Organizations are increasingly seeking to reap the benefits associated with server virtualization in other areas of the data center. Driven by the need to govern data and application security, despite user demand for “any device, anywhere” access, organizations are focusing on desktop virtualization technology. A reduction in management costs, as well as the ability to close security and compliance loopholes that have been opened by bring your own device (BYOD) trends, provides significant impetus for the majority of organizations considering or making a transition to a virtual desktop infrastructure (VDI).
Although VMware has clearly led the mass migration to server virtualization, Citrix has been a driving force when it comes to virtual desktop initiatives. Given Citrix’s long and successful history of providing enterprises with remote desktop access solutions, its leadership is no surprise. Before the business benefits of desktop virtualization became widely acknowledged, Citrix was at the forefront of desktop virtualization technology.
With the advent of cloud computing, server virtualization, and increased awareness of security challenges, however, enabling remote access to desktops is no longer a simple matter of opening the right ports in a firewall. A more complex web of integrated and interdependent systems is now required, often deployed within a very dynamic and mobile infrastructure. This complexity poses significant challenges to ensuring the performance, reliability, and security of remote access solutions like VDI, not to mention the ability to implement at or under budget.
More than 50 percent of U.S. enterprises are migrating to virtual desktops or are considering transitioning to VDI in the next 12 months, according to new research from Visiongain, which projects the VDI market will reach $11.2 billion by the end of 2012.
Myriad challenges stand in the way of successfully deploying VDI to meet user expectations.
The explosion of devices and delivery channels—from wireless to mobile and home networks—has created challenges unique to remote access architectures. Not the least of these is the need to meet performance and accessibility demands from virtually anywhere and at any time. Integrating VDI with existing security and application infrastructures can result in high procurement and ongoing maintenance costs.
With traditional solutions, each new client and desktop introduces new performance, security, and mobility challenges. For every VDI solution put in place to resolve these issues, the infrastructure and the policies governing VDI delivery grow more complex, more unwieldy, and more costly. Like Citrix, with its traditional and trusted position as a leader in virtual desktop solutions, F5 has long been trusted with the delivery of applications. From the introduction of the Citrix application virtualization, desktop, and cloud solutions, F5 has led the market in delivering Citrix remote and virtual desktop technology. With F5 solutions as part of a Citrix virtual desktop infrastructure, IT staff can meet and even exceed user expectations for performance, security, and reliability while reducing complexity and increasing mobility.
In general, IT exists to support the business. It is on that premise that IT is measured: its ability to meet or exceed business users’ expectations. Not only must an IT department deliver on its charter to deploy applications, it must also ensure availability and performance. Doing so requires IT staff to overcome multiple operational challenges. An infrastructure incorporating the F5 approach to strategic points of control can successfully meet these challenges and measure up to the expectations of business users.
F5 can help overcome five challenges to improve Citrix VDI deployments and help meet the user definition of success:
Of these five key areas, four — performance, security, mobility, and reliability — are directly related to user expectations. By also addressing the fifth challenge, complexity, IT organizations benefit financially and operationally, which indirectly assists with meeting user expectations.
A key metric by which IT is measured is application performance. This is because the performance of an application has a direct and measurable impact on the productivity of its users, which has a direct and measurable impact on the business’s bottom line.
All remote access solutions have introduced new technology, and Citrix is no exception. Its remote access technology has been specifically designed to address accessibility across a variety of heterogeneous platforms, including thin-client and emerging mobile platforms.
When existing security solutions combine with this technology, however, users can experience delays in delivery that reduce productivity and increase frustration.
It’s not VDI itself users hate; it’s the reduced productivity.
Pew Internet predicts that 71 percent of all work will be mobile or web-based by 2020. While the increasing demand for any-time, anywhere access is certainly a driving force behind VDI adoption, security and control over sensitive corporate data is also pushing organizations to adopt strategies that rely heavily on desktop virtualization. These strategies often rely on user adoption of Citrix solutions, which in turn is highly dependent upon maintaining or improving user productivity.
The relationship between application performance, whether virtual or physical, and productivity is fairly easy to quantify by examining business metric key performance indicators (KPIs), such as those for call centers.
Network and application performance affects agent utilization by either increasing or decreasing the number of cases a given agent can manage in a given period of time. If applications are slow or unresponsive, agent utilization decreases, resulting in poor productivity and unacceptable measures of business performance.
The performance of applications remains sensitive to network conditions irrespective of location or form-factor. Citrix application virtualization, desktop, and cloud solutions are no exception. Architectural constraints on Citrix solutions include security precautions that can introduce delay and even disrupt delivery to user devices, ultimately interrupting the flow of business while users struggle with slow or unresponsive virtualized applications.
