VMware View and Pivot3 vstac. Mobile Secure Workspace Reference Architecture

VMware View and Pivot3 vstac August 2012

Contents 1. Introduction... 3 1.1 Objective... 3 1.2 Audience... 3 1.3 Results Summary... 3 2.... 3 2.1 Background... 3 2.2 Attributes of MSW Users... 3 2.3 Desktop User Profiles... 4 2.4 Technical Objectives... 4 3. Major Architecture Components... 5 3.1 Pivot3 vstac VDI... 5 3.2 VMware View... 6 3.3 vcenter Ops Manager for View... 7 3.4 vshield Endpoint... 7 3.5 Trend Micro Deep Security... 7 4. for... 8 4.1 Design Overview... 8 4.2 Management Infrastructure... 13 4.3 View Configuration... 14 4.4 vcops for View Configuration... 19 4.5 vshield Configuration... 20 4.6 Desktop Image Build... 20 5. Validation Testing... 21 5.1 Test Methodology... 21 5.2 Test Results... 21 6. Additional Content... 31 6.1 Solution Component Inventory... 31 6.2 Deployment workflow... 32 7. Authors and Acknowledgement... 33 VMWARE / PIVOT3 Page 2 of 33

1. Introduction 1.1 Objective Identify the unique characteristics of MSW users and illustrate a tested configuration that meets these needs. 1.2 Audience Customers, resellers, partners looking at the key elements of that should be considered in configuring, implementing and maintaining VDI designs for MSW users. 1.3 Results Summary Overall: Pivot3 vstac Appliances fully support the performance, availability and security needs of Mobile Secure Workspace users with a scale-out approach designed to simplify VDI installation and maintenance. ü ü ü ü ü ü ü ü ü with all of its components, including View 5.1, vcops, vshield, and Trend Micro Deep Security, were fully configured and deployed on Pivot3 vstac appliances. CPU Utilization remained below 85% during login and boot storms. Disk Latency averaged less than 40 milliseconds during Application Workload. The effect of VSA is remarkable, providing nearly a 10x reduction in read rate. Injecting an SSD fault had no noticeable affect on disk latencies. SAS drive failures were successfully sustained, spared, and rebuilt. A full appliance failure was successfully sustained, with High Availability provided to desktops from the unified storage and compute of vstac, and no noticeable impact to the other desktop users. A network connection failure was successfully sustained with no impact on performance. Scaling of the system with HA to 8 nodes resulted in better than linear scaling as the system becomes more efficient due to aggregated resources. 3 vstacs supported 184 desktops, 4 vstacs supported 295 desktops, and 8 vstacs supported 736 desktops. 2. 2.1 Background As the usage models for VDI become better understood, it s possible and helpful to categorize VDI users by their common need for features, functionality and performance. This RA is designed to identify attributes specifically required by users and how these can be fulfilled in a tested configuration. 2.2 Attributes of MSW Users users are defined as having the following specific needs: Session Mobility MSW users are expected to consistently access virtual desktop sessions from disparate locations. As a result, the need for single sign-on along with high availability infrastructure is required to ensure easy access to their applications and data whenever and wherever they need them. Local printing also becomes important to maintain productivity independent of location. Many Device Types MSW users are expected to use many types of endpoint devices that may be thick, thin or even zero clients including Mac, Windows and Linux devices as well as ipad and Android tablets. Central infrastructure must provide consistent, predictable performance across

device types and offer enhanced security so that corporate data and applications are controlled via their virtual machine. Enhanced Security MSW users need enhanced security to ensure that sessions are fully encrypted, that anti-virus and threat identification solutions can be efficiently deployed and that policy-based restrictions can be implemented for print or USB capabilities across locations. High-Performance and High Availability MSW users are key contributors to organizational productivity. These workers are expected to plug-in to the corporate environment on demand and they correspondingly expect that the virtual desktop infrastructure is always on and able to deliver adequate performance. Dynamic Usage Patterns MSW users are by nature fluid users across device types and access paths. They exert disruptive performance requirements on central infrastructure that must be easily serviced without IT intervention. Deliver Uncompromised End User Experience MSW users expect a computing experience comparable with a local desktop complete with applications, printing, unified communications and 3D graphics as part of their daily workspace. The VMware View with PCoIP dynamically adapts to the end user s network conditions to deliver a seamless experience across devices and locations. 2.3 Desktop User Profiles Get 5 types of user profiles from validated design guide doc. These 5 transpose into three distinct user workloads will be used to validate the architecture. 1) Knowledge Worker 2) Power User 3) Mobile Knowledge Worker 2.4 Technical Objectives Demonstrate the solutions meets the three MSW requirements; Mobility, Security, and Management. With this solution meeting specific objectives of 1) Component Interoperability 2) Deployment Speed 3) Performance and user experience 4) Flexibility

3. Major Architecture Components 3.1 Pivot3 vstac VDI Through patented Serverless Computing software innovation, Pivot3 delivers radically simplified and integrated shared storage and virtual servers in a simple, scalable appliance model. Pivot3 vstac VDI appliances provide an enterprise-class virtual desktop infrastructure with high performance, high availability and no single point of failure. Pivot3 vstac VDI arrays operate as true, shared resource pools. As vstac VDI appliances are stacked together, the system dynamically aggregates, load-balances and optimizes shared storage, compute and network resources to ensure optimal desktop performance. A Pivot3 vstac VDI array is designed to withstand end-to-end failures; from desktops to disks to appliances. Purpose built to deliver a simple, scalable enterprise-class Virtual Desktop Infrastructure; Pivot3 vstac VDI appliances provide the following key benefits: High-performance. Run over 115 virtual desktops on each vstac VDI Appliance. Storage performance is automatically load balanced across appliances to ensure that virtual desktops receive the optimal resources, regardless of which appliance hosts the desktops. High Availability. Enterprise class deployments, like VDI, demand data center caliber availability and performance. Simple to deploy and use, vstac VDI appliances meet these essential demands. Critical hardware and software resources are fully protected, shared and redundant. From dual power supplies and networking through to failover protected storage and vsphere HA, a Pivot3 vstac VDI deployment is both robust and reliable. Savings. Pivot3 consolidates server and storage resources into a single hardware platform to reduce power, cooling, rackspace and cost over systems with separate physical servers and physical storage. Future planning is easy because one hundred or one thousand virtual desktops have the same cost basis.

