vmworld 2013: vmware horizon mirage image deployment deep dive
DESCRIPTION
VMworld 2013 Mark Ewert, VMware Andy Philp, VMware Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshareTRANSCRIPT
Horizon Mirage Image Deployment Deep Dive
Mark Ewert, VMware
Andy Philp, VMware
EUC5587
#EUC5587
2
Agenda
Horizon Mirage Single Image Management Overview
Horizon Mirage Single Image Management Deep Dive
• Base Layer considerations and strategies
• Base Layer lifecycle
• How Base and App Layers are deployed
• Handling potential Base Layer conflicts
Questions?
3
VMware Horizon Mirage
Single Image Management Overview
4
Layered, Single Image Management
Horizon Mirage Layers
Layers are stored in the data center
Mirage performs granular operations
on Mirage-managed endpoints
Orange layers continuously
backed up from endpoints
Green layers managed by IT –
OS, drivers
End User PC
Machine Identity Layer (identity, customizations)
User Personalization Layer (user data & profile, installed apps)
Base Layer (OS, infra SW, core apps)
Driver Library
Mirage Application layers
5
Horizon Mirage Layers
Apps not installed
by Mirage
User profile
User data
Machine
identity
Drivers
Base layer
Network Optimized Synchronization & Streaming
Application layer(s)
Mirage
Servers &
Single
Instance
Stores
6
Horizon Mirage Application Layers
Application Layers
• Traditional Windows apps and ThinApps
• Windows apps need to be captured
• Similar to ThinApp capture process
• Applications are “updated” (assigned) to CVDs
and CVD Collections
• App Layer deployment uses same mechanism
as Base Layer assignment
• Requires Base Layer to have been previously
deployed or deployed with App Layer
End User PC
Machine Identity Layer
(identity, customizations)
User Personalization Layer
(user data & profile, installed apps)
Base Layer
(OS, infra SW, core apps)
Driver Library
Application Layers
7
Options: Multiple Applications per Layer and Multiple Layers
End User PC
Machine Identity Layer
User Personalization Layer
Base Layer
Driver Library
Application Layer MS Office, Adobe Acrobat, Google Chrome
End User PC
Machine Identity Layer
Base Layer
Driver Library
Application Layer 1: MS Office
Application Layer 2: Adobe Acrobat
Application Layer 3: GoogleChrome
User Personalization Layer
8
Single Base Layer + App Layers = Multiple Use Cases
End User PC
Machine Identity Layer
Everything else
User Personalization Layer
Base Layer
Driver Library
Finance Apps
Human Resources Apps
Training Apps
Development Apps
Sales Support Apps
9
Single Image Management with Base and Application Layers
Finance Apps
HR Apps
IT Apps
Finance Desktops
HR Desktops
IT Desktops
Single
Base Layer Windows 7
Antivirus
Common Apps
10
Driver Profiles
Drivers required to support a specific brand/model of Endpoint
Decouples the hardware from the other layers
Download drivers from vendor and import into Mirage Driver library
11
Single Image Management with Driver Profiles
Dell Drivers
HP Drivers
Lenovo Drivers
Dell Laptops
HP Laptops
Lenovo Laptops
Single
Base Layer
12
Bringing It All Together: Single Image Management
Single
Base Layer Windows 7
Antivirus
Common Apps
Dell Drivers
HP Drivers
VMware Drivers
Finance Apps
HR Apps
IT Apps
Up to 20,000
Endpoints
13
Image Management Step 1: Build Reference Machine
Network
Mirage server cluster
Mirage SIS
Laptop (or PC)
with Mirage client
Golden master VM
with Mirage client
Mirage Reference Machine
14
Step 2: Create Reference Centralized Virtual Desktop (CVD)
Mirage server cluster
Mirage SIS
Only unique files
are copied across
the network
Network
Network optimized synchronization
Laptop (or PC)
with Mirage client
Golden master VM
with Mirage client
Mirage Reference Machine
15
Step 3: Capture a Base Layer
Mirage
console
Reference
CVDs
Mirage SIS
Base Layer
Desktop Admin
Mirage server cluster
Base Layer Rules
16
Step 4: Assign (Deploy) the Base Layer
Network
Mirage server cluster
Mirage SIS
Mirage
console
Base
Layer
Network
Collection
17
Single Image Management Deep Dive
18
Horizon Mirage Layers Recap
Horizon Mirage Layers
Layers are stored in the data center
Mirage performs granular operations
on Mirage-managed endpoints
Orange layers continuously
backed up from endpoints
Green layers managed by IT –
OS, drivers
End User PC
Machine Identity Layer (identity, customizations)
User Personalization Layer (user data & profile, installed apps)
Base Layer (OS, infra SW, core apps)
Driver Library
Mirage Application layers
19
Base Layers
Base Layers are:
• a copy of the configuration of an Endpoint containing the operating system,
updates and service packs, and common applications
• captured from Reference Machine
Base Layers can be:
• deployed to Endpoints via CVDs and CVD Collections
• used to migrate Windows XP to Windows 7
• created and tested in the datacenter before deployment
Base Layer (OS, infra SW, core apps)
20
Base Layer Considerations
Have as few Base Layers as possible,
one Base Layer is ideal!
Hardware Considerations
• most drivers can be handled by Driver Profiles
• a few drivers need to be installed after layer deployment
• some hardware requires “support software”
• Unified communications, scanners, point of sale
• VMware Tools
21
Base Layer Considerations
Applications
• include system-level software: firewalls and antivirus
• software common to multiple departments or use-cases
OS and Software Licensing
• Volume licenses preferred
• Microsoft VLK for Windows and Office automatically detected
• MAK, Retail keys
• handled manually or via script after first layer deployment
• Applications tied to specific hardware or hardware key
• not recommended for Base Layer. Install outside of Mirage.
