overview of joint f5 and vmware horizon 6 solutions · pdf fileoverview of joint f5 and vmware...
TRANSCRIPT
Overview of joint F5 and VMware Horizon 6 solutions
Michael Koyfman, Sr Global Security Architect, F5 Networks
Garry Owen, Sr Product Marketing Manager - EUC, VMware EMEA
The Changing Landscape
2
Devices New Applications Anywhere Access
Resulting Challenges
3
The difficulty of managing the new landscape with traditional tools
Security and Compliance Management Cost
Cost of OPEX3x CAPEX
The Need for a New Approach
4
Support for Physical and Virtual
Produce Deliver Consume
Persona
App setsApp setsApp sets
OS
Virtual Desktops Remoted Anywhere
Image Synced to Laptop
Managed Container on Personal Laptop
Unified WorkspaceIT Admin
The Evolving End-User Computing Vision
5
Desktop Laptop Tablet Phone Machine
Mission: Secure Virtual Workspace for Work at the Speed of Life
PCs, Laptops
Thin Clients
Tablets, Smartphones
DesktopManagement and
Delivery
Enterprise Mobility
Management and Security
Introducing VMware Horizon 6
6
PERSONA
APP
OS
Central Image Management for Physical, Virtual
and BYO Devices
Unified Workspace
Desktop Virtualization &
Application Publishing
Optimized for the Software
Defined Data Center
Hybrid Brokering
Closed Loop Management
and Automation
Why Horizon 6?
Simple and Secure Lower TCOAnytime,Anywhere Access
7
F5 Solutions for VMware Horizon 6
F5 Agility 2014 9
F5 and VMware together
F5 and VMware global partners since 2007
Primary partnership goals- Compatibility / Interoperability Testing- New Solution Development- New Solution Documentation
Across all major F5 and VMware products – BIG focus on Horizon 6
Ongoing cooperative solution development eg.MSD
Coordinated back-end customer support
F5 Agility 2014 10
Centralized layered image management for local deployment
Multi-device workspace for IT services
F5 Solutions for VMware Horizon 6
Horizon (with View)
HorizonMirage
HorizonWorkspace Portal
Complete desktop and application virtualization
+ VMware HORIZON 6Support for VMware validated solutions Mobile Secure Desktop Business Process Desktop AlwaysOn Desktop Branch Office Desktop
Purpose-built BIG-IP SKUs for Horizon 6 Optimized cost and features, delivering:
- Username Persistence- CAC card/Smart Card- PCoIP Proxy- Designed to jointly compete with
Citrix VDI + NetScaler
Intelligent traffic management and security Local and global traffic management Multi-site and multi-pod deployments Access management and data center firewall
F5 Agility 2014 11
F5 BIG-IP is the Foundation for App Delivery
An even better virtual desktop and application
experience
The Proven Choice for End
User Computing
Market leader in Application
Delivery
Positioned to meet end users’ needs
Optimize the User Experience
Simplify Infrastructure
Unify Security & Access Control
Strengthen Availability
Reduce Cost
F5 Agility 2014 12
F5 Supports Validated Solutions
12
End-to-end solutions de-risk getting started across four key use cases
High Availability
Healthcare: • Clinical Desktops as a non-
stop service
Financial: • VMware AlwaysOn Financial
Services Workspace
VMware AlwaysOn Desktop
Mobility and BYO
Education:• Digital Backpack, Online
Testing
Government:• Secure Govt Mobility• Secure Virtual Desktop
VMware Mobile Secure Workplace
Outsourcing, Offshoring
VMware Business Process Desktop
Manufacturing:• VMware Developer/
Designer Desktop with 3D
Remote Offices or Locations
VMware Branch Office
Financial & Retail
F5 Agility 2014 13
F5 BIG-IP with VMware Horizon 6 (with View)versus Citrix NetScaler with XenDesktop
End User Computing Citrix VMware
VDI Centralizes all of the desktop components – the OS, applications and data back in the datacenter.
App Publishing Allows users to connect to their corporate applications remotely or locally from a wide range of computer systems and mobile devices.
