to ClearCube Discussion

Discussion on Migration Strategies from Sun Ray Platforms to ClearCube CVDI Q2_ 2014

CORPORATE HEADQUARTERS 3700 West Parmer Lane Austin, Texas 78727 512.652.6500 www.clearcube.com

1 © 2014 All Rights Reserved ClearCube Technology, Inc. Sun Ray to ClearCube Discussion

Virtualization orphans – from Sun Rays to VMs to Linux users

Orphans are sad subjects. Seeing people suffer the feeling of abandonment, of being left out, ostracized from the mainstream, can tug at your heartstrings.

…if you are one of those agencies, At ClearCube, in working with various desktop virtualization projects, often we are departments, or branches using Sun confronted with people who are treated as orphans through no fault of their own. Rays or the Linux OS for workstation One example is the Sun Ray user population that runs X Windows desktop session on applications, and you are looking for Sun/ servers. A portion of this population is bonded to applications that a way to greatly improve your security profile and users’ experience only run on a Linux operating system. Popular VDI platforms such as VMware Horizon by changing the hardware paradigm View and Citrix XenDesktop are designed to virtualize Windows machines only; to a virtual desktop approach, look therefore, virtual Linux PC environments are not good candidates for a pure VDI host to ClearCube. platform migration. Another orphan example is the physical PC Linux workstation user community that has been excluded from desktop virtualization migration paths. Their physical PC machines, located at their work areas, are typically very powerful, with high end GPUs, running specialized and sometimes proprietary desktop applications that were developed for the Linux operating system. Where do these users intend to migrate to meet virtualization initiatives to increase desktop security, reduce power consumption, and lower management costs? While their co-workers excitedly prepare for the migration from traditional distributed PCs to virtual desktop infrastructure using secure stateless zero client end point devices, Linux physical and virtual workstation users wait and wonder on the sidelines about their options to improve their situation. A third group of orphans consists of Sun Ray desktop users that use Remote Desktop Protocol (RDP) to connect to Windows Terminal Services. These users see their VDI counterparts having full control over their desktops and running every kind of application without problems. How can they achieve those levels of flexibility, high availability and reliability too? You may be surprised to know that there are a lot of these orphans. You may be one of them.

All is not lost…

There are paths to the future. If you are one of those agencies, departments, or branches using Sun Rays at the desktop and/or Linux OS workstation applications, and you are looking for a way to greatly improve your security profile and users’ experience by changing the hardware paradigm to a virtual desktop approach, look to ClearCube. We have organized information in this White Paper using actual customer scenarios that have very different circumstances involving Sun Ray desktops, X Windows desktops from multiuser Linux virtual machines, distributed Linux/Solaris physical PC machines, and Windows Terminal servers.

2

Sun Ray to ClearCube Discussion

One of these scenarios may describe your challenge to move toward more robust graphics environments or more highly available services or better managed, more secure desktops while protecting as much of your software and security investments as possible. Migration Paths for Sun Ray Environments What’s the best migration path for Thousands of customers own Sun Ray Client hardware and Oracle Virtual Desktop customers currently using Sun Rays? Infrastructure. Oracle announced an End of Life for those products with a last order date of February 28, 2014 for Sun Rays and an End of Support sometime in 2017. In defining our migration goals we kept the following points in mind: 1. Improve the user experience 2. Maintain or improve the desktop security profile 3. Increase the number of users supported by existing server hardware 4. Provide better support for power users needing GPU performance 5. Accommodate scalability easily

Every customer situation is different. Some may be using Sun Rays to display a Windows desktop environment using RDP; others may display an X-Windows desktop on the Sun Ray. The host software may be Oracle Virtual Desktop Infrastructure or it may be Solaris. Some may have NAS storage; others may have SAN storage. However, there are commonalities among all Sun Ray existing sites. All Sun Rays customers have adopted the concept of a Virtual Workspace running on a shared server platform. They have centralized their computing and storage resources. They have removed PCs from the work areas and replaced the PCs with devices that deliver Windows terminal services or X-11 desktops to their users. None are capable of running demanding graphics applications. All have network bandwidth configured for thin client deployment. Few have access to more than two displays. Most enjoy the ability to easily pick up a session where they left off at a different All Sun Rays customers have adopted location. the concept of a Virtual Workspace running on a shared server platform We have separated the use cases into four scenarios to reflect the circumstances and with centralized computing and options that are unique to each: storage resources.

