Experiences with Replacing Desktops w/ VMs? 442
A user asks: "After years of dealing with broken machines, HAL incompatibility, and other Windows frustrations, I'd like to investigate moving to an entirely VM-based solution. Essentially, when an employee comes in in the morning, have them log-in, and automatically download their VM from the server. This gives the benefits of network computing, in that they can sit anywhere, if their machine breaks, we can instantly replace it, etc, and the hope is that the VM will run at near-native speeds. We have gigabit to all of the desktops, so I'm not too worried about network bandwidth, if we keep the images small. Has anyone ever tried this on a large scale? How did it work out for you? What complications did you run of that I probably haven't thought of?"
No 3D (Score:4, Interesting)
Re:No 3D (Score:5, Insightful)
These two are often not an issue in corporate environments though.
Sure, some exceptions depending on what kind of work you do, but still exceptions.
Re:No 3D (Score:5, Informative)
Re:No 3D (Score:5, Informative)
Synchronization (Score:3, Informative)
Try Unison [upenn.edu]. It caches the state of the last sync, so it's dramatically faster at startup. Under the hood, it uses the rsync protocol when it does need to transmit changes. Additionally, it's much more configurable than rsync.
I use Unison to sync/backup my home and work computers, including my music and photo collection as well as ~/bin, ~/perl, ~/.cshrc and ~/.emacs.
Windows roaming profiles (Score:3, Interesting)
Re: (Score:3, Informative)
(MOD UP) (Score:3, Informative)
Also check this registry setting:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
Consider changing the ProfilesDirectory to a mapped drive network share. If your network is fast enough this has the added benefit of having no profiles stored locally at all.
Downside is you'll have to pre-emptively create all the folders on that drive because LOCAL
Re:No 3D (Score:5, Informative)
Java and
VMware has actually had 3D support for a while, but it's been painfully slow. The latest versions do make some attempt at using hardware 3D acceleration through the host operating system. I'm not sure how well at works, though.
Re: (Score:3, Insightful)
If people would call virtualization "Virtual Hardware"(well anything that doesn't start with M would be good), the confusion might not exist.
Re:No 3D (Score:4, Informative)
Servers are much more likely to be network I/O bound, physical I/O bound, or CPU bound. VMware has done a lot of work to create accelerated network and disk drivers that communicate directly with the host VM software, avoiding the overhead of emulating hardware. Additionally, most software that runs on a server spends a lot of time processing things in user mode with occasional system calls to transfer chunks of data, so the VM overhead is very low for those applications.
Desktops are much more demanding on I/O. Applications with a GUI are constantly context switching between user mode and the kernel in order to update the screen, display pretty animations, get keyboard / mouse input, etc. Just drawing the graphics for a 1280x1024x24bpp display is an immense data transfer burden that has to be routed through the VM, often a few dozen pixels at a time rather than a bulk transfer. Even with accelerated drivers, the virtual framebuffer still has to be copied / multiplexed into the real one. Even small increases in latency are very user-perceptible, so a VM will seem more "sluggish" than a physical machine.
That's just for business applications. Once a user starts playing audio (it'll be uncompressed 44/48khz PCM data by the time it gets to the VM!), streaming video (no access to the hardware YUV conversion or scaling!), or trying to do anything that needs 3D acceleration, the full impact of the virtualization will be felt.
-- Ironically, the spell checker in Konqueror wanted to change "VMware" to "Vampire"
Re: (Score:3, Interesting)
Re:No 3D (Score:5, Insightful)
That doesn't make sense. VMware should provide exactly the same virtual hardware to the guest no matter what physical computer you run the image on. In fact, that is one of the biggest selling points for VMWare.
Are you creating the VMware image FROM the Dimension 620, or running a fresh "virtual" install of XP?
-matthew
Re: (Score:3, Interesting)
While that's true for most of the emulated hardware (SCSI/IDE controller, video, etc), there is a bit of "bleed-through" from the physical host. For example, CPU features such as MMX, SSE, and instructions that are specific to a certain CPU class will only be available if the physical CPU supports t
Re: (Score:3, Interesting)
It takes a pretty powerful graphics card to run Google Earth, or at least well enough to do anything useful. I don't see anybody spending a lot of money just to get "a few nice features".
