vulnerable to rootkits?
Why not use a more centralised approach, with a rack of blade servers running the client VM machines, load balanced using VMWare and thin clients on the desktops?
This means replacing the users desktop hardware is very easy, they can use 'their' PC image from any Thin Client on the network, or over VPN from home, and to wipe and reload their PC is automated from within VPWares consoles.
Have you looked into thin clients? You're describing them. Doing it with Linux is simple, faster, easier on servers, etc. Novell put in a solution for us...10K users login to a few dozen servers every day across the US. SLED 10 workstations (thin clients) have some software on them and some on the server. User files are on the server. When we want to upgrade boxes we upgrade the servers and are done. User somehow breaks the box (not that malware and viruses are big issues at this point, but sometimes things happen with users who maliciously boot from CDs) and we push out a new thin client image to that workstation. No onsites as we use remote X sessions and VNC if needed.
:-)
I have a dream job and could really work from home for most of it except meetings w/my boss when he gives me my bonus.
I'm not experienced with a VM setup like the one you describe, but let me offer this - if you have them download their images every morning you may run straight into a brick wall. Performance testers call this "the 9am syndrome", and you'll need some fairly serious server bandwidth to handle everyone copying such a large file. This will turn your network, and the disc you're serving the images from, into a seething pile of molasses. OK maybe I'm being a shade gloomy, but I'd recommend not going the download route it if all possible. Even if you have 1GB to the desk.
I needed a quick and cheap solution for some Windows machines for our QA group to test things on. We bought some VMWare Workstation licenses and ran 6 VMs running XP on each beefy machine. (About the limit for a machine with 4GB RAM) Granted, there are better VM solutions than Workstation, but we wanted cheap and quick. Don't count on it for anything mission critical. About every two weeks, VMWare would basically eat itself and the Linux box. However, it was easy from a maintenance point of view, because I could VNC in and see all 6 VMs at once. Also, since VMWare has a cloning feature, anytime QA infected the machines with something nasty, or just pissed off XP, I could re-clone it. Also remember that any VM hogging resources can slow down other VMs on the same host.
However, for the context that you are speaking about, I would take the advice of individuals below and look at Citrix or roaming profiles.
I can understand completely the desire to centralize computing resources so that you can cut desktop maintainance costs, but even if you have gigabit to all the desktop systems, thats still nowhere near the speed of an internal hard disk, also what happens for laptop users? Perhaps you could solve this using a replication system of some kind that just checks if the images on the server are different than the locally stored ones, and if so use a binary patching system to update the local version, but that in of itself likely would be a maintainence nightmere.
Also my personal experience with VMware, Virtual PC and Qemu has consistently been that its there is a noticable difference in speed between native hardware and the VM. In the interest of customer satisfaction (users get pissed with slow systems) I would keep using native hardware personally. Of couse you can minimize driver/HAL problems by keeping your hardware as standardized as possible (buy the same model from the same company for everyone as much as you can.)
In short my humble opinion is keep it simple.
You can have remote profiles, and even link the desktop, my documents etc to remote folders.
Why go through the overhead of a VM? Citrix is one idea, but the most efficient thing is to just make their profiles remote.
"Give orange me give eat orange me eat orange give me eat orange give me you." -Nim Chimpsky
Citrix is probably the worst software I've ever had the displeasure of using. Buggy, slow when it shouldn't be, and just generally horrible to use. Just... don't.
USE A THIN CLIENT TERMINAL
USE A THIN CLIENT TERMINAL
Setup a machine to serve out a bunch of virtual terminals.
Have your machines running a thin client. Citrix thin clients, citrix server.
Or my personal favorite, which is rdesktop on Debian stable.
Why bother with all this 'download this/download that' bullshit? Just use a thin client, obviously the think windows clients require to much work to maintain and are too much of a pain in the ass for what you need.
http://www.vmware.com/products/enterprise_desktop. html.
I can't give you the exact details on how this would be done because I haven't actually tried it, but it should be workable.
The idea is that all your desktop machines would be running a minimal Linux install that can easily be replaced on short notice using various imaging techniques.
Basically these machines would just enough to run a graphical login, wherein after a user logs in, it runs a script that fetches that user's QEMU disk image from some network drive and puts it on a local hard disk. It would then boot up QEMU with that image.
Those disk images would be in QEMU's ideal format, qcow. Qcow has a number of nice features including AES encryption and compression. Also, the disk images can be separated by base images and changes (which can be committed back to the base image).
Finally, I would try to contact Fabrice Bellard so that you can install the kqemu accelerator on all the machines or see how well it works with the Free QVM86 replacement (NB: its development seems to have been frozen for almost a year now).
// file: mice.h
#include "frickin_lasers.h"
If you have to ask such a question, it is clear that you don't know anything about Capacity Planning.
Your VMware solution eats RAM and CPU cycles away from the target PC. You may or may not have that capacity available on your existing PCs. You may have not considered that power-user in the corner who is already using 1.6 GB of RAM (in disk-cache or whatever else keeps her productive as she flips between open windows from multiple applications) --as you "plan" to take 800MB away from her with your VMware solution. If you had any responsibility for budgeting the purchases of the PCs, which includes predicting how long they will last, you would know you have to do a capacity plan. But the fact that you ran gigabit networking to each of your desktops tells me you have your head firmly up your ass anyway. Suggest this post should not be on Slashdot because it is incompetent. Now if you had asked how to do Capacity Planning, that would be an entirely valid subject of general interest to everyone.
So a lot of expensive desktops emulating, um, pretty much themselves, using funky somewhat pricy software, running substantial images pulled off of expensive servers over an expensive network (bacause GB'net or not, a building full of folks starting up in the morning is gonna hammer you.) Then comes the challenge of managing all of those funky images, reconciling the oddities of an emulated environemnt, etc.
Could you make it work? Sure. But I gotta wonder if it'd be worth it.
Is gonna be any better then a well managed native environment? Or going Citrix clients? Or Linux/MacOS/terminals (chose your poison) boxes instead of MS Windows?
I hear your pain, I just think you're substituting a known set of problems with a more expensive, more complex, more fragile, baroquely elaborate, well, more-of-the-same.
It doesn't sound like much of an improvement really, just new and more complex failure modes, at extra cost.
Though, I guess, if you're looking for a new, challenging, and complex environment this would be it; just take your current one and abstract it another level. I wouldn't want to be the one footing the bill, or trying to rely on any of it, but at least it'd be something different.
I don't read ACs: If a post isn't worth so much as a nom de plume to its author then I wont bother either.
Emulab has the ability to dynamically load images over the network...uses a multicast protocol as well in order to make the pushes more efficient. Full loads of 50-100 nodes in under 10 minutes.
I've done this for a major PC OEM and for a couple of smaller tech shops. The single biggest complaint everyone has is that the performance is abysmal. When people are used to having on-board AGP/PCI-E graphics, plenty of RAM and snappy hard drives, putting them on remote storage or (/shriek) thin clients is just about guaranteed to piss off anyone not doing data entry in a simple spreadsheet.
On the other hand, it serves as a roundabout method for keeping people from doing things like downloading games and movies, as the thin clients and such will usually only support basic 2D rendering at anything resembling acceptable speeds.
The company I work for Applianz has been doing something very similar for several years. Applianz creates network appliances for large commercial software companies using a technique of every user running on a seperate VM including the server. Instead of downloading the whole VM to each user the system just connects them thin client but the idea of one disposable VM per user is the same. At least for our application the it works extremely well and allows user's virtual PCs to be disposed and recreated at will so that users have a perfect experience every time they use the system.
I personally think your existing setup is was not well thought out and planned and you are now looking for a bandaid.
I guess your HAL problems are the major issue. You CAN overcome over 95% of those issues with the MS deployment configuration tools and ghosting (here and here is a start). It takes some engineering commitment to get that up and going but once the framewrok is on place, the minisetup should not be a problem across different hardware. I realy do think it is worth the inital time and effort for something like this.
Considering my above statements..
I have worked at many places and the ones with good backend engineering are much better off in the long run. I am not trying to knock anyone down here but honestly, if your facility is run by tier technicians, you get what you have now. Imagine going through an upgrade or service pack release? Some companies can perfrom those on 500 PCs in a single night without ever actually visting a PC. Some speand weeks doing one at a time. Unfortunatly, the later of the two is the nature of the business when "support" is contracted out. Someone doing engineering is no where to be found. The tools are freely available from MS and third parties to make all of your various PCs pretty much act as one.
They just used NIS and NFS, and the net effect was pretty much exactly what you describe... Sit down at any machine, log in, and your environment loads exactly the way you left it on the last machine, everything's safely backed up at the server end, and the client machines are pretty much disposable and interchangeable, and so on. Only difference if you're not farting around with virtual machines... ie. you're not quite as "cutting edge" but on the desktops themselves, don't you want a more proven system? So why wouldn't you just do the same thing, and use said proven, if something of a pain to administer, system?
As an alternative to NIS, Netinfo does much the same thing, only it wasn't designed by people quite so sadistic as NIS. You'd still be using NFS though...
cya,
john
Imagine all the people...
First off, I don't think VM'ing your desktops is the answer. Current VM's really dumb down the hardware. You lose 3D, sound, and most of them run a bit slower than native (some quite a bit slower). Couple that with the size of most VM images (my Vista image is about 12GB) and you're really looking at a poor solution.
Here's what you should be thinking about:
- Get some kind of desktop management suite like Altiris. You can push software deployments easily, and it's very easy to lock machines down to the point where users can't fsck them up. I've consulted for companies that do this with hundreds of desktops and it's a very robust, reliable system.
- Go with a thin client setup like Citrix or Terminal Server. Users run nothing on their local hardware. Instead, everything runs on the big server. Downsides are similar to VM's (thin clients are notorious for very lightweight support for anything but the most basic sound and graphics) but you are at least spared the massive network thrashing of hundreds of users logging on and pulling down VM images at 8AM every morning.
- If it's users messing up machines that you're worried about, you might want to consider a solution by Clearcube. They take away everything except the keyboard, mouse, and monitor. The guts of the PC reside in a server rack in what is essentially a PC on a blade. The blades are load balanced and redundant, so swapping them out is a breeze. And users *can't* load software on them because there's no USB ports, no floppy drive...nothing! Unless you allow them to download it from the Internet, *nothing* is going to get on those machines if you don't want it to.
VM's make sense for server consolidation. I don't think they've yet gotten to the point where desktops run on them as a form of protection or reliability. There's too many other solutions that work better and have fewer downsides. The problem here isn't Windows per se, it's the fact that your workstations aren't locked down properly to prevent your users from doing stupid stuff in the first place. Fix that and suddenly you'll find a Windows workstation environment isn't the hassle it once was.
In the end they will lay their freedom at our feet and say to us, Make us your slaves, but feed us. - Fyodor Dostoyevsky
Only advantage over citrix is, that each user can be allowed to screw up his daily copy of the vmware machine.
Otherwise Citrix and thin clients are probably better. Well, thin clients would always be better, also for this.
Then you just revert to OK snapshot for the user every day. No copying.
Patching would be difficult, as you would have to patch x VMs rather than x/30 citrix servers
Is there some special reason why the users need to have their own XP image? If not wouldn't it be easier to just force them to save their work on a network share and ghost the machines back to the stock image every night?
An "unsupported configuration"...
In Soviet Washington the swamp drains you.