Optimized Storage for VDI Workloads. VDI has a set of demanding storage requirements that can be daunting to administrators. Eliminate complex SAN and NAS provisioning tasks by deploying purpose-built Pivot3 appliances that are optimized for the VDI workload. Patented Serverless Computing Technology. Pivot3 Serverless Computing allows organizations to deploy scalable, shared storage resources that also integrate fault tolerant virtualized servers without requiring the purchase of any additional physical server hardware. Pivot3 Serverless Storage Appliances deliver a converged server virtualization infrastructure together with scale-out, load balanced, and highly available SAN storage resources. 3.2 VMware View VMware View enables the simplification of desktop and application management while providing an optimized user experience with high security. View allows IT to centrally manage desktops, applications, and data while increasing flexibility and customization at the end-point for the user. This enables higher availability and agility of desktop services unmatched by traditional PCs while reducing the total cost of desktop ownership by up to 50%. Purpose-built for delivering desktops as a managed service, VMware View provides a positive end-user experience and transforms IT by simplifying and automating desktop management. Centrally maintaining desktops, applications, and data reduces costs, improves security, and, at the same time, increases availability and flexibility for end users. Unlike other desktop virtualization products, VMware View is a tightly integrated end-to-end solution built on the industry-leading virtualization platform. VMware View allows customers to extend powerful business continuity and disaster recovery features to their desktops and standardize on a common platform from the desktop through the data center to the cloud. The VMware View solution provides a wide range of benefits. Simplify and automate desktop management. VMware View lets you manage all desktops centrally in the data center and provision desktops instantly to new users, departments, or offices. Create instant clones from a standard image and create dynamic pools or groups of desktops. Optimize end-user experience. The VMware View PCoIP display protocol provides a superior enduser experience over any network. Adaptive technology provides an optimized virtual desktop delivery on both the LAN and the WAN. Address the broadest list of use cases and deployment options with a single protocol. Access personalized virtual desktops complete with applications and end-user data and settings anywhere and anytime with VMware View. Lower costs. VMware View reduces the overall costs of desktop computing by up to 50% by centralizing management, administration, and resources and by removing IT infrastructure from remote offices. Enhance security. Because all data is maintained within the corporate firewall, VMware View minimizes risk and data loss. Built-in Secure Socket Layer (SSL) encryption provides secure tunneling to virtual desktops from unmanaged devices or untrusted networks. Increase business agility and user flexibility. VMware View accommodates changing business needs, such as adding new desktop users or groups of users, while providing a consistent experience to every user from any network point. Provide built-in business continuity and disaster recovery. VMware View is built on industryleading VMware vsphere, allowing you to easily extend features such as HA and Fault Tolerance to your desktops without having to purchase expensive clustering solutions. Automate desktop backup and recovery as a business process in the data center. Standardize on a common platform. VMware View includes VMware vsphere and brings all the benefits and enterprise features of the data center to the desktop. Extending features such as VMotion, HA, Distributed Resources Scheduler, and Fault Tolerance to your desktops provides a built-in disaster recovery and business continuity solution. Optimized specifically for desktop workloads, VMware vsphere is able to handle the high loads associated with desktop operations such as boot-up and suspend operations. Standardize your virtualization platform, and use a single solution

VMware View provides unified access to virtual desktops and applications that run in a central secure data center and are accessible from a wide variety of devices. 3.3 vcenter Ops Manager for View vcenter Operations Manager for View extends the functionality of vcenter Operations Manager Enterprise, and enables IT administrators and Help Desk Specialists to monitor and manage the View VDI environments. vcenter Operations Manager for View is built on top of the vcenter Operations Manager Enterprise. Therefore, it includes the functionality of collecting performance data from monitored software and hardware resources in your enterprise and provides predictive analysis and real- time information about problems in your VDI infrastructure. It presents data and analysis through alerts, in configurable dashboards, and predefined pages in the user interface. The View Adapter gets the topology from the View environment, and gets metrics and other types of information from the desktops, and passes the information into vcenter Operations Manager Enterprise. The typical users of vcenter Operations Manager for View are IT Administrators and Help Desk specialists. The IT Administrator typically would use vcenter Operations Manager for View to get a quick overview of how the View environment is behaving, and to view some of the important metrics associated with their View environment. A Helpdesk person may, in the process of assisting an end user with a VM or desktop issue, need to quickly see resources related to the end user s session, and perform basic troubleshooting to view, analyze, and resolve the issues that exist. 3.4 vshield Endpoint VMware vshield Endpoint provides industry standard APIs to optimize antivirus and anti-malware security for virtual environments via integration with VMware partners. VMware vshield Endpoint allows security technology partners to offer more efficient antivirus and anti-malware protection for virtual hosts, including VMware View desktops. vshield Endpoint offloads antivirus and anti-malware agent processing to a dedicated secure virtual appliance delivered by VMware partners. The solution is designed to leverage existing investments by allowing customers to manage antivirus and anti-malware policies for virtualized environments with the same management interfaces they use to secure physical environments. Key benefits of vshield Endpoint are: Offload antivirus and anti-malware functions from individual virtual machines to a centralized secure virtual appliance Streamline security management and protect against antivirus storms, performance bottlenecks and botnet attacks. Increase consolidation ratios and performance Satisfy compliance and audit requirements through logging of antivirus and anti-malware activities. 3.5 Trend Micro Deep Security Trend Micro Deep Security provides a comprehensive server security platform designed to simplify security operations while accelerating the ROI of virtualization and cloud projects. Tightly integrated modules easily expand the platform to ensure server, application, and data security across physical, virtual, and cloud servers, as well as virtual desktops. So you can custom tailor your security with any combination of agentless and agent-based protection, including anti-malware, firewall, IDS/IPS, web application protection, integrity monitoring, and log inspection. The result is a comprehensive, adaptive and efficient server security platform that protects mission-critical enterprise applications and data from breaches and business disruptions without expensive emergency patching. BUILT FOR VMWARE VIRTUAL AND CLOUD ENVIRONMENTS Deep Security is specifically designed for virtual environments. Its agentless architecture addresses AV storms, minimizes operational complexity of security and allows organizations to increase VM densities and accelerate virtualization and cloud adoption. Developed in close collaboration with VMware, Deep Security is the first product in its category to offer support for VMware vsphere 5.0 and VMware vshield Endpoint 2.0.

