vmworld 2013: demystifying vmware mirage: tips and tricks for success
DESCRIPTION
VMworld 2013 Simon Long, VMware Justin Venezia, VMware Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshareTRANSCRIPT
Demystifying VMware Mirage:
Tips and Tricks for Success
Simon Long, VMware
Justin Venezia, VMware
EUC4815
#EUC4815
2
Agenda
Horizon Mirage – A Quick Overview
Tips & Tricks For Success
High-Level Architecture Examples
Q & A
3
Horizon Mirage – A Quick Overview
6
Typical Use Cases
Automated Windows OS Migration
& Deployment
System Recovery (BC/DR)
Hardware Migration & Refresh
Simplified Image Management
BYOD (With Fusion Pro &
VMware Workstation)
7
Mirage server
• Images are stored and manipulated in datacenter
• Unlike VDI, images do not run in datacenter
• Images are automatically synchronized with endpoints
• Logical layering of images increases granularity
Centralized images
Data Transfer optimized
• Stores data only once
• Transfers only what is not present on
destination
• All transfers are compressed
Base layer
Desktops or laptops with
Mirage client
• Endpoints always run local copy of
Windows
• Does not require hypervisor or format
• Local drivers are leveraged
• Changes from Mirage are merged
directly into Windows
End users
Mirage Architecture – Manage Centrally, Execute Locally!
8
Layered, Single Image Management
Horizon Mirage Layers
Layers are stored in the data center
Mirage performs granular operations
on Mirage-managed endpoints
Orange layers continuously
backed up from endpoints
Green layers managed by IT
End User PC
Machine Identity Layer (identity, customizations)
User Personalization Layer (user data, installed apps & profile)
Base Layer (OS, infra SW, core apps)
Driver Library
Mirage Application layers
9
Bringing it all Together: Single Image Management
Single
Base Layer Windows 7
Antivirus
Common Apps
Dell Drivers
HP Drivers
VMware Drivers
Finance Apps
HR Apps
IT Apps
Up to 20,000
Endpoints
10
Horizon Mirage Components
Horizon Mirage
Client
Four Megabyte MSI deployed to all clients
Mirage-related endpoint operations & File/Folder Recovery
Horizon Mirage
Servers
Mirage Management Server (interfaces with DB)
Mirage Server (controls all operations and objects)
File Portal
And
Web Management
Optional feature(s) used for Web Administration & File/Folder Recovery
Must be on a server that is on the domain
Can co-reside on the Mirage Server itself
Branch
Reflector
“In-branch” device that can service base layers & updates, drivers, and
migration functionality, eliminating WAN traffic for certain Mirage
operations
No additional setup/install required; simply designate an existing endpoint
as a Branch Reflector
Management
Console MMC Admin Console to connect to Mirage Management server
11
Data center
Mirage server
cluster
Load
balancer Internet
Typical Horizon Mirage Deployment
NAS
volumes
Mirage
console Mobile
VPN
Mirage
Clients
12
Tips and Tricks For Success
13
Endpoint Assessment
Know Thy Endpoint!
• If you don’t understand what’s on the
desktop, you won’t know what or how
much data you will be managing
Good data drives good Mirage
design decisions
Tools & Techniques
• Lakeside/Liquidware Labs
• SCCM or other Desktop Inventory Tools
• Mirage PoC (Sample of Desktops)
Hardware, Networking & Security
• Speed of Hardware
• Connectivity (LAN/WAN/VPN)
• Disk Encryption & Endpoint Protection
14
Endpoint Assessment (cont.)
Application Rationalization
• Installed Applications
• Are those apps READY for Windows 7?
User Data & Behavior
• Personal vs. Corporate Data
• Movies, Pictures, Music
• The “Gypsy User”
15
Application Integration
Mirage does not differentiate how applications are
installed
• It’s WHERE they are installed that’s important
Place applications in the Base Layers when it makes
sense
• Globally-used applications
• System-level software (AV, VPN, etc.)
