Review: Citrix XenDesktop 4.0 Feature Release 2 – Enterprise Edition

Posted by Paul O'Doherty   |   Thursday, November 11th, 2010   |  

Virtual Desktop software is technology that is designed to run a desktop operating system on a virtual cluster while attempting to provide the same user experience as a physical desktop.  All products tend to start with a base set of components for delivering a virtual desktop instance; a virtualization cluster consisting of hypervisor nodes attached to shared storage, a collection of virtual desktop instances running on the virtual cluster, a connection broker which associates users to virtual desktops and an end user device that connects to the virtual desktop environment using client software.

XenDesktop4_Architecture.png

Even this concept is rapidly evolving into “virtual workspace” delivery as desktop virtualization and application virtualization get blended together inside product bundles.  Over the next few weeks we will review XenDesktop, VMware View, Quest vWorkSpace and Microsoft VDI suite to compare and contrast the differences between the products.

The first product we will be reviewing is XenDesktop version 4 Feature Release 2 (FR2). Although XenDesktop 5 has been announced, the current release is 4. The edition tested is XenDesktop 4 FR2, Enterprise Edition:

Component Description Notes Tested
Desktop Delivery Controller Citrix’s Connection Broker Yes
XenApp 6 Enterprise Edition Citrix’s Server Based Computing and Application Virtualization Management Tool Although XenApp 5 Feature Pack 2 is bundled with XenDesktop we tested XenApp 6 as it has been out for awhile Yes
XenServer 5.5 Essentials for XenServer Enterprise XenServer 5.5 Essentials is a bundle of features including lifecycle management, storage integration, provisioning and HA to simplify management of Hyper-V and XenServer environments For purposes of evaluating XenDesktop only HA and StorageLink were evaluated. Provisioning was applied to the VDI instances only, not the XenServer Hypervisors or management VMs. Yes
Profile Management 2.1 Profile Management is the utility that simplifies profile management in XenDesktop Profile Management is the 2nd release of the product that was acquired by Citrix as sepagoProfile from Sepago Yes
Access Gateway Access Gateway integrates features of the Access Gateway Enterprise Edition into the XenDesktop product Access Gateway was tested to evaluate what additional features are available through integration. Yes
Web Interface 5.2 Web Interface 5.2 is the web portal portion of the XenDesktop environment. It can be used from the DDC, or installed separately In our test environment we used Web Interface installed on the XenApp server to allow us to blend virtual applications and desktops into one portal Yes

 

Architecture

In order to deliver a XenDesktop environment with many of the advertised features we provisioned multiple Windows servers for the DDC, the provisioning server and also the application delivery service through XenApp.  To reduce the number of servers we deployed Web Interface and XenApp together (Citrix recommends in large environments that you separate roles in XenApp and in XenDesktop Farms).  In addition we imported the AGEE/NetScaler VPX appliance into our XenServer virtualization cluster.  We configured a few of the advanced features of the XenServer cluster, but we will not be discussing them in this post to focus on XenDesktop.

XenDesktop4_Components.png

The XenDesktop solution is made up of many Tiers which can be loosely defined as Infrastructure, Desktop Management, Application Management and Security. Provisioning server could be considered an infrastructure component as it can also deploy images to physical servers but this is not what it is typically used for in XenDesktop environments.  Each Tier requires its own special design considerations.

XenDesktop4_Tiers.png

Planning a XenDesktop installation in a real world environment takes time as each component has different requirements.  For example while the Desktop Delivery Controller can tolerate a short outage of the SQL database, the Provisioning server will stop responding to requests if it does not have access to its database.  In order to ensure the XenDesktop environment is available, time should be spent determining the optimal configuration of the storage, networking and virtualization environment and availability of all the XenDesktop services.

If we focus specifically on the Desktop and Application management Tier as the core of the XenDesktop product, there are a number of communication processes that need to be understood. For example if we take the sequence of events when deploying a virtual desktop instance from provisioning server:

  1. The virtual desktop will communicate with a DHCP server to retrieve IP and Provisioning server information (The boot server and boot image are configured as DHCP scope options).  It will contact the Provisioing server and stream the vDisk image from the server.
  2. Once the image is booted the desktop agent will communicate its state as “idle” to the Desktop Delivery Controller.
  3. When a User logs in to the Citrix Web Interface and requests a desktop, the user will be directed by the Desktop Delivery controller to the idle desktop instance.  Should the user then launch an ICA or virtual application from within the virtual desktop, the User will communicate to the XenApp server using ICA or Real Time Streaming Protocol (RTSP).