Deep Security also provides full backward compatibility with vsphere 4.1 environments. The Deep Security 8.0 Manager also supports mixed mode VMware environments supporting both vsphere 5.0 and vsphere 4.1 protected by the Deep Security 8.0 or 7.5 virtual appliances. PLATFORM ARCHITECTURE Deep Security Virtual Appliance. Transparently enforces security policies on VMware vsphere virtual machines for agentless anti-malware, IDS/IPS, integrity monitoring, web application protection, application control, and firewall protection coordinating with Deep Security Agent, if desired, for log inspection and defense in depth. Deep Security Agent. This small software component deployed on the server or virtual machine being protected enforces the datacenter s security policy (anti-malware, IDS/IPS, web application protection, application control, firewall, integrity monitoring, and log inspection). Deep Security Manager. Powerful, centralized management enables administrators to create security profiles and apply them to servers, monitor alerts and preventive actions taken in response to threats, distribute security updates to servers, and generate reports. Event Tagging functionality streamlines the management of high-volume events. Smart Protection Network. Deep Security integrates with this next-generation cloud-client infrastructure to deliver real-time protection from emerging threats by continuously evaluating and correlating threat and reputation intelligence for websites, email sources, and files. 4. for 4.1 Design Overview This Solution was deployed onto three VMware HA clusters. The Management Cluster hosted all of the Infrastructure and Management virtual machines for the solution. A pair of hosts provided compute for this cluster. A Pivot3 vstac Data Storage Array provided shared storage. The VDI Cluster was created with four vstac VDI appliances. Additional software installed in this cluster provided desktop security and firewall protection. The Stress Client Cluster along with the View Planner virtual appliance on the Management Cluster provided workload in order to profile performance. This cluster hosted virtual machines that launched View Client during testing. Networks followed VMware best practices. A network provides communication between the infrastructure, management VMs, and desktops. Networks from the View Security Servers provide connection to the external network. The vstac VDI Appliances were connected to a pair of 10GbE switches that provided redundant storage area networks.

vstac VDI Configuration 4.1.1.1. vstac Storage The vstac VDI storage array provides two tiers of storage. Ø A pair of SSD drives provide o 50 GB for Write cache o 150 GB raw for Linked Clone Replicas Ø Ten SAS drives for o Linked Clone desktops o Infrastructure, such as security appliances

Multiple vstac VDI appliances form an iscsi storage array. LUNs are created on a Tier of storage (SSD or SAS). Each LUN is striped and RAID protected across all of the drives in the Tier. Each vstac VDI in a View Pool provides CPU, Memory, and Disk IOP resources for roughly 100 desktops. Of course, mileage varies depending on workload and additional infrastructure components. VMware View best practices specify up to 140 desktops per LUN for block storage that supports the reservation mechanism specified in vstorage APIs for Array Integration (VAAI). An HA configuration is overprovisioned by one vstac. An HA View configuration then should have as many SAS LUNs for linked clone desktops as it has vstacs, not counting the additional vstac. An array of one vstac should have one linked clone LUN, an array of three vstacs should have two linked clone LUNs, an array of four vstacs should have three linked clone LUNs, etc. In this validation, the storage array / HA cluster grew to 4 vstacs. Three SAS LUNs for linked clone desktops were configured for the final array. Note that each LUN is accessible by all of the vstacs, such that desktops on any LUN can boot and run on any vstac. The desktop pools were configured to use all of the LUNs Deployment of vshield App and Deep Security requires virtual appliances locally installed on each vstac VDI. A 100 GB LUN was created for each host in the cluster for these appliances.

