This is the second blog on architecting a citrix virtualization solution. In first blog we covered user community under assessment. In this blog we are covering Operating system delivery.
During the assessment, the architect must understand which operating systems are currently in use in the environment and how they are delivered to users, maintained and protected from viruses. This information will assist the architect in designing an optimal solution for the customer.
Most organizations utilize an automation tool for deploying desktops in order to avoid tedious manual processes. Deployed desktop images usually include the base operating system and common applications such as Adobe Reader. When the desktops are physical machines based on workstations, the architect will assess the current desktop deployment process. If customers are already deploying virtual desktops to users, an architect should assess the current management of virtual desktop images and rate the implementation against best practices.
During the assessment, architects should ask the following questions:
- How are desktops deployed to users? Are there any manual steps? Is an automation tool used?
- Which tools are used in conjunction with the physical and virtual desktops?
- What is the image build process? What is the frequency of image builds?
- How many images are being maintained?
Some organizations manage too many images, which causes a challenge when rolling out new applications and updates. Organizations should avoid creating images to meet the needs of a specific group of users and strive to maintain as few images as possible.
- What are the use cases for each image?
- At what times and how often are images deployed?
- Is there fault tolerance for the virtual machine environment?
- How often do images fail? Do they attempt to execute an update and the update fails on certain images?
Answers to these questions help the architect gain an understanding about how the organization currently manages desktop images, which will be used potentially to design a better solution.
From the Architect
Keep in mind that risks need to be communicated. For example, if an organization employs one person to deploy physical workstations to users and users typically wait several weeks for new desktops, the productivity impact should be addressed in the assessment. When this person is on vacation or out sick, desktop deployments can take even longer.
A time-consuming and labor-intensive aspect of desktops in an enterprise environment, and a use case for virtual desktops if customers are still using physical machines, is desktop maintenance. Architects are expected to appraise the current desktop maintenance practices by gathering information about the environment. Architects should ask the following questions:
- What is the process for upgrading the desktop operating system?
- How are patches installed?
- What are the typical guidelines for patch management, regarding type, frequency or average size?
- Are there specific timeframes for completing maintenance cycles?
- What are the strategic maintenance goals?
The information an architect gathers about the current desktop maintenance practices will aid in the design phase, when specific recommendations on process improvement and necessary changes for a virtualization environment will be provided, if applicable
Server images should also be considered during the assessment phase. General recommendations for server builds include the following:
- Create an automated server build process so that deployments are consistent. Manual builds are not recommended, because they increase the likelihood of inconsistency.
- Standardize server builds to use the same operating system and configuration.
- Standardize servers on a version and platform.
- Standardize the rollout of service packs and hotfixes to servers.
Antivirus solutions are essential to protect users and organizations from malicious activity. However, if the antivirus solution is improperly configured, it can negatively impact the performance of components such as Provisioning Services, as well as the stability of the environment. In addition, an antivirus solution could be configured to perform a full system scan on many streamed and hosted desktops running at the same time, which could result in decreased scalability.
Recommendations for optimizing antivirus configuration for operating system delivery include the following items:
- Ensure that antivirus has been implemented and is running at the data level of data-hosting servers. Data-hosting servers usually include database servers, mail servers and file servers and also contain home directories, profiles and mapped drives.
- Ensure that antivirus is running on the local system when application virtualization is being provided by Citrix XenApp. Because XenApp separates the application from the data, the data is stored on servers separate from the application. Citrix recommends that organizations consult with their antivirus vendor in order to configure the solution with XenApp. For more information, see Knowledge Base article CTX114522 on the www.citrix.com web site.
Clean vDisk Images
In a Citrix virtualization environment, users interact with a virtual desktop, created from a clean vDisk image that was scanned and confirmed to be free from virus infection. In this situation, recommendations for antivirus at the desktop level include the following:
- Scan create/modify activity of the files rather than scan all folders on the virtual image.
- Scan on write events only.
- Scan local drives only.
- Exclude pagefile from scans.
- Exclude the Print Spooler directory from scans..
- Exclude heavily accessed local databases such as Edgesight from scans.
- Exclude the Client bitmap cache and the Client folders from scans, if ICA connections are used.
- Remove antivirus-related calls from the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Run registry key to improve performance.
Environments that require more security may need to scan all incoming and outgoing data. Many enterprises find that only scanning incoming data is sufficient. Virtualization architects should gain an understanding of the environment, in order to make recommendations on antivirus configuration.
The next blog will focus on application delivery.