XenDesktop4_Logic.png

While all of these components can be run within vms on a single physical server running a hypervisor, Citrix architecture is really designed with scale in mind.  This is in large part because many of the components available in XenDesktop have been integrated vs. designed as features of a single product.  For example, both XenApp server and Provisioning Server (Formerly Ardence) have been used independently in enterprise environments before being bundled within XenDesktop.

Installation

A few points regarding Installation; each component of XenDesktop has a separate installation routine and management console as all of the pieces can be deployed independently.  This means that from an understanding and complexity perspective,  XenDesktop requires some commitment to reading, digesting and understanding how each of the products work on their own before integrating them.  Although the management utilities are good, there are at least three separate points of management in a XenDesktop environment if you want the connection broker, provisioning server and application virtualization.

Our Desktop Delivery Controller is deployed on a Windows 2003 Server as we are evaluating XenDesktop 4.  It is a bit of a wonder that Citrix has not moved to Windows 2008 for the DDC but it is fully supported in XenDesktop 5. Installation was straightforward with no real issues.

XenDesktop4_GUI.png

If you do need to integrate into a Hyper-V environment you have to keep in mind that the SCVMM Admin console needs to be installed before the DDC so that the controller has access to manage vms in the Microsoft environment (connection to XenServer or VMware virtual infrastructure is already incorporated in the console).  When deploying multiple DDC’s is a large environment it is recommended that you separate the Web Interface component from the DDC and designate a single server with the Farm Master role.  The Farm Master performs a similar role to the data collector in a traditional XenApp environment, collecting data and managing the XenDesktop Farm.

It is important to Note that XenDesktop is tightly integrated into the Windows AD.  During installation it looks to add the controllers directly into your AD.  In addition you should deploy your XenDesktop vms into a separate OU to configure specific group policies for the virtual desktops.

For XenApp we went with version 6 running on Windows 2008 RC2.  For XenApp 6 the installation has been dramatically simplified.  In addition the concept of worker groups has been added.  This essentially allows you to preconfigure aspects of your Citrix XenApp farm even before adding servers.  Once you add a server to a worker group the server simply inherits the configuration.  As we are dealing primarily with XenDesktop , XenApp features will be reviewed in a separate post.

XenDesktop4_XenApp6GUI.png

Provisioning Server required some integration into our DHCP scope to ensure the PXE attributes were properly defined so that our virtual desktop instances could find the boot server and boot image.  We installed Provisioning Server on Windows 2008 RC2 with no issues.

If you are integrating with a Hyper-V environment you will need the SCVMM in order to integrate the two environments.  Special attention needed to be paid to the default settings of the vms and Provisioning server NICs, specifically we needed to:

  • Disable Checksum Offloading on Network Adapter. Checksum offload parameters, which are not compatible with the Provisioning Server network stack, may cause slow performance.
  • Disable TCP Large Send Offload which re-segments and queues traffic but can cause latency and timeouts on the Provisioning server.

For our testing we decided to use a standard or read-only image. Provisioning server also supports a private or read/write image and a differencing disk that actually allows you to preserve the cache between reboots.  Speaking of cache, we had to determine where we would redirect our write cache.  While the VM is running any changes or writes to the image are redirected and stored until the VM is rebooted.  Provisioning server allows you to store the write cache locally on the provisioning server, or locally on the VM in a separate drive partition or as a portion of the memory on the VM. We opted to store the write cache in memory on the VM.

XenDesktop4_vDisk.png

Citrix recommends storing it locally on the vm as storing it on the provisioning server limits the number of desktops a single provisioning server can support due to the I/O overhead.

