Welcome!

XML Authors: Jason Bloomberg, Jayaram Krishnaswamy, David Weinberger, Michael Nir, David Smith

Blog Feed Post

F5 Friday: Doing VDI, Only Better

#F5 does #VDI, and it does it better. f5friday

There are three core vendors and protocols supporting VDI today. Microsoft with RDP, Citrix with ICA, and VMware with PCoIP. For most organizations a single vendor approach has been necessary, primarily because the costs associated with the supporting network and application delivery network infrastructure required to deliver VDI with the appropriate levels of security while meeting performance expectations of users and the need to maintain high availability.

It’s a tall order that’s getting taller with every mobile client introduced, especially when you toss in a liberal dose of enforcing policies regarding access to virtual desktops.

Most folks are well aware of F5’s long history of deep integration with its partners Microsoft and VMware. Whether it’s integrating with management systems or designing, testing, and documenting the often times complex joint architectures required to deliver enterprise-class applications like SharePoint and Exchange or building out a dynamic data center model to support cloud computing , F5 works in tandem with its partners to ensure the best experience possible not only for the ultimate consumers but for the IT operations folks who must deploy the solutions.

But what most folks aren’t likely as aware of is F5’s commitment and expertise to delivering Citrix VDI as well. That’s natural. After all, Citrix competes with F5 at the application delivery tier and it might seem natural to assume that Citrix could deliver its own technology better than any competitor.

But that assumption ignores that F5’s core focus has been and continues to be unified application delivery rather than applications – like VDI - themselves. That unified is in bold because it’s a key factor in why F5 is able to deliver all VDI solutions better, faster, and more efficiently than any other solution today.

See, F5’s approach since introducing v9 and its platform has been about the integration of application delivery services. Whether those services reside on the same physical (or virtual) platform is not as important as the integration and collaboration between those services that is made possible by being designed, developed, and ultimately deployed on a common, high-speed, high-security application delivery platform.

Consider, for example, the case of a comprehensive Citrix VDI delivery solution:

citrix vdi solution

That’s a lot of components, each of which adversely impacts performance and increases operational risk by adding additional complexity and components to the architecture. That’s ignoring the cost, as well, added by not only the need to deploy these solutions but to power them, manage them, and maintain them over time. It’s costly, it’s complex, and it’s ultimately not very extensible.

Authentication, for example, must be managed in multiple locations, which increases the risk of misconfiguration or human error, and makes it more likely that orphaned identities will be left behind, always a concern as it creates an opportunity for a breach. This solution also requires manual scripting to integrate the disparate authentication sources, yet another tedious, manual and error-prone process.

Now consider the same solution, but leveraging F5 and its platform with BIG-IP Local Traffic Manager and BIG-IP Access Policy Manager deployed:

f5 vdi solution

 

Consolidated (and integrated) authentication. Highly extensible policy management and enforcement, and we’ve eliminated the Web Interface Servers (and NetScalers, but as we’ve replaced them with BIG-IP that’s more of a wash than a win). 

But it’s not just about reducing the complexity (and ultimately the cost) of such a deployment. BIG-IP LTM and APM can simultaneously support Microsoft and VMware VDI while delivering Citrix VDI – as well as a host of other applications. F5’s solution isn’t a VDI delivery solution, it’s an application delivery solution with support for all VDI implementations and protocols. That includes Citrix Session Reliability to session roaming and reconnection as well as SmartAccess filters. F5 BIG-IP APM can populate SmartAccess filter values based upon any information discovered using VPE(source IP address, AV presence, client certificate presence, etc.) and pass them to the XML broker for evaluation.

And let’s not forget about Citrix Multi-Streaming, which to give Citrix credit where due is an innovative solution to the problem of traffic prioritization in VDI delivery. If you aren’t familiar with Multi-streaming, it was introduced in XenDesktop 5.5 & XenApp 6.5 and uses multiple TCP connections (aka Multi-Stream ICA) to carry the ICA traffic between the client and the server. Each of the connections is associated with a different class of service, which allows the network administrator to prioritize each class of service, independently from each other, based on the TCP port number used for the connection. F5 supports Multi-Streaming and has for some time now. No worries.

Then there’s VMware PCoIP – which can be challenging, especially when paired with DTLS for security. F5 has that covered, too, as well as its long-term support for optimal delivery of Microsoft-based solutions including its broad set of VDI solutions pdf-icon.

I know, you’ve heard configuring F5 BIG-IP is hard and cumbersome. Well, in the past that may have been true but the introduction of iApp with BIG-IP v11 has changed that tune from a dirge to a delightful melody. iApp deployment templates and accompanying deployment guides for XenApp and XenDesktop make deploying BIG-IP painless and far less error-prone than manual processes.

One of the drawbacks of VDI architectural complexity is it often presents itself as a single-vendor solution – and a reason for a single vendor virtualization strategy. If your application delivery and access management solution is capable of unifying access while delivering secure, highly performing, very available <virtual, physical> <desktops, applications, solutions> of any flavor, you’d have more of a choice in what your overall architecture would look like. That kind of choice is enabled through flexibility of the underlying application delivery network infrastructure, which is exactly the role F5 plays in your data center.

If your application delivery solution is a flexible platform and not a product, then your network becomes an enabler of architecture and choice rather than being the limiting factor. 

VDI Resources:

Connect with Lori: Connect with F5:
o_linkedin[1] google  o_rss[1] o_facebook[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1] google

Related blogs & articles:


Read the original blog entry...

More Stories By Lori MacVittie

Lori MacVittie is responsible for education and evangelism of application services available across F5’s entire product suite. Her role includes authorship of technical materials and participation in a number of community-based forums and industry standards organizations, among other efforts. MacVittie has extensive programming experience as an application architect, as well as network and systems development and administration expertise. Prior to joining F5, MacVittie was an award-winning Senior Technology Editor at Network Computing Magazine, where she conducted product research and evaluation focused on integration with application and network architectures, and authored articles on a variety of topics aimed at IT professionals. Her most recent area of focus included SOA-related products and architectures. She holds a B.S. in Information and Computing Science from the University of Wisconsin at Green Bay, and an M.S. in Computer Science from Nova Southeastern University.