Continue leveraging the application delivery &
integration strategy that works best for you
• SCCM, Active Directory, Tivoli
• Mirage Application Layers
• ThinApp & App-V
• User Installed Applications
16
Application Layers
Application Isolation
• Not part of Mirage Application Layers unless used with ThinApp
• Appear and function as if natively installed
Application Conflicts
• Application conflicts can exist, even using Horizon Mirage Application Layers
Application Packaging
• Use a Virtual Machine for Application Layer Reference CVD
• Restore VM to original state using VMware Snapshot before capturing another
application
• Application Packages are specific to OS version & type
• Start with a clean capture machine
17
Base Layer Considerations
Keep the amount of Base Layers to a minimum
• Prevent image sprawl - keep image as generic as possible
• The larger the image, the more data you will send across the wire
When creating Driver Libraries, download the drivers from the
hardware vendor
Base Layer Applications
• Include system-level software & globally-used applications
Full Disk Encryption
• Exclude from the base layer image
18
Base Layer Conflicts
Base Layers can potentially conflict with software
installed on Endpoints.
• Older version of application in Base Layer conflict with updated application in
Base Layer
• Windows updates in Base Layer conflict with Endpoint application
requirements
• Newer updates on Endpoint conflict with versions in Base Layer
Handling Conflicts
1. Test before deployment
2. Layer Dry-Run Reports
3. Base Layer Rules
4. Base Layer Override Policies
19
Upload Policies
Upload Policy “Areas”
• Protected Area – Files and folders on
a device that are centralized in the
datacenter
• Unprotected Area – Files and folders
that will NOT be centralized
• User Area – Protected files and
folders that belong solely to the
endpoint user
Applications or data placed into
the user profile are captured in
the user area
Applications or data placed
anywhere else are captured in the
Protected Area.
20
Upload Policies
Upload Policies impact
centralization & synchronization
Don’t back up what you don’t
need!
Do you NEED to back up the
endpoints for OS migrations?
• Accelerates migration timeline &
reduces storage needs for Mirage
• No roll-back of Windows XP or
Windows 7 Endpoint during OS
Migration
Large Files
• To back them up or not?
21
Steady State Synchronization – The Balancing Act
Getting the right synchronization interval is key
Network speed (LAN/WAN/VPN)
• Type of connection & available bandwidth
Amount of changed data on endpoint
• Data de-duplication – does it already exists (i.e. Patch Tuesday)?
• Upload policies – do I need to backup all changed data?
• How long does an incremental upload take?
Storage performance & capacity
• IOPS
• Available disk space
Endpoint availability
• Stationary vs. mobile/laptop users
22
Branch Reflector
Branch Reflectors are your FRIEND
• Use it on the LAN & WAN
• Make sure your AD Sites & Services are configured properly
• Only supports “Downstream” operations ONLY
Use desktop PC that is not assigned to a user & has ample
compute/storage resources
Powered on 24/7 to support Mirage operations
Avoid using laptops, if possible
• Taken home or moved between offices
• If laptops are the Branch Reflector available
• Use cabled connection & no power management
• Ensure ample compute/storage
23
Networking
Know Thy Network!
• Map it out – know bandwidth capacity and utilization of the network
• Wi-Fi Considerations
Mirage Network Necessities
• Quality and Class of Service/Priority Queuing/Traffic Shaping critical
• Network maps and performance statistics
• Understand the Mirage network usage patterns from a PoC/Pilot
What should I expect on the network with Mirage?
• LAN vs. WAN centralization/synchronization
• Amount of data centralized/synchronized – more data, more bandwidth
24
Networking (cont.)
Don’t forget the network path to the
storage
• Separation of client & storage network traffic, if
at all possible
• End-to-end networking (Mirage NIC out, the
path, and the File Server NIC in)
Include “Downstream” Operations in
planning
• Base Layer/App Layers, etc.
If the network path to storage or
networking is oversubscribed, Mirage will
“throttle” the server.
• It’s a safety net, not an design principle
25
Storage
Sizing your storage is massively important
• Conduct a PoC/Pilot to help with storage sizing estimates (IOPS, Capacity)
• Pilot multiple use cases and variations of desktops, not just one
• The IOPS requirements will depend on multiple factors
• Amount of concurrent centralizations & downstream operations
• Network bandwidth
• User connectivity (on and off the network)
• User productivity (how often the machine is in use)
• Snapshot policy
Local vs. Shared Storage
• Shared storage is recommended (required for Mirage Clustering/Single Instance)
• Local storage in a Mirage Cluster – it may work at first, but it will break
Place Mirage Cache on Flash/SSD where possible
26
Storage (cont.)