Creation of our first VDI instance began with designating a template that included the agent, Citrix clients, office and flash player software needed to test the XenDesktop features.  In addition the Profile Management service was installed into the VDI instance to enable user profile management.  I found that snapshotting came in very handy as we built our image.  As we tested our master image we used the Virtual Machine Snapshots in XenCenter to essentially create a bookmark so that we could revert back if we installed items in the wrong order.  This is fairly easy to-do for example, Citrix recommends installing the XenServer tools after the Virtual Desktop Agent to avoid problems.

Once we had configured our master image we used XenConverter to convert our VMDK to a Provisioning Server vDisk, optimize it and then copy it to the Provisioning server.

XenDesktop4_XenConverter.png

Once we had created our vDisk image it was easy to create desktop pools. We used the XenDesktop Setup Wizard that runs from the provisioning server to allow you to automate the deployment of multiple virtual desktop instances.

Installing the NetScaler was as simple as downloading the evaluation.  Once the software for AGEE/NetScaler VPX was downloaded we simply imported it using our XenCenter console.

XenDesktop4_Setup.png

Installing the NetScaler was as simple as downloading the evaluation.  Once the software for AGEE/NetScaler VPX was downloaded we simply imported in using our XenCenter console.

XenDesktop4_NetScaler.png

When we requested an eval of the VPX through Citrix they sent us a license access key.  We then had to run a command line utility to retrieve the mac address of the VPX as this becomes the name of the license server when you register the license access key through your MyCitrix account.

Features & Functionality

Profiles
One of the nice features of XenDesktop is the availability of policies to control just about every aspect of the end user connection.  Of course you would expect the policies to be very mature as Citrix has essentially ported the XenApp policy engine over to the XenDesktop product.  Policies could be selectively applied to Users or Groups of virtual desktops.

Integration into the Apple iPad
As the interest in tablets is high we decided to test the integration between the iPad and the XenDesktop environment using a wireless connection.  Installation of the Citrix Receiver was simple and straight forward.  We were able to then point the receiver at our Web Interface site and access our XenDesktop environment.  The additional screen real-estate made the usability of the virtual desktop much easier than using it on the iPhone.  In addition we were able to seamlessly transfer a user session from our iPad to our test thin Client device by simply logging on to the Web Interface from the thin client.  We were reconnected to the virtual desktop at the point we stopped typing on our word document on the iPad.

XenDesktop4_iPad.png

Typing in Microsoft Word worked really well, however working with some of the other office applications took some getting used to as they are not designed to work through a touch interface.

Multi-Monitor
Provided the device we were connecting from was configured for multi-monitor the XenDesktop session just picked it up. We did not require any additional configuration to order to support multiple monitors on the client device.

Multi-Media
While Citrix has many technologies lumped under HDX, specifically we tested multi-media redirection.  The multi-media support in XenDesktop is essentially on by default however you need a certain version of the Citrix Receiver client in order to take advantage of it.  Once you install the version you have an additional menu item that allows the user to turn on or off HDX support.  In addition you can enforce HDX multi-media support using a XenDesktop Policy.  HDX multi-media redirection performed extremely well as essentially the media is run at the end user device and merged into the remote virtual desktop session in a very similar manner to WYSE Multi Media Redirect (MMR).

Printing & USB redirection
Printing is a necessity and one of the items you expect to work when running a virtual desktop session.  One of the nice features about XenDesktop is the ability to finely control the routing of print jobs, the types of printers and who has the ability to print because of the control provided in XenDesktop policies.

Latency and ICA
We wanted to test the display protocol under some “real world” networking scenarios so we setup the following configuration within our lab environment:

XenDesktop4_LatencyTest.png

We setup a Network Nightmare appliance which is a WAN emulator between our XenDesktop environment and our end user client device.  After setting up our environment we configured network latency.  For each latency setting we tried typing and video

The video of our results can be found below:

YouTube Preview Image

(Note: the video was edited down from 20 min).

We started out with HDX flash Acceleration turned on.  Flash acceleration runs the flash on the client side vs. on the virtual machine.  It is similar to Hollywood blue screen technology, which uses a blue screen to insert another image into a scene.  In VDI, a blue screen is used to merge the client side Multi-media with the remote ICA session to give the end user the impression it is all running within the same session.  In the video you see the blue screen technology clearly as we move around the windows.  As it is being rendered on the client we would not expect latency to have a significant impact, but turned off the video would be affected by the latency.