Sun Rays at the desktop; lightweight Linux applications; Scenario A Solaris/Linux X Windows sessions from a multiuser server

Sun Rays at the desktop; lightweight and heavyweight Linux

Scenario B applications; Solaris/Linux X Windows sessions from a multiuser server and dedicated physical PC machines Sun Rays at the desktop; lightweight Windows applications; Scenario C Windows Terminal Services

Sun Rays at the desktop; combination of Windows applications Scenario D and Linux applications; Windows Terminal Services and X Windows sessions from a multiuser server

3

Sun Ray to ClearCube Discussion

Scenario A Compelling change agents Add high availability to the set of required deliverables Create scalable platform that embraces “future proofing”

Scenario A (Figure 1) is the simplest of the four scenarios discussed in this White Paper and the most challenging from a migration sense. The established design used Sun Rays connected to servers running X Windows sessions on a multi-user Solaris server. The applications used were simply to administer test suites. This customer had no compelling change agents such as the need to support new high resolution graphics applications or additional Windows applications to tempt him to move to a more robust processing level. So for a long time, the Sun Ray solution was perfectly satisfactory. However, that level of comfort in Scenario A took on a radical change when the need for distributed sites with high availability was mandated by the Test Command. Additionally, the system architect was asked to defend the “future proofing” of the Sun Ray design to handle additional test requirements that will arise over the next three year period. Here is a summary of a conversation we have had with the Sun Ray administrators: “We like Sun Rays because of their small footprint in the classrooms. We use Sun Rays to administer skill tests to our community. The tests are stored on an Oracle database, and the systems are distributed at various bases across the USA. We planned redundant Solaris servers because a failure during the test process could be career-altering, and not in a good Figure 1 - Scenario A (Existing) way; however, even with a secondary server, test work in process could be lost if the primary server goes down and the session is lost. Regardless, we doubled-up the servers at many locations but we still weren’t comfortable with the architecture for the long haul.”

In this case, improving the HA aspect of this project merited a look at a similar but more robust ClearCube SmartVDI architecture that involved a more cost-effective approach as well. Willingness to implement Windows VDI The important thing to note is that this customer had developed their test suites for both Linux and Windows environments and had the flexibility move from Linux to a Windows VDI platform (SmartVDI) to meet the high availability criteria (See Figure 2). SmartVDI architecture is based on VMware ESX hypervisor and Horizon View VDI components that generate up to 100 linked clone virtual machines on a single SmartVDI Series 100 system. Zero Clients replaced Sun Rays at the desktop. Existing ESX servers were used to host the Oracle database that contained the tests and VMware HA software components. Rather than double up servers at 50 locations, ClearCube’s architecture placed one primary SmartVDI server at each site connected to 30 Zero Clients in each classroom. A WAN route was established to a centralized group of

4

Sun Ray to ClearCube Discussion

SmartVDI systems at the Test Command headquarters, with an active-active set of linked clone VMs established at the backup site. In the event that the primary server fails, users are able to connect to a redundant VM across the WAN connection. The people taking the test re-connect and resume their test-taking with no loss of information. The WAN link provides adequate performance because the test environment is not very demanding from a graphics or processing perspective. The cost savings bonus is that a large percentage of the site-by-site backup server hardware could be eliminated. The design is scalable at the distributed locations as well as the disaster recovery hub site. If the number of users increases, more SmartVDI compute nodes can be added. If the testing suite adds graphics demands, a GRID adapter and CPU offload adapter can be added to the SmartVDI host systems. When it came to defending the “future proofing” of the design, the network architect cited the number of VMware VDI adoptions and implementations that are taking place across the DoD.

Figure 2 - Scenario A (Migration)

Figure 3 – Scenario A HA Option

5

Sun Ray to ClearCube Discussion

Scenario B Compelling change agents Maintain ability to support proprietary “home grown” Linux applications and add capabilities to support Command Post of the Future (CPOF) and Visio graphics applications Do not jeopardize security by eliminating the stateless nature of the installed Sun Rays Try to keep the collaborative nature intact for the designers

Similar to Scenario A, the established design of Scenario B (Figure 4) used Sun Rays connected to servers running X Windows sessions from a multi-user Solaris system. However, unlike Scenario A there was no flexibility to move to Windows VDI because the designer had clearly defined restrictions forced on him by proprietary Solaris and Linux applications dependencies. In Scenario B, new 3D graphics requirements to run Visio, Google Earth, and CPOF overwhelmed the capabilities of the shared Solaris session environment. The network architect also wanted to eliminate the complaints from Visio designers using Sun Rays so he had to change architectures. Here is the summary from conversations with the Sun Ray administrators: “My application needs changed. There were new requirements to run Visio on the Sun Rays that were connected to virtual machines but when we tried, we failed. You try moving the icons and they jerk across the screen and you hope they land where you want them to but it may take 30 seconds to get a screen response. I wouldn’t dare try to run Google Earth and CPOF battlefield simulation software but the requirement to do so is coming up. There are growing graphics Figure 4 - Scenario B (Existing) demands that cannot be met! We have a subset of users that run seismic analysis tools that need high resolution output to see the fine geospatial lines produced from the program. I had to move them to dedicated PCs.”