In a serious business environment, you use your telephon
Um, wouldn't a ... (Score:5, Interesting)
Re:Um, wouldn't a ... (Score:5, Informative)
Re: (Score:3, Interesting)
Re:Um, wouldn't a ... (Score:5, Insightful)
it's down to the configuration, the network itself can do it.
Re: (Score:3, Interesting)
Ironically, I just discovered that video over X11 on a 100Mbps link worked much better than I expected.
I recently converted my old desktop into a pseudo docking station for my laptop, since the laptop is a faster machine but lacks the dual DVI connectors of a real video card. The laptop gets connected via a crossover cable to the desktop -- the laptop only has 100Mbps crappy builtin realtek. Eve
Re: (Score:3, Interesting)
PXE Boot (Score:5, Informative)
You can then just capture or encapsulate the computing session to an image file. It's not a full virtualized environment, as you still get the benefits of the cpu horsepower at the workstation, but if corruption occurs ou just roll back the session file. I think.
This is how Windows hibernation functions in a nutshell, just dumps RAM to a file I think. I haven't tried this in practice, but it should work.
Re: (Score:3, Interesting)
Bascially, there are 3 or 4 major solutions, in order from simple to hard:
1. RDP, Citrix, Terminal Services
2. Roaming profiles with redirected desktop/startmenu/etc. (in windows) (take advantage of local machine's power)
3. Image boot, like you were talking about
4. Custom web-based application
Obviously number 4 will preclude using your office products or other software, but if the us
Re:Um, wouldn't a ... (Score:4, Informative)
They even do audio decently, which is pretty nice. (and support USB peripherals beyond the kbd/mouse, etc.) Their only weak spot is video (and flash on web pages). Video could be fast if it used the right APIs, but the *only* program I've seen that does this is Sun's now defunct "ShowMe TV" app.
Re:Um, wouldn't a ... (Score:4, Informative)
I was introduced to the sunray in college. When better then 100 workstations are needed the cost and administration savings become very apparent. 100 * 40 watts (sunray and LCD) == 4000 watts..... 100 * 200 watts ( PC and LCD ) == 20000 watts. The new devices draw 10 watts of power. ( but cost a lot more )
Also, they have very good power managment and go to sleep quickly, saving more energy. They are also fanless, giving a much more pleasent work (or in my case bedroom) environment.
Citrix (Score:4, Interesting)
Although, what you could do is automagically have a standard WinXP workstation login on startup. Next, have VMWare in the startup folder so that it begins as soon as the computer logs in. Finally, have VMWare point to a disk image loaded on your server. The employees will then see a full-screen VMWare ready to authenticate on the network and begin their day.
If you really wanted to be fancy, have that image automagically map to a network drive on your SAN/NAS as the D:\ drive. Tell employees to use the D:\ drive to store all work-related documents.
It could work. But you'd be looking at maybe 5 minutes for the morning boot-up. Not to mention all the employees hammering the network for a 2~4gb image at 7am will really thrash the servers.
If you insist on doing this, go a bit further. Activate that WoL crap and autoboot the workstations at staggered times between 6am and 7am.
Re:Citrix (Score:5, Informative)
Citrix (or another similar product) is exactly what he should be looking into. Downloading entire disk images over a network is just a pain in the ass everytime someone boots. However Citrix isn't the solution to all things, yet it beats VMs for most practical applications.
See, that's the big negative point in the entire setup. The bootup time is a pain in the neck, but people can live with that easily. They'll fetch their cups of coffee, have the morning conversation with coworkers and will return about 10 minutes after their machines have booted up. The real issue is the server getting hammered every morning, slowing these boottimes as more machines get added to the network.
I can hear it now: set up a second server, set up a third... etc etc. Yes, set up a bunch of servers that do nothing all day but hand out images, and don't forget about the backup servers (you don't want one of those servers to crash in the morning taking out the entire accounting department). I'm seeing an entire rack of machines at this point doing nothing but handing out images, wired up to really expensive network gear, doing nothing really useful. Don't get me wrong in this last statement, the usefulness of this construction is that you can easily exchange pc's and images not having to worry about hardware, software installed on each users pc, etc. But there's a lot of more cost-effective ways to achieving something that works similar.
