Finding new ways to manage in a virtual desktop world

Virtual desktops have gone from an interesting idea to a technology agencies embrace in increasingly large deployments. To move to virtual machines, however, requires a fresh look at security, standardization and the skills of your IT employees.

virtual desktop abstract

Virtual desktops have gone from an interesting idea to a technology agencies embrace in increasingly large deployments.

Consider the following: The Energy Department's desktop virtualization pilot has expanded to 500 seats and could grow well beyond that. The Navy kicked off a 7,500-seat desktop virtualization project last year, and the Defense Intelligence Agency (DIA) has installed about 18,000 virtual desktops on two networks so far. That's a significant shift from the small-scale demonstration projects that emerged five years ago.

The technology and deployment methods behind such projects are now well-defined and familiar to IT departments. With application virtualization, an organization streams software to desktop computers, where they run on the locally installed operating system. The virtual desktop infrastructure (VDI) approach, on the other hand, hosts desktops as virtual machines running on a central server. Applications, operating systems and data reside in the data center.

Large-scale virtualization projects often compel agencies to revisit security policies, pay closer attention to configuration management and assess the types of technical expertise they need to have on hand. Therefore, a key consideration for adopters has become virtual desktop administration.

"We are seeing a shift in the skill set and in the experience needed," said Donald Adcock, deputy CIO for energy IT services at DOE.

Why it matters

The fundamental differences between physical and virtual machines drive the need for a new desktop administration regimen. Virtualization moves the key components of the desktop to the server room, leaving little to manage on the client side. Indeed, a zero-client box provides the ability to connect with a desktop-hosting server and not much beyond that. So although traditional PCs required considerable desk-side support, that's not the case for the minimalist hardware devices used in a virtual desktop setting, and the bulk of the management activities thus shift to the server side.

Furthermore, with server-oriented computing, users partake of a shared resource — and that changes the administration game because what a user does on his or her virtual desktop could affect what other users experience on theirs.

"If one person is watching full-motion videos on their particular virtual desktop, it will have an impact on those sharing the same [computing] resources," said Michael Mestrovich, senior technology officer for innovation at DIA.

The agency has deployed slightly fewer than 12,000 virtual desktops on its top secret Joint Worldwide Intelligence Communications System and about 6,000 virtual desktops on its secret network.

Mestrovich said desktop virtualization has enabled the agency's thin clients to support a range of activities, from viewing video shot by unmanned aerial vehicles to participating in town hall meetings via streaming video. But to make virtual desktops work, organizations need to understand the types of applications customers run and how those applications affect the CPU, network and storage resources of the underlying infrastructure.

The fundamentals

Government and industry executives point to a number of administrative issues agencies can expect to encounter when fielding a VDI. One obvious consideration is what types of expertise IT personnel should possess to run a virtual desktop installation.

virtual server graphic

Mestrovich said large-scale VDI administration requires a range of skills and knowledge. IT staffers managing the server side, for example, need to have greater insight into the virtual desktop users' activities and the resulting infrastructure demands. Accordingly, DIA systems administrators working on the back-end VDI now have more of a focus on the customers' endpoints and the applications they might be using, Mestrovich said.

Administrators also need to be much more aware of disk input/output, he added. Indeed, virtual desktop demands on storage can result in bottlenecks that degrade the user experience. For example, thousands of employees arriving at work and simultaneously logging onto their thin clients can result in a boot storm if storage systems aren't designed for VDI.

IT staff, meanwhile, will need to learn how to handle client-side chores remotely while maintaining the same people skills they had when providing desk-side support, Adcock said.

"You really need your personnel dealing with [virtual desktop users] to be people-friendly and people-oriented," he said.

DOE's virtual desktop pilot was originally built to handle 250 seats but has since grown to twice that, Adcock said. The pool of available applications is set to expand as well. The department is currently evaluating its portfolio to determine which applications can be virtualized.

And although server experts might need to study up on user considerations, administrators previously focused on the desktop will need to learn about servers and other infrastructure elements. Wim Coekaerts, senior vice president of Linux and virtualization engineering at Oracle, said administrators must acquire specific knowledge of servers, storage and network capabilities.

They also need to learn about the gold image or virtual machine template. "With traditional desktop management, IT staff can spend a great deal of time configuring individual desktops, visiting an end user's client device to repair it and so on," Coekaerts said. "But with desktop virtualization and its template-based approach, it's easy to clone a specific type of desktop environment, use it for hundreds or thousands of users, and easily replace it if something needs to be changed."

Resources for administrators

Organizations that are putting a virtual desktop plan into action might want to consider the following tools and technologies:

Remote control. These tools let help-desk staffers and systems administrators remotely log into a virtual desktop to troubleshoot problems.

Virtual infrastructure monitoring. These tools can help administrators track virtual desktop performance metrics and trace problems back to the data center.

Storage optimization. Specialized software or appliances can boost shared storage and address issues such as boot storms.

That method also applies to traditional desktop computers, but agencies often make exceptions for users with needs beyond the standard configuration. Those agencies end up maintaining multiple images, each of which must be secured and updated. Proliferation, however, can also occur with virtual desktop images if IT departments don't actively avoid it.

"If you don't maintain some kind of control over governance, you will find yourself with the same thing in the virtualized environment," Adcock said. "You will quickly find yourself [with] multiple images that have to be maintained and accounted for and tracked."

IT personnel managing virtual desktops should also take security into account. Ken Liska, a virtualization specialist for NetApp's U.S Public Sector, said organizations might have security policies and systems in place that add overhead and cost but don't provide extra protection for virtual desktops. Some security measures, such as antivirus software, are unnecessary for zero clients because they lack an operating system.

The need for remote control in a VDI setting also has security implications. "Many client security systems are in place specifically to prevent the remote control of a client operating system," said José Padin, a systems engineer manager at Citrix Systems. "VDI...is inherently about remotely controlling the virtual client operating system. The two systems are diametrically opposed."

To remedy that issue, most security systems provide the means to "containerize" client operating systems and apply different security policies to each container, Padin said. Host-based intrusion-prevention systems, for instance, can be configured to permit remote control for virtual desktops while preventing remote control of a physical endpoint.

The hurdles

The task of getting everyone up to speed on the new environment could prove the main obstacle to effective virtual desktop administration.

"These are newer technologies, so the agency skill varies depending on how long the agency has used this technology and how far into the process they have gone," said Jim Leake, vice president of the end-user computing portfolio at Unisys. "For agencies just exploring the concept, the learning curve can be steep."

Virtualization vendors offer help in that regard. Mestrovich said VMware, Citrix and Microsoft all offer courses that focus on virtual desktop administration skills. Technical certifications are also available. Citrix, for one, offers a certification program for its XenDesktop 5.

In addition to sending people for training in VDI, DIA also looks for people — both contractors and federal employees — who have experience and certifications in virtual desktops, Mestrovich said.

In addition to systems administrators, help-desk employees should be included in virtual desktop training. Help-desk personnel need to be aware of the hosting infrastructure and desktop provisioning technology to do their jobs effectively. Liska cited a case in which the support staff was left out of the education loop and, as a consequence, ended up troubleshooting virtual desktops as though they were physical machines.

Virtual desktops add to the complexity of the triage stage from the help desk's perspective, Leake said. When users call in to report that their machines have become sluggish, there are several elements to consider.

"The help desk must determine if the issue is being caused by a thin client, the network, the hosted machine or the app," Leake said.

The good news, he said, is that the fix is typically easier to apply in a virtual setting than it is on a physical desktop.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.