“We run Linux programs and the way we have found to address the GPU needs is to run them on distributed PCs at the analysts’ desks. We loved the Sun Ray footprint and the lack of hard drive, but now we’re back to depopulating hard drives from the PCs every night and locking them in the vaults for security reasons which takes a lot of time and manpower. The Sun Rays were quiet and these machines are loud. And we gave up the ability to have our people move to different work areas and access their work from any Sun Rays.”

To preserve the native Linux environment and diskless, secure, small desktop footprint, and deliver the graphics performance for the Visio and seismic analysis tool software, the customer used ClearCube Blade PCs for

6

Sun Ray to ClearCube Discussion

Solaris/Linux operating system compatibility and datacenter centralized management and small footprint, low power consumption, noiseless zero client end points.

Although the network administrator lost the ability to support multiuser Linux sessions with Sun Rays, he had already given up that battle because of users’ complaints about performance. To meet the graphics needs, he originally concluded that his better choice was to go back to placing physical distributed PCs at each work area to run the software for seismic analysis, and Visio, but his compromises involved increased security risks, increased labor costs in removing the hard drives every night, increased noise/heat in the work areas, and the loss of being able to have his designers collaborate by moving and working from other work areas.

Moving from distributed PCs to Blade PCs

Moving to Blade PCs and zero clients became his best choice. Blade PCs improved his users’ experiences in a number of ways. The Solaris operating system was no longer shared by multiple users. By using a Blade PC, a CPU/GPU was now dedicated to each user. That user had full access to the Blade PC’s available processor, memory, and GPU. The GPU can be quite robust, capable of high end 3D rendering. Yet, because the Blade PC ran Linux, existing Linux-specific programs executed, and they executed faster.

Where before a Sun Ray client connected to its server in the data Figure 5 - Scenario B (Migration) center, now a ClearCube zero client has its session brokered to its Blade PC in the data center. The brokering capability delivered a similar capability as Sun Ray’s hot-desking, allowing the users to connect to their resources from various locations.

Zero Clients benefit from PCoIP protocol that is highly optimized to reduce network traffic. Therefore, with Sun Rays where the designer was limited to two displays, now with Zero Clients up to four displays are supported. Where resolutions once topped out at 1920x1280 on Sun Rays, they expand to 2650x1600 on zero clients. Hardware accelerated PCoIP supports 60 frames per second at the zero clients so streaming video and host- rendered graphics with hardware compression do not suffer from latencies or impact other users. By eliminating the distributed Linux PCs that contained hard drives from the work area and replacing them with ClearCube zero clients, they restored the desktop security they previously had with diskless Sun Rays. The added benefit they realized was that distributed patch management typically needed at the desktop on Sun Rays was eliminated. Unlike Sun Rays, Zero Clients are intended to be multi-generational, so patches are only needed on the host OS and could be applied to the centralized Blade PCs in the datacenter within the control and schedule of the network administrator.

7

Sun Ray to ClearCube Discussion

Scenario C Compelling change agents Windows session spin up and tear down has to have guaranteed anonymity and identity destruction Users need to have CAC authentication like on their Sun Rays Improve the management of clustered server resources

In some Sun Ray environments, X Windows sessions are not used at all (Figure 6). Instead, the Windows desktop is hosted on Windows Terminal Services and delivered to the displays via Remote Desktop Protocol (RDP). These Sun Ray users running Windows Terminal Services may be more likely candidates for migration to Virtual Desktop Infrastructure (VDI) architectures because unlike a dedicated 1:1 PC experience, these users are accustomed to a shared session host platform delivering Windows desktops to their displays. Scenario C was a military training center that had 800 Sun Rays connecting through their Sun Ray Solaris servers to 17 other servers running Windows Terminal Services and RDP. Each user CAC’d in to the Sun Rays when they wanted a desktop. Here is the summary from conversations with the Sun Ray administrators: “We were experiencing daily lockups and intolerable slowdowns when our training sessions had even moderate attendance, even with minimal graphics requirements. Sometimes we would get a scheduling conflict where another regiment shows up and we’ve got to support twice the capacity at once and that was a complete mess. Our students were frustrated because their sessions were dropping and they were losing their test submissions; our administrators were frustrated because we didn’t have enough horsepower to satisfy the Figure 6 - Scenario C (Existing) users. We couldn’t manage this environment. We had to find something that works.” The migration path to VDI from Terminal Services is a natural one because both share a similar “big iron” host platform needing high end server processors with a lot of memory. Distinct parallels can be drawn between VDI and traditional Terminal Services solutions. They both place many user desktop sessions on a single server or set of servers and they both use the similar protocols to deliver those sessions to thin or zero clients. Both offer centralized desktop management tools.