Take that budget for those image servers, and backup servers, VM-software licenses, and networkgear, and buy a single server and a good backup mechanism (or a backup server in failover). Spend some time on setting up profiles and think about what software is present on all machines. Take an image of every machine you install differently, and copy that to the server. Buy software like Citrix (or anything else resembling it) to have special applications available at one server (think backups here), and you have a pretty decent solution that doesn't hammer your network/servers every morning and gives you a headache by 10am because some people aren't getting their images.
I've seen the concept of VM images on a server, and I've seen people get bitten by it because they didn't forsee the amount of storage and network traffic involved. Most of these people didn't have a need for such an elaborate solution. Hell, I've seen half a serverfarm run vmware because "it was a good way to virtualize systems, and make things easily interchangable" while those people would've been much more satisfied with a "simpler" failover solution (note those quotes, denoting that failover also requires thought, but usualy ends up being a cheaper solution hardware wise).
On top of it all, using VMs for desktop operating systems uses up a lot of resources. You're running an operating system, that runs software that runs another operating system. Some would say that it's hardly noticeable, but why waste the resources? You'll make todays hardware run like last years, which for most applications is not an issue, but most likely you're going to run last years hardware like hardware from two years ago because you'd have to invest in new desktops for the entire company otherwise.
Let's talk mobility for a moment. Imagine your salesman with his laptop and flashy UMTS (or whatever standard they've cooked up) connection on the road. He's going to want to be able to check his mail on the road, so he'll have to get an image over a connection that can hardly manage streaming video... Nope, you're going to give him his operating system, install his software and pray to god he doesn't send too many large documents over that very expensive UMTS connection. That sort of starts breaking the principle of having images f
Re:Citrix (Score:5, Interesting)
Re: (Score:2)
Like suggested
Re:Citrix (Score:5, Interesting)
When you have an entire office full of modern PCs (say with 512-1024 MB of RAM and a 2-3 GHz class CPU) you are wasting a large amount of real estate when you run ICA Client on all those and make the people work on one or a few Citrix servers where they all have to compete for a few CPUs and a lot less memory.
Citrix is nice, but it is not the answer to everything. When the users run intensive or inefficient applications, it can be a severe performance problem.
The solution he has in mind does not have that problem, because his applications run locally so they utilize the local resources available on the desktop.
People actually use wakeup on lan on desktops?
Yes, we use WOL to wakeup windows workstations in the weekend (or the night, in emergency cases) and install/update software or hotfixes.
So, the user is not bothered with waittime reboots after application installs.
Re: (Score:3, Informative)
Some old fashioned roaming profiles and ghost (or some other imaging solution) action would seem to be the perfect compromize. Local CPU gets utilized. Network traffic is minimal. Users get good performa
Re: (Score:2)
One caution, with some distro's vmware has to actually interpret a lot of programs (due to guest / host vm spaces overlapping). On these system combinations vmware will be *really* slow... basically anything fedora. On other systems you're talking maybe 5% averag
Re:Citrix (Score:5, Informative)
Granted, for large network this solution is probably too expensive (we are
Re: (Score:3, Informative)
Re:Please, god, no. (Score:4, Informative)
Re: (Score:3, Funny)
oh yeah, great for office work if gobs of ram (Score:2)
Why not just use sunrays? (Score:5, Insightful)
Re: (Score:2, Informative)
And no, I don't not work for/am not in any way affiliated with Sun Microsystems - I just really like their product.
Sampizcat
Re:Why not just use sunrays? (Score:5, Interesting)
This is brought to you from a SunRay at home, talking to the server in the garage...
Combined with Tarantella, you can have every Windows application you want. The latest revision of the SunRay server also works on Linux (RedHat I think)!
I run my Windows apps in QEMU, but that is because only my wife and I share the SunRay server...(2.4GHz P4, 3GB RAM). From a users perspective its just perfect! Power-on in the morning, insert your card, login and last nights session is still there. Just upgraded to the latest Open Solaris build so I had to reboot the machine, but before that my machine had reached 317 days of uptime!
In an office environment your mileage will vary, but I have always appreciated the silence of my office working on a SunRay.
Regarding the GP, downloading VM images just doesn't make sense compared to a SunRay, especially if you already have GB ethernet. Make sure the servers have enough RAM and don't let them play Quake!
(and yes, I work for Sun...)