App Virtualization Deliver virtual applications through a single platform to streamline management and easily entitle end users.
Physical Desktop Streamline the management of physical and virtual images for full clones to reduce operating costs and minimize image drift.
DaaS Portability Seamlessly deploy virtual desktops across private, public, and hybrid clouds.
Networking Citrix F5
App Fluency Understand and manage both, the network and the application – with an optimized iApp just for Horizon View.
Security Default-deny full proxy. ICSA certified firewall.
Programmability Open API. Control plane, management plane, and data plane.
Community F5’s DevCentral is a leading online community of technology experts – 110,000 members strong and growing.
Cost $$$ $$
F5 Agility 2014 14
Availability & ScalabilityIntelligent Traffic Management
Between View security servers or connection servers
Aggregate multiple View pods to appear as a single pod
Between View pods
Between data centers
Max 10,000 users per pod
Centralized Virtual Desktops
Centralized Virtual Desktops
BIG-IPGlobal Traffic Manager
BIG-IPLocal Traffic Manager
DMZ
BIG-IPLocal Traffic Manager
Access Policy Manager
BIG-IPLocal Traffic Manager
Access Policy Manager
BIG-IPLocal Traffic Manager
DMZ
F5 Agility 2014 15
Improved End User ExperienceUsername Persistence
User Device1
User Device2
View pod and user name persistence between devices
1
Reconnection to the pod containing the user session
2
BIG-IPLocal Traffic Manager
Access Policy Manager
F5 Agility 2014 16
PCoIP ProxySimplify Your Architecture
F5 Access Policy Manager (APM) offers full proxy support for PCoIP
Removes 1:1 dependency between Security and Connection Servers
ICSA Labs-certified, high-performance access and security solution
Unified global access to all allowed applications and network locations
Before After
VMware Horizon 6Optimized Solution by F5
F5 Agility 2014 18
• New product offerings• Four new VMware Horizon 6 (with View) optimized
F5 Access Policy Manager (APM)• Capacity-based sizing options from 10 users upward• VMware Horizon 6 requires only Active Sessions
(not full SSL VPN sessions)
• New VMware Horizon 6 (with View) Reference Architecture
• New iApp streamlined to work with VMware Horizon 6 (with View) optimized APM VE
VMware Horizon 6 Optimized Solution by F5
F5 Agility 2014 19
Configure network for Horizon 6 automatically- Admin answers simple, goal-based questions- iApp for Horizon 6 configures network based on Admin’s input
Benefits- Faster (minutes instead of days)- Reduces errors- Replicates to groups of servers easily
11 questions = deployment done
Ease and Speed of DeploymentiApp for Horizon 6
BIG-IP
F5 Agility 2014 20
Total Cost of Ownership StudyVMware Horizon (with View) and F5 BIG-IP versus Citrix XenDesktop with NetScaler
Four common deployment scenarios:- 250 concurrent users with 100 remote- 1,000 concurrent users with 250 remote- 3,000 concurrent users with 1,000 remote- 10,000 concurrent users with 2,500 remote
Horizon with View 5.3 and BIG-IP 11.5 versus XenDesktop 7.1 with NetScaler 10.1
Principled Technologies is a independent, third-party technology assessment company- Study commissioned by F5 and VMware- Full deployment and pricing details included
http://www.principledtechnologies.com/VMware/VMware_Horizon_F5_BIG-IP_0514.pdf
© F5 Networks, Inc 21
Less expensive, quicker to implementVMware Horizon (with View) and F5 BIG-IP the more compelling choice for VDI
TIME TO INSTALL AND SET UP COST PER CONCURRENT USER
HORIZON VIEW WITH F5 BIG-IP3 times faster than Citrix
NetScaler equivalent
HORIZON VIEW WITH F5 BIG-IP
Up to 15.7% less expensive than Citrix NetScaler equivalent
F5 Agility 2014 22
Why F5 for Horizon 6 (with View)?