LUN access on a vstac is controlled by Access Control Lists. iscsi Initiator Alias Names may be used and assigned for a cluster of hosts. iscsi Initiator Names are specific to an individual host. Pivot3 best practices are to use the storage array name for the iscsi Initiator Alias. The storage configuration for the four vstac VDI appliance is shown in the following table. Volume Capacity Storage Tier RAID Level Access Control LCReplicas 126 GB SSD 1p iscsi Alias msdvdi LCClones1 2 TB SAS 6e iscsi Alias msdvdi LCClones2 2 TB SAS 6e iscsi Alias msdvdi LCClones3 2 TB SAS 6e iscsi Alias msdvdi Infra-HostA 100 GB SAS 6e iscsi Initiator Name Host A Infra-HostB 100 GB SAS 6e iscsi Initiator Name Host B Infra-HostC 100 GB SAS 6e iscsi Initiator Name Host C Infra-HostD 100 GB SAS 6e iscsi Initiator Name Host D

4.1.1.2. vstac VDI System Protection The vstac VDI cluster was configured for advanced system protection with vshield App, vshield Endpoint, and Deep Security. Each of these features consists of additional software components. vstac VDI appliances are preconfigured with a vstac Operating System virtual appliance and a hypervisor driver. vshield Application adds a firewall virtual appliance to each vstac. vshield Endpoint provides a hypervisor driver. Also, a thin agent is enabled with VMware Tools for each virtual desktop. Deep Security for Agentless protection provides a virtual appliance and hypervisor filter driver. vstac VDI resources are utilized for these components. Each vstac VDI in the cluster is identical in configuration. Virtual Appliance vcpu Memory Disk vstac OS 4 4 GB 8 GB of special SATA DOM vshield App Firewall 2 1 GB 5 GB of SAS Tier Deep Security 2 4 GB 80 GB of SAS Tier Total 8 9 85 GB SAS A dependent hierarchy exists between the components. Ø vstac OS provides the storage where the virtual appliances and desktops are stored. vstac OS must be the first to boot and last to shutdown. It s also critical that vstac OS be excluded from vshield Appliance protection so that the array can be constituted on a boot prior to the storage being available. Ø Multiple vstac VDI s constitute a storage array, so boot and shutdown operations have to be

Ø The installation script sets Deep Security Virtual Appliance to be the next to boot and conversely next to last to shutdown. Next up is vshield App Firewall Virtual Appliance. Ø The stage is now set with all of the infrastructure components. The Virtual Desktops can now be provisioned and available. 4.2 Management Infrastructure Management Infrastructure The Management Cluster consisted of two vsphere hosts connected to shared storage in order to provide HA within the cluster. Active Directory, View Connection, and View Security servers were deployed redundantly. DRS Groups were created for each set of these servers in order to keep them on separate hosts. vcenter was deployed with 1 vcpu, 4GB RAM, 50 GB disk running Windows Server 2008 R2 Enterprise (64- bit). SQL was deployed in a similar configuration with an additional 50 GB disk. Each host in the system was installed with ESXi 5.0 Update 1. View Connection Server Specifications View Connection Servers were built on Windows Server 2008 R2 Enterprise (64-bit). These servers provide user authentication and redirect incoming remote desktop requests to the appropriate View desktop. In addition, each View Connection Server system runs the web-based View Administrator console that is the primary mechanism for View configuration and administration. The View Connection Servers must be part of the Active Directory forest. The View Connection Servers are VMware virtual servers with 4 vcpus, 10GB RAM, 40GB disk running Windows Server 2008 R2 Enterprise (64-bit). The full specification is given in the following table. Attribute Specification Number of Connection Servers 1 Number of spare Connection Servers for failover 1 Physical or virtual machine Virtual machine VMware Virtual Hardware 8 Number of processors Memory Number of NICs and speed Total storage Operating system Datacenter Cluster 4 vcpu 10GB 1 VMXNET3 adapter at 1GbE 40GB Windows Server 2008 R2 Enterprise (64-bit) MSD VDI MSD VDI VMware View Connection Server VMware View 5.1 (Build 704644) SSL certificate Each View Connection Server requires an SSL certificate for client machines to connect using SSL. Please refer to chapter 7 of the VMware View Installation Guide

vcenter / View Composer Configuration A single vcenter server was deployed and the View Composer service was installed. The basic configuration of View Composer was as follows: Attribute Description Connect using SSL Specification View vcenter Server for Desktops Yes Port 443 Enable View Composer Advanced Settings Maximum Concurrent vcenter Provisioning Operations Maximum Concurrent Power Operations Maximum Concurrent View Composer Maintenance Operations Maximum Concurrent View Composer Provisioning Operations Yes 25 25 15 15 10 4.3 View Configuration View Manager Settings Global Policies Policy USB access Multimedia redirection (MMR) Local Mode PCoIP hardware acceleration Setting Allow Allow Deny Allow medium priority Note The global policy can be overridden by a pool policy set at a pool level. Alternatively, it can be set at a user level. Global Settings Attribute Session timeout View Administrator Session Timeout Automatic Status Messages Specification 600 (10 hours) 120 mins True

Attribute Display pre-login message Display warning before logoff Reauthenticate secure tunnel connections after network interruption Use IPSec for Security Server Connections Specification False False False True Pool Configuration Attribute Pool Type User Assignment State Connection Server Restrictions Remote Power Policy Automatically Logoff after Disconnect Allow users to reset desktops Configuration Automated Floating Enabled None None No No Display Protocol PCoIP Max number of monitors 2 Max Display Resolution 1920 x 1200 Adobe Flash Quality Adobe Flash Throttling n/a n/a Number of Desktops 300 Number of spare, powered- on desktops 295 Provision all desktops up- front Yes Replica Datastore Linked Clone Datastores VSA Enabled CBRC Cache Size (per host) VSA Refresh Cycle LCReplica LCClones1, LCClones2, LCClones3 Yes 2048 MB 7 days View Persona Settings The purpose of View Persona Management is to provide persona persistence across multiple desktops so the user s profile, settings and user-authored data is consistent. The persona management feature must be enabled on the view agent on the hosted virtual desktop. The persona management configuration is managed by a GPO that is applied at the virtual desktop OU level. The basic configuration during testing was a follows: Group Policy Manage user persona Sync Interval Setting Enabled 10 minutes