VDI is much more than Terminal Services

But the similarities end there. A Terminal Services environment places all user sessions on the server OS itself. This means that a single instance of Windows Server 2008 is installed on a bare-metal server, and all users log into that server instance. Each user session is presented with its own desktop, but each session runs alongside all the other sessions on that particular server. This means that although an individual desktop is presented it is not a traditional desktop because the operating system is a Microsoft server OS, not a workstation OS. The user is not the only person running processes on this particular system – many other users may be logged in running Word, Paint, AutoCAD, Minesweeper, etc. The user 8

Sun Ray to ClearCube Discussion

has his desktop and applications, but inside that same OS other people are also doing things. There is limited isolation so as one user does something it can greatly affect other users in the environment. If the DLL from one application is newer than the DLL of another application, a potential problem arises. If one rogue application decides to freeze the system, everyone is affected. Think of this like a big cruise ship where many people are milling around. Everyone is doing his own thing in a shared setting, but if salmonella hits the buffet, everyone is sick. The migration path for Sun Rays connected to Windows Terminal Services for this customer was to move to ClearCube SmartVDI, which consists of best-of- breed components using VMware software for the VDI foundation (See Figure 7). In a VDI implementation, the server runs a hypervisor, not a full OS, and hosts some number of desktop VMs. The end effect is that each method places multiple desktop sessions on the server, but the manageability of those sessions differs significantly. For instance, with Terminal Services, there is no way to snapshot a session like with a VM, nor is there a way to migrate active sessions from one physical server to another. This means all users must log off of a Terminal Services server before it can be taken down for maintenance. With VDI, all of the active desktop sessions on that server can be migrated to other servers in the farm without disruption. The server that normally hosts all those VMs could be taken down for maintenance without anyone knowing. Indeed, as with any advanced virtualization infrastructure, it is possible to completely rebuild the entire underlying physical server structures without taking a single application offline or interrupting a single user. This was important in this location because there was a constant ebb and flow of students to serve from a cluster of servers. Further, load-balancing is intrinsic to a properly implemented VDI solution. If one or more desktop VMs are Figure 7 - Scenario C (Migration) using significant resources on one host system, other VMs on that system may be migrated on the fly to other physical hosts, ensuring that all the desktops have enough resources to go around. In traditional Terminal Services environments this is not possible; a single heavy user session can negatively impact other sessions on the same server without any automated remedy.

SmartVDI using VMware Horizon View

In a SmartVDI environment, it is possible to institute hard and fast resource limits to any user session simply by defining the resources of the desktop VM. With VDI every user has his own OS, his own memory, his own virtual hardware. Technically the only thing they are sharing is how much time they have access to a physical resource (CPU, Memory). Think of this like a big cargo ship with shipping containers. The container holds a different thing and does not interfere with other things, but uses the common infrastructure (the ship) to move along. By running linked clones on the SmartVDI set up, sessions were spun up and torn down dynamically with complete anonymity. ClearCube Zero Clients have integrated CAC card readers, so the users’ authentication procedures were the same as with using Sun Rays. And most importantly, management of the environment improved immensely. For “future-proof” justification, selling the idea of VDI up the chain of command was easy because Federal CIOs are mandating VDI initiatives and the IT industry as a whole is moving rapidly toward VDI and away from Terminal Services for all the reasons previously noted.

9

Sun Ray to ClearCube Discussion

Scenario D Compelling change agents Use stateless end points for both virtual and physical host machines

Address all use cases – task, knowledge and power users

Scenario D is a heterogeneous mix of all the previous scenarios. Although Sun Rays are common at the end points, what they connect to may include X Windows sessions and Windows Terminal Services. The migration path for these customers is to a Centralized and Virtualized Desktop Infrastructure (CVDI). From the same homogeneous ClearCube zero clients, connections are brokered to physical (Blade PC) and virtual (SmartVDI) host resources. That way all use cases for task, knowledge, and power users are satisfied using a common desktop platform.

Please contact ClearCube for more information about how we can help you migrate to future-proof VDI (SmartVDI) and quasi-VDI (Blade PC) zero client architectures that will deliver the benefits offered by stateless Sun Ray desktops – plus a whole lot more!

Figure 8 - Scenario D - (Existing)

10

Sun Ray to ClearCube Discussion

Figure 9 - Scenario D (Migration)

ClearCube’s mission has been moving desktops to the datacenter for almost 2 decades. ClearCube has the solutions and the expertise you need to safely journey from your existing Sun Ray infrastructure to a Smart Desktop Solution whether it is traditional VDI or more demanding hybrids like our CVDI (Centralized and Virtualized Desktop Infrastructure.)

11