Strengthened Security
Increased Availability
Engineered Specifically for View
Increased Scalability
Easier for End Users
Simpler Architecture to Manage
Username Persistence For Horizon 6 (with View)
F5 Agility 2014 24
Username Persistence Use Case
AKA Dynamic Session Detection
Username Persistence is a Solution- Active/Active Multi-Data Center View solution- Enhances VMware’s “AlwaysOn” Solution- Co-engineering effort with VMware Field and PSO
Big interest where mobility between devices is of importance
Enhances BC/DR solutions
F5 Agility 2014 25
view.company.com
Desktop
F5 Agility 2014 26
Desktop
DNS Query: view.company.com
F5 Agility 2014 27
DesktopBIG-IP Platform
iQueryHealth Check to
Both Pods: East & West
Servers
Servers
10.1.1.20
192.168.2.20
F5 Agility 2014 28
Desktop
Servers
192.168.2.20
BIG-IP Platform
User has lowest latency to West Pod. DNS Answer:
“view.company.com. IN A 192.168.2.20”
F5 Agility 2014 29
User Name Current Pod?Bob Smith West
Fran Kelly East
Jim Adams None
etc…
Writes data to internal table
LTM uses OOB method to query View Events DBs.
BIG-IP Platform
Servers
Desktop
F5 Agility 2014 30
Password is cached using 256 bit encryption
PW BIG-IP Platform
Servers
F5 Agility 2014 31
User Name Current Pod?Bob Smith West
Fran Kelly East
Jim Adams None
etc…
LTM looks up User.<Current Assignment>
BIG-IP Platform
Servers
F5 Agility 2014 32
APM queries Active Directory.
UNPW
APM Obtains User’s Current Pod & Pool Member
Username & Password are sent to AD.
DomainDomain
ActiveDirectory
Desktop
BIG-IP Platform
Servers
AD User’s Group
Membership
F5 Agility 2014 33
Based on the Pod & Pool info in AD, BIG-IP sends the user to the correct View
server
Desktop
View Connection Servers
BIG-IP Platform
Servers
F5 Agility 2014 34
The View Server replies with a user token.
Client uses that token to automatically reconnect directly to the VDI image.
Desktop
BIG-IP Platform
View Connection Servers
Servers
PCoIP Proxy
PCoIP protocols
• PCoIP Session negotiation – 4172 TCP- Client:
o Using the DNS name, Desktop Name, Connection-id, and Certificate thumbprint on 4172 TCP - Server:
o Performs another secret layer of Teradici security mechanismso Sends client instructions on how to connect to desktop PCoIP External URL which is IP. Must match server above
• PCoIP Session – 4172 UDP- Client:
o Established third connection using PCoIP Ext URL.
F5 Agility 2014 37
F5 Access Policy Manager (APM) offers full proxy support for PCoIP
Removes Security Servers
APM – Hardened Security Device in DMZ
Supports HTML5 Blast Proxy as well
PCoIP ProxySecure Your Architecture
Before After
PCoIP Proxy – Simplify Your ArchitectureSimplify Your Architecture
Reduce Windows Licensing Costs
Reduce Operational Costs- Initial Security Hardening Tasks- Maintenance/Patching- SSL Cert Management- Reduced set of FW Rules / ACLs / NATs
Conserve Resources- Public IP Addresses
Summary
F5 and VMware
Purpose-built F5 BIG-IP SKUs for VMware Horizon 6 Optimized cost and features, delivering:
- Username Persistence- CAC card/Smart Card- PCoIP Proxy- Designed for VMware and F5 to jointly compete
with Citrix VDI + NetScaler for VDI
Four capacity variants, available now
Transforming the Desktop - Together
F5 Agility 2014 42
Where to Find More InformationF5 Material: www.f5.com/view
VMware Material: www.vmware.com/solutions/desktop/business-process-desktop/partners.html
www.vmware.com/solutions/desktop/mobile-secure-desktop/partners.html
www.vmware.com/solutions/desktop/remote-branch/partners.html
www.vmware.com/solutions/desktop/always-on-desktop/partners.html
www.whychooseview.com
Third Party Material: http://public.dhe.ibm.com/common/ssi/ecm/en/xsb03031usen/XSB03031USEN.PDF
https://communities.netapp.com/docs/DOC-23032
Transforming the Desktop - Together