vmware: delivering desktops and apps as a service
TRANSCRIPT
© 2014 VMware Inc. All rights reserved.
VMware: Delivering Desktops and Apps as a Service (DaaS)Technical Decision Maker Presentation for Service Provider
1
Agenda
• Platform Overview
• Architectural Overview
• Solution Design & Planning
• Use Cases
• Additional Information
2
VMware Horizon DaaS Platform Workspace Models for All Use Cases, All User Types
4
Economically balanced Business & Personal objectives
80% 15% 5%• Replace XenApp Farm
• Terminal Services – “just an app”
• Published Apps – via an icon
• Students, Virtual Labs
• Shared Desktop
• Shift Workers
• Desktop Replacement –“My Desktop”
• Thick to Thin Client “flip”
+ + 100%=
Provision & Manage
Entitlements – single console
RDS Desktops
RemoteApp
RDS
Win 7/8/XP, Win Server Dedicated
VDI DesktopsPersistent or Non-persistentDesktop
Shared Desktops
Published ApplicationsFrom VDI or RDS Pools
*sample
VMware Horizon DaaS Platform Inside
Provisions
Tenant
Network Storage
Manage
Entitlements
ComputeDedicated Shared
Tenant 1 Tenant N
Provisions
Tenant
Manage
Entitlements
Broker
Desktop Management:Client Managed
Service Provider
3rd Party Resource
Broker
Desktop Management:Client Managed
Service Provider
3rd Party Resource
VMware Resource Manager
View Client (PCoIP)View Client (PCoIP)
Unified
Management
Console
1
2
3
5
5
4
Scalability Model
8
Geographic ScaleNumerical Scale
Grid Based Architecture
High Availability by Default
Tested to Millions of Desktops
Spans Multiple Data Centers
Lower Cost Model
9
Grid-based architecture
Multi-geo without database
replication
No License Costs
All open source – No
MSFT license costs
Broker AllocatorInventory
Manager
Session
Manager
Virtual Desktops,
RDS and Apps
RDS
Unified Platform
Unified platform for all
workloads, locations,
customers
Sample Business Case (5,000 desktops)
10
Margin, 28%
Compute Svrs, 9%
Storage, 8%
VSPP, 29%
Mgmt Svrs, 0%
Labor, 7%
Build out, 1%
HW Maint & supp, 6%
Sales & Mkting, 3%
Power/Cooling, 5%
Bandwidth, 2% Misc DC Infra, 2%
Capital Expenses:Amortized over 3 years with a
half year ramp
Operational Expenses:Monthly costs for fees
associated with DaaS offering
MSRP:
$30/desktop/month
Broker
Allocator
Session Manager
Inventory Manager
Tenant Appliance(s)
Broker
Allocator
Session Manager
Inventory Manager
Tenant Appliance(s)
Software Components
12
Virtual desktops
RDS
Apps
Virtual desktops
RDS
Apps
Resource Manager(s)
Compute API Storage API
API
Service Grid Architecture
13
Service Provider
Datacenter(s)
Tenant A Tenant B
Horizon Daas PlatformMgmt Host
ServiceProviderAppliance
ResourceManagerAppliance
TenantAppliance
TenantAppliance
Backbone Link Local Network
Service Provider Network
DedicatedDesktop
Hosts
DedicatedDesktop
Hosts
NetworkServices:DNS, DHCP,AD
NetworkServices:DNS, AD
SharedDesktop
Hosts(optional)
Tenant B Network
Tenant B CorpNetwork: DNS,
DHCP, AD
100 VirtualDesktops
200 VirtualDesktops
Tenant A Network
NAS Storage
HA Physical HA Virtual
Infrastructure LegendVPN
Tunnel
Role-based Management
14
Service Provider
IT Administration
End-Users
Web Service APIs
Best-Fit Broker DaaS® Agent Remote Access PreferencesDisplay
ProtocolsAuthentication
Web Portal DaaS® MobileDaaS® ClientThin Clients
Tenant SDK APIs – integrate with other self-service systems
Gold Pattern
Management
Pool
Management
User
Entitlements
Workload
ManagementVM Provisioning Authorization SLA Reports
IT Management Dashboard
– integrate with NSM, OSS, BSS
Service Grid
ManagementAuthorization
SLA & Price Plan
ManagementMonitoring
DaaS Appliance
Management
Resource
Optimization
Multi-Tenant
Management
Administration Portal
Security Overview
Network Separation
Resource Separation
Secured Access
Minimal Node Functionality
Secure Software Development
In our opinion, the VMware DaaS Platform
has been reasonably assessed and it is
unlikely that there exists any significant
security issues that could compromise the
software confidentiality, integrity or
availability. - THIRD PARTY SECURITY AUDIT
“ “
Enterprise Integration
16
Continue to use all of your existing assets and management platforms with cloud hosted desktops.