Re:Why not just use sunrays? (Score:5, Informative)
Come on, you're going to have to give some additional information than that. We use Sun Rays quite a bit in our classrooms and labs and if you have the bandwidth and a good server on the other end, you're in the money. Sessions can be keyed to an access card and will follow you around the campus. If a Sunray breaks down, just swap in a new one and the session continues exactly as you left off. Pull your card, come back in a week, and pick up exactly where you left off. Everything resides on the server. No maintenance required at all on the client side.
What version of the Sun Ray server software were you using that made it so "sucky"? From my experience, they worked great for us. The only downside we had is that streaming video over Citrix to the Sun Rays didn't work so hot. However, streaming video natively from the Sun Ray server to the thin clients worked fine so the problem there was probably with Citrix Metaframe.
Sun has also recently upgraded the Sun Ray thin clients so they have gigabit ethernet, plus they now hsve a more complete end-to-end solution that will allow you to run Windows apps on your Sun Ray (in addition to all the Solaris/Unix apps) thanks to their Tarantella purchase. You'll still need some Terminal Server licenses, but you'll save on the Citrix.
You could try calling the local Sun reps and see if they'll give you a demo. They did that for us - drove 6 hours to our workplace and set up a server and clients to demonstrate it for us.
Re:Why not just use sunrays? (Score:4, Interesting)
It really matters what the people are doing as to what they get.
If they're doing Customer Service, sure, throw them on a Ray. Technical Support will work too, but I hope you have enough virtual applications or people that know your software pretty well. If done right, TS works fine (just keep a few windows boxes around for weird testing issues)
If they're programmers - you should really be asking them for a wishlist of what they want and then filter it out from there. Personally, I think Rays don't work too well for some programming situations due to tools required and load on the computer. Heck, I know a C++ programmer that works better on a Mac than anything else. If his productivity goes through the roof on a Mac, give the man a Mac.
Non-Geek Wife (Score:4, Funny)
My dear wife thought that Linux was black text in a terminal, and that the mud I used to play, Nuke, was green text in a termial. Got alot of mudding in while "learning" Linux to prepare for the future.
But alas, all good things must come to an end. She finally wised up and figured out I could mud in any color text *grin*.
I traded my "Life" for a "Wife". So far in the grand scheme, I have come out way ahead!
Look at LTSP.ORG (Score:5, Informative)
Re: (Score:2)
No aplications run locally (except X) so there isn't even normal Desktop Manager overhead.
Look at Edubuntu (Score:4, Interesting)
I use it for junk laptops with busted hard drive controllers. I just wish wireless network cards had boot proms, I'm using MMC/SD cards to bootstrap.
Not so sure about the architecture... (Score:5, Insightful)
If you were going to use vmware, make a standard image and push it out to the local hard drives. don't update that image unless it is time to push out a new set of windows udpates/etc. if you need to update the image though, that is going to be *hell* on your network/file servers.
I think it makes more sense to run a virtualized server than a desktop.
Also, you might end up paying for 2x the XP licenses since you'd have to pay for the host + guest operating systems.
Re:Not so sure about the architecture... (Score:4, Insightful)
First off, I agree with you that this isn't a good application of a VM considering the number of alternative options that exist already. The one area I will disagree with is the licensing since you're in no way required to run Windows as your host OS. Just run a linux-based host OS and problem solved. VMWare runs just as well on both. I'm not sure about other options like Virtual PC or Qemu but last I checked Qemu only worked on Linux so you're still in a good position not to have to throw more money at Windows licensing.
Side topic, licensing has really gotten out of hand with pretty much every piece of commercial software. I think that's the real reason a lot of people are moving towards Linux. The learning curve required to administer linux effectively is outweighed by the complicated licensing schemes of various companies Microsoft especially. It is quite a challenge staying in compliance these days.
Back on topic, you could have a file server or three dedicated to the task using a DFS root to link them logically and to keep them sychronized. Then you wouldn't have to worry about pushing images killing server performance. Combined with network load balancing you could scale out as needed.
Re: (Score:2)
I've never managed a linux desktop rollout so I don't know how hard it would be to manage host OS deployments (i.e. is the Windows XP HAL more or less resistant to hardware changes than your average distro?)