Remove local persona at logoff Persona repository location Roam local settings folders Files and folders to preload Files and folders to background download Folder redirection individual folder settings Disabled //personadirectoryfqdn/%username Enabled My documents, all standard office files None Enabled These settings are described in detail in the VMware ViewAdministration Guide. PCoIP Policy Settings The PCoIP display protocol is configured in the View GPO that is applied at the virtual desktop OU level. The basic configuration during testing was as follows: Setting Setting Design Consideration Configure clipboard redirection Disabled in both directions Determines the direction in which clipboard redirection is allowed. Clipboard redirection is implemented as a virtual channel. If virtual channels are disabled, clipboard redirection does not function. This setting applies to the server only. When this setting is disabled or not configured, the default value is Enabled client to server only. Configure PCoIP client image cache size policy Configure PCoIP image quality levels Configure PCoIP session encryption algorithms Enabled, 300MB MIQ - 70 MIIQ - 90 MFR- 20 Default Controls the size of the PCoIP client image cache. Image caching reduces the amount of data that is retransmitted. This setting applies only to Windows and Linux clients when View Client, View Agent, and View Connection Server are a View 5.0 or later release. When this setting is not configured or disabled, PCoIP uses a default client image cache size of 250MB. Use the Minimum Image Quality (MIQ) value to balance image quality and frame rate for limited-bandwidth scenarios. The default value is 50. Use the Maximum Initial Image Quality (MIIQ) value to reduce the network bandwidth peaks required by PCoIP by limiting the initial quality of the changed regions of the display image. Default value is 90. The Minimum Image Quality value cannot exceed the Maximum Initial Image Quality value. Use the Maximum Frame Rate (MFR) value to manage the average bandwidth consumed per user by limiting the number of screen updates per second. The default value is 30. Recommended value is 12. These image quality values apply to the soft host only and have no effect on a soft client. You must enable at least one algorithm. By default, both the Salsa20-256round12 and AES-128-GCM algorithms are available for negotiation by this endpoint. This setting applies to both server and client.

Setting Setting Design Consideration Configure PCoIP USB allowed and unallowed device rules Default If FIPS140-2 approved mode is enabled, the Disable AES-128- GCM encryption value is always overridden so that AES-128- GCM encryption is enabled. Specifies the USB devices that are authorized and not authorized for PCoIP sessions that use a zero client that runs Teradici firmware. You can define a maximum of 10 USB authorization rules and a maximum of 10 USB unauthorization rules. Separate multiple rules with the vertical bar ( ) character. See the View Administration Guide for details on the format of rules. An empty USB authorization string means that no USB devices are authorized. An empty USB unauthorization string means that no USB devices are banned. This setting applies to the server only and only when the server is in a session with a zero client that runs Teradici firmware. By default, all devices are allowed and none are disallowed. Configure PCoIP virtual channels Configure the Client PCoIP UDP port Configure the TCP port to which the PCoIP host binds and listens Configure the UDP port to which the PCoIP host binds and listens Enable access to a PCoIP session from a vsphere console All disabled Default Default Default Enabled Specifies the virtual channels that can and cannot operate over PCoIP sessions. This setting also determines whether to disable clipboard processing on the PCoIP host. You can specify a maximum of 15 virtual channels for use in PCoIP sessions. Separate multiple channel names with the vertical bar ( ) character. When the authorized virtual channel list is empty, all virtual channels are disallowed. When the unauthorized virtual channel list is empty, all virtual channels are allowed. The virtual channels setting applies to both server and client. Virtual channels must be enabled on both server and client for virtual channels to be used. By default, all virtual channels are enabled, including clipboard processing. Specifies the UDP client port that is used by software PCoIP clients. For example, if the base port is 50002 and the port range is 64, the range spans from 50002 to 50066. This setting applies to the client only. By default, the base port is 50002 and the port range is 64. Specifies the TCP server port bound to by software PCoIP hosts. The port range must be between 0 and 10. For example, if the base port is 4172 and the port range is 10, the range spans from 4172 to 4182. This setting applies to the server only. By default, the base TCP port is 4172 for View 4.5 and later and 50002 for View 4.0.x and earlier. By default, the port range is 1. Specifies the UDP server port bound to by software PCoIP hosts. The port range must be between 0 and 10. For example, if the base port is 4172 and the port range is 10, the range spans from 4172 to 4182. This setting applies to the server only. By default, the base TCP port is 4172 for View 4.5 and later and 50002 for View 4.0.x and earlier. By default, the port range is 10. Determines whether to allow a vsphere Client console to display an active PCoIP session and send input to the desktop.