F5 eliminates the architectural complexity of Citrix solutions by consolidating multiple functions into a single, integrated platform. This reduction in the number of physical and virtual solutions dramatically improves processing and can eliminate potential bottlenecks that are often the source of poor performance.
Support for Citrix’s proprietary remote access technologies is also critical to ensuring performance and availability. The F5 platform not only supports these technologies but implements specific services that can improve performance without compromising on security measures. Organizations can thus ensure corporate data is both secured and delivered as quickly as possible to user devices no matter where they may be located — or what form — factor they may take.
The best measure of labor efficiency is agent utilization. Because labor costs represent the overwhelming majority of call center expenses, if agent utilization is high, the cost per call will inevitably be low. Conversely, when agent utilization is low, labor costs, and hence cost per call, will be high.
A driving factor for VDI implementations is security—specifically a need for the business and operations to centrally manage and control access to application data. VDI addresses this challenge in several ways, primarily with containerization of data and applications through virtualization.
Although computing power on desktops and servers has increased, so has the burden imposed by the stronger security mechanisms required to ensure the integrity of sensitive data. F5 solutions go beyond simply supporting the industry-standard protocols used by Citrix products to secure corporate data. They also improve upon processing to dramatically increase overall performance. When an F5 Application Delivery Controller (ADC) processes these standard security mechanisms, the result is better virtual application performance—and thus less chance of users rejecting virtualization initiatives due to negative effects on their productivity.
New technology always introduces new security challenges, many of which are not always apparent to users.
The convergence of BYOD with VDI introduces new challenges in managing authentication and authorization. Devices may not provide native support for standard identity and access management systems, making integration difficult and frustrating users accustomed to single sign-on (SSO) and easy access. When mobile endpoints are involved, the inclusion of multi-factor authentication is also becoming more common as organizations attempt to implement security controls designed to compensate for a lack of control over client devices.
F5 solutions support a rich set of security services for all applications, including VDI. In addition to delivering integrated ICSA-certified firewall services, F5 solutions protect critical VDI services from being overwhelmed by a variety of traditional and emerging attacks. A unified policy and configuration setup, combined with SSO for all Citrix XenApp and XenDesktop client types, offers users a seamless login experience while simplifying enforcement of corporate access policies. Full support of multi-factor authentication systems and services offers organizations additional options.
Unlike the NetScaler and A10 interfaces, F5’s visual policy editor simplifies policy creation and management and can be easily extended.
End users realize the productivity and satisfaction benefits of allowing employees to use the smartphones of their choice for work, but don’t fully comprehend the extent of the security challenges this creates.
VDI architectures are often unnecessarily complex, which can lead to the benefits of the technology being overshadowed by preventable failures. When an organization follows appropriate best practices and continuously monitors a VDI deployment, its users will enjoy a reliable system that performs as expected. Otherwise, problems can arise.
One key to ensuring the reliability and scalability of VDI architectures is a technique F5 pioneered: persistence. Persistence ensures users maintain connections to their desktop instances. Without persistence, VDI deployments can neither scale nor maintain reliability.
But reliability is more than simply maintaining a connection between the user and the virtual desktop. Reliability requires continuous monitoring of the entire infrastructure — from network to application. When an issue arises, action must be taken immediately. Automatic failover is a best practice that enables continuous delivery even in the face of failure.
F5 solutions include a highly intelligent, application-aware health monitoring system that enables actionable status conditions to trigger failovers, notifications, or customizable events that ensure reliability. This approach to monitoring includes global reliability, since cloud computing is increasingly a critical component of business continuity and disaster recovery strategies. Multi-site reliability is enhanced with the F5 platform due to its heightened application awareness. This awareness provides the critical, real-time health and status data that’s unique to each application and which is necessary to ensure availability and meet user performance expectations.
Scaling an application also requires scaling dependent services such as identity stores, firewall services, and load balancing. Overloading any dependent service can degrade performance and crash systems. F5 solutions provide superior scalability for these services as well as any IP-based service — including logging and audit trail services.
The ability to handle large traffic loads and simultaneously track events is critical. F5® BIG-IP® ADCs, unlike NetScaler products, can log events even at high traffic loads without degrading performance.
F5 can also dramatically improve the scalability of Citrix XenApp and XenDesktop by offloading computationally expensive processing. When applications are required to provide security services and manage connections in addition to their core functions, they can quickly become overloaded. The user experience rapidly degrades as systems consume resources to perform functions that could be performed more efficiently by F5 solutions.
To the user, mobility means seamlessly moving between the office and home and between smartphone and laptop. From the organization’s perspective, mobility also means supporting multiple computing platforms within the data center.