I'm not completely sure that I buy the argument of distributing the images across multiple servers solving the "image distribution" problem (i.e. 20+ people simultaneously pulling down 4GB images seems like a lot of network traffic), but I suppose that is just a matter of math +
Re: (Score:2)
4GB images over a gigabit link wouldn't take that long to transfer. The obvious bottleneck is network connection for the servers. This is mitigated with 10gigabit links on the servers but now the price of the setup is getting more and more expensive. Still not unreasonable though since you can get 10gigabit modules for all the modular HP procurve switches out there for less than you probably think. I know it shocked me but I went all HP because Ciscos are needlessly expensive and don't provide me any additi
Still Windows (Score:2, Interesting)
(a) presumably all VMs have the same device model, so you'd be running the same image everywhere, and
(b) assuming you carfully partition out the users' data to a different volume, you can give them a "fresh" virtual machine (a fresh Windows registry!) every time.
Nice and useful, but still not bomb-proof.
Re:Still Windows (Score:5, Informative)
You don't need to "carefully" do anything. Folder Redirection in Windows was created just for the task. It's a feature that was introduced with Windows 2000. Beyond that you can use SMS and custom office installs to have everything configured properly everytime someone logs in. Mandatory profiles ensure that everything stays clean and spyware free. Which weaknesses are you referring to?
Beyond that I'll go and say that this approach is bomb proof and by redirecting files on to the servers which requires surprisingly little overhead you ensure that when users float from machine to machine they have all their application preferences and data. Settings can very from machine to machine with different version of software and whatnot but again, SMS will fix that.
I think we can all agree this is not a good use of virtualization. It would be very resource intensive and a simpler PXE solution already exists. With PXE you don't even have to have all the same hardware, just the proper drivers. SMS will take it from there installing the rest of the third party apps whatever they may be. Can be done from start to finish in under 30 minutes which is about how long it takes to fully restore an image. Of course over a gigabit link the time might be reduced but Windows will take a good 10 - 15 minutes to install over the network so it wouldn't be unreasonable for everything else to take another 15 minutes depending on how much there is. I know in my basic setup with Windows and Office its about 20 minutes give or take depending on processing speed and quality of hardware.
The way we do it... (Score:4, Informative)
Re: (Score:3, Informative)
The desktop is still a problem though.
Re: (Score:2)
Re:The way we do it... (Score:4, Interesting)
It uses the offline files system to smartly synchronize the files, and maintain them when you're off the network. Also, it doesn't sync the whole profile. You can configure what you want to sync.
Re: (Score:2)
The "desktop" doesn't even matter if you are doing real profile redirection. The C:\Documents and Setings\%USERNAME% folder gets redirected to a location that the domain admin chooses. Put it on a file share on a server and be done with it. You can't really do anything about the local drive, especially if you have sloppy legacy programs that stupidly require local admin access.
Regular users don't need local admin rights on their computer anymore with most apps, but it possibly may require descending int
As an aside (Score:2)
I'm not experienced with a VM setup like the one you describe, but let me offer this - if you have them download their images every morning you may run straight into a brick wall. Performance testers call this "the 9am syndrome", and you'll need some fairly serious server bandwidth to handle everyone copying such a large file. This will turn your network, and the disc you're serving the images from, into a seething pile of molasses. OK maybe I'm being a shade gloomy, but I'd recommend not going the downloa
Re: (Score:2)
One word: Multicast [wikipedia.org].
I've seen a room full of PCs simultaneously boot and load the same ~1GB Linux partition on a 100Mb network in no time. If they hadn't told me how it was working, I'd never have known they weren't loading a local partition.
My experience... (Score:3, Informative)
However, for the context that you are speaking about, I would take the advice of individuals below and look at Citrix or roaming profiles.
Aw come on (Score:2)
Why go through the overhead of a VM? Citrix is one idea, but the most efficient thing is to just make their profiles remote.
Enterprise Desktop (Score:3, Interesting)
http://www.vmware.com/products/enterprise_desktop. html [vmware.com].
Re: (Score:2)
I saw a presentation by a representative of one of Cook County's departments that was deploying some solutions like this. VMWare's Enterprise Desktop running on servers in t
Linux + QEMU + kqemu + qcow images (Score:2)
The idea is that all your desktop machines would be running a minimal Linux install that can easily be replaced on short notice using various imaging techniques.