Single vs. Multiple CIFS shares
• Better data de-duplication seen when more CVD’s are on a share
• Recovery and other Single Instance Store maintenance operations can be
significantly extended when using a single CIFS share
• Shares with more CVDs become extremely large in size
• Balance number of CIFS based on the needs and requirements of your
organization
Driver libraries are stored on the default Mirage SiS
• If you delete this store, your drivers are gone
27
Security
Full Disk Encryption
• Enable Full Disk Encryption (FDE) that modify hard drives
after Mirage integration
• Decrypt FDE before any operation that modified MBR
• Data files are NOT stored in an encrypted format on the
Mirage Single Instance Store (SiS) when using FDE
Microsoft Bitlocker & Sophos FDE are Supported
• Bitlocker - upstream/downstream operations function properly
• Sophos - disk encryption supported for OS Migration
Microsoft Encrypted File System (EFS)
• Encrypted files uploaded with EFS are restored with EFS
Centralization over the Internet not supported
• Must use VPN connection
28
Security (Cont.)
Single Instance Store (SiS) Security
• Files stored on Mirage SiS cannot be executed
• Use NTFS, Share & ACL Permissions to secure Mirage SiS access
• Limit data on share to ONLY Mirage-related data
SSL
• Encrypts Mirage network traffic over TCP 8000 – Use it!
• All or nothing
• Use it for the Web & File Portals
Anti-Virus
• It WILL affect Mirage Performance and Operations
• Exclude Mirage Cache & Wanova.Server.Service.exe process
• NAS and CIFS/SMB Filer Anti-Virus implementations are typically independent
of scanning on Mirage Server
29
Operations & Administration
Delegated Administration
• Delegate based on risk, job responsibility and best suited IT group to support
Mirage
• Roles are Active Directory-integrated – use AD groups
Operational Procedures
• Run books for OS and hardware migrations, desktop backup/recovery,
archiving & other Mirage operations
• Run books for Help Desk - common support issues
• Endpoint Centralization – Automatic vs. IT-initiated
User Self Service – File/Folder Recovery
• Provide simple procedures for file/folder recovery
30
Backup & Recovery
Don’t forget the Mirage Database
Lots and lots of files and folders
means longer backup windows
• Restoring Mirage components will
also take awhile
Integrate Mirage into corporate
DR strategy
• Conduct simulated Mirage recovery &
document recovery procedures
31
Availability & Resiliency
Use multiple Mirage servers in
a clustered configuration (N+1)
Use a Load-Balancing solution
to distribute load across all
Mirage Servers in a cluster
Consider a
dedicated/clustered MS SQL
Database
32
Sizing Considerations
Network
• “You can’t drive a Buick through the
eye of a needle.”
• Bandwidth Speed & Overall Circuit
Utilization are critical
• Quality of Service/Class of Service or
Priority Queuing
• LAN-speed considerations
Storage
• IOPS, Connection Speed/Capacity to
Storage
• Amount of Data
• Single vs. Multiple CIFS Shares
33
Sizing Considerations (cont.)
Upload Policies
• More Data = More Resources (Storage, Network) = More Time to complete a
Mirage task
Differential Data
• Data change impacts how much data can be uploaded in a given time period
Endpoint Availability and Connectivity
• Laptops or Mobile Users - On/Off Network
• Remote Users (VPN)
Consider the volume & frequency of centralization, steady state &
base layer operations
Centralized vs. Distributed Architecture
34
Sizing Considerations (cont.)
Gather REAL WORLD data through effective testing & validation
• Environment uniqueness impacts the design
• Real-world sampling/assessment & planning is critical to sizing
Physical vs. Virtual Mirage Servers
General guidelines
• Appropriately size the environment based on real world data (PoC/Pilot)
implementation
• Don’t size for 100% utilization – size for target of 80%
Don’t ignore the dependent infrastructure (i.e. storage &
networking)
35
High-Level Architecture Examples
36
High Level Architecture Example #1
37
High Level Architecture Example #2
39
Questions
THANK YOU
Demystifying VMware Mirage:
Tips and Tricks for Success
Simon Long, VMware
Justin Venezia, VMware
EUC4815
#EUC4815