Users
Service Provider
VPN
MPLS
Data Center
• Corporate applications
• Group file share
• User document storage
• User profile storage
• Collaboration server
• Source revision control
• Patch management
Enterprise IT Resources
Active Directory
Enabling the Business of VMware Horizon DaaS
18
VM
ware
Horiz
on D
aaS
Sta
ck
Data Center
Service Provider
Hardware Options
Go to Market
Business Operations
SW Operations
Horizon DaaS Platform
Hardware
+1 Value-addsBLUEprint
VMware Horizon DaaS Solution Components
19
VMware Horizon DaaS Bundles
Horizon DaaS Bundle – VDI Edition
Horizon DaaS Bundle – RDSH Edition
Compute
Rack Mount or Blades
Storage
NFS
Network
VLAN and VRF Support
The only multi-tenant desktop
virtualization platform in the
market with many DaaS specific
features including:
Unique Architecture:Multi-tenant, Multi Data Center
Mgmt, Multi-desktop Model, Role
Separation, Grid-Scale, Security, etc.
Technology
Front to back services blueprint
for quick time to market
Tested and highly optimized
Solution Blueprint
Best practices for building,
operating and monitoring
VMware DaaS Platform
100% Channel Model
vCAN Usage ModelPer user/per month pricing
Sales, Marketing & Prod
ManagementPricing, Packaging, Positioning, Lead
Gen, etc.
Built from Day 1 for Service Providers and as a Service Delivery
Operational Expertise GTM Model
20
DaaS Use Cases
General DesktopReplacement
DisasterRecovery
Remote Offices/Field Workers
Seasonal and Contract
Employees
MobileEmployees
Reduce Management Effort & TCO
Include Desktops
in DR Plans
Centralize Desktop
Management
Improve Data Security & Load
Changes
Full Desktop to Any Device
Special Desktop Needs
FlexibleConfiguration
Access to
desktops
applications and
data across
locations and
devices-including
BYOD without data
residing on
endpoint
Flexibility to
increase or
decrease
workforce based
on seasonal needs
- may have their
own end-point
devices (e.g.
M&As)
Central image
management and
for remote, branch
offices and call
centers
Central image
management and
for remote, branch
offices and call
centers
Central image
management and
for remote, branch
offices and call
centers
Access to
desktops
applications and
data across
locations and
devices-including
BYOD without data
residing on
endpoint
22
DaaS Use Case for Disaster Recovery
Desktop
• Enables partners to deliver a secure corporate desktop that can be accessed by customers from any device, anywhere.
Desktop DR
• Enables partners to ensure workforce continuity with a secure corporate desktop that can be accessed by customers from any device, anywhere.
23
Horizon
DaaS
Bundles*
Partner delivers virtual desktop as a service (DaaS) from cloud
HOT
Desktop
Reservation
Capacity
Horizon
DaaS
Bundles*
or
Partner reserves
desktop capacity in cloud
for the number of users
the customer wants to
have “insurance” for
Partner “turns on”
desktops sitting in
reserve in case of
disaster event
COLD HOT
New
* VMware Horizon DaaS Bundle – VDI Edition, VMware Horizon DaaS Bundle – RDSH Edition
Additional Information
• VMware Horizon DaaS Platform and FREE TRIAL
– http://www.vmware.com/products/daas
• VMware Service Provider Program
– http://www.vmware.com/partners/service-provider.html
• VMware Products
– http://www.vmware.com
– +1-877-4-VMWARE (North America)
– +1-650-427-5000 (Outside North America)
24
Security - Network Separation
27
Serv
ice P
rovid
er
Backbone N
etw
ork
vLAN A
VRF Enabled
Router
VRF B
Client A Tenant
Client B Tenant
VRF A
vLAN B
Service Provider has network access to this
area only and no access to desktops
Service Provider has network access to this
area only and no access to desktops
Security - Resource Separation
28
Each client has their own dedicated resources for compliance and security reasons.
Hypervisor Virtual
Network
Virtual Filer
Management
DB
Access
Gateway
Directory
Services
Client A Tenant
Client A Tenant
Client B Tenant
Security - Secured Access
29
Customer Domain
Controller
Service Provider
Domain
• Authentication against customer
Domain Controller
• Leverage existing GPOs and
policies
• No trust required between customer
domain and service provider
Security - Minimal Node Functionality
30
Hardened Linux
Appliances - No
Windows Patching
Required
Only Accepts
Communication
from Designated
Peers
Designed with
Least Privileges
Principles