Setting Setting Design Consideration Enable the FIPS 140-2 approved mode of operation Enable/disable audio in the PCoIP session Enable/disable microphone noise and DC offset filter in PCoIP session Turn on PCoIP user default input language synchronization Configure the maximum PCoIP session bandwidth Configure the PCoIP session bandwidth floor Configure the PCoIP session MTU Configure the PCoIP session audio bandwidth limit Disabled Enabled, 300MB Disable Determines whether to use only FIPS 140-2 approved cryptographic algorithms and protocols to establish a remote PCoIP connection. Enabling this setting overrides the disabling of AES128-GCM encryption. Determines whether audio is enabled in PCoIP sessions. Both endpoints must have audio enabled. Determines whether to enable the microphone noise and DC offset filter for microphone input during PCoIP sessions. This setting applies to the server and Teradici audio driver only. Determines whether the default input language for the user in the PCoIP session is synchronized with the default input language of the PCoIP client endpoint. 700 Kbps Specifies the maximum bandwidth, in kilobits per second, in a PCoIP session. The bandwidth includes all imaging, audio, virtual channel, USB, and control PCoIP traffic. Set this value to the overall capacity of the link to which your endpoint is connected. For example, for a client that connects through a 4Mbit/s Internet connection, set this value to 4Mbit, or 10% less than this value. Setting this value prevents the server from attempting to transmit at a higher rate than the link capacity, which would cause excessive packet loss and a poorer user experience This setting applies to the server and client. If the two endpoints have different settings, the lower value is used. 250Kbps Default Specifies a lower limit, in kilobits per second, for the bandwidth that is reserved by the PCoIP session. This setting configures the minimum expected bandwidth transmission rate for the endpoint. When you use this setting to reserve bandwidth for an endpoint, the user does not have to wait for bandwidth to become available, which improves session responsiveness. Make sure that you do not over-subscribe the total reserved bandwidth for all endpoints. Make sure that the sum of bandwidth floors for all connections in your configuration does not exceed the network capability. The default value is 0, which means that no minimum bandwidth is reserved. Specifies the Maximum Transmission Unit (MTU) size for UDP packets for a PCoIP session. Typically, you do not have to change the MTU size. Change this value if you have an unusual network setup that causes PCoIP packet fragmentation. This setting applies to the server and client. If the two endpoints have different MTU size settings, the lowest size is used. 50 kbps Specifies the maximum bandwidth that can be used for audio (sound playback) in a PCoIP session. The audio processing monitors the bandwidth used for audio. The processing selects the audio compression algorithm that provides the best audio possible, given the current bandwidth utilization. If a bandwidth limit is set, the processing reduces quality by changing the compression algorithm selection until the bandwidth limit is reached. If minimum quality audio cannot be provided within the bandwidth limit specified, audio is disabled. This setting applies to the server only. You must enable audio on both endpoints before this setting has any effect. In addition, this setting has no effect on USB audio. This setting applies to View 4.6 and later. It has no effect on earlier versions of View.

Setting Setting Design Consideration Turn off Build-to-Lossless feature Disable sending CAD when users press Ctrl+Alt+Del Enable Right SHIFT behavior when a PCoIP client is connected Disabled Enable Disabled Specifies whether to disable the build-to-lossless feature of the PCoIP protocol, which is on by default. If you enable this setting, the build-to-lossless feature is disabled. Images and other desktop content are never built to a lossless state. In network environments with constrained bandwidth, disabling the build-to-lossless feature can provide bandwidth savings. Disabling this feature is not recommended in environments that require images and desktop content to be built to a lossless state. To enable this setting, you must click Enabled and check the following check box: I accept to turn off the Build-to-Lossless feature. When this policy is enabled, users must press Ctrl+Alt+Insert instead of Ctrl+Alt+Del to send a Secure Attention Sequence (SAS) to the desktop during a PCoIP session. You might want to enable this setting if users become confused when they press Ctrl+Alt+Del to lock the client endpoint and an SAS is sent to both the host and the guest. This setting applies to the server only and has no effect on a client. Determines whether to enable substitution of the Right SHIFT key with a Left SHIFT key, which allows the Right SHIFT key to function properly when using RDP through PCoIP. This setting can be useful when RDP is used within a PCoIP session. This setting applies to the server only and has no effect on a client. View 4.5 or earlier only. Use alternate key for sending Secure Attention Sequence Use enhanced keyboard on Windows client if available Disabled Disabled Specifies an alternate key, instead of the Insert key, for sending a Secure Attention Sequence (SAS). You can use this setting to preserve the Ctrl+Alt+Ins key sequence in virtual machines that are launched from inside a View desktop during a PCoIP session. This setting applies to the server only and has no effect on a client. Determines whether to direct keyboard sequences to be restricted to the guest operating system in PCoIP desktop sessions. When you press Ctrl+Alt+Delete, Win+L, or another keyboard sequence, the guest system only, rather than both guest and host, acts on the command. For example, pressing Ctrl+Alt+Delete does not lock the host system. This setting applies to Windows hosts only. Before the enhanced keyboard setting can take effect, the VMware keyboard filter driver, vmkbd.sys, must be installed and configured. The VMware keyboard filter driver is automatically installed and configured on computers that have VMware Workstation, Player, or View Client with Local Mode installed. You can use this setting only when View Client is run by a member of the administrator s group on Windows XP or is run under elevated privileges by Run as administrator on Windows Vista and later. 4.4 vcops for View Configuration vcenter Operations Manager (v5.0, build 677931) was deployed as a vapp with two virtual appliances. The first virtual appliance is the web UI server, the second appliance is the analytics engine. A third virtual machine serves as the View adapter and directly interfaces with the View Management interface and relays information to the vcenter Operations Management analytics engine. Specifications for the three virtual machines were as follows:

Server Role Web UI Appliance Analytics Appliance VCOps Adapter Server OS CentOS CentOS MS Server 2008 Std 64-bit vcpu 2 vcpu 2 vcpu 2 vcpu vram 7 GB 9 GB 6 GB Storage 100GB 800GB 50GB 4.5 vshield Configuration vshield App may be configured in multiple manners for to protect virtual desktop users. Air gaps provide a siloed virtual infrastructure for departments and organizations. Mixed trust zones with network silos provide physical network isolation. Mixed-trust zones with VLANs separate within logical networks using VLANs. Design guides are available form VMware to assist with layout of each of these. The options will not be attempted to describe here. A vshield App deployment on a vstac VDI must be configured to not firewall the vstac Operating System Virtual Appliance. Since the vshield App VM will be stored on a vstac OS LUN, it will not be running when vstac OS begins to boot. vshield App s Exclusion List must be set to include each vstac OS in the cluster. 4.6 Desktop Image Build Virtual Desktop Guest Operating System A single master OS image was used to provision desktop sessions in the VMware View environment. VMware recommends using a fresh installation of the guest OS so that correct versions of the HAL, drivers (including the optimized network and SCSI driver), and OS components are installed. This also avoids performance issues with any legacy applications or configurations of the desktop virtual machine. View Planner Desktop Specification The operating system image deployed for the desktop images uses Microsoft Windows 7 SP1 with all Important MS security updates installed. These images are considered to be the Gold images. Upon configuration and customization (according to View Planner specifications), these images were converted to virtual machine templates. Master Win7 Image Specifications The virtual hardware configuration of the Master desktop virtual machine varies based on the computing resources required by the end user. The following tables define the default virtual hardware specifications. Exceptions to this default specification are handled on a pool-specific basis. Attribute Desktop OS Specification Windows 7 Enterprise, SP1 Hardware VMware Virtual Hardware version 8 vcpu 1 vmemory 1024MB vnics 1 Virtual network adapter 1 Virtual SCSI controller 0 Virtual disk VMDK Virtual floppy drive 1 VMXNet3 Adapter LSI Logic SAS 40GB Removed

