Cisco VXI – Desktop Virtualisation

VMworld 2011 Session #SPO3989

Optimised Infrastructure for Scaling VMware View

Stacey Goldsmith

October 2011

What about voice and video?

What about security?

How can I scale my View environment?

How can I simplify my Data Centre?

WAN WAN Branch Branch Router Internet Firewall Firewall Switch Router Edge

SLB Data Center Internet Internet View Core Layer Router Security View Client

Servers Aggregation Layer Remote Access Firewall

Server Load Balancing

Network Management

Access Layer Compute/SAN

VMware vSphere View Connection View Agents Environment Servers

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3 Data Centre Considerations • Desktop Density • Data Centre Architecture Simplification • Infrastructure Scalability Network Considerations • Desktop and Network Security • Server Load Balancing and Connection Optimisations • Best Practices Endpoint Considerations • Rich Media: voice and the hairpin effect • Tablet‘s in the Workplace • Workspace Power Management – Power over Ethernet

• VDI has lots of puzzle pieces which impacts • integration and testing • engineering • troubleshooting/operations • time to service • costs • Scalability – starting small and growing estate • Challenging ROI

• Greater virtual desktop density w/o performance impact

• Simple Operation—start in minutes, scale in seconds

• Massive Scalability—scales easily to 1000‘s of desktops per UCS system

• Extended memory and I/O to avoid desktop

virtualisation bottlenecks Memory • No 3 WW Blade Server Shipments

CPU • 7400+ Unique Customers

Unified Fabric • 44+ World Records (FCoE)

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6 Single Management Domain • All chassis and servers physically connected via inherent 10GB low- Mgmt LAN SAN A SAN B latency Fabric • IO is consolidated through a pair of fault resilient Fabric Interconnects • Wire-once for bandwidth • Policy-driven bandwidth allocation • 1/10GB lossless ethernet, Fibre Channel over Ethernet (FCoE), Native Fibre Channel

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7 Single Management Domain • Service Profiles - similar to VMware Tightly Coupled Existing Partner Management Tools Management Tools VMX CFG files but for bare metal servers XML API Traditional APIs • Contain over 100 pieces of configuration e.g. BIOS, WWN, MAC, QoS, etc. • Rapid provisioning through cloning and templates • Also contains Firmware

Service Profile: OracleVDI-ESX Network: ORAVDI-VLAN-VLAN Network QoS:: HighHigh MAC: 08:00:69:02:01:FC WWN:: 20:65:32:25:B5:00:A4:28 BIOS: Version 1.03 Boot Order: SAN, LAN

Xeon 5600 Xeon 5600

12 DIMMs 18 DIMMs Highest Performance Lower Performance x Highest Cost x Lowest Cost

Cisco UCS With Extended Memory

Xeon 5600 Xeon 5600

48 DIMMs Highest Performance Lowest Cost

1000

800

600 # virtual desktops virtual # 400

200

0 1 4 8 Desktop Profile UCS Blade Profile • Windows 7, 32bit UCS Blades • B250 M2 • 1.5GB RAM • 192GB Memory • 1vCPU • Dual Xeon 5680 CPU

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11 2,000 Unified Fabric switch ports DC Infrastructure required for 3,000 users Internal SAN switch ports 1,800 Internal LAN switch ports 60 – 70% Less EOR SAN switch ports 1,600 components to procure,

install, configure, power, EOR LAN switch ports

1,400 cool, monitor, repair, Racks dispose . . . Uplink cables from TOR SAN 1,200 TOR SAN switches TOR SAN switch ports 1,000 Uplink cables from TOR LAN TOR LAN Switches 800 TOR LAN switch ports SAN uplink cables to EOR SAN switch 600 number of components of number ports LAN uplink cables to EOR LAN switch ports Cisco UCS 6100 Series Fabric 400 Interconnects Cables from fabric extenders to interconnects 200 Cisco UCS 2104XP Fabric Extenders Uplink cables from integrated SAN 52 52 32 0 Integrated SAN switches Conventional Conventional Cisco Unified Rack Servers Blade Servers Computing System

• Provide in-depth details of configuration and testing for end-to-end solution including hypervisor, broker, anti-virus, user virtualisation, storage array, storage optimisation, compute, network, end-points, security, WAN acceleration and more

What about voice and video?