Basically these machines would just enough to run a graphical login, wherein after a user logs in, it runs a script that fetches that user's QEMU disk image from some network drive and puts it on a local hard disk. It would th
Re: (Score:2)
QEMU is painfully slow even on a beefy machine and with the kernel module. IO with qcow is pretty bad, too (it's tolerable with raw disk a
And this would be an improvement how?... (Score:5, Insightful)
So a lot of expensive desktops emulating, um, pretty much themselves, using funky somewhat pricy software, running substantial images pulled off of expensive servers over an expensive network (bacause GB'net or not, a building full of folks starting up in the morning is gonna hammer you.) Then comes the challenge of managing all of those funky images, reconciling the oddities of an emulated environemnt, etc.
Could you make it work? Sure. But I gotta wonder if it'd be worth it.
Is gonna be any better then a well managed native environment? Or going Citrix clients? Or Linux/MacOS/terminals (chose your poison) boxes instead of MS Windows?
I hear your pain, I just think you're substituting a known set of problems with a more expensive, more complex, more fragile, baroquely elaborate, well, more-of-the-same.
It doesn't sound like much of an improvement really, just new and more complex failure modes, at extra cost.
Though, I guess, if you're looking for a new, challenging, and complex environment this would be it; just take your current one and abstract it another level. I wouldn't want to be the one footing the bill, or trying to rely on any of it, but at least it'd be something different.
Re: (Score:2, Informative)
We have a Linux server that runs Samba for roaming profiles to the current Windows laptops and this works OK as it does mean if a laptop dies the us
Re: (Score:2)
One advantage would be that you can revert the user to a pristine image each day. Not that this is the way to do it; it sounds like the OP should investigate something more like Citrix.
Back in school... (Score:4, Insightful)
As an alternative to NIS, Netinfo does much the same thing, only it wasn't designed by people quite so sadistic as NIS. You'd still be using NFS though...
cya,
john
Three different takes on this (Score:5, Informative)
Here's what you should be thinking about:
- Get some kind of desktop management suite like Altiris. You can push software deployments easily, and it's very easy to lock machines down to the point where users can't fsck them up. I've consulted for companies that do this with hundreds of desktops and it's a very robust, reliable system.
- Go with a thin client setup like Citrix or Terminal Server. Users run nothing on their local hardware. Instead, everything runs on the big server. Downsides are similar to VM's (thin clients are notorious for very lightweight support for anything but the most basic sound and graphics) but you are at least spared the massive network thrashing of hundreds of users logging on and pulling down VM images at 8AM every morning.
- If it's users messing up machines that you're worried about, you might want to consider a solution by Clearcube. They take away everything except the keyboard, mouse, and monitor. The guts of the PC reside in a server rack in what is essentially a PC on a blade. The blades are load balanced and redundant, so swapping them out is a breeze. And users *can't* load software on them because there's no USB ports, no floppy drive...nothing! Unless you allow them to download it from the Internet, *nothing* is going to get on those machines if you don't want it to.
VM's make sense for server consolidation. I don't think they've yet gotten to the point where desktops run on them as a form of protection or reliability. There's too many other solutions that work better and have fewer downsides. The problem here isn't Windows per se, it's the fact that your workstations aren't locked down properly to prevent your users from doing stupid stuff in the first place. Fix that and suddenly you'll find a Windows workstation environment isn't the hassle it once was.
Re:Three different takes on this (Score:4, Insightful)
Not quite true. Yes, with the 3D. But the two main players (VMware and VPC) both support sound, and VMware even USB 1.1 passthrough.
With the thin-client option, Microsoft Terminal Services (if you're on a windows platform) has good scaling capabilities. Though it might not go into the hunderds or thousands, it should get you into the high dozens. Since most of the microsoft tool's dlls are loaded and shared between the clients, it has pretty good performance.
For linux, while SSH is always a favorite, look at NX-Servers (http://www.nomachine.com/ [nomachine.com] and http://freenx.berlios.de/ [berlios.de]) which is like X-forwarding with compression and caching.
It'll be difficult to have a fully virtualized solution. Going with thin clients, or a pxe-served image would be a more viable solution (no matter how beefy your servers and fast your network).
Only advantage over citrix (Score:2)
Otherwise Citrix and thin clients are probably better. Well, thin clients would always be better, also for this.
Then you just revert to OK snapshot for the user every day. No copying.