71 percent of respondents think letting employees use the smartphone of their choice for work-related activities somewhat to significantly increases employee productivity.
Fast access to applications has always had high business value. Consequently, SSO is a key component of productivity that benefits both the business and IT by improving security while reducing the number of credentials that must be managed by the user.
Seamless access to applications from both traditional and mobile devices has just as high a value but is significantly more challenging for IT to implement. Challenges arise from the need to support, secure, and integrate so many different devices and systems.
F5 solutions enable greater mobility through flexible and dynamic authentication and authorization services that unify access and identity management across multiple devices, applications, and systems. Unlike other solutions, however, the F5 platform provides consistent and seamless access to all enterprise systems, not just Citrix XenApp or XenDesktop. This comprehensive application support eliminates the need to deploy and subsequently manage multiple VDI-specific components, reducing complexity and the total cost of ownership.
A growing number of enterprises are pursuing a strategy of ‘second sourcing’—deploying a different virtualization technology in a separate part of the organization.
Pre-packaged VDI solutions are often vendor specific, thus introducing the potential for organizations to become locked in to a specific architecture and vendor. This stands in opposition to the current trend toward a dual-vendor approach to virtualization.
Most organizations recognize the benefits of sharing infrastructure across initiatives to both reduce complexity and share costs. F5 solutions provide the same performance, reliability, and security benefits for all IP-based applications, including competing VDI solutions. This enables organizations to pursue a dual or even multi-vendor VDI strategy. Additionally F5 solutions are available in a cloud-enabled form factor with complete feature parity, making them ideal for organizations seeking to realize the benefits of cloud computing in conjunction with Citrix VDI initiatives.
Interestingly, [BIG-IP] APM can support VMware View and Citrix Xen App/XenDesktop concurrently, as well as adding RDP and other technologies to the mix.
New technology often introduces complexity by requiring specific supporting solutions or applications. Complexity increases costs not only in the initial investment necessary, but in management, integration, and licensing.
Citrix XenApp, XenDesktop, and CloudGateway architectures introduce complexity in two ways. The first is in the number of components required to support the solution. The second stems from the need to configure those components. Both increase the time required to deploy the solution and introduce unnecessary risk related to misconfiguration that can derail a VDI initiative.
The first way in which complexity can be eliminated in VDI architectures is through consolidation of services, which enables organizations to eliminate unnecessary components from the architecture. A Citrix VDI solution generally indicates the use of multiple components, each providing critical services. An F5 solution can replace these components, streamlining the data path and drastically reducing the complexity of the implementation.
The use of a single, integrated platform to provide these services simplifies troubleshooting, reduces training costs and time, and improves performance. It also provides a single pane of glass for authenticated users, who can access a consolidated set of applications across the data center rather than only getting a view into Citrix applications.
The resulting single point of control also affords operations centralized authentication and remote access services, eliminating multiple points of entry that can introduce security risks and frustrate users. F5 ADCs can provide in a single solution the same services as multiple Citrix solutions, reducing management overhead by eliminating multiple administrative consoles.
One thing that all appliance-based systems lack is a turnkey deployment process.
The second way to simplify VDI deployments is to streamline configuration. The complexity associated with configuring all the application delivery services necessary for a successful VDI implementation should be addressed as a priority. Doing so can reduce the risk of configuration errors as well as the time it takes to deploy the VDI solution.
F5 solutions simplify the deployment process and reduce the chances of misconfiguration with a proven deployment template for both XenApp and XenDesktop. This unified, preconfigured template describes the best-practice configuration of services necessary to ensure a fast, secure, and reliable Citrix VDI deployment. Other solutions such as NetScaler and A10, by comparison, have no such capability and, despite providing rudimentary wizards for some applications, they cannot offer the level of automation and deployment risk reduction afforded by F5 solutions.
F5 won out in all categories: configurability, compatibility with other technologies such as XenApp and Exchange 2010 … and quality of documentation and support.
As trends such as cloud computing, virtualization, and BYOD converge upon IT, it can be challenging to meet user performance expectations without compromising on organizational security policies. A VDI architecture based on Citrix XenDesktop, XenApp, and CloudGateway—coupled with F5 ADCs—enables organizations to meet their business objectives while streamlining IT processes and creating a flexible, extensible foundation that adapts to new clients and devices with alacrity.
F5 solutions not only improve the reliability, performance, and security of Citrix VDI deployments but reduce complexity and deployment cycle time, improve the scalability of VDI-related services, and enhance the mobility of users and operations alike.
With F5 providing the application delivery foundation for Citrix VDI solutions, IT departments can better position themselves to meet or exceed user expectations.