On a desktop machine (single-proc, 1GB, etc, cost ~ 3000/- USD), our product would build in 9.5 minutes, while on a server class machine (dual proc, 2GB, etc, cost ~ 800/- USD) with 5 builds going simultaneously, each build would complete in about 4 minutes. So you may want to consider about 1 server machine for every 5 developers (or users), with each developer having a thin terminal running RDP client. This would have been the most viable solution for us, except we had already invested in desktop machines.
Some folks at Stanford do this. They call their system the Collective. They use VMWare and support Windows VMs and Linux VMs, depending on the app that's needed, at least according to the paper.
You're asking for advice on /. suggests you're not qualified.
Several ways to fix this and get qualified:
1) Trial it on a small number of less important users. Get feedback. Make sure you listen to that feedback. Allow a decent period of time for the trial so initial teething problems can be sorted. Allocate sufficient resources to deal with early issues. This is the hard way to learn...through experience.
2) Hire expertise - someone that's done this before, to implement and advise. Make sure it's not a vendor since you won't know if you're being screwed till its too late.
3) Get some training.
DO NOT try to implement this for a large number of users in one hit. You're a fool if you do.
These posts express my own personal views, not those of my employer
I've had a few issues in getting used to using a VM as my primary desktop, but I've found it's a very elegant solution to portability and hardware upgrades. I don't need to worry about "upgrading" computers, synchronizing data between my desktop and laptop, and backing up my entire system state.
I use VMware Server on my Fedora Core 5 desktop and my Windows XP laptop with a USB 2.0 hard drive containing my VM image. I've found it's worked well for most things I do, including development, watching videos, working in Photoshop, etc. Backups are quite nice too: a quick tar cz foldername | split -b 1073741824 - foldername.date.tar.gz. away. VMware's products are quite mature; I have only had a few issues during the VMware Server beta that the development team resolved right away.
Winblows Term serv. rdesktop live boot or wise terms....... although a cdrom and a miniitx is cheaper- no hd just cd with boot cd of rdesktop. imo
Basically, downloading the VM everytime would be tedious (even with good servers and good bandwidth) and would anyways be unfeasable for mobile users.
Citrix has the advantage of thin client but has numerous disadvantages on a user experience point of view (not an individual environment, you have to be online...)
Some of the 'physical' problems you'll meet with running VMs will indeed be the lack of support for accelerated graphics, I guess, extra memory needs that usually exeed the initial estimation, exotic drivers and functionalities (laptop 'sleep', wireless cards...) and (perhaps) the time synchronization issue.
You'll still have to maintain your host OS for every piece of hardware. And that might be non-trivial even with Linux (again, think of laptops).
A great advantage of VMs on the desktop is that you can offer several VMs to your user (different ones for internet access and office work, or a 'personal' workstation and a 'corporate' workstation, or for development folks a 'development' workstation and a 'production' one, you can also say that you have an 'internet-access' workstation that you undo every day and a 'production' one that doesn't have a access to internet at all, possibly on different vlans using dot1q on the host) without having to reinstall/reboot/add machines. Just make sure you negotiate licenses schemes for that kind of set-up.
Your 'host' OS should provide a GUI for choosing to either use the currently installed image(s) or to download a 'fresh' one from the server. Integrating that kind of flexibility in AD is not very easy to achieve but with sysprep and some clever scripting can be possible.
User data management can also be a problem in 'disposable' VMs. I'd guess that offline folders (or whatever it's called today) can be kind of a solution but you really want to make sure it works as advertised before deploying that in large scale.
Also think of maintaining the software (security updates...) on your VMs. They may be difficult to maintain as you can't control whether they're on or not and even whether they're still existing or not...
I think it's feasible (I've actually been using that in my test environment for a while, but it was a very small network with only a dozen users or so and not doing actual business with it) but expect it to be challenging to plan, prepare and roll-out.
just my $.02
Sounds like you're trying to solve the same problem X11 is designed to solve. Have you looked into getting a bunch of X terminals and one super-powerful machine?
Help us build a better map!
You have no idea who you are talking to, yet you can judge the individual. They asked a simple question of a bunch of geeks to see if others have done it. Nothing more. And to be totally honest, I can not think of a better site to obtain useful info (mixed with absolutely worthless info, fud, and comdemnation).
Yet, you throw out basically worthless info. I am sure that they will be trialing it. But if others have done it, and offer useful info, they can also check out paths to take (or avoid).
To E1ven: Please try it out on a couple of different set-ups and let us know. It would be useful to see how it works with Xen (combined with qemu for the windows stuff).
What size are you expecting each image to take? Windows XP isn't exactly lax on storage space, and applications for them can take another gigabyte without difficulty. Preloading a few gigabytes does take a bit of time; I suppose after that you'd use Windows sharing.
I think the previous comments about Citrix or such are a better solution. Terminal services, while not exactly cheap, may also work well for you. For a Unix environment, xdmcp is feasible in many circumstances. But as far as smart clients go, I'd be less than enthusiastic about remote VMware images. For one, you'd still need to run (say) a Linux host operating system underneath, which has much of the same difficulties as you'd see in Windows.
Doing the Right Thing should not be preempted by making a buck.
You've obviously never maintained a Thin Clien Network...
It was called using a mainframe and 3270 terminals. Very reliable, easily updated.
...or Mac type VMs, but as for Windows... ...don't. It's a massive nightmare. Any changes, and I mean any changes to the base configuration of the computer the user is sitting at result in unforseeable and often nightmarish problems with the virtual machine. It's especially bad with any proprietary software which may or may not have been designed to be flexible enough to handle virtualization. Then there's network problems, which are too numerous to really go into.
Just don't do Windows on a VM. It sucks.
I have no tag line
I didnt see anyone ask what applications you are trying to run. If its just typical office applications without any custom software then you could use Puppy Linux. I run it on a 400Mhz winterm with 256Mb ram off of a 2Gb flash card in a cf/ide adapter it boots in less that a minute supports pretty much all current hardware and will install on an ancient 1Gb hard drive with plenty of free space and supports logging in to windows fileservers..... you can even put it on a 256Mb usb thumb drive for a modern computer and boot from that and still get on the network. Oh and did I mention it looks almost exactly like windows?
Anybody else agree.... why kill your network? , I dont care if its 10Gb fiber there are better solutions than running everything over the network. If you really need to run windows apps you will still have the flexability to run them through a VM or a program called wine about the only thing that you cant run very well are games(ie Elder Scrolls: Oblivion) but thats not really working anyway. So what do you think?
Just remember there are thousands of people on here that will give you excellent recommendations all you have to do is ask good questions.
why not use something akin to custom knoppix/ubuntu/suse live cd....then have samba shares and ldap login...you just have to push out new cd images periodically for maintainance/upgrades...also, as someone stated above, there are thin clients...cd's would be ghetto solution - thin clients, the more expensive, but asthetically pleasing and easily remote managable solution
In addition, I think IBM is supposed to have a completely web based collaboration/email/office suite type thingy...so you can kinda centralize that stuff too, seperate from clients (think its java based, so works on macs, windows, linux, ect..)
Isn't it funny that people are encountering the same problems that faced the computer industry 30 years ago...leading to the SAME solutions...virtual machines (yeah 30+ years old) and server/terminals setups... =P
I think I have to disagree. Most of the better gigabit nics out there support PXE boot. Get a small boot loader image going. If these will all be on the same lan segment, at boot time it will grab the latest loader image, boot the small loader (~2MB). The loader can then boot the full OS image.
You can then just capture or encapsulate the computing session to an image file. It's not a full virtualized environment, as you still get the benefits of the cpu horsepower at the workstation, but if corruption occurs ou just roll back the session file. I think.
This is how Windows hibernation functions in a nutshell, just dumps RAM to a file I think. I haven't tried this in practice, but it should work.
Karma: Chameleon (mostly due to the fact that you come and go).
They'd just as easily be able to screw up their image as they would their native PC. Just use profiles/rdp like everybody else. You don't have to try to squeeze every bit of technology into your setup.
He never said that he would experiment with a large corporate base. He is exploring options. Nothing more. BTW, it is companies that take chances that grow fast. For example, it was Bob Crandell at AMR that took moved the the Sabre system into doing a large number of inovative ideas. Once Carter de-regulated the industry, AMR was then able to surpass the other airlines in size. Other companies that push the inovation such as Google and Amazon are then able to grow in size quickly. A better example is Walmart. Sam Walton was very conservative WRT how the company was ran. But the one place that he spent money on was technology (even though he did not understand it). In fact, when other companies were pushing big mainframes, he pushed walmart on Windows. Now, that others are pushing into Windows, Walmart is quietly pushing onto Linux. By the time that the industry realizes this and starts the move, Walmart's system will be paid for. There costs will be a fraction of the others.
In contrast, it is when a company locks down everything and is afraid to move forward with new ideas that dies (or nearly dies). For example when they start saying that the company should not change things, then they are in a death spiral.
Author of the parent comment here, I'm not a troll and clearly I was saying it would be a dumb idea to have custom images considering the troll contingent here. If anything I was speaking against it and against trolls, you dumbass moderator.
Hmm. Your main issue is going to be switching machines. I see three ways of doing this:
Some virtual machines let you suspend to a file. This is nice if you must run Windows, or some other uncooperative OS. But, that still means suspend to a file, which will take some time. As for the disk, that would be fairly trivial -- your host OS would be Linux over NFS, so your disk image is an NFS file.
Issue to watch for here: Local cache. I don't care how fast your gigabit is, that server is going to feel some stress. I tried setting up gigabit just for file sharing, and it was never as fast as it should have been, yes I was using Jumbo Frames, and it's just a crossover cable, yes it was cat6. And even if that's flawless, there's the server at the other end. You probably want good local caching, probably local disk caching. InterMezzo would have been good, but they've pretty much died. You might try simply throwing tons of RAM at the problem, or you might try cachefs (never got it working, but maybe...) or maybe one of the FUSE things.
Second way: Don't use VMs. VMs will never be as fast as a native OS. But "native OS" can still work roughly the way the VM image does above, if your hardware is identical. With Linux and Suspend2, you can suspend and resume from pretty much anything you can see as a block/swap device. So, all of the above caching issues apply, but just run it as a network OS, have one range of IPs for machines still booting and logging in, and another for fully functional machines. Here, when the user logs in, the bootstrap OS tells itself to resume the OS image from the network.
You could also do this with Windows by copying a local disk image around -- after you hibernate, boot a small Linux which rsyncs the whole disk across the network, including hiberfile.sys. Everything besides the OS itself would be stored over the network already anyway (samba).
I don't know if this will work -- after all, no hardware is truly identical. But it may be worth a shot.
Advantage: Both Linux and Windows XP know to trim the image a bit on suspend, so it won't be a whole memory image, just relevant stuff. Truly native speed.
Disadvantage: If I'm wrong, then you won't be able to properly resume on a different box.
Finally, you could stick to software which supports saving sessions and resuming them. I know Gnome at least, and maybe KDE, had this idea of saving your session when you log out -- and telling all applications to do so -- so that when you log back in after a fresh boot, it's like resuming from a hibernate.
Advantages: Fastest and most space-efficient out of all of them. Least administrative overhead -- in the event of a crash, there isn't nearly as much chance for bad stuff to happen. Easily works cross-platform, native speed on any supported platform. Simplest to implement, in theory.
Disadvantage: Not really implemented. 99% of all software may remember useless things like window size and position, but very few actually store a session. If you mostly roll your own software, this may be acceptible.
And of course, you could always do web apps, but those won't be anywhere near native speed -- yet.