What about security?

How can I scale my • Compute platform that scales to 1,000‘s of desktops View environment? that can address high density cost effective memory

How can I simplify • Dramatically reduce DC infrastructure. Pre- my Data Centre? integrated system reduces integration issues.

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14 Data Centre Considerations • Desktop Density • Data Centre Architecture – Simplification • Infrastructure Scalability Network Considerations • Desktop and Network Security • Server Load Balancing and Connection Optimisations • Best Practices Endpoint Considerations • Rich Media: voice and the hairpin effect • Tablet‘s in the Workplace • Workspace Power Management – Power over Ethernet

• Security policies not extending from VM to end-point

• Lines of administration blurring between Network and Server administrators.

• Approximately 40 percent of desktop virtualisation evaluations or deployments are driven by the desire to improve security. How can I ensure security at all levels?

• Secured Shared infrastructure.

• Any device, Any where, Any time

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16 Rogue VM: Send ARP to Rogue VM: Rogue VM: Rogue DHCP Announce VM Change/Add Change/Add IP Server Location MAC Address Address

VM VM VM VM VM VM VM VM VM VM VM

VMotion

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17 Rogue VM: Port Security IP Source Guard Send ARP to Rogue VM: Rogue VM: Rogue DHCP Announce VM Change/Add Change/Add IP Server Location MAC Address Address

VM VM VM VM VM VM VM VM VM VM VM

Nexus 1000V DVS

VMotion

Dynamic ARP Inspection DHCP Snooping

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18 Server Zones Portal Records Database Application • Secure segmentation with zone-based Virtual Security Gateway (VSG) firewall • VM-level granularity HVD Zones with context-aware

IT Admin Assistant Doctor Guest rules • Allow connections from End Point and VDI Services • AD, DHCP, DNS, Brokers and Applications Network • Block‘s VM to VM connections (default) iT Admin Guest Doctor

• Extensive range of supported devices • Windows, Mac and Linux • Apple iOS 4+ - iPhone, iPad • Cisco CIUS, VXC • Google Android • Samsung Galaxy • HP webOS and Palm • Nokia

• Cisco Nexus 1000V and Cisco Healthcare Portal Records Database Application Virtual Security Gateway protects the virtual environment within the data center.

• Cisco ASA 5500 Appliances (ASA) Nexus 1000V and Virtual Security Gateway secure the data center to defend HVD Zones against threats and unauthorised access IT Admin Assistant Doctor Guest

• Cisco AnyConnect Secure Mobility Solution (AnyConnect) establishes trusted access between the client and the data center ASA

• Cisco ScanSafe offers Cloud Security (SaaS) with Secure Split Network tunneling

IT Admin Cisco AnyConnect

Doctor Guest

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21 The Cisco Application Control Engine (ACE) provides detailed health monitoring and load balancing functions for the Web Front End/Connection broker

Mobile Cisco ACE Teleworker Virtual IP View View Connection Clients Servers ACE Load Balancer

Thin Client

Cisco ACE supports Multiple Device Contexts – reducing the number of load balancing devices

Branch Office End-users could see pixelization as media is rendered from the data centre Branch Router

Increasing bandwidth Data Centre might not help

Campus

End-users may not experience pixelization on LAN

View 5 radically improves ―Bursty‖ traffic and bandwidth profile with unpredictable packet Capacity planning PCoIP arrival can have significant impact on user experience Depends on workload, display protocol, other End-to-end QoS features (USB, etc.) Dependant on protocol and tunnel mode (TCP vs Not every connection UDP) yields the same Path optimisation consumption rate

Tunnel mode connections View 5 improves resiliency make View sessions ‗look‘ WAN optimisation like browser traffic

What about voice and video?

• Virtualisation-aware networking can provide superior What about security? security end-to-end

How can I scale my • Compute platform that scales to 1,000‘s of desktops View environment? that can address high density cost effective memory

How can I simplify my • Dramatically reduce DC infrastructure. Pre- Data Centre integrated system reduces integration issues. architecture?