22
Base Layers and Endpoint Encryption Software
Full Disk Encryption
• Mirage cannot make changes to partitions or boot sectors
• Install FDE that modify hard drives before Mirage
• Checkpoint FDE, PGPDisk, Sophos Safeguard, McAfee Endpoint Encryption
• Sophos v5.5 IS supported
Microsoft Bitlocker
• Bitlocker is fully supported by Mirage
• Must be enabled.
• Base Layers do not enable or disable Bitlocker
Microsoft Encrypted File System (EFS)
• Mirage supports EFS
• files are uploaded to Mirage unencrypted
• protecting (backing up) EFS files is enabled by default
23
Base Layer Strategy: Department or Use Case Specific
Base Layer contents
• Operating system
• AntiVirus and Firewall
• Standard utilities
• Departmental applications
• Use case specific applications
Everything handled in single layer
• does not require external app deployment
Drawback: more reference machines and base layers to maintain
24
Base Layer Strategy: Specialized Hardware
Base Layer contents
• Operating system
• AntiVirus and Firewall
• Standard utilities
• Point of Sale (PoS) hardware support
• PoS applications
Benefits: supports hardware required by special use case (PoS)
Drawback: more reference machines and base layers to maintain
25
Base Layer Strategy: Generic Standard Desktop
Base Layer contents
• Operating system
• AntiVirus and Firewall
• Standard utilities
Driver Profile
Supports multiple departments and use cases
• Fewer reference machines and base layers to maintain
Drawback: requires another way to handle applications
26
Application Deployment Options
New! Horizon Mirage Application Layers
• Windows Applications
• ThinApps
New! Horizon Workspace
• ThinApps
• SaaS Apps
Legacy systems:
• Microsoft SCCM
Application Remoting
27
Base Layer Lifecycle
Build and Test Reference Machine
Create Reference CVD
Create Base Layer
Test Base Layer
Deploy Base Layer to Endpoints
• with Driver Profile and optional App Layer(s)
28
Base Layer Lifecycle Continued
Update Reference Machine
Changes update Reference CVD via
Mirage synchronization (backup)
Create updated Base Layer
Test updated Base Layer
Deploy updated Base Layer to Endpoints
• with optional updated Driver Profile and App Layer(s)
29
How Layers Are Deployed
1. Mirage logically “flattens” the layers
2. Takes VSS snapshot of each Endpoint
3. Analyzes Endpoints to determine what
to download
Local
Base Layers
Server
30
How Layers Are Deployed
4. Just the files and settings required are
downloaded to each Endpoint
5. User prompted to Reboot
6. Mirage merges Layer into existing
config during Windows boot
7. User logs in
8. Mirage finalizes Layer deployment
• Driver detection
31
Handling Base Layer Conflicts
32
Base Layer Conflicts
Base Layers can potentially conflict with software
installed on Endpoints.
• older version of application in Base Layer
• Windows updates in Base Layer conflict with Endpoint application
requirements
• newer updates on Endpoint conflict with versions in Base Layer
Handling Conflicts:
1. Test before deployment
2. Layer Dry-Run Reports
3. Base Layer Rules
4. Base Layer Override Policies
33
Layer Dry Run Reports
34
Layer Dry Run Reports – Conflict Report
35
What Base Layers Capture
Base Layer captures include by default:
• Contents of the C:\ drive (with some exceptions)
• All major settings
• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
• HKEY_LOCAL_MACHINE\SOFTWARE
Captures do NOT include:
• Machine identity
• User profiles
36
Base Layer Rules and Override Policies
Base Layer Rules:
• what is included and excluded in a Base Layer capture
• what is explicitly protected from being overwritten on Endpoints
during Base Layer deployment
Base Layer Override Policies
• enable special handling based on existence of files or registry settings
• example: if specific files required by Office 2007 exist, do not overwrite
them with newer versions in the Base Layer
37
Anatomy of Base Layer Rules: File System
1. Show Factory Rules
2. Do Not Download: Rules
Files that will NOT be overwritten
by layer
3. Rule Exceptions:
Files within the do not download
areas that WILL be overwritten by
layer.
1
2
3
38
Anatomy of Base Layer Rules: Registry
1. System and Software Hives
HLKM\System\CurrentControlSet
HKLM\Software
2. Registry Keys to Exclude
Keys that will NOT be overwritten
by layer
3. Registry Values to Exclude:
Values that will NOT be overwritten
by layer
1
2
3
39
Base Layer Rules Example – Windows Defender
1
2
1. File System Do Not Download Rules
2. Registry Keys to Exclude:
HKLM\SYSTEM Hive
40
Base Layer Rules Example – Windows Defender
3
3. Registry Keys to Exclude:
HKLM\SOFTWARE Hive
41
Base Layer Override Policies
Enable preserving files and registry settings IF they already exist.
42
Base Layer Override Policy Example – Zimbra Desktop
1
2
1. File System: Do Not Override
by Layer
2. Not-to-Override Registry Keys:
HKLM\SOFTWARE Hive
3 3. Not-to-Override Registry Values:
HKLM\SOFTWARE Hive
43
QUESTIONS
44
Other VMware Activities Related to This Session
HOL:
HOL-MBL-1309
Horizon Mirage - Manage Physical Desktops
Group Discussions:
EUC1000-GD; EUC1004-GD
Mirage with Daniel Beveridge or Mark Ewert
EUC5587
THANK YOU
Horizon Mirage Image Deployment Deep Dive
Mark Ewert, VMware
Andy Philp, VMware
EUC5587
#EUC5587