All approaches share one flaw, though -- bad things happen when a box goes down. With a VM image (or a suspend image), if you crash, you'll obviously want to restore from a working image -- but what about the files? If they're on a fileserver, does your working image properly reconnect to the fileserver, or does it assume it's still connected (thus having weird things cached)? The third option (saving sessions) is the safest here, because in the event of a crash, programs behave the same way they would on a single-user desktop. But you still lose your session.
What others are suggesting -- various terminal server options -- is much slower, but it also means that as long as the application server is up, so is your session. If you crash, you can switch to another machine and literally be exactly where you
Don't thank God, thank a doctor!
But I do not want to see your ugly mug.
VMware is still a relatively unproven technology firm. Since they are pushing the virtualized desktop environment that you're interested in they should be able to provide some references. VM technology has been around for a long time but desktop side VM's are something I'd be cautious of without the vendor being able to demonstrate that it actually works in a real world environment.
That being said, I think that the business case could be made. People have been trying to come up with the same result using different methods for a while, but none have been overly successful. Using Citrix has come the closest but in my experience Citrix is only good for certain tasks, not the entire desktop environment. There are other thinclient solutions out there and other less costly alternatives though that vmware desktops may not be as practical a solution as the coolness factor would make it seem.
A slip of the foot you may soon recover, but a slip of the tongue you may never get over. -Benjamin Franklin
Brian Madden (brianmadden.com) is an excellent source for info on Citrix and Virtualization. Yesterday, he published a video with Brian Oglesby whose done a lot with ESX and virtualization techniques that you're looking at doing.
d =620). He shows a lot of the benchmarks and gives a great sense of how to use what resources you've got, or if you're building from scratch. Basically, Windows XP Pro VMs on ESX server do NOT scale well in comparison to Terminal Server sessions or Citrix sessions. I'd go into further detail, but the video explains it all.
Watch the video here (http://www.brianmadden.com/content/content.asp?i
You have a large installed base. Shit's hittin' the fan.
Steve Jobs has this campaign where he wants PC users to switch to Apple hardware. Talk to Steve about a Corporate Sponsored PC switch to his MacOS X on Intel running WINDOWS. Your BusinessCase might cross market with Apple's marketing strategy to provide your shop a soft landing on a solution to the problem. A win-win.
Minimize risk, provide longterm solution
- Mobility. Your "machine" is just a bucket of bits. Once your "machine" is virtualized, you are no longer tied down to a single piece of hardware. You can sit anywhere and have your complete environment. Having a hardware issue? No problem, just walk up to another machine and start using it where you left off.
- Isolation. Once everything is wrapped up in a virtualized sandbox, many security problems become a lot easier. You can easily isolate and monitor what the guest is doing, and it's darn near impossible for even malicious software to cause serious damage. User screwed up the configuration or got infected by spyware? Just roll back to an earlier VM snapshot. Better yet, have them boot into a pristine image every time. Thus, the solution to just about everything is just a power-cycle.
- Easy management. Running on a virtual machine gives you a standard platform, so you can keep a single golden image instead of the N different images for each piece of hardware. Just keep that image up to date, and periodically push new versions out to users. User having trouble? You can get an exact replica of their whole environment for debugging, without the user having to do anything.
You can get some of these benefits with thin clients and/or Citrix, but those have their own share of problems. Thin clients have lots of problems, the most obvious of which is if the network goes down, you are hosed. Working on a laptop and/or with an intermittent connection is not possible. Besides, nowaways it's pointless. Decent hardware is so cheap, it no longer makes since to strip down hardware at the client side. In fact, many times desktop PCs turn out to be *cheaper* than thin clients. (God, I love economies of scale...)Disclaimer: I work at moka5, a startup company out of Stanford that does desktop PC virtualization. We have a beta product called "LivePC Engine" that adds a demand-paging layer to VMware, so you can run your PC environment from anywhere (without having to download the whole thing), share it with other machines, and subscribe to other people's shared LivePCs and automatically get updates as they are posted.
http://www.vmware.com/products/ace/
"With VMware ACE, security administrators package an IT-managed PC within a secured virtual machine and deploy it to an unmanaged physical PC. Once installed, VMware ACE offers complete control of the hardware configuration and networking capabilities of an unmanaged PC, transforming it into an IT-compliant PC endpoint."
--BlueLines "The cost of living hasn't affected it's popularity." -anonymous
Why not just have a PXE server on hand to quickly and easily image your computers over the network? If a system goes down, it'll take only a few minutes to image it with a sysprepped base install and bring it back. Acronis SnapDeploy http://www.acronis.com/enterprise/products/snapdep loy/ provides this functionality quite handily, bundling the PXE server and image deployment in one nice little package. This is quite a viable solution if you don't have too many hardware platforms to support, or one need a few basic images of a locked down XP workstation.
With VM's, aside from the bandwidth and performance considerations, realize that the host machine could just as easily go down. Then you're stuck again. Though this is less likely, it is a possibility. If you do decide to go this route, do consider cacheing the downloaded VM between sessions (so the mass download every morning doesn't happen).
I've heard of a company, Moka5 http://www.moka5.com/, attempt to do something similar. I'm not sure what their status is, but it might be something to look into for the future.
Though this is an interesting idea, there are a number of detractions. I'm a huge fan of virtualization, and have found it great for development, testing, and on server platforms. Rolling it out on desktops as primary workstations seems a bit ambitions. However, I still wish you the best of luck.
Roy Shi.
I was doing network booted PC's using OS/2 WSEB and a product called WiseManager. Everything lived on the server. Only stuff that was unique to each user was duplicated. The OS and all programs were loaded over the network and executed locally on the PC. The local HD was not necessary, but it was helpful to have it for swap space. Running on a switched 100 megabit ethernet network, it ran quite nicely. It actually booted much faster than off of the local hard drive. The critical files were secure due to ACLs on the server restricting access and all file storage was restricted to the server, so as long as the admin was doing his job, there was no risk of losing files because someone deleted it accidentally or the only copy was lost when the hd in the pc it resided on crashed. Actually the system worked more like fat dumb terminals. You had all the management benefits of dumb terminals with all the flexiblity and power of a real PC. If the workstation failed, you just pulled it and replaced it with a new one, down time for the user was minimal. Unfortunately because it was OS/2, it never took off. That and the users didn't like it because they couldn't break them no matter how hard they tried. A simple reboot and all was back to normal.
I'm suprised that no-one has mentioned Deep Freeze yet. This seems to be almost exactly what you're looking for. Images are pushed out to clients, and the computer starts from the fresh image each time the user reboots. Deep Freeze
Sounds like his company has 5 employees. He'll get fired the day network hick-ups and all VMs blow up during download. :) :)
I would concentrate on the problem, not the symptom - lock these users down with group policies that get re-applied every time their pc boots.
Citrix works and scales well, if you can afford it. TinyXP (hacked and tweaked version of Windows XP) works well as a thin xp client but you'll have problems getting support from MS if something goes wrong
Linux with remote desktop client to Windows host is another good solution. You can even set-up a dual boot option - Linux as primary OS w/ remote desktop to your windows/citrix host and second boot option would be XP in case citrix goes down.
Oh, and keep users' docs on a different server than the citrix box - don't put all your eggs in one basket! That way if citrix is hosed, when they boot up in XP, they can have their My Documents mapped automatically to the file server with all the files.
and if you can't keep the file server up and virus free, then you have bigger problems that just the desktop clients
One of my clients is a small accounting firm... 15 windows workstations, 4 windows laptops and 1 samba file server. I have roaming windows profiles in place and they are trained to save their work to the server. However only a handful of the employees use quickbooks and they have to keep many dif versions of quickbooks installed. Same with other, much more expensive pieces of software.
If I could virtualize the machines and install only 5 seats of quickbooks, etc they'd save thousands every year. But since I can't be sure who will be stationed where or using x piece of software, I have to install all their software on all their workstations and they have to pay for all those seats. I'm not ready to roll out vmware yet but I am interested in decent answers to his question.
You're all discounting this guy's question as being a stupid one but it isn't. And as far as
hiring a pro... who the hell would be a pro at something like this? If he calls Vmware do you think they're going to tell him about the downside?
G
Well we don't do desktop replacements at my company, but we have several beastly machines running linux with VMWare ESX 3.0 with around 8-10 VMs at once on each (linux in each VM aswell). This provides us with our different test and production environments, clustering, backups if one goes down, etc. They work wonderfully.
Though I am not a part of our infrastructure team so I don't know too much more about what we do with them.
I use Citrix at work from Linux ICA client and its fine for the Microsoft Office suite and Outlook. Do you not have enough RAM on your citrix servers or what? I wouldn't run a heavy duty app like AutoCAD or HP's Product Configurator or an Adobe publishing package on Citrix, but for the normal office stuff that 90% of the cube dwellers do it's fine.
There are two problem with running virtual machines on Linux.
First and foremost, with kernel patches coming out every second week, VM machines become incompatible regularly. Besides, the need to recompile the kernel all the time means a lot reboots for the VM machines. In a sence, Windows 95 running natively is a much more reliable environment than when it's running on top of Linux.
Secondly, the stability of the Linux file system. Or lack thereof. I have discovered recently that if you create a huge EXT-3 partition (over 52GB), and create 12 4GB files, writing the next 4GB file will take forever. This is because of the journaling system. Someone could use another file system since linux supports quite a few, but then there are a lot of HOWTOs to read. So why bother? It's better to use the decade old NTFS which sports the benefits of all the Linux file systems combined, minus the bugs.
Dont get me wrong, I like Linux a lot. I just think it's better when it's run on watches, vending machines, calculators, etc. On a PC, Windows is better.
Linux violates 235 Microsoft patents.
I've tried the VM solution in my line of work. I've found:
It's great for developers testing how an application works on an OS, but is not 100% accurate.
It doesn't tell you how well the OS works.
The OS is slower because hardware is emulated.
At least one version of Windows Vista Beta won't install on Microsoft Virtual PC but will on VMWare Server.
Applications that use old APIs may not work the same in a VM (i.e. those that access hardware/bios more directly)
Other solutions may be better depending on your needs.
Everything below has pros/cons. The choices are:
Citrix - Load is on the Citrix server, which can get expensive. Depends on what the users do all day.
Maintaining/Administering Citrix takes the same amount of training as an OS;
this is a complex system and should be treated as such. Citrix admins aren't cheap.
VM - Load is distributed among PCs.
Replacing an image is easy.
Gigabit to the desktop is great, but Gigabit to 100 desktops = max 100 Gigabit demand at the image server.
Compatibility risk
Speed is probably half native if 3D and audio features are disabled.
Disk image software like Norton Ghost - Don't rely on a single image. Violates the Ghost license and subtle differences between PCs (even same model) will cause random problems when Windows finds one chipset is different. Ghost is meant for one image per PC, backup purposes only. See last suggestion.
Lock down Windows to prevent PEBKAC problems - Great in theory, but not all apps work with restricted security. Use just one and you're back to the drawing board.
For 100 machines, create a Sysprep of Windows with apps, and load it onto 110 removable (key-locked tray) hard disks. Install 100 in the PCs, keep 10 for swapping out when the screwup fairy visits. I think the restore time is minutes.
Alternate to above: Image each PC's boot/apps partition using something like Ghost or Diskpart. Save all the images on a server with a 1TB drive, each file named for its PC. If the screwup fairy visits, reload the disk from the correct image. Important user data should always be stored on network server anyway.
