Demystifying VMware Mirage:

Tips and Tricks for Success

Simon Long, VMware

Justin Venezia, VMware

EUC4815

#EUC4815

2

Agenda

Horizon Mirage – A Quick Overview

Tips & Tricks For Success

High-Level Architecture Examples

Q & A

3

Horizon Mirage – A Quick Overview

6

Typical Use Cases

Automated Windows OS Migration

& Deployment

System Recovery (BC/DR)

Hardware Migration & Refresh

Simplified Image Management

BYOD (With Fusion Pro &

VMware Workstation)

7

Mirage server

• Images are stored and manipulated in datacenter

• Unlike VDI, images do not run in datacenter

• Images are automatically synchronized with endpoints

• Logical layering of images increases granularity

Centralized images

Data Transfer optimized

• Stores data only once

• Transfers only what is not present on

destination

• All transfers are compressed

Base layer

Desktops or laptops with

Mirage client

• Endpoints always run local copy of

Windows

• Does not require hypervisor or format

• Local drivers are leveraged

• Changes from Mirage are merged

directly into Windows

End users

Mirage Architecture – Manage Centrally, Execute Locally!

8

Layered, Single Image Management

Horizon Mirage Layers

Layers are stored in the data center

Mirage performs granular operations

on Mirage-managed endpoints

Orange layers continuously

backed up from endpoints

Green layers managed by IT

End User PC

Machine Identity Layer (identity, customizations)

User Personalization Layer (user data, installed apps & profile)

Base Layer (OS, infra SW, core apps)

Driver Library

Mirage Application layers

9

Bringing it all Together: Single Image Management

Single

Base Layer Windows 7

Antivirus

Common Apps

Dell Drivers

HP Drivers

VMware Drivers

Finance Apps

HR Apps

IT Apps

Up to 20,000

Endpoints

10

Horizon Mirage Components

Horizon Mirage

Client

Four Megabyte MSI deployed to all clients

Mirage-related endpoint operations & File/Folder Recovery

Horizon Mirage

Servers

Mirage Management Server (interfaces with DB)

Mirage Server (controls all operations and objects)

File Portal

And

Web Management

Optional feature(s) used for Web Administration & File/Folder Recovery

Must be on a server that is on the domain

Can co-reside on the Mirage Server itself

Branch

Reflector

“In-branch” device that can service base layers & updates, drivers, and

migration functionality, eliminating WAN traffic for certain Mirage

operations

No additional setup/install required; simply designate an existing endpoint

as a Branch Reflector

Management

Console MMC Admin Console to connect to Mirage Management server

11

Data center

Mirage server

cluster

Load

balancer Internet

Typical Horizon Mirage Deployment

NAS

volumes

Mirage

console Mobile

VPN

Mirage

Clients

12

Tips and Tricks For Success

13

Endpoint Assessment

Know Thy Endpoint!

• If you don’t understand what’s on the

desktop, you won’t know what or how

much data you will be managing

Good data drives good Mirage

design decisions

Tools & Techniques

• Lakeside/Liquidware Labs

• SCCM or other Desktop Inventory Tools

• Mirage PoC (Sample of Desktops)

Hardware, Networking & Security

• Speed of Hardware

• Connectivity (LAN/WAN/VPN)

• Disk Encryption & Endpoint Protection

14

Endpoint Assessment (cont.)

Application Rationalization

• Installed Applications

• Are those apps READY for Windows 7?

User Data & Behavior

• Personal vs. Corporate Data

• Movies, Pictures, Music

• The “Gypsy User”

15

Application Integration

Mirage does not differentiate how applications are

installed

• It’s WHERE they are installed that’s important

Place applications in the Base Layers when it makes

sense

• Globally-used applications

• System-level software (AV, VPN, etc.)

