VDI Data Protection Part 1: Protecting Your VDI Environment - What You Need to Consider
Fri, 03 Apr 2020 13:46:32 -0000|
Read Time: 0 minutes
Virtual Desktop Infrastructure (VDI) plays a crucial role in today's business transformation initiatives. Although there is an increase in SaaS-based and cloud native applications, the majority of the applications in today's enterprises continue to be Microsoft Windows-based applications. VDI is the most efficient way to present these Windows applications to end users in their digital workspaces, and provides a consistent user experience across user devices for the modern-day mobile workforce. Organizations increasingly rely on VDI to provide the agility, security, and centralized management that are so important for their workforce.
According to the Global Data Protection Index survey by Dell EMC, organizations managed an average of 9.7PB of data in 2018 - representing an explosive growth of 569% compared to the 1.45PB managed in 2016. What’s worrying is that the number of businesses unable to recover data after an incident nearly doubled between 2016 and 2018. This information is alarming because incidents such as these can cause substantial monetary losses, reduced employee productivity, and damage to the reputation of the affected organizations. You can read more about the survey results here. VDI environments are arguably the most critical workload in the corporate data center because they impact user desktops and user data - the primary gateways to user productivity. Any loss or reduced availability of these components will directly impact both user productivity and the business.
For physical desktops and laptops, data protection is often restricted to storing user data on a shared folder somewhere in the organization's network, then protecting that folder. But when it comes to VDI, virtual desktops reside in the data center, and it is the responsibility of IT to not only protect the user-specific data but also to protect the desktop and associated desktop management infrastructure.
The success of a VDI data protection plan depends on these classic data protection parameters:
- Availability -- the percentage of time that a service/application (in this case the VDI environment) is available. Five-nines or 99.999% availability means 5 minutes, 15 seconds or less of downtime in a year.
- Recovery time objective (RTO) -- the elapsed time to when virtual desktops can be available after an incident
- Recovery point objective (RPO) -- the time period (minutes, hours) of acceptable user and configuration data loss from the VDI environment prior to when the incident occurred
For example, a policy might state that we must restore service within 4 hours (RTO) with no more than 1 hour of data loss (RPO). A robust data protection plan is necessary to ensure that availability, RTO, and RPO objectives are met. Such a plan will require the protection of all essential components of the VDI environment to ensure that the plan meets its service level agreement (SLA) to avoid business impact.
As shown in Figure 1 below, a VDI environment typically consists of management infrastructure, desktop infrastructure, and user data components (often a file share or dedicated unstructured data storage platform such as Dell EMC Isilon) where user data is stored. The functions of these layers are summarized below:
- The management layer performs the provisioning, brokering, policy management, and related management functions
- The desktop layer is the user’s desktop, which is often made available to multiple users using an appropriate cloning technology
- The third layer is the user data (stored in user profile shares, home folders, etc.)
A VDI data protection plan should cover all three of these component layers.
Figure 1: Components of a VDI Environment that Require Protection
The availability and recoverability goals described above will determine the overall design for your VDI infrastructure. The level of redundancy and other factors will vary depending on whether it will be a single-site or multi-site design. The operational backup of data and the disaster recovery plan, two major aspects of data protection, will vary across organizations based on these parameters. Careful consideration needs to be given to these requirements during the design of the VDI infrastructure, to meet the Service Level Agreement (SLA).
In the next installments of this blog series on data protection for VDI, we will discuss in detail how these objectives can be met by describing some of the important considerations for multi-site disaster recovery, single-site protection, and what the future of data protection for VDI environments in a multi-cloud world might look like. The next blog will be a deep-dive on VDI multi-site disaster recovery from a Dell EMC perspective. Stay tuned and we’d love to get your feedback!
Principal Engineer at Dell EMC, Technical Marketing ,Ready Solutions for VDI
Related Blog Posts
VDI Data Protection - Part 4: Summary
Thu, 23 Apr 2020 10:50:34 -0000|
Read Time: 0 minutes
In the previous blog posts in this series (part 1, part 2 and part 3) we discussed the components of data protection, disaster recovery, and operational backup approaches in a VMware Horizon environment. The components that require data protection in a Horizon environment are management infrastructure, desktop infrastructure, and user data components where user profiles, home drives and so on are stored.