VMWare offers two different solutions for this type of problem; VMWware ACE and VMWare Virtual Desktop Infrastructure.
VMWare ACE http://www.vmware.com/products/ace/
VMWare ACE provides a managed architecture for deploying virtual machines to individual computers. In your scenario it would still be necessary to use roaming profiles or some other technique to allow a user to log on to different machines and have the same user experience. Data files (My Documents, etc.) could be stored on network shares. ACE is most likely not an appropriate solution for you.
VMWare VDI http://www.vmware.com/solutions/desktop/vdi.html
VMWare Virtual Desktop Infrastructure (VDI) provides an architecture where the user actually uses a virtual machine running on a server with only a thin client on the desktop. The virtual machine runs on ESXServer and can be secured in the data center. A user can access the same virtual machine from any desktop; local or remote. VDI is likely an appropriate solution for you.
Graduate sysadmins already solved this problem. Just distribute a Ghost image every week to every PC in the lab^H^H^Hoffice, without any regard to My Documents, and everyone will thank you endlessly.
You can't legally do this with Windows. The (bulk-licensing) EULA states that you are allowed to install Windows on one computer and one virtual machine *that runs on the same computer*. Moving the image from computer to computer is specifically prohibited, IIRC (yes, I've considered doing this before).
Are you sure what you are trying to do is run virtual machines? Personally I use virtual machines daily in development to help simulate a multi-tier applications and also for linux development, but I wouldnt want to download a 10 gig virtual machine every time I turned on my computer.
Are you sure what you want is not some kinda of terminal services to completely lock down the computers. U know with linux you can run VNC as a multi-user app, and serve up full KDE/Gnome interface over the X11 protocols, it's pretty cool I think. Not only would you be able to remotely use a centralized system to get work done, but also you could maintain a steady desktop between locations, closing the session and resuming it from another location.
You can deal with the large-file-deployment headache easily, if you know how to write a simple shell script. Here's how.
:D
Hard disks now are large, so having a couple of vmware virtual machine disk files is no hassle, that's just a few GB.
You can use a symlink to link to the up-to-date copy. Meanwhile in the background, a batch file looks to see if there is an updated vmware image on the network. If so, a local copy of the old image is made, then an rsync update of the file is made against the network master copy. Using rsync means only the changed portions of the disk image will be distributed.
Once the rsync has completed, the batch file could prompt the user, or schedule the old image to be remove and the new one made the target of the symlink instead at boot time. Or something. Perhaps vmware can even deal with having the symlink exchanged under a running session, if it's at all well written it can, since it can keep track of the older image using the file inode, this is the correct way to write programs.
Good luck, thanks for the skepticism to the previous poster, because it caused me to think of this clever solution which makes the whole scheme much mroe attractive to me now than standard windows image deployment is.
You have two main logical problems.
1. You still need an OS to run VMware. If it is Windows, you get typical Windows problems, and if it is Linux, you will probably find that your hardware is not really compatible with anything but Windows.
2. Do you want to use one image, or a different image per user? If you use one image, you will immediately run into license problems with the software. If you use several images, you need a lot of storage space, and you need to copy the images back in the evening.
But most of all you need to figure out what your real problem is, and why VMs should solve it.
This is not a bad approach at all, it's a more generic approach since it could work with Windows just as easily as it would with Linux. Of course the assumption is still that you would use a Linux host OS but I don't see a problem with that since the odds are no users would ever be using the host OS.
Unfortunately I lack the experience to create network load balancing on linux file servers although I imagine that's a trip to LDP or Experts-Exchange away. Just seems like distribution and scaling is just plain easier with Windows. Doesn't really matter, can be done with either platform with technologies that have already been in place for a while so there's very little guess work.
With such great NW bandwidth why not just netboot, dump a complete HD image onto the drive and then boot again into that. no VM, it's the real OS.
...which is active directory and a little bit of elbow grease. We can't afford much in the way of automagic management software, so we do as much as we can using Active Directory as we can.
I've managed to get around the "HAL problem" by making the OS images as vanilla as possible, which makes managing multiple images not so bad. Our standard ghost image for any machine is Windows XP with absolutely no customizations.
From there, everything is done via group policies, and if needed custom vbs/batch scripts. I've used Wininstall LE to make dozens of custom msi packages and deploy them all via active directory. DFS is used to house software repositories. The group policies that deploy software point to \\domain.com\dfs\software and the machines connect to the local copy depending on which site they are one. This is handy for laptops which move from site to site and might not be where you expect them to be when software gets upgraded or rolled out.
You also mentioned folder redirection. We looked into that four of five years ago when we first went to win2k, but balked because of the server space required, but we just got a new SAN installed with loads of space, and will be enabling folder redirection soon.
Your goals may be better accomplished with a different approach.
Now you have most of the benefits you asked for: you can have users switch places at random, you can replace physical computers and set them all up with the same VM... you can even have them all run windows on a linux host if this helps prepare for "the big switch". :)
As for your maintenance of the VMs, you can remotely log in to any of the workstations and replace the old VMs with new ones when you need to update something. Ocasionally you can wipe out all files that are kept on workstations to ensure that no kiddie p0rn is found, and to further illustrate that it is essential to keep all work-related files on the server as instructed in 2)
Vmware ACE would probably be a good choice, it allows you to lock down the host hardware, disabling various pieces.
VM's can run off of network shares if you set things up right. Fast network, and you won't see a problem. I have run VM's off mirrored ximeta netdisks over 100meg with NTFS as the partition type, and it worked great, although it was only about 4 machines accessing it at one time. For office apps and such, it's a piece of cake.
I encourage people to use vmware for laptops. Create an encrypted disk with the vmware image that they want to run, then if the laptop gets stolen, you have to decrypt the disk before you can get to the really good stuff. Backups are easy, and it makes if necessary, laptop "sharing" something that you can do pretty easily as well. Multiple shifts can PC share easily as well. It's also easier to fix problems test updates and such by just snagging a copy of the image, and monkeying with it.
Citrix and remote desktop have their places as well.
The network IS the computer ;)
I did something similar once (about five years ago).
We had a set of laptops which we used for training. It was always a pain in the a*** setting them up at the start of the course, and you could never be quite sure that you had done it properly.
There were also issues with IP addresses - for various reasons we would have liked to have had the same IP on each machine.
The solution I came up was to run linux as the base install with VMware running on that. A standard Windows NT 4 image ran inside the VM. Iptables was used to NAT the VM so that each VM thought it had the same IP address.
On boot up, linux would start X and then start VMware running full screen. If the user wasn't watching closely, they wouldn't even know they were running Linux. The only real give-away was that NT4 was a lot faster running virtualized than it was running natively on the same hardware. (This might have been due to more efficient disk caching by linux).
Resetting the training machines to their initial state was simply a matter of copying the VM file from a server to the laptop.
It was just a shame that the company suffered dot-com burnout not long after this was developed.
First redirection combined with Shadow Copies for the low end and DPM for the high end are great in this environment with automatic versioning on the cheap. DPM is a very efficient use of the storage space. I thought about something like WinInstall initially but then I got a massive increase in funding to expand another 10tb to the SAN along with enough software to make the whole deal work seamlessly. I'm only about half way through my implementation but it's looking great. I love the new DFS with R2. It takes a page from the rsync playbook only transferring what has changed inside of a given file. Provides for a marked improvement in performance.
You're right about vbscripts though. About 6 years ago I wrote a vbscript that would talk to a database to grab configurations and write to the registry. Was pretty slick and worked with mandatory profiles. Not really needed anymore but it was a fun project.
VMware has a solution which does exactly what the OP describes. Take a look at VMWare ACE and VMware Virtual Desktop Infrastructure
Rather than serve images, serve the .vmx files and just run EVERYTHING off the network. Why don't people as smart as /.ers stop ant think, you can netboot ANYTHING, as long as it doesn't know it's netbooting (think configuring VMware to use a network share as IDE0:1).
Than you're not getting hammered for 2-4GB images at boot time, nothing gets saved to the local HD, unless your employees are screwing around, then you can tell because you'll find the files saved on the local HD.
Even better, netboot the PCs to begin with, make the only purpose of the HD temporary storage and swapfile, physically disable (i.e. remove) CD-ROM and floppy drives and allow access to these media types over the network, with IT supoervision (i.e. hand them the disk, let them scan it for virii and see what's on it, then insert it into a drive on a server somewhere and tell you the address to connect to it).
Also, if you're pulling an entire disk image, that will likely include all the data the employee has stored on C:, some of which may be sensitive. You may not want this traversing the network every time that user logs on, ESPECIALLY if they don't use that data every time they log on (why send it if they don't need it... for both technical and security reasons).
Less UNNECESSARY sensitive data sent over the pipe and the less frequently sensitive data is sent, coupled with fewer storage options provided to the end user means less opprotunity for that data to find its way outside yoru organization. Doesn't make it impossible but it does make it harder.
Solution seems pretty simple to me. If you have gig-E (and are willing to throw another NIC in the server when you need more bandwidth) and maintain a low-latency network most of the time (meaning when your users aren't TRYING to muck it up) you should have no problem whatsoever. Otherwise, the problems will be minimal compared to the benefits.
Just... don't have the PC and VM both boot from the same image or log onto the same server as the same user with the same startup script to start VMware because... well... duh.
Oh, and easy on the redundant modding... I didn't have time to read EVERY comment before posting this (some people need sleep). However, what I did read was a mess of redundancy, mostly modded informative, interesting and insightful.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
This is a very big market that vendors are tring to push companies into, I think even HP is even getting into the game with a bunch of specialized hardware design for it. I have worked in environments with vmware, and the Sun hardware/software
Having primarily used the Sun stuff it was nice, you could log into a computer do your work, disconnect goto a different computer and pick up right where you stopped.
As for things to watch out for.
1) networks,networks,networks. Make sure you have a fast network and alot of spare bandwidth, you will need it. Everything uses the network, and while you say you have it you will find the doing this will quickly eat it up and want more. There are only small images at the start, after that they grow and grow.
2) Server usage will increase beyond what the vendors tell you. yea most of the work goes on the desktop box but you will need the extra server capability.
3) Plan to increase your backup capabilties. One of the benifits of doing this is that you have all your companies data in a place where it can easily be backedup, plan on doing so. Do get a solution that allows you to easily retreive just a single users image and have a process to get a single file from a persons image.
4) Don't expect this to decrease much in administration needs. What you do get a decrease in is the time it takes to get to the problem, less traveling to the users desk. What tends to be ignored by the IT desk and sellers of theses products is that users like to customized thier setup and locking down the desktop just causes a decrease in work done. Loosing thier configuration is not good.
5) related to previous item, unless you are in a very low skilled office don't expect to get away with just a few basic images. People have needs of software and hardware you have not thought of yet. Don't expect all your current software and hardware to work in this type of environment, check with the vendor to see what they have tested thier stuff with.
Personnally, while doing all of this looks great on paper and the promises of the vendors look great it just does pay off unless you are in an environment where you can dictate all computer needs and have a low skilled work environment that you can get away with a standard configuration.
I can't believe this hasn't been already mentioned. You seem to be looking for something like http://nomachine.com/ nx.
All of the advantages of thin clients and optimized for performance.
My experience tells me that a VM feels 1/3 the speed of the native OS its running on. That's fine for word processing etc., but as I said, forget anything intensive. Personally I wouldn't mind using a VM myself for most of my work. I work from home over a VPN, and some of the tools I have to use like Clearcase are abysmal over the WAN. It'd be faster to do all my development from a VM, even with the slower compile times.