Continue leveraging the application delivery &

integration strategy that works best for you

• SCCM, Active Directory, Tivoli

• Mirage Application Layers

• ThinApp & App-V

• User Installed Applications

16

Application Layers

Application Isolation

• Not part of Mirage Application Layers unless used with ThinApp

• Appear and function as if natively installed

Application Conflicts

• Application conflicts can exist, even using Horizon Mirage Application Layers

Application Packaging

• Use a Virtual Machine for Application Layer Reference CVD

• Restore VM to original state using VMware Snapshot before capturing another

application

• Application Packages are specific to OS version & type

• Start with a clean capture machine

17

Base Layer Considerations

Keep the amount of Base Layers to a minimum

• Prevent image sprawl - keep image as generic as possible

• The larger the image, the more data you will send across the wire

When creating Driver Libraries, download the drivers from the

hardware vendor

Base Layer Applications

• Include system-level software & globally-used applications

Full Disk Encryption

• Exclude from the base layer image

18

Base Layer Conflicts

Base Layers can potentially conflict with software

installed on Endpoints.

• Older version of application in Base Layer conflict with updated application in

Base Layer

• Windows updates in Base Layer conflict with Endpoint application

requirements

• Newer updates on Endpoint conflict with versions in Base Layer

Handling Conflicts

1. Test before deployment

2. Layer Dry-Run Reports

3. Base Layer Rules

4. Base Layer Override Policies

19

Upload Policies

Upload Policy “Areas”

• Protected Area – Files and folders on

a device that are centralized in the

datacenter

• Unprotected Area – Files and folders

that will NOT be centralized

• User Area – Protected files and

folders that belong solely to the

endpoint user

Applications or data placed into

the user profile are captured in

the user area

Applications or data placed

anywhere else are captured in the

Protected Area.

20

Upload Policies

Upload Policies impact

centralization & synchronization

Don’t back up what you don’t

need!

Do you NEED to back up the

endpoints for OS migrations?

• Accelerates migration timeline &

reduces storage needs for Mirage

• No roll-back of Windows XP or

Windows 7 Endpoint during OS

Migration

Large Files

• To back them up or not?

21

Steady State Synchronization – The Balancing Act

Getting the right synchronization interval is key

Network speed (LAN/WAN/VPN)

• Type of connection & available bandwidth

Amount of changed data on endpoint

• Data de-duplication – does it already exists (i.e. Patch Tuesday)?

• Upload policies – do I need to backup all changed data?

• How long does an incremental upload take?

Storage performance & capacity

• IOPS

• Available disk space

Endpoint availability

• Stationary vs. mobile/laptop users

22

Branch Reflector

Branch Reflectors are your FRIEND

• Use it on the LAN & WAN

• Make sure your AD Sites & Services are configured properly

• Only supports “Downstream” operations ONLY

Use desktop PC that is not assigned to a user & has ample

compute/storage resources

Powered on 24/7 to support Mirage operations

Avoid using laptops, if possible

• Taken home or moved between offices

• If laptops are the Branch Reflector available

• Use cabled connection & no power management

• Ensure ample compute/storage

23

Networking

Know Thy Network!

• Map it out – know bandwidth capacity and utilization of the network

• Wi-Fi Considerations

Mirage Network Necessities

• Quality and Class of Service/Priority Queuing/Traffic Shaping critical

• Network maps and performance statistics

• Understand the Mirage network usage patterns from a PoC/Pilot

What should I expect on the network with Mirage?

• LAN vs. WAN centralization/synchronization

• Amount of data centralized/synchronized – more data, more bandwidth

24

Networking (cont.)

Don’t forget the network path to the

storage

• Separation of client & storage network traffic, if

at all possible

• End-to-end networking (Mirage NIC out, the

path, and the File Server NIC in)

Include “Downstream” Operations in

planning

• Base Layer/App Layers, etc.

If the network path to storage or

networking is oversubscribed, Mirage will

“throttle” the server.

• It’s a safety net, not an design principle

25

Storage

Sizing your storage is massively important

• Conduct a PoC/Pilot to help with storage sizing estimates (IOPS, Capacity)

• Pilot multiple use cases and variations of desktops, not just one

• The IOPS requirements will depend on multiple factors

• Amount of concurrent centralizations & downstream operations

• Network bandwidth

• User connectivity (on and off the network)

• User productivity (how often the machine is in use)

• Snapshot policy

Local vs. Shared Storage

• Shared storage is recommended (required for Mirage Clustering/Single Instance)

• Local storage in a Mirage Cluster – it may work at first, but it will break

Place Mirage Cache on Flash/SSD where possible

26

Storage (cont.)

