Slashdot Mirror
Experiences with Replacing Desktops w/ VMs?
E1ven asks: "After years of dealing with broken machines, HAL incompatibility, and other Windows frustrations, I'd like to investigate moving to an entirely VM-based solution. Essentially, when an employee comes in in the morning, have them log-in, and automatically download their VM from the server. This gives the benefits of network computing, in that they can sit anywhere, if their machine breaks, we can instantly replace it, etc, and the hope is that the VM will run at near-native speeds. We have gigabit to all of the desktops, so I'm not too worried about network bandwidth, if we keep the images small. Has anyone ever tried this on a large scale? How did it work out for you? What complications did you run of that I probably haven't thought of?"
Get some Sun Microsystems SunRays. Seriously.. thats exactly how they work. Your session can be saved on server and resumed anywhere else you plug in your smart card. One server and all of the terminals you need.
I'm a vmware/virtualization fan, but I don't think this is the best application. It seems to me that it would be smarter to use terminal services / citrix / a thin client approach
If you were going to use vmware, make a standard image and push it out to the local hard drives. don't update that image unless it is time to push out a new set of windows udpates/etc. if you need to update the image though, that is going to be *hell* on your network/file servers.
I think it makes more sense to run a virtualized server than a desktop.
Also, you might end up paying for 2x the XP licenses since you'd have to pay for the host + guest operating systems.
Evolution: love it or leave it
So a lot of expensive desktops emulating, um, pretty much themselves, using funky somewhat pricy software, running substantial images pulled off of expensive servers over an expensive network (bacause GB'net or not, a building full of folks starting up in the morning is gonna hammer you.) Then comes the challenge of managing all of those funky images, reconciling the oddities of an emulated environemnt, etc.
Could you make it work? Sure. But I gotta wonder if it'd be worth it.
Is gonna be any better then a well managed native environment? Or going Citrix clients? Or Linux/MacOS/terminals (chose your poison) boxes instead of MS Windows?
I hear your pain, I just think you're substituting a known set of problems with a more expensive, more complex, more fragile, baroquely elaborate, well, more-of-the-same.
It doesn't sound like much of an improvement really, just new and more complex failure modes, at extra cost.
Though, I guess, if you're looking for a new, challenging, and complex environment this would be it; just take your current one and abstract it another level. I wouldn't want to be the one footing the bill, or trying to rely on any of it, but at least it'd be something different.
I don't read ACs: If a post isn't worth so much as a nom de plume to its author then I wont bother either.
They just used NIS and NFS, and the net effect was pretty much exactly what you describe... Sit down at any machine, log in, and your environment loads exactly the way you left it on the last machine, everything's safely backed up at the server end, and the client machines are pretty much disposable and interchangeable, and so on. Only difference if you're not farting around with virtual machines... ie. you're not quite as "cutting edge" but on the desktops themselves, don't you want a more proven system? So why wouldn't you just do the same thing, and use said proven, if something of a pain to administer, system?
As an alternative to NIS, Netinfo does much the same thing, only it wasn't designed by people quite so sadistic as NIS. You'd still be using NFS though...
cya,
john
Imagine all the people...
An "unsupported configuration"...
In Soviet Washington the swamp drains you.
"You lose 3D, sound, and most of them run a bit slower than native."
Not quite true. Yes, with the 3D. But the two main players (VMware and VPC) both support sound, and VMware even USB 1.1 passthrough.
With the thin-client option, Microsoft Terminal Services (if you're on a windows platform) has good scaling capabilities. Though it might not go into the hunderds or thousands, it should get you into the high dozens. Since most of the microsoft tool's dlls are loaded and shared between the clients, it has pretty good performance.
For linux, while SSH is always a favorite, look at NX-Servers (http://www.nomachine.com/ and http://freenx.berlios.de/) which is like X-forwarding with compression and caching.
It'll be difficult to have a fully virtualized solution. Going with thin clients, or a pxe-served image would be a more viable solution (no matter how beefy your servers and fast your network).
hmm, i used linux debian on this setup, with a clunky realtek 3189 network card, and my video over the Xv extension of the xserver worked flawlessy, sound came through arts over the net, everything just works.
it's down to the configuration, the network itself can do it.
I'd tell you the chances of this story being a dupe, but you wouldn't like it.
Vmware ACE would probably be a good choice, it allows you to lock down the host hardware, disabling various pieces.