Today’s organizations rely heavily on VDI to extend their business-critical applications to digital workspaces, giving users on-demand access from any device, no matter where they are. An outage to the VDI environment can cause a major disruption to business continuity and productivity as users are prevented from accessing the applications. So, a well-formulated DR and backup plan are critical to business continuity and for the success of VDI deployments. You can read more about the components of data protection, DR, and the backup aspects of Horizon data protection in the previous posts in this blog series.
We will conclude this series by exploring the public cloud disaster recovery options that are enabled by Horizon on the Dell Technologies Cloud Platform (DTCP) solution from the Dell Technologies Ready Solutions for VDI team.
VDI Data Protection in a Public Cloud - With DTCP and VMC on AWS
VMware Horizon on DTCP is a true hybrid cloud platform for VDI workloads that easily enables disaster recovery on the public cloud. DTCP is based on Dell EMC VxRail hyper-converged infrastructure running VMWare Cloud Foundation (VCF) delivering consistent infrastructure and operations. DTCP allows you to build standardized VMware Software-Defined Data Center (SDDC) architecture that provides a consistent infrastructure connecting your on-premises and a public cloud. Watch this video to learn more about Horizon on DTCP solution.
With DTCP, you can configure DR for Horizon 7 by having an on-premises active-primary site and a passive-secondary site on VMC on AWS, one of our partner public cloud. VMC on AWS delivers VMware SDDCs as-a-service on the AWS cloud. The consistent infrastructure that is offered by DTCP allows you to leverage the same existing skills to build a Horizon 7 infrastructure on VMC on AWS. By using VMC on AWS as a passive site for DR, you can take advantage of the hourly billing option and the pay-as-you-go benefit.
Figure 1: VMware Horizon on DTCP using VMC on AWS as a DR site
VMware Cloud Pod Architecture (CPA) allows you to join multiple pods to form a single Horizon implementation. This pod federation can span multiple sites and data centers, simplifying the administration effort that is required to manage a large-scale Horizon deployment. The CPA architecture also simplifies the DR fail-over process. Read more about CPA and different Horizon DR approaches in part 2 of this data protection blog series.
For a VDI environment based on non-persistent or stateless virtual desktops, you can keep a small host footprint on VMC on AWS, where you will deploy your Horizon 7 instance, store your updated golden images, and create a small pool of VMs. You should also replicate App Volumes, Dynamic Environment Manager settings, user profiles, and other user-related data to maintain consistency across on-premises and VMC on AWS sites. If you have an environment based on persistent or stateful virtual desktops, you must periodically replicate your full-clone desktop from on-premises to VMC on AWS. However, this type of protection is expensive and involves more effort. See this reference architecture guide from the Dell Technologies Ready Solutions for VDI team to learn more about the design considerations and replication options when deploying a Horizon solution based on DTCP and VMC on AWS.
VDI consolidates desktop storage from many devices onto centrally managed infrastructure in the data center. The management of centralized desktops is easier and more secure than distributed physical desktops and it gives more control to administrators. However, an outage to the VDI environment could affect the user’s ability to access business-critical data.
All three component layers (desktop, management, and user data) must be considered when developing a backup strategy for your Horizon environment. The backup approach might vary depending on whether you are using a persistent or non-persistent virtual desktop environment. For multi-site disaster recovery, it is recommended that you use an approach based on Horizon CPA architecture.
The availability and recoverability goals that are defined in the service level agreement (SLA) will determine the overall data protection plan for your VDI infrastructure. The level of redundancy and other factors will vary depending on whether it is a single-site or multi-site design. For the data protection of a Horizon 7 environment, you can choose from the broad range of Dell Technologies data protection products to match your user environment and existing data protection policy. For further information, see the Dell Technologies Data Protection web page.
A VMware Horizon solution on Dell EMC PowerEdge R7525 servers based on 2nd Gen AMD EPYC processors
Tue, 02 Jun 2020 09:37:59 -0000|
Read Time: 0 minutes
Many VDI deployments experience performance issues and poor user experience when trying to maintain a cost-effective consolidation ratio. A higher consolidation ratio of virtual machines to physical servers offers better economics and lower Total Cost of Ownership (TCO). The amount of TCO benefits might vary depending on the size of your VDI environment. It is a challenge for today’s organizations to deploy a cost-effective VDI environment while striking the right balance between performance and density.