I have been using Parallels for quite some time on my MacBook Pro, in order to use a few apps on Windows ( installed Windows XP Professional on the VM ). It works like a charm, as fast, or at least almost as fast, as if I was to use a separate system for just Windows. I 've also installed Ubuntu today, which runs equally well. According to the rumors-mill, Parallels is getting 3D hardware acceleration soon which means, among other things, you will be able to run games on the VM, get better performance on the desktop and, once Vista comes out and Parallels provides support for EFI, you will get an accelerated desktop experience through Aero. I personally have no other use for Windows other than running one or two apps once in a while and playing games ( Mac OS X is just too good to fallback to Windows for anything else ).
Technology ramblings : Simple is Beautiful
Many people above are suggesting Citrix, Altris, etc... but what nobody seems to have mentioned is that there are several companies already doing this (Clearcube for one), and that VMware are partnering with IBM, Citrix, Altiris, and many more, to push their recently launched Virtual Desktop Initiative (VDI).
s /
s p
3 5.wss
D =276
VDI does pretty much exactly what E1ven is asking for, however instead of downloading a complete image to your computer every day, the virtual machine runs on a central server, with thin clients at the desktop connecting to it through a remote session.
If you want to know how big this is going to be, just have a look at some of the names working with VMware on this:
http://www.vmware.com/partners/alliances/solution
I first heard of this about 6 months ago, when I heard that IBM were working with VMware & Citrix to provide a solution they called VHCI (Virtualized Hosted Client Infrastructure). IBM have shown it's possible to run up to 12 virtual machines on a single blade server. Hot swop and automatic failover is possible too, with no downtime for the user. IBM's blade hardware actively looks to warn of failures before they occur, and they've integrated this with VMware's management software, allowing live client sessions to be automatically moved off failing hardware.
We've got around 100 clients at our firm and we're very interested in this idea. We looked at Citrix but it just wasn't viable. We've a huge variety of software in use, much of which is updated 3-4 times a year, and configuring that on a bank of Citrix servers would be a management nightmare. The VMware approach lets us keep our current network management and software deployment tools, provides a simple migration route, and offers all the benefits of thin client computing without needing to retrain all our staff.
Right now virtual desktops are just a little too expensive (about £500 per desktop instead of £300 for a new Dell), but all the signs are that in the next 6-12 months it'll become a viable option for us.
Some background info for anyone interested:
Eweek article on IBM's VHCI
http://www.eweek.com/article2/0,1895,1873113,00.a
IBM Press Release: October 2005
http://www-03.ibm.com/press/us/en/pressrelease/79
VMware's VDI Page
http://www.vmware.com/solutions/desktop/vdi.html
VMware's VDI discussion forum:
http://www.vmware.com/community/forum.jspa?forumI
One of the first things that I learned in IT is the KISS principle (Keep It Simple Stupid). Your idea can work, but it sounds overly complex and will most likely lead to a very complex problem down the road. You're talking about using a Host OS, Guest OS, and a Server OS that will be hosting the Guest OS images... that's lots of places where things can go wrong.
.exe image running on the same system.
Doing a Citrix or some other terminal services based solution may work for you - but it depends a lot on your apps. At my place of work, Citrix is used a lot for apps that need to be run in a centralized location. At the same time, we have a number of apps that don't play nicely with Citrix because of how they're coded. I don't know the exact issue, but it is something along the lines of not liking several versions of the same
If you do have apps like this, doing a hosted desktop solution may work for you. VMware is really pushing this type of solution lately - putting many desktop OS's on a centralized ESX server. ESX is rather expensive, so I'm not sure if it would be a good idea or not - but so is a Citrix or Windows Terminal Server based solution. For just the cost of a XP license per user, you could setup VMware server on Linux with a bunch of XP guests running on it. VMware says that their "free" server product isn't meant for production, but it may work well in this case. You could even buy support from them and use Virtual center to move XP guests from one server to another so you can perform maintenance.
In any case, I would recommend that you load up a few boxes with different solutions and test out peformance of your apps.
There are a lot of options for your end-user workstations. PXE booting a small-linux OS with a terminal server, VNC, or vmware client would work very nicely - as would a similar local install... YMMV
"when an employee comes in in the morning, have them log-in, and automatically download their VM from the server. This gives the benefits of network computing, in that they can sit anywhere"
Does this not conjure images of Y.T.'s mom, going in to work for the Feds in SnowCrash? Computer operators as an interchangable commodity; Desks with no personal effects, no paper, no identity; Sitting closest to the door so that late arrivers have to walk past you in the morning...
I don't know how many users you have on your LAN, but gigabit or not, that's going to put some serious strain on your network when everybody is accessing these images at the same time. A terminal services solution seems to fill this need more so than a virualization solution.
What I like about virtualization (with Windows) is that it is not hardware specific. One can run the same image on a totally different machine, so hardware changes and standardization is is not a concern.
If you standardize your desktops (like an OptiPlex or similar) you can achieve nearly the same convienence simply by ghosting the drives and deploying desktops in 10 minutes or less, with no network strain.
I'm not yet convinced that virtualization is a "terminal server" killer; the ability to patch, maintain, and install/uninstall software on a single machine that effects all users without rolling out a new image seems to be the way to go.
"True refinement seeks simplicity."
Hi,
I don't think downloading all that stuff over the network is a good idea. What happens if the image changes? Do you want to upload it afterwards too?
Have you looked into using VMware Server? It gives you a central place to store and run your VMs and a thin client to connect to them. Your client machines don't need much in terms of cpu power since they only do the input/output.
But even with VMware Server I doubt that this is a good idea at all.
twm
Before deploying workstations, I create a workstation specific backup image.
Put the image on a pair of DVDs, one DVD stays with me, the other stays in the computer's DVD-ROM drive.
Make the DVD bootable, with the "Press a key to boot from DVD" trick.
Set it up so that when you boot the DVD, it erases the harddrive, and restores the image automatically.
Configure roaming profiles, and train users to re-image their PC anytime they have a problem...
If it's a support issue that's one thing, but be aware that the cost per seat on the server side is QUITE high vis a vis something like Citrix. In other words you have to weigh the support costs versus the VERY large server you will need to run a large number of clients, per. Also keep in mind that one server crash = x clients versus one client in the 'traditional' environment. As otherse have noted, the thin client isn't entirely dead, yeat. Maybe some Wyse thin PC clients that load everything off the server each time?
You can just dd if=winimage of=/dev/winpartition every so often. (keep your documents on another partition or server)
I use VMWare workstation on a Linux host (xorg/e16) on the right half of a dual head. Inside it, I run two legal copies of windows XP- one for myself and one for my girlfriend. Neither of us game, so the hardware restrictions are not noticable. I could list all the things we use it for, but you already know because you are also the average internet user at home. The thing that makes it BETTER than "running it for real" is the Snapshot function: I can take incremental snapshots of the running operating systems, and if I fubar, I simply revert. I have no worries of viruses, spyware, or some mild forms of data loss. (It's not really a user-data protection though). USB support so far hasn't missed anything. The litmus test for me was the day we moved in -- she plugged her weird Sony music player in and used it as normal. When I came around the corner, I saw it and told her I would set it up for her -- she rolled her eyes and gave me that you-lamer-geek look, and sighed "What are you talking about?" True story. Then I found five bucks.
slashdot: where everyone yells sarcastic metaphors to themselves to understand the issue
Why cant you just use roaming profiles and deepfreeze on the computers? Wouldnt that be easier ,cheaper ,and less strain on your network?
Here we have a nice opensource solution working on a r&d lab, the X-Servers run in every machine, with XDM, at the server side it authenticantes trought XDM and get you into a SSH account running xinit with the display set to the user ip (everything under ipv6). Since there is no local execution, everything runs from the server and when someone wants a local connection (for fast video refresh) it just ask for local access connection, the window manager is a blackbox nicely configured to map every application onyone might want. For internet there is a rdesktop connection to a windows server machine, and from there anyone can access content.
It is nice and run well for 20 people, the machine is a dual xeon 2.8 with 4 gb ram and 300 gb harddrive.
The poster's VM-download solution would be better for the following reasons:
- After the initial morning login/download, the VM solution uses little network bandwidth (aside from file shares). A thin client is *constantly* hogging up network bandwidth with every single action you take on the screen.
- A VM solution would be more responsive and run faster. Yes, a VM is slower tha native, but it's orders of magnitude faster than a thin client, even with a gigabit LAN. This is more due ti latency issues than raw bandwidth.
- The VM solution provides you with other benefits the thin client does not - it completely frees you from the underlying hardware and operating systems, as long as there is a host that can run the VM you are golden. For example, transition everyone to a Windows VM, and you can now order any new desktops without Windows installed, using Linux as the host OS instead. No wasted money re-purchasing extra licenses you don't need (since you have corperate).
I've used both Xen (personal use) and VMWare (comercial use). Of those two Xen is the way to go IMHO. I had FC5 running on FC5 with only 256MB RAM given to the virtual machine and the speed was amazing. It really felt like a sepereate, full powered machine!
... A coworker left his VMWare vm running over the weekend and when he returned only 2 hours had passed for the VM ...
On the other hand, VMWare is a bit sluggish. It's easier to set up virtual machines for but I've never used it where I didn't feel like it was sucking up system resources and slowing down both host and virtual machine. I also found that it seems to screw with the virtual machines clock a lot
You aren't going to get much performance nor hardware support from a VM, so why not just use one of the the thin client platforms I mentioned in the subject header? Your hardware cost on the client-side would diminish, you are guaranteed the same performance regardless of what kind of hardware your client has and you simlify your administrative tasks. There isn't any reason you couldn't run your server on a VM if you really wanted to (thus achieving the same result BTW only on server-side). I manage a Terminal Server that runs on VMWare right now, so I know it works.
There are cases where using VMs on the desktop makes sense, but I don't think you are gaining anything by this case. In theory, you could use various applications that require 3D accelerations (such as AutoCAD) if you ran your Terminal Server local and not as a VM on your server. You would just need a heavy duty graphics card in the system. I've never tried that, so I don't know how well it would work.
Bottom line is that while you could probably accomplish what you are trying to do, I'm not convinced it is the best way to achieve what I believe to be your goal--a unified desktop experience regardless of where a user sits down and what computer they use. This problem was solved (and has since been quite refined) with thin clients. If you require Windows applications, Citrix offers a few more bells and whistles over Terminal Services, but they are not worlds apart.
Why did his second troll got modded "informative"? If he speaks truth, then he's basically saying his no point to the original post, since there's nothing to change. Except that it's still irrelevant to the discussion at hand, and insulting to no purpose.
My girlfriend's company uses some sort of Citrix solution for their desktops.
Every couple of weeks, something happens... The Citrix server goes offline during the day and 100 employees in their accounting department are unable to get any work done for 15-30 minutes or so. And whatever they were working on has to be reentered too.
I was somewhat surprised by this when she first told me this happened. But I suspect the reality is that a company who is so concerned with cost that they implement Citrix is also to cheap to have a decent redundant data center and network.
I have a customer who has a substantial thin client solution. This has been a great solution because serveral of the thin clients exist in a dirty shop floor environent. However, his database/production app vendor is telling him that the next upgrade will not be terminal service compliant. This means he will have to trash his entire investment in thin clients and TS. VMware is now selling a product called Virtual Desktop Infrastructure that will allow you to run several VM desktops in a centralized server. This would allow you to keep the RDP thin clients to connect to the VM desktops with remote desktop turned on.