Attribute Virtual CD/DVD drive 1 Specification Removed VMware View Agent VMware View Agent 5.1 build 704644 5. Validation Testing 5.1 Test Methodology Performance Testing with View Planner 2.1 VMware s View Planner tool simulates application workloads for various user types, (task workers, knowledge workers, and power users) by running applications typically used in a Windows desktop environment. During the execution of a workload, applications are randomly called to perform common desktop user operations, including open, save, close, minimize and maximize windows; view an HTML page, insert text, insert words and numbers, conduct a slideshow, view a video, send and receive email, and compress files. View Planner testing performance and scaling tests were conducted using Passive Client mode, where Windows clients were used to launch up to 5 View Client sessions with PCoIP. Resiliency tests used View Planner in Local mode so that testing would no be affected by HA when desktops rebooted on hosts during the induced appliance failure. View Planner then uses a patent pending watermark technique to quantify the user experience and measure application latency on a user client/remote machine. Resiliency Testing Resiliency of the VDI Cluster was proven by injection failures during a View Planner run. Each of these tests was run to demonstrate availability and continued performance capability. Disk failures were injected in the SSD tier to demonstrate Solid State Disk failure and rebuild. A SAS drive was hot-removed to demonstrate disk failure, sparing, and rebuild. Storage Appliance failure was injected to demonstrate resiliency in the face of an entire vsphere Host/ Storage Appliance failure. HA was enabled during this test to provide protection to all of the desktops. Storage Network failure was injected to demonstrate redundancy of storage connectivity. Scalability Testing Scalar performance testing for increasing desktop quantities of: 1) Single VDI Appliance for minimum configuration 2) 3 VDI Appliances for minimum HA configuration 3) 4 VDI Appliances to demonstrate simplicity of growth from 3 appliances 5.2 Test Results View Planner Results The standardized View Planner workload consists of nine applications performing a combined total of 44 user operations. These user operations are separated into three groups, shown in the table below. The operations in Group A are used to determine the View Planner score, while the operations in Groups B and C are used to generate additional load. The View Planner score represents the 95 th percentile value for application response time for Group A operations. Group A Group B Group C

AdobeReader- Browse AdobeReader- Open 7zip- Compress AdobeReader- Close Excel_Sort- Open PPTx- SaveAs AdobeReader- Maximize Excel_Sort- Save Video- Play AdobeReader- Minimize Firefox- Open Excel_Sort- Close IE_ApacheDoc- Open Excel_Sort- Compute IE_WebAlbum- Open Excel_Sort- Entry Outlook- Attachment- Save Excel_Sort- Maximize Outlook- Open Excel_Sort- Minimize PowerPoint- Open Firefox- Close Video- Open IE_ApacheDoc- Browse Word- Open IE_ApacheDoc- Close Word- Save IE_WebAlbum- Browse IE_WebAlbum- Close Outlook- Close Outlook- Maximize Outlook- Read Outlook- Restore PPTx- AppendSlides PPTx- Close PPTx- Maximize PPTx- Minimize PPTx- ModifySlides PPTx- RunSlideShow Video- Close Word- Close Word- Maximize Word- Minimize Word- Modify View Administrator was used to create pools of Floating Linked Clones. Administrator was monitored for completion of desktop provisioning. The View Planner test was then started. The tests are then executed in three phases: Boot Storm. Each desktop and test client is rebooted. Planner waits for all of the virtual machines (client and desktop) to report. Login Storm. Clients launch View Client to login to desktops. PCoIP was used for each session. Application Workload. Applications are started and work is provided through scripts on each desktop. vcenter performance graphs were monitored during the test. Criteria for each resource determines a valid test run. CPU Usage is not allowed to saturate during Boot Storms and Login Storms. CPU should stay under an average of 85% during the Application Workload.

120 100 CPU Usage 80 60 40 Applica^on Workload 20 0 Boot Storm Login Storm Memory Usage is tracked to ensure that Active Memory does not saturate. Memory Ballooning is unacceptable during the test. Millions 120 100 Memory Usage 80 Boot Storm 60 Login Storm 40 Applica^on Workload 20 0 Ac^ve Granted Balloon Disk Latency must satisfy an average less than 40 milliseconds during Application Workload.

180 160 140 Boot Storm Disk Latency Login Storm Milliseconds 120 100 80 60 40 Applica^on Workload 20 0 Read latency - Desktops Read latency - Replicas Write latency - Desktops Write latency - Replicas Disk Usage is interesting to monitor to better understand how the stages of the test use the different storage tiers. The Replica Datastore on the SSD Tier has a high read rate during the Boot Storm, read bandwidth is lower during the Login Storm, and low during the Application workload. The Desktop Datastores on the SAS Tier have a similar write rate during these three phases. The SSD based Write Cache in vstac VDI provides low latency for these writes. Disk Usage Bytes Per Second Thousands 40 35 30 25 20 15 10 Boot Storm Login Storm Applica^on Workload 5 0 Read rate - Desktops Read rate - Replicas Write rate - Desktops Write rate - Replicas As an interesting aside one additional test was run with View 5.1 s Virtual Storage Accelerator disabled. The contrast in read rate of the Replica Datastore is shown during the Login Storm. The effect of VSA is remarkable, providing nearly a 10x reduction in read rate.