VM's can run off of network shares if you set things up right. Fast network, and you won't see a problem. I have run VM's off mirrored ximeta netdisks over 100meg with NTFS as the partition type, and it worked great, although it was only about 4 machines accessing it at one time. For office apps and such, it's a piece of cake.
I encourage people to use vmware for laptops. Create an encrypted disk with the vmware image that they want to run, then if the laptop gets stolen, you have to decrypt the disk before you can get to the really good stuff. Backups are easy, and it makes if necessary, laptop "sharing" something that you can do pretty easily as well. Multiple shifts can PC share easily as well. It's also easier to fix problems test updates and such by just snagging a copy of the image, and monkeying with it.
Citrix and remote desktop have their places as well.
"there's no 3D, no good audio etc"
These two are often not an issue in corporate environments though.
Sure, some exceptions depending on what kind of work you do, but still exceptions.
Beware: In C++, your friends can see your privates!
In every single case I've ever seen of being "constantly plagued by malware/spyware/etc," it was someone who was doing it to themselves. They were constantly stealing music, downloading porn or otherwise being stupid about their online activities. They didn't have automatic updates set, or were ignoring the stupid bubble that says they had updates waiting to be applied. They weren't running decent AV, probably never scanned their machine for spyware and so on.
And yes, I'm blaming the victim. While there *should* be sense in saying that you ought to be able to walk anywhere without fear, if you keep going to drug-riddled areas downtown and getting mugged, then STOP GOING TO THOSE AREAS. Learn to take some responsibility for your own damn habits and learn a bit. You change the oil in your car and give it the occasional tune up... why not the same to your computer?
Everytime I hear this it amazes me how unrealistic this line of reasoning really is. The essential statement is that, since there was a way to prevent the problem, the onus is on the user to "know what to do" because they are obviously "ignorant". It's like returning a broken hammer to the hardware store only to be told you "shouldn't have hit something so hard". Have you considered that the real problem lies in allowing vendors to completely avoid liability for their mistakes? Perhaps the lack of an economic incentive to make a good product has created the environment where this is possible?
From a practical perspective, telling college students not to download music, to avoid MySpace, and to not download seemingly harmless things like Screensavers and Wallpaper is about as effective as the rhythm method. Sure, they're "sinners" with their pr0n and their music. How dare they? They get what they deserve by using a computer on the internet to download the information they want. That's a sin to be sure. It's strange how that apparently makes them culpable for systematic, intentional, and malicious exploiting of their computers. Of course, the long-term social effects of corporate self interest manipulating law and public opinion to create stigma in their economic interest is beyond the scope of a Slashdot comment.
Back to the technical issues. Understand that a lot of malware immediately turns off ActiveX security. They leave the door wide open behind them. In your perfect world, not only does every user have to be perfectly responsible and knowledgable, but they also can't make even a single mistake--since this basically leaves them wide open (i.e. it doesn't ask, just downloads and installs any application that asks) in many cases.
Similarly, there is no safe site. A vast majority of the web is ad sponsored. A single malicious banner ad can catch millions (the recent MySpace incident for example). Expecting every user and every advertising company (with possibly tens of thousands of ads) to not ever make a single mistake is unrealistic as it is lazy. The web can be secure if people would put the effort into getting secure systems developed and into place instead of blaming security problems on the sinners.
Ironically, one of your "solutions", Antivirus Software (a.k.a. stopgap measure or snake oil depending on your inclination), is probably the reason things are as bad as they are. Rather than closing holes, AV just stomps the critters that run in through them. If users had insisted on fixes and security rather than installing Norton Antivirus (and considering it "fixed", things probably wouldn't be nearly so bad as they are. It would also be nice if the economic disincentive for insecurity would lie with the vendors where it belongs, not with each and every user.
People don't realize it, but this is really an old misconception. Make something illegal, and its sources become disreputable. This then reinforces the belief that it's inherently bad. My issues of concern are software licensing, patents, and copyright reform. I'm sure the same argument could (validly) be made for marijuana, prohibition, and prostitution.
Of course we've got a double-whammy with software security. Not only are the sinners browsing seedy sites, there is also no one responsible for protecting them (since the vendors have all licensed their cares away).
I think Mauve has the most RAM. --PHB (Dilbert Comic)
That doesn't make sense. VMware should provide exactly the same virtual hardware to the guest no matter what physical computer you run the image on. In fact, that is one of the biggest selling points for VMWare.
Are you creating the VMware image FROM the Dimension 620, or running a fresh "virtual" install of XP?
-matthew
"THERE IS NO JUSTICE, THERE IS ONLY ME." -Death