Although, some of the same cost comparisons apply. Cost of number of desktops needed v. cost of blade center+vmware+XP pro license for each VM desktop.
We use VMs for all our development. We have a single development environment that has all the libraries, IDE, database etc. installed. Developers get the development VM and do all thier development in that VM, if we need to change the libs etc we do it once and the developers get a new VM. The only thing that they need to install are personal applications. It works for us great so far, it is easy to go from C++ on Linux to C# 1.1 on XP to C# 2.0 to Delphi 2006. You just use the right image.
You forgot to mention what happens when the VM breaks.
I think those MicroVAXes we had in the basement were dumped years ago.
to use vmware? Could what you are trying to accomplish be done with remote desktop to a terminal server? If you are already running Windows 2K3, that might be a better option for you. And the terminal server license isn't, as I remember, all that expensive compare to a lot of the other options. At my last job, we used term services extensively for people wanting access to either secure applications or applications requiring a specific software that we didn't want to roll out to individual desktops. There are some vaguries to installing software on a term server (I'm a unix admin so I don't know what they are), but it seems like a workable solution for your basic problem.
Id say either RDP, or... you could cron a job on the desktops to copy their local vm to a backup server nightly/weekly/whatever,
then if they trash the box, you have their back up image. the only down time is to find a replacement box and download their image.
We have seen that living things are too improbable and too beautifully "designed" to have come into existence by chance.
Just out of curiosity, why is that you feel qualified to judge a person who gave you their login, but NOTHING else, and I have given you a login with as much info, and yet, you wish for me to vet myself? Here, I will tell you a bit about me:
I have worked as a developer at HP, IBM Watson, Bell Labs, and USWest AT(uswest's answer to bell lab). I have coded on the mars global surveyor and have designed and coded work for No. Such. Agency. (and just 3-2 years ago). In addition, I have code in Perl and KDE. In addition, I have submitted code for Linux (shot down; I was asked to enhance it more first, but since then the ideas showed up in there). I have multiple degrees. I have done 6 start-ups (all failed so far, but hey, live and learn). Am working on several right now, with 1 apparently moving forward. So other than a login, you now know a great deal more about me than the original poster. And yet, you want a login from me so that I can take it in the short from the multiple trolls that now show up here? No thanx.
BTW, it does not take a clever person to tie the above description to who I really am. But that does not matter. What matters is that you really have no real info on the poster of the story, but feel like judging him. You can do better than that.
I prefer the "u" in honour as it seems to be missing these days.
You really want to look into ARDENCE. This system does streaming OS's. You desktops can operate as essentially a "Smart Client". You can set-up your domain so that all of the users profile info resides on the domain controller. Since you have a gig network you are almost there! http://www.ardence.com/ I think this is what you are looking for
VMWare designed VMPlayer or VM Ace for just that. Those two packages are built to allow running VMs and for that matter, ACE locks stuff down. ACE was designed to help with securing VMs for those businesses who outsource. ACE is a pretty slick package.
The edubuntu distribution is basically a plug-n-play instant LTSP environment.
I use it for junk laptops with busted hard drive controllers. I just wish wireless network cards had boot proms, I'm using MMC/SD cards to bootstrap.
Before I part with'em: two pennies weigh ~4.996+/-0.014g, have a zinc core, and the face of Lincoln. You can keep 'em.
Yup, I do it the same way at my company. We leave the profiles local, but transferring from one computer to another isn't too bad; file and transfer wizard + office settings wizard gets almost everything. Script that to backup each user's settings to their home drive once a week and they can be restored to any computer with relative ease. I wish more companies released software in MSI form. It makes distributing them so much easier in an AD environment.
...and you've eaten your pen. simply stunning.
... can you imagine say 12 programmers starting in the morning and copying their VM across the network. They could probably skip the day and have it ready for the next day.
How about running VM's on a central server or servers and having thin clients like the sun ray one connect to them?
I work for a .edu and perhaps a solution we use here could be helpful if your main goal is a "clean" computer state at startup. We've (finally) moved to an Active Directory based network. I'm now building .msi packages to be installed by AD and use a startup script to install a program called Deep Freeze which prevents changes from being made to the system while it is in a "frozen" state. With Deep Freeze, any changes that are made to the system are removed on reboot. Any file storage is done on a networked home directory. Deep Freeze can be setup to "thaw" during the night for windows and virus updates to run and then "freeze" again after X amount of time has passed.
If a computer breaks and needs to be replaced, we can drop in a replacement PC, move it into the proper organizational unit in AD, do a group policy update on the box and it will install the appropriate software on startup (and with the exception of programs like VS.Net it goes fairly quickly).
Why is VMWare even part of the picture here? It seems to just complicate the fact that you'd basically re-image a users PC every time they log in. That's not a good solution. Why don't you drop user's profiles onto the network somewhere, and re-image only when they have problems? We have our images configured so when a user calls the helpdesk and we reformat, they can't tell anything moved. I just don't see the benefit in blowing full installs down every morning a user logs in.
I went to eat some animal crackers and the box said, "Do not eat if seal is broken." I opened the box and sure enough..
radmind for Windows is finally out. We'll be looking into using RfW next year, but we already have a respectable radmind installation for our Mac network. This finally helped me determine which users were the ones with real problems and which were the helpless losers ("Oh, you mean I shouldn't delete system fonts?"), because all of our machines are identical as of 4 AM every morning (excluding preferences files, which do occasionally go corrupt (are you listening Quark?)). Anyhow, radmind is more than just a tripwire/software management program. Ever wondered what, exactly, that installer put on your machine? Radmind will tell you exactly what it put there (and if that program is made by Macromedia, it's ugly). Radmind for Windows is supposed to extend its tripwire functionality into the registry.
Radmind uses rsync to transfer images, so you're only transferring the part of the image that changed. If your OS installation + applications is 3-4 GB, you would be taking a huge hit on your network, even with GigE. Even with the kinds of things users can do to F-up their machines, it is unlikely that they'll need more than a few megabytes here and there daily. BTW, radmind uses an HFS+-safe version of rsync, or at least encodes HFS+ information before it is sent, so Mac files are safe, even if your radmind server is not a Mac (ours isn't-- it's OpenBSD).
We have gigabit to all of the desktops, so I'm not too worried about network bandwidth
Yes, but what sort of uplinks do you have from the switches in the IDFs? If you have 48 people with gigabit connections to their desktops to the IDF switch and then 1 or 2 gigabit uplinks from that switch to your core (this is a pretty common configuration these days), that's only 2 to 5 MB/s (depending on the number of uplinks) per person. Not the 20-30 you might get on an average day when the other 47 people aren't consuming any bandwidth.
Then, as someone else pointed out, you'll also need a bunch of big-ass servers to hand out the images.
It sounds like you want a solution for Windows, right? Before you move away from the desktops, I'd suggest that you take a look at Novell ZENWorks. I have seen it in action in a university campus (several labs and thousands of PCs). My impression is that this software solved the large majority of the issues related to maintaining desktops running Windows. I never saw any of those PCs down or infected by a virus.
If you are talking about Windows, I think your biggest problem will be convincing your users to move to a more restrictive platform. They are probably used to having Administrative privileges on their Windows desktops today, right? Good luck trying to convince them that this is a bad thing.
Cheers
Check out moka5 http://www.moka5.com/ it may be just what you are looking for. This was a project out of Stanford and was presented at a Usenix conference last year.
- Joe
Tee hee! I've just worked in too many environments like that in the past... totally unsupported and the boss couldn't give a shit. After all, that's what he hired IT people for, to fix shit. If they have to call support to do their job they must not be good IT people...
"When the president does it, that means it's not illegal." - Richard M. Nixon
It's really not hard to type it, at all.
My account lives on a fileserver, and is served to any number of machines, complete with all its customizations.
My laptop syncs with it via unison, so I can detach myself from the server when needed.
So: don't try to twist Windows into doing something it wasn't designed to do. Instead, use Unix and get a system that has worked the way you wanted for a good thirty years.
--dave
davecb@spamcop.net
You know you're addicted when your non-geek wife recognizes Slashdot...
My dear wife thought that Linux was black text in a terminal, and that the mud I used to play, Nuke, was green text in a termial. Got alot of mudding in while "learning" Linux to prepare for the future.
But alas, all good things must come to an end. She finally wised up and figured out I could mud in any color text *grin*.
I traded my "Life" for a "Wife". So far in the grand scheme, I have come out way ahead!
I only look human.
My mother is a halfling and my dad is an ogre, so that makes me an Ogreling
I'm not even going to get started on all the VM's rule/suck discussion. Instead, I'll just point out that VMWare ACE might be a something worth looking at.
"I don't think I ain't" -Thompson's Corollary to Descartes
I worked in an environment with the same issues you're describing. The VM route is riddled with the issues many other people here already pointed out - so we never even attempted to go down that path.
We did, however, try implementing Citrix with thin clients (we used Netiers at the time, made by Wyse). From a user's perspective, it generally worked quite well. BUT, from the admin's perspective, I don't think it was a very good solution.
Here's the thing. First off, thin clients have hidden costs. Despite the claims of great reliability, they're still little more than a small form-factor PC with flash memory and stripped of "extras" like hard drives. They can and do fail (defective flash memory is a common problem), and unlike a standard PC, they're hard to get replacement parts for. They tend to have proprietary power adapters, instead of something like an industry-standard ATX power supply. If they include a CD-ROM or DVD-ROM drive, it's a laptop-style drive that costs more and is more effort to get replaced.
Secondly, Citrix licensing is *very* expensive, and the hardware requirements on the server side aren't minor. You typically need a whole "farm" of Citrix servers load-balancing the connections (unless you have, say, 25 users or less), and there's a lot of administration hassle that Citrix brings. It's prone to "blue screen of death" server crashes if you install an unsupported printer driver and someone sends a print job to it. (Most all-in-one HP OfficeJet type printers aren't supported in Windows Server environments at all - making those useless in Citrix.) Roaming profiles occasionally get corrupted, and then you're stuck hunting down and repairing the corruption on every server in the farm that the user might log onto.
Finally, your more advanced "power users" will loathe the thin clients, and the realization that "control" has been taken away from them at the workstation level. There are a number of apps that just aren't appropriate for a Citrix environment, such as AutoCAD and other CAD/CAM packages. Many businesses find they end up having to roll out thin clients for only some users, and still maintain full PC workstations for others.
Given all of that, my recommendation (and what works great for me in my current job) is keeping the full-blown Windows PCs for everybody, but setting up a Ghost imaging server using Ghost Corporate edition. On a staggered basis, it makes images of the hard drives of all the PCs in the company. If a computer crashes or someone gets it all screwed up, I can remotely blast a replacement image back out to it within 20 minutes or less.
Sure, you might have some initial extra work to do if you change hardware around and don't have a suitable image for the new hardware. But so what? Just build the new system configuration once and image it. Then blast that new image to the rest of the similar PCs and go from there.
...there's a problem. Works for us. No need for VMs.
Doesn't it make you feel good to know that our freedoms are protected by politicans, lawyers and journalists.
I tried something like this on a small home network many years ago when VMWare was relatively new. While it was functional, I couldn't tolerate the poor performance. "Near native" it wasn't.