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25 Data Centre Considerations • Desktop Density • Data Centre Architecture – Simplification • Infrastructure Scalability Network Considerations • Desktop and Network Security • Server Load Balancing and Connection Optimisations • Best Practices Endpoint Considerations • Rich Media: voice and the hairpin effect • Tablet‘s in the Workplace • Workspace Power Management – Power over Ethernet

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26 • A large percentage of desktop virtualization pilots are stalled due to a poor user experience with real-time and streaming rich media

• Real-time rich media applications are sensitive to latency and jitter

• Hair pinning effect can make unnecessary use of infrastructure resources competing with production traffic

• Managing end points need to contribute to the overall green-agenda

• Controlling and securing tablets

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27 Solution Data Centre The Hairpin Problem • Keep media flow outside of Virtual Desktop • Voice/Video in the display Display Protocol protocolDisplay MediaProtocol flow goes all the Media Flow Endpoint way back to data centre and • backProvide local client-to-client streaming of video / voice • Heavy processing on virtual desktop in data centre Signalling Signalling Benefits (SIP) (SIP) • Bandwidth explosion Cisco Media • Bandwidth reduction Unified Flow • Display protocol and possible Call WAN endpoint become unstable Manager • Reduced processing in data Signalling Signalling • Usercenter, experiences increase inlatency VM blade and (SIP) (SIP) jitterdensity

• High quality voice and video Endpoint Media Flow Display Protocol • Network handling real-time data (QOS, CAC) Virtual Desktop

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28 . Converged endpoint for voice, video, data . Monitor, keyboard and mouse applications and virtualisation connections to deliver the complete . Supports VMware View desktop experience . Similar provisioning to IP Phone . Android application ecosystem . Wireless and 3G/4G support

Open Cisco Certified Bus IT Selected Apps & Apps Control

Innovative Application Deployment Options Apps Management with Security and IT Controls

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30 • Power Thin/Zero and IP Phone Endpoints from the network • Manage and optimise network power consumption via Energywise Management Platform • 60W UPoE leadership – Power Monitors from the network

What about voice and • Rich media applications have specific requirements and the network must allocate proper resources to video? guarantee user experience

• Virtualisation-aware networking can provide superior What about security? security end-to-end

How can I scale my • Compute platform that scales to 1,000‘s of desktops View environment? that can address high density cost effective memory

How can I simplify my • Dramatically reduce DC infrastructure. Pre- Data Centre integrated system reduces integration issues. architecture?

Desktop Cisco VXI Virtualisation End-to-End Architecture VMware View Rich Media/UC VMware ThinApp Security vSphere Application vCenter Acceleration

POE / EnergyWise

Microsoft OS Cisco Clients Cisco Collaboration MS Office Applications Branch Cius Business Tablets Desktop Virtualisation Software CDN

Hypervisor

WAAS Virtual Si Cisco Virtualisation Unified CM ISR Access Experience Clients Nexus switching w/PoE Thin Client Ecosystem Virtual Quad WAAS

ACE

End-to-End Security, Management and Automation © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35 Consider the entire end-to-end architecture • QoS, Security, Scalability, Provisioning, User Experience and Simplification You probably already have most of what you need • But following best practices will help you get the most out of your existing infrastructure View works well over WAN and LAN • Understand network usage for best results Voice and Video support is no longer optional • Network design must support rich media features

and continue to innovate together and deliver the value of desktop virtualization

Demos • Unified Computing System • Nexus1000v with vCloud Director • Cisco VDI/VXI • Virtual ASA • UCS Express • Virtual Workload Mobility across DCs • Cisco Intelligent Automation for Cloud Cisco Validated Design Clinic

http://www.cisco.com/en/US/nets ol/ns1136/index.html

VMware View Network Considerations and Best Practices (VMW bootcamp) http://communities.vmware.co m/community/vmtn/desktop/vi ew/bootcamp/video_3 Cisco‘s Virtual Experience Infrastructure (VXI) homepage

http://www.cisco.com/go/vxi