Single vs. Multiple CIFS shares

• Better data de-duplication seen when more CVD’s are on a share

• Recovery and other Single Instance Store maintenance operations can be

significantly extended when using a single CIFS share

• Shares with more CVDs become extremely large in size

• Balance number of CIFS based on the needs and requirements of your

organization

Driver libraries are stored on the default Mirage SiS

• If you delete this store, your drivers are gone

27

Security

Full Disk Encryption

• Enable Full Disk Encryption (FDE) that modify hard drives

after Mirage integration

• Decrypt FDE before any operation that modified MBR

• Data files are NOT stored in an encrypted format on the

Mirage Single Instance Store (SiS) when using FDE

Microsoft Bitlocker & Sophos FDE are Supported

• Bitlocker - upstream/downstream operations function properly

• Sophos - disk encryption supported for OS Migration

Microsoft Encrypted File System (EFS)

• Encrypted files uploaded with EFS are restored with EFS

Centralization over the Internet not supported

• Must use VPN connection

28

Security (Cont.)

Single Instance Store (SiS) Security

• Files stored on Mirage SiS cannot be executed

• Use NTFS, Share & ACL Permissions to secure Mirage SiS access

• Limit data on share to ONLY Mirage-related data

SSL

• Encrypts Mirage network traffic over TCP 8000 – Use it!

• All or nothing

• Use it for the Web & File Portals

Anti-Virus

• It WILL affect Mirage Performance and Operations

• Exclude Mirage Cache & Wanova.Server.Service.exe process

• NAS and CIFS/SMB Filer Anti-Virus implementations are typically independent

of scanning on Mirage Server

29

Operations & Administration

Delegated Administration

• Delegate based on risk, job responsibility and best suited IT group to support

Mirage

• Roles are Active Directory-integrated – use AD groups

Operational Procedures

• Run books for OS and hardware migrations, desktop backup/recovery,

archiving & other Mirage operations

• Run books for Help Desk - common support issues

• Endpoint Centralization – Automatic vs. IT-initiated

User Self Service – File/Folder Recovery

• Provide simple procedures for file/folder recovery

30

Backup & Recovery

Don’t forget the Mirage Database

Lots and lots of files and folders

means longer backup windows

• Restoring Mirage components will

also take awhile

Integrate Mirage into corporate

DR strategy

• Conduct simulated Mirage recovery &

document recovery procedures

31

Availability & Resiliency

Use multiple Mirage servers in

a clustered configuration (N+1)

Use a Load-Balancing solution

to distribute load across all

Mirage Servers in a cluster

Consider a

dedicated/clustered MS SQL

Database

32

Sizing Considerations

Network

• “You can’t drive a Buick through the

eye of a needle.”

• Bandwidth Speed & Overall Circuit

Utilization are critical

• Quality of Service/Class of Service or

Priority Queuing

• LAN-speed considerations

Storage

• IOPS, Connection Speed/Capacity to

Storage

• Amount of Data

• Single vs. Multiple CIFS Shares

33

Sizing Considerations (cont.)

Upload Policies

• More Data = More Resources (Storage, Network) = More Time to complete a

Mirage task

Differential Data

• Data change impacts how much data can be uploaded in a given time period

Endpoint Availability and Connectivity

• Laptops or Mobile Users - On/Off Network

• Remote Users (VPN)

Consider the volume & frequency of centralization, steady state &

base layer operations

Centralized vs. Distributed Architecture

34

Sizing Considerations (cont.)

Gather REAL WORLD data through effective testing & validation

• Environment uniqueness impacts the design

• Real-world sampling/assessment & planning is critical to sizing

Physical vs. Virtual Mirage Servers

General guidelines

• Appropriately size the environment based on real world data (PoC/Pilot)

implementation

• Don’t size for 100% utilization – size for target of 80%

Don’t ignore the dependent infrastructure (i.e. storage &

networking)

35

High-Level Architecture Examples

36

High Level Architecture Example #1

37

High Level Architecture Example #2

39

Questions

THANK YOU

Demystifying VMware Mirage:

Tips and Tricks for Success

Simon Long, VMware

Justin Venezia, VMware

EUC4815

#EUC4815