The Dell Technologies Ready Solutions for VDI team provides a solution that resolves these challenges. It uses VMware Horizon based on Dell EMC PowerEdge R7525 servers equipped with new 2nd Gen AMD EPYC processors. The PowerEdge R7525 is a highly scalable, two-socket 2U rack server that delivers powerful performance and flexible configuration options. The servers are equipped with 2nd Gen AMD EPYC processors that can accommodate up to 64 cores per socket. A dual-socket R7525 server can have up to 128 cores, providing excellent user densities and a lower TCO for your VDI deployment. This solution offers you the flexibility to correctly size your VDI environment for performance and an exceptional end-user experience.
In this blog, we will discuss the key benefits of this solution and the results of performance testing carried out by the Dell Technologies Ready Solutions for VDI team.
Key benefits of the solution
- High performance and density: PowerEdge R7525 servers based on 2nd Gen AMD EPYC processors are designed for performance and with a high number of cores per CPU socket you can achieve higher user densities per server.
- Lower security risks with a diverse CPU architecture: The 2nd Gen AMD EPYC processors in this solution present an opportunity to diversify the CPU architecture within your data center. A data center with diverse CPU architecture poses a lower risk to your organization during security threats. Customers can move business-critical data to an appropriate and safe environment while a security event is resolved. With AMD Infinity Guard, which includes the AMD secure processor, Secure Memory Encryption (SME), and Secure Encrypted Virtualization (SEV) capabilities, you can minimize potential attack surfaces and deploy your workloads with confidence.
- Excellent graphics capability: The solution also offers excellent graphics performance with the capability of hosting up to 6 NVIDIA T4 cards (each with x16 PCIe lane access) on the PowerEdge R7525 server, providing up to 96 GB of graphics frame-buffer per server.
Solution performance testing
The Dell Technologies Ready Solutions for VDI team used the Login VSI benchmark tool for performance testing. We performed testing on a 3-node VMware vSAN cluster based on PowerEdge R7525 servers with a ‘Density Optimized’ configuration. VMware ESXi 6.7 update 3 was used as the hypervisor and the Horizon 7 virtual desktops were provisioned by instant clones. See Figure 1 for the solution stack.
Figure 1: VMware Horizon on PowerEdge R7525 solution stack
The environment configuration was:
- PowerEdge R7525 server (Density Optimized configuration)
- 2 x AMD EPYC 7502 (32 core @2.5 GHz)
- 1024 GB (16 x 64 GB @ 3200 MHz)
- 2 x 800 GB WI SAS SSD (cache)
- 4 x 1.92 TB MU SAS SSD (capacity)
- Mellanox Connect X- 5, 25 Gbe Dual port SFP28
- 6 x NVIDIA T4
- vSAN all-flash datastore
- VMware ESXi 6.7u3 hypervisor
- VMware Horizon 7.10 VDI software layer
See Table 1 for the VM configuration that we tested for different Login VSI workloads. For details of the test environment, configuration and testing process and an analysis of the test results, see the Reference Architecture Guide available on the Dell Technologies VDI Infohub.
Table 1 : Virtual machine configuration for different Login VSI workloads
Figure 2 shows the recommended density figures per host for Login VSI workloads based on our performance testing. We recommend these density figures after monitoring and analyzing a combination of host utilization parameters (CPU, memory, network and disk utilization) and Login VSI results. We monitored the relevant host utilization parameters and applied relatively conservative thresholds for the Login VSI testing. Thresholds are carefully selected to deliver an optimal combination of excellent end-user experience and cost-per user while also providing burst capacity for seasonal or intermittent spikes in usage.
Figure 2: Horizon on PowerEdge R7525 solution user density figures
Our performance testing achieved excellent consolidation ratios for the solution while maintaining good performance for typical VDI workloads. PowerEdge R7525 servers based on AMD processors come with dual-socket CPUs that can host up to 128 cores per server, increasing user density within VDI environment.
If you are running a mixed workload on your hypervisor, including your VDI workload, there is a limitation using VMware licensing greater than 32 cores. See the licensing details here. However, this limitation doesn't apply to VMware vSphere Desktop edition intended only for deploying desktop virtualization and is licensed based on powered-on desktop virtual machines.
The high CPU core density per server results in exceptional user densities and high performance for VDI workloads. The 2nd Gen AMD EPYC processors with high core counts present an opportunity to design your VDI environment with CPU oversubscription ratios that result in the right balance between performance and user density.