Bytes Per Second Thousands 100 90 80 70 60 50 40 30 20 10 0 Effect of Virtual Storage Accelerator on Replica Reads Login Storm VSA Disabled VSA Enabled Test scoring is provided as a Report of Operational Latencies in View Planner. The report indicated that only one of the Operations from Group A surpassed 1.50 seconds, and that was a mere.07 seconds high.

Resiliency Test Results Resiliency Testing was conducted with a storage array and HA cluster of three vstac VDI appliances. 184 Desktops were distributed evenly across the three appliances, with each appliance hosting approximately 61 desktops. View Planner was started with a Local mode test. Local mode was used so that HA failover could be demonstrated, as View Planner does not have the facility to reconnect to desktops. The workload was allowed to run for two hours prior to fault injection. SSD Fault Fault injection began by injection of a Solid State Disk failure. The appliance named vstac-vdi-13 was selected for the fault. vstac Manager indicated a Degraded Array with vstac-os-13 degraded with a failed SSD. The SSD Storage Tier has a single LUN, LCReplicas, so it was the only LUN affected. Performance graphs indicate a brief CPU spike and no noticeable affect on disk latencies. The workload was allowed to run 20 minutes with the SSD fault.

SAS Fault A SAS Drive was forced to fail by hot pulling the drive from the appliance chassis. Again vstac-vdi-13 was targeted, though any of the other appliances would have maintained data integrity and availability had they suffered the SAS Drive failure. Each of the LUNs on the SAS Tier now indicate a degraded state. Sparing of the failed SAS Drive kicked in immediately. The drive was spared to all of the remaining SAS Drives in the array. Performance graphs show an increase in CPU. This is an indication of the recalculation of disk parities for the Sparing operation. Latencies for Drives in the SAS Tier rise to roughly a 15-millisecond average due to the Sparing operation causing reads and writes. The workload was allowed to run for forty minutes.

Appliance Fault A vstac Appliance was forced into failure by an abrupt removal of power. vstac-vdi-8 was targeted so that performance graphs from vstac-vdi-13 could continue to be acquired for this report. vstac Manager now indicates that the array is degraded with one degraded appliance (due to the failed not yet completely spared SAS drive) and one failed appliance. All volumes on all storage tiers are degraded. Drive Sparing is unable to continue. Performance graphs show a brief disruption while the HA cluster times out the failed appliance. CPU utilization then rises as half of the desktops from vstac-vdi-8 are redistributed and reboot onto vstac-vdi- 13 and vstac-vdi-14. CPU utilization to slightly hire than previous levels once the boot storm completes. SAS Drive latencies increase to near 20 milliseconds, as every write is a degraded parity write. Previous failures had only affected a fraction of all the writes.

Network Failure The 10G network switch was forced into failure by an abrupt removal of power. The redundant 10G switches provide ample network bandwidth so performance was unaffected. No disruption of storage connectivity occurred. Repair Each fault is now repaired. The failed appliance has power reapplied and allowed to boot. The appliance rejoins the HA cluster automatically. Since there is no actually hardware failure, the decision is made for this case to re-add the appliance to the storage array. The appliance will be rebuilt in place of the appliance failed from the array. The SSD Drive is replaced and rebuilt. The pulled SAS Drive is replaced by a hot-add of a spare SAS Drive. The array kicks off unsparing of the drive and rebuilding of the new SAS drive. The 10G network switch has power reapplied and allowed to boot. The storage network reconnects the redundant network is utilized.

Performance Graph The following performance graph shows CPU % Utilization and Disk Latencies during the resiliency test. The graphs are all captured from vstac- VDI-13. Scalability Test Results vstac VDI s capacity to host desktops was profiled with View Planner 2.1 at cluster/array sizes of 1, 3, and 4 appliances. Factors that contributed to the desktop count include Usage of PCoIP for the tests, CPU and RAM utilization by Deep Security and vshield App on each appliance, and vshield App s high CPU consumption during Login Storms. Provisioning for High Availability requires additional resources on each appliance to be able to host the full desktop count in the face of an appliance failure. An cluster of three appliances requires an appliance worth of resources to be overprovisioned to allow for a failure. At this cluster size, each host must be prepared to assume half a host s load. In contrast, at the View maximum of 8 hosts in a cluster, each host need only assume 1/7 th of a host s load. Providing High Availability for a single host failure becomes more efficient with larger sized clusters. Scaling is better than linear.

Desktop Scale Out 800 700 736 600 625 # Desktops 500 400 300 200 100 92 184 295 405 515 0 1 3 4 5 6 7 8 # vstac VDI Appliances 6. Additional Content 6.1 Solution Component Inventory vstac Components Component Version vstac VDI VBH2-10D03 5.1 Software Inventory Component Version Build vsphere ESXi 5.0 Update 1 623860 vcenter 5.0 Update 1 804276 View 5.1.1 799444 vcenter Ops Manager for View 1.0 702779 vshield Bundle 5.0.0 473791 Microsoft Server 2008 Enterprise 64-bit Microsoft Windows 7 Enterprise 64-bit Microsoft Office Professional 2010 32-bit Microsoft SQL Server 2008 Enterprise 64-bit Trend Micro Deep Security 8.0