:-)
Every so often I get the urge to try it again, but I'm not impressed. The VMs are all reasonably good, but they suck up too much CPU for me. I do like my spreadsheets and flight simulators
Why would you want your machine to interface with HAL? What, do you want your computer to go psychotic on you? ;)
I replaced a big old oak desktop, about with a half dozen hanging file drawers and a Selectric with VMS on a VAX 11/780 via a VT320. We went from a 4'x6' hardwood work area to a 15' diagonal screen of 80x24 columns of green text. But we got email!
--
make install -not war
VMware + VirtualCenter + Leostream Virtual Desktop Connection Broker + RDP + back-end blades ....
Let me preface this comment with this first. I use VMware ESX server for all my virtualization. This may not all hold true for Xen or Virtual Server.
t ?_ID_=vmwi.1758
Most comments on here are about downloading a Virtual Machine at 7AM. I'm not sure what this is all about. With using VMware ESX server, there is no downloading of virtual machines. All the VM's are stored on the ESX hosts, you access them through a client, in our case Virtual Center. You can actually install a different client on everyone elses computers if you want, but Virtual Center allows you to setup security so a user can only access their VM. There should be NO downloading of VM's.
We're seriously looking into a solution using ESX server or even the new VI 3.0, which is basically just ESX server 3.0 with a few other things bundled in, to do Virtual Desktops next year. There is actually a seminar put on by Wyse and VMware and a local business partner in St. Louis, MO in a week and a half discussing Virtual Desktops using ESX server. You might check out VMware's website to see if they're going to be doing this type of seminar in your area, I know they had it in a variet of cities around the US. If you're not in the US then you're probably out of luck.
One thing I heard recently was about a company around here using ESX server in order to get to a more virtualized desktop. They were setting up a VM and then putting the machine in redo mode. This basically creates a log file and doesn't change files on the virtual machine. All changes are saved to this redo log file. This file can be committed to the virtual machine when you power it off or it can be discarded. They were creating 10 redo logs for each virtual machine, so basically they were allowing 10 users to access one virtual machine, do all the work they wanted and not affect the VM itself. If you want a user to start with a fresh 'desktop' each time they login, discard any changes to the redo logs when you power the VM off and be done with it. This seems like a very interesting solution, and one I think the seminar will discuss further.
I just hoped onto the website to see how many cities they were doing the seminar in, it looks like about 20 or so cities, even some in Canada. Calgary, Toronto, Vancouver, and across a lot of the US. I saw several in TX. I'm going to post the link here for the seminar, I hope it works right.
http://vmware.rsc02.net/servlet/campaignresponden
Hope this helps!
Jerel
I received an e-mail from VMWare just a few days ago on this very subject. They seem to be partnering up with Wyse to provide a complete solution for using VMs as thin clients. I haven't had time to fully investigate, but it may be worth a look.
Why do you need to do this via a VM? Isn't this exactly how real multi-user systems (i.e. not windows) work and have been doing for years? ( LDAP etc?).
Try Unison. It caches the state of the last sync, so it's dramatically faster at startup. Under the hood, it uses the rsync protocol when it does need to transmit changes. Additionally, it's much more configurable than rsync.
I use Unison to sync/backup my home and work computers, including my music and photo collection as well as ~/bin, ~/perl, ~/.cshrc and ~/.emacs.
VM is fine for logical software testing, but if you want a VM machine to perform you are SOL. You are interposing a layer of software emulation between the software and the hardware, and no matter how good it gets it's still an emulator. Also, as far as total cost of ownership you are again SOL. I've been told the actual cost of a Server VMware instance, once software licensing and drive space and everything else are all factored in is as much or more than a real server -- and that's in the server space, where unit costs are in the multi thousands of dollars. In the desktop area, where actual hardware costs are in the multi hundreds of dollars, you can't possibly be saving money to virtualize your environment.
My book, podcast
I worked for a major life insurance company a few years back and all of the desktops were X-Terminals. Windows ran on a bunch of Citrix boxes. File storage was on the Sun enterprise servers. It was great! In IT, I was always running around between buildings and such. Where ever I was, I'd just login and there was my desktop and all it's tools. Users weren't losing data due to disk crashes and such. It made the IT job a lot simpler.
Admin was also easier with only a few installations to be maintained rather than 2000+ desktop machines.
With over 500 printers scattered throughout the company, it was also very easy for any user to print to any printer with a minimum of effort. Everything from simple HP printers to Xerox DocuTechs were available. Again, all the printers could be restricted by users and groups. Another nice benefit.
Various groups had access to their mainframe and application suites while other group users would not. Thus any user in Pensions could sit at any desk and do their Pension work. This was great as they were always moving people around in the buildings and doing some sort of construction.
Costs were lower, admin was easier and productivity was higher.
Is this the right solution for everybody? Probably not. For the huge enterprise, it was a winning configuration. For the small and medium enterprise, it may not be.
Banjo - The more I know about Windoze, the more I love *nix
I am working for a SME, and we are currently going from remote desktop to Citrix. Having most production applications hosted on either a web server or a remote server are *huge* wins for us in terms of support costs, esp. since we have a number of custom apps to support (we are in a niche market and have yet to find a large vendor who creates useful apps for us). Most of the desktop costs are gone, in that you only have to upgrade the central server or servers, users cannot monkey with the config, everyone ends up using the same versions of the software, we have images of the server loads so if it does fail we can get it back fairly quickly etc.
For remote users we use Cisco VPN to the remote desktop.
Citrix licensing is expensive but you should first rough out some numbers as to how much it costs to support the desktops individually versus the same tasks by one or 2 techs on one or two servers plus Citrix costs.
We are using VMs in our development and test environments on an older AMD 64 bit machine. It still bogs down after 3-4 Vm's are running so my advice is to by the biggest, fastest and most reliable box you can. Lots of memory, fast disks and memory and CPUs. Newer 64 bit hardaware would be sweet as you should be able to set up 32 bit OS's on it and support older apps without having to upgrade everything to 64 bits all at once. Make sure it is not 'cutting edge', rather if it is for critical apps make sure it is stable on the hardware side, even if you sacrifice a little speed. Think in terms of how mainframes do things.
HTH
putting the 'B' in LGBTQ+
Why not use desktop virtualization and virtualize you XP instances? Sure, you will not have 3D and advanced device support such as PDA's and such. But, if you have a ton of users you need to support that are everyday knowlegde workers it is perfect. It is a lot more simple to manage. Do not download the VM image that can take to long an generate to much traffic. Just use a thin client to access the VM's in the server farm. You have to be careful though not everyone is licensed to talk to XP with their devices or software. A good fit could be using a solution like a Sun Ray from Sun and X64 servers and their Windows Connector. It has no local config like other thin clients, so the bulk of your time is spent focusing on the virtualization servers and not that plus the devices as well. You really can streach out the life time of the devices. Once you get there all you have to change ar the servers in the back end. I know they have deployed it for customers as a developer solution and the users were all Microsoft developers. That is IMO the worst case scenario. http://blogs.sun.com/ponderthis
While not having local files isn't really the issue, people HATE not having a place to put papers, a couple personal items (like medications, perscription or no) and a couple supplies. By making them keep these elsewhere from the workspace, you have a huge cost every day moving this to/from where you're actually working. You're still going to need personal spaces even if you get netboot/vm with dumb terminals.
Teleworking, however, seems to abrogate this problem. These people understand the tradeoff they have made and prepare for it better and burden some of the cost on their own.
--Michael
Want to see every step I took to start my company? http://www.rowdylabs.com/blogs/pitchtothegods
About windows roaming profiles; these things tend to grow huge (I have found a couple of them over 1 GB). They eventually will saturate your network and will have the user bitching about long delays after logons. Maybe if you have 1Gb to the desktop, this will not be an issue, but try streaming a 1 Gig profile over wireless.
My other OS is the MCP!
1. Thin client. Great when your in the office, great for light work (e.g. word processing) not great for CAD and intensive graphics apps, or when you travel. (who doesn't use a laptop nowadays? - Gartner predicts that corporations will be buying laptops for most of the organization 80% chance, in the next few years)
2. Citrix. Very nice solution, but there are printing issues, application packaging/publishing issues and forget about graphic intensive work. Again, must be on the network. Plus the added cost of Citrix and server infrastructure.
3. VMWare, hardware virtualization. Works well on servers and for specialized VMs, but not as your main desktop, unless you are a 'light' user (e.g. wordprocessing). And this still leaves you with having to manage a client OS whether it be Windows or Linux. I personally love VMWare and use it heavily on the desktop and server side (ESX) with over 100 ESX servers, with over 800 VMs on the ESX servers.
4. Softricity, Application virtualization technology company that was just bought by Microsoft. What a big miss for VMWare and Citrix (Softricity was started by ex-Citrix folks), they missed a huge, huge, huge opportunity to snap this company up. You sit down at your desk and PRESTO, you can access any application you need at the press of a button. (Security willing of course). The apps streams very fast, loads only critical components and can be taken 'off-line' for those laptop users. It's slightly painful across a slow remote link for the initial load, but feasible. Apps today, OSs tomorrow IMHO. Once they acheive the 'OS virtualization', where the OS can ride around with the app, then you have the holy grail. Linux desktop, thin client, mobile phone, PDA etc, and PRESTO, launch any app from any device and it works as it should - soup to nuts.
The components of the 'Ubiquitous Computing Stack (UBS)' are lining up. MS seems to have most of the pieces now. Remember, end-users want everything they have today, they don't want to settle for less: speed, anywhere access, ease of use, mobility, freedom, tons of storage etc. Without all of these, you just have point solutions.
For running various OSses on one box I'd say VM away. But as to remote desktops - why would you want to use a VM based solution? Back when I was an admin at Uni I used to roll custom linux bootp kernels, and with some fairly basic shell scripting the departmental PC's under my care behaved like psuedo X-Terminals. Binaries and user data were stored on server someplace while the user would run apps on his local CPU/Mem. Saved the department a lot of money and gave me total control over close to a hundred machines - without ever having to leave my office. Unlike the MS Windows support/admin guys, who'd constantly be running about the building.
- It took western civilisation 2000 years to ensure popular literacy, and now we work with icon driven GUI's. Go figure.
terminal services forever, leave all the mass install / deploy stuff on that end of the world like office, acrobat, outlook, etc. with a citrix like install you can have the apps appear rootless and its just a joy to run that way for the tco.
members are seeing something, your seeing an ad
Well VMWare and Wyse have come out and released a new Wyse Thin Client that supports VMware's remote console. http://www.wyse.com/about/news/pr/2006/0802_VMware VDI.asp
There is a seminar going around for this, but you might have to ask either VMware or Wyse about this.
Roaming profiles, as mentioned plenty of times before, offer pretty much the same functionality unless users need to customize their machines.
The two common uses of VMs for mainstream users are:
1. To run apps written for another operating system.
2. To create a chinese wall around some applications to prevent security vulnerabilities from affecting the main OS and data stored there.
Using a VM for the user's main visible OS doesn't fall under either of those categories. If there's no other way to implement a system that allows roaming users, it is a solution. However, it's not a very good one.
I would also checkout a product by Faronics called DeepFreeze.
From the website: "Deep Freeze instantly protects and preserves baseline computer configurations. No matter what changes a user makes to a workstation, simply restart to eradicate all changes and reset the computer to its original state - right down to the last byte. Expensive computer assets are kept running at 100% capacity and technical support time is reduced or eliminated completely. The result is consistent trouble-free computing on a truly protected and parallel network, completely free of harmful viruses and unwanted programs."