Security
For our security testing we configured the XenDesktop environment to proxy through the AGEE/NetScaler VPX appliance.  By doing so, we were able to use Citrix’s SmartAccess control to search for certain attributes on the end user device and adjust the virtual desktop session.  For example if we looked into the registry we could determine if the end user device was part of our lab.virtualization.info domain and if it was, allow access to the users local drives from within the virtual desktop session.  If they were not, we could present a much more hardened session with access to local drives disabled during the connection.  Because of the SmartAccess control, once we configured the rules this happened on the fly after the end user device was scanned before gaining access to the XenDesktop environment.

 

Conclusion

In an attempt to be fair to the products we compare we wanted to stipulate a few categories for comparison. We have divided these between core and nice to have features.

Core features; with today’s desktop challenges you need a base set of features available in your Virtual Desktop Infrastructure (VDI) product.  While the solutions have evolved to provide many features I would argue that a core feature set should be available in a mature VDI solution.  I would define these as:

  • Hypervisor; as VDI is not necessarily the most cost effective way to deliver applications, bundling the hypervisor as part of the solution definitely adds compelling value. 
    XenDesktop includes the XenServer Hypervisor as part of the bundle and in general provides XenServer at no cost.  XenServer proved to be a very stable and delivered great performance in our lab testing.  It was easy and simple to configure when we started with identical hardware.
  • Application Virtualization; Do I have an option to virtualize applications to reduce the overhead in deploying, updating and patching applications?  How flexible is the solution and does it come with any limitations?
    XenApp is included as the Application virtualization solution for XenDesktop.  Due to the overall maturity of the XenApp product the application virtualization and delivery of applications is extremely flexible and easy to manage.  Perhaps the only negative is the amount of planning required to deploy XenApp and XenDesktop together in a large environment.
  • Advanced Image Management; containing storage costs is a big concern when deploying VDI.  Does the vendor provide a solution within the bundle to mitigate the cost of storage?
    XenDesktop provides Provisioning server which again proved to be a very mature if somewhat complex to integrate into an environment.  It would be nice as well to have the automation wizard integrated into the DDC at some point so that you can push desktops from the DDC vs. the provisioning server.
  • User Data Management; Can I manage user personalities or profiles with the solution?
    The Profile Management solution in XenDesktop was simple and straight forward to setup.  Even though it is fairly straight forward however, cross management of profiles has to be carefully considered if you are deploying a mixture of windows Operating systems in the XenDesktop and XenApp environment (Window XP and Windows 7 for example).  The Profile management solution does not add any additional intelligence for segregating profiles.

In addition to these core capabilities the following were considered:

  • Flexibility; does the solution restrict my options or tie me to a single vendor solution?
    XenDesktop supports VMware ESX, Microsoft Hyper-V and XenServer, allowing the user to separate the decision of which hypervisor they run from which VDI product they deploy.
  • Deployment & Management; How straight forward is the product to deploy and manage.  How much technology do I need to understand and implement to get all the features I have purchased in the bundle? 
    To get all the features of XenDesktop you are going to have to do some planning.  As many of these features actually incorporate several different mature product solutions, each has its own prerequisites and design considerations.  In addition some of the marketing presents some items as features when they actually require the deployment of a separate product such as the AGEE/NetScaler VPX.
  • Offline Mode; Does the suite include this capability? 
    XenDesktop does have an offline mode available through XenClient. We decided to have a look at this in-depth in a subsequent post so please stay tuned.
  • Multi-tenancy; With Cloud computing being such a hot topic and Microsoft stating at their 2010 Management Summit “Any current desktop planning should incorporate a Cloud strategy” we wanted to determine if the vendor provide anything that enables multi-tenancy?

One of the limitations of XenServer has been the lack of robust networking to facilitate virtual machine isolation.  With the latest release of XenServer an open switch solution is now bundled.  We did not have time to test this however so we will have to have a closer look when we evaluate XenServer.

Overall we rated XenDesktop highly in our lab evaluation.  As a product XenDesktop provides high value with little limitations.

XenDesktop4_Rating.png


Labels: , ,

blog comments powered by Disqus