At my company we use a combination of Citrix and DeepFreeze that allows users to roam from station to station while still having full access to all of their apps and data (stored on the network). DeepFreeze ensures that a user never messes up the local computer with anything that a reboot can't fix.
You could also just do DeepFreeze, profiles, network based app installs which would ensure the apps and data are on the network.
What about speed?
The speed of loading and updating the VM image for one thing.
Roaming profiles, thin clients, terminal server all seem like more logical solutions.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
Our company uses a Linux server for the setup of about 30 VM's all for tellecomuters that need to work at home. With this and the use of a website to connect everyone to there virtual terminals this was absolutely the best idea. Now instead of using individual laptops or setup of someone's home computer we can just hand out a VM and be done with them. There are hardly any problems that I have seen as long as your not running a lot of programs. The only thing we have them use is openvms software and that is all. Great solution and they are very easily setup.
You don't seem to be aware that Vmware has come out with a more graceful solution to copying the full VMware images around.
VMware Virtual Desktop Infrastructure
http://www.vmware.com/solutions/desktop/vdi.html
What you do here is setup the VMware Virtual Desktop Infrastructure in the Server farm area, then simply terminal Service into the Virtual workstation assigned to you by the administrator from any location ie from another corporate desktop using any base OS, from any remote location (please use a secure VPN).
Aah, but just try to take them away from primadonna developers and see how much they scream about their need to play mp3s and FPS games at work or how the company "owes" them some freedom, or how 3D is required for Java, or how the corporate VoIP initiative means they need to have the best possible sound on their desktop/laptop.
Seriously, sometimes I think that workers today have gotten used to too much freedom, and aren't doing enough work for their companies. If my employees spent all day on Slashdot, I'd... oh wait...
If you want desktop consolidation/virtualization/migration off of Windows projects to be successful, my opinion is that there are two roads to success:
1) slow, steady, persistent grassroots campaigning for many years
2) a mandate from the leaders of your organization that nobody is allowed to challenge (thus, everyone is forced to 'make it work' instead of spending their energy/efforts poking holes in the strategy.
Yes, we've discussed migrating to native Linux video and audio apps. When you've got something that works, it is hard as a non computer geek to get excited about changing.
I tried using a VM as my main desktop at home, running Ubuntu. I ditched it because of speed issues -- it wasn't even close to 'near-native speed'.
What is the speed of an OS? How fast is a VM that is just an OS? How do you think running ClearCase under a VM to your VPN WAN will improve anything?
Just Curious
Ratboy
Just another "Cubible(sic) Joe" 2 17 3061
just wondering how related stateless linux http://fedora.redhat.com/About/Projects/stateless. html
might fit here.
This could be done with a VM too. but why bother? You would need to install an OS and at least a "VM Player" on the machine. It is simpler to install nothing.
I like VMs but their porpose is to allow yu to run more than one OS instance on one machine. When you only want to run one OS instance on one machine you don't need a VM.
There are several companies that produce application "streaming" or "sequencing" products that might fit your bill. Check out http://www.softricity.com/ as probably the best example. They basically keep the application data on a server (as opposed to the entire OS image) and then stream it down in chunks as the user needs it. Softricity is the best in the market at this point because they also run a virtualized environment around the apps so they can run without any conflicts. Great if you need to load two different versions of the same app on one box. The systems are then just clean base OS installs and the cached apps can be instantly cleared for things like patching or other maintenance. A lot less hassle than a full virtual desktop deployment. --TP in UT
Oh God! Just do NOT do it!
Roaming profiles are an endless source of misery. They break constantly, there are weird synchronization issues, when windows screws up it likes to wipe random settings from the user's registry hive, etc, etc. I could go on (and on and on and crying-fetal-mess-under-a-desk-hiding-from-account ants-with-fire-axes-and-hate on) but I'll let these people have a go.
If you do go for roaming profiles then you'll want to get keyboards that are waterproof. There will be lots of tears and vomit to fend off.
You should be careful with LDAP too. While LDAP isn't necessarily a Bad Idea it can take you places you do not want to go. Before you put users on any LDAP system you should install and fully configure the thing in a test environment AND integrate services you wish to have using the thing. Then try long and hard to break everything possible and see how you can recover. Then delete the whole thing and do it all again a few times. If you aren't sick to death of LDAP by the time you go live with it then you're going to have some bad experiences.
You should check out Wyse Streaming Manager (http://www.wyse.com/products/software/streamingma nager/index.asp). It looks like it will do what you're wanting to do plus it will do sound/video. I personally have seen the product work as we were looking at a way to get rid of our thin clients and move away from Citrix. The product looks to be very cool. I'm sure they could arrange an onsite demo if you call them up and tell them you are interested.
Put your virtual machine images on iSCSI or ATAoE LUNs. Make copies at will. Don't worry about copying the full image at boot, just boot the virtual machine from the hard disk images on the SAN. I guess you need a SAN first, but iSCSI SANs are cheap and relatively easy these days.
do it, put it on your resume and get the hell out of there. Because the ongoing maintenance and DR planning will drive you insane.
My employer uses Thinkpads with docking stations as standard issue. For those of us who need more power, we just use Terminal Server (or another remote access program for non-Windows computers.) We use Connected Backup to backup the laptops on a daily basis over the network.
While I personally would prefer a more powerful laptop, (as I do serious development,) I'd rather use a laptop then a generic workstation. I can telecommute with it anywhere in the world, and I can use it in meetings with a projector. This is more difficult with generic workstations.
No, I will not work for your startup
I just wonder if the answer will change once high-capacity USB thumb drives become more prevalent. I can imagine my users with a 50 gig USB thumbdrive that they can plug in anywhere (home or at the office) to have access to their own personalized system.
HAL incompatibilities? /did you actually expect to swap a drive into a radically-different machine (ACPI/NOACPI, MP/UP, whatever/whatever-else) and actually /expect/ /it/ /to/ /function/?
The architecture you're describing is too complicated and bandwidth-intensive.
Try this instead: Have the virtual machines up and running on one or more high-performance servers. The users have thin-client terminal units (Wyse, maybe) that bootstrap from the network, then initiate a RDP-based session with one of the virtual machines. The user logs into the virtual machine, and merrily pecks away.
Regards;
I'm greatly amused that we've come back to what is essentially a new version of mainframe technology. This time with the bonus of much smarter terminals.
Green beats amber!
I find being offended by me offensive.
All of the arguments that I have read on this thread about VMware having poor performance are laughable at best. I don't mean to disrespect anyone, but running VMWare Workstaton on your laptop or desktop PC with a single hard drive is ALWAYS going to have poor performance. Remember - you have two operating systems that are trying to access the same drive. That is a good example of I/O contention. VMWare workstation was never tuned to provide top performance. Running it on a box with good I/O bandwidth and memory will help to mask this. VMware server products (especially ESX), running on REAL server hardware (that is designed properly for VMWare) will perform much better than you think. This is why businesses across the planet are consolidating their servers, with a 20:1 ratio being pretty normal.
We've investigated moving to either a MS Virtual Server or VMWare based solution where we have one very heavy server in a noc somwhere that runs various VM's for our developers and then we have light desktops which the developers can use to RDC into our VM farm. We talked to one of our clients who actually went down that road and found that even on very substaintial hardware (Quad proc, lots of RAM, etc), their old P4 desktops actually worked faster during peak load. Beyond performance they found they were spending around $2k/developer where their old solution was closer to $1.3k/developer. Now VMWare GSX in theory should work much better, but at $3.5k/core it's very difficult to jusitify the added cost overhead.
Intel and AMD are both working on hardware based virtualization technologies, and Microsoft has a GSX-like product in works, so maybe in a few a years both perfomance and cost will be there and what you suggested could be more realistic, but right now the bang for the buck just isn't there.
TLS w/AES is supported. You'll need to upgrade your RDP client to 5.2
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
Many Windows admins do not know about this little behavior and it comes back to bite them. It's been in there since Windows 2000: use it!
Also check this registry setting:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
Consider changing the ProfilesDirectory to a mapped drive network share. If your network is fast enough this has the added benefit of having no profiles stored locally at all.
Downside is you'll have to pre-emptively create all the folders on that drive because LOCAL SYSTEM won't have permission to create the folder at first logon to a machine. But it'll detect if it's there and think you've logged on before.
Make sure you use Samba as the backing for a system like that though because you will need to play with oplocks settings so Windows doesn't bitch about loading the NTUSER.DAT hive from a network share.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
When you have an entire office full of modern PCs (say with 512-1024 MB of RAM and a 2-3 GHz class CPU) you are wasting a large amount of real estate when you run ICA Client on all those and make the people work on one or a few Citrix servers where they all have to compete for a few CPUs and a lot less memory.
How feasible is to create multiple VMs over a grid computing solution? Some people could then take advantage of unused memory and CPU power when needed, isn't it?
Just wondering...
wow gold world of warcraft gold buy wow gold buy world of warcraft gold everquest 2 gold buy everquest 2 gold eq 2 gold buy eq 2 gold buy eq 2 plat buy eq 2 Platinum buy everquest 2 plat buy everquest 2 Platinum power leveling wow power leveling world of warcraft powerleveling
It seems a lot of people who are talking about how VMs are a pain just plain don't get it. We're not talking about puting a pc at a desk, installing vmware and then just using the vm. That is silly.... although something simular has its place with a secure desktop solution like vmware's ACE. I'm using vmware's Vi3 and hosting a few desktops. It works like a champ and there's nothing to it, except up-front expenses :) But if you're already using the virtual infrastructure for server consolidation, you're in business. For a thin client solution, we're using 2x's thin client server. details on the whole thing are here: http://www.vmwarez.com/2005/12/enterprise-desktop- hosting-whos-doing.html
Now, I wonder how many more mod points people will waste on "redundant".
Instead of virtualizing the whole OS, just virtualize their work application, if possible.
http://www.rpath.com/corp/
People become more efficient, get a lot more work done, and can't screw around on the net playing with other un-needed features of the OS that inherently comes with a full OS install.
-- Robi
I haven't used it yet, but how about the VESA bochs extension for the newer Qemu versions? I think it's supposed to communicate more directly with the hardware, so perhaps it helps to avoid some of these issues.
You might consider a company that is streaming the OS and applications over the network. I know Ardence is doing it and a few others. They use PXE boot to bypass the desktop hard drive and beam an OS and app stack image to any PC or server on the network. This type of solution separates hardware from software and eliminates the use of hard drives. I am writing on the benefits of that at my blog www.virtualizationandstreaming.blogspot.com if you are interested in more information.
Sounds like it's recovery/downtime etc. on clients that's getting you down, and I don't think thats a killer reason to use VMs for normal clients (very useful for testing client builds though, I built our images on VMs so I could snapshot before SYSPREP). There are better/faster options. I'd go either: a) Citrix/terminal services - you could even use Linux desktops to rdesktop in, but you'd still need a Windows Server CAL and a TS CAL per client. b) Use the tools AD provides you (assuming you have AD and are a Windows house) - yep, that can be a grind, but things like RIS, Group Policy, software publishing, roaming profiles, folder redirection can give you a locked down, easy to recover environment, with users running as USERS and 99% of your problems with clients will go away. Tools like Altiris can make this easier but cost. If your experience is like mine, most of your trouble comes from users thinking they know what's good for their PC, and you just have to remove the opportunities for them to work their magic. The tools are there, but don't kid yourself (or more importantly your management) that it will be easy or quick. It's changing a culture of the PC being a perk rather than a tool.
Strong, Light, Cheap - pick two.