Patching would be difficult, as you would have to patch x VMs rather than x/30 citrix servers
Why do they need their own images? (Score:2)
Re: (Score:2)
Independet Software Vendors wouldn't talk to you (Score:4, Insightful)
Smells like X (Score:3, Insightful)
Storage for these? (Score:2)
I think the previous comments about Citrix or such are a better solution. Terminal services, while not exactly cheap, may also work well for you. For a Unix environment, xdmcp is feasible in many circumstances. But as far as smart clients go, I'd
Does it have to be Windows? (Score:4, Interesting)
Some virtual machines let you suspend to a file. This is nice if you must run Windows, or some other uncooperative OS. But, that still means suspend to a file, which will take some time. As for the disk, that would be fairly trivial -- your host OS would be Linux over NFS, so your disk image is an NFS file.
Issue to watch for here: Local cache. I don't care how fast your gigabit is, that server is going to feel some stress. I tried setting up gigabit just for file sharing, and it was never as fast as it should have been, yes I was using Jumbo Frames, and it's just a crossover cable, yes it was cat6. And even if that's flawless, there's the server at the other end. You probably want good local caching, probably local disk caching. InterMezzo would have been good, but they've pretty much died. You might try simply throwing tons of RAM at the problem, or you might try cachefs (never got it working, but maybe...) or maybe one of the FUSE things.
Second way: Don't use VMs. VMs will never be as fast as a native OS. But "native OS" can still work roughly the way the VM image does above, if your hardware is identical. With Linux and Suspend2, you can suspend and resume from pretty much anything you can see as a block/swap device. So, all of the above caching issues apply, but just run it as a network OS, have one range of IPs for machines still booting and logging in, and another for fully functional machines. Here, when the user logs in, the bootstrap OS tells itself to resume the OS image from the network.
You could also do this with Windows by copying a local disk image around -- after you hibernate, boot a small Linux which rsyncs the whole disk across the network, including hiberfile.sys. Everything besides the OS itself would be stored over the network already anyway (samba).
I don't know if this will work -- after all, no hardware is truly identical. But it may be worth a shot.
Advantage: Both Linux and Windows XP know to trim the image a bit on suspend, so it won't be a whole memory image, just relevant stuff. Truly native speed.
Disadvantage: If I'm wrong, then you won't be able to properly resume on a different box.
Finally, you could stick to software which supports saving sessions and resuming them. I know Gnome at least, and maybe KDE, had this idea of saving your session when you log out -- and telling all applications to do so -- so that when you log back in after a fresh boot, it's like resuming from a hibernate.
Advantages: Fastest and most space-efficient out of all of them. Least administrative overhead -- in the event of a crash, there isn't nearly as much chance for bad stuff to happen. Easily works cross-platform, native speed on any supported platform. Simplest to implement, in theory.
Disadvantage: Not really implemented. 99% of all software may remember useless things like window size and position, but very few actually store a session. If you mostly roll your own software, this may be acceptible.
And of course, you could always do web apps, but those won't be anywhere near native speed -- yet.
All approaches share one flaw, though -- bad things happen when a box goes down. With a VM image (or a suspend image), if you crash, you'll obviously want to restore from a working image -- but what about the files? If they're on a fileserver, does your working image properly reconnect to the fileserver, or does it assume it's still connected (thus having weird things cached)? The third option (saving sessions) is the safest here, because in the event of a crash, programs behave the same way they would on a single-user desktop. But you still lose your session.
What others are suggesting -- various terminal server options -- is much slower, but it also means that as long as the application server is up, so is your session. If you crash, you can switch to another machine and literally be exactly where you
Have you asked vmware? (Score:2)
That being said, I think that the business case could be made. People have been trying to come up with the same result usin
VMware ACE (Score:4, Informative)
"With VMware ACE, security administrators package an IT-managed PC within a secured virtual machine and deploy it to an unmanaged physical PC. Once installed, VMware ACE offers complete control of the hardware configuration and networking capabilities of an unmanaged PC, transforming it into an IT-compliant PC endpoint."
You guys are missing one thing (Score:2)
If I could virtualize the machines and install only 5 seats of quickbooks, etc they'd save thousands every year. But since I
Re: (Score:2)
Re: (Score:2)
If you wanted to make it only 5 seats... you would probably set up a terminal server with the software installed, but only allow 5 people at a
Windows licensing terms prevent this (Score:4, Informative)
Missed Problems (Score:2)
1. You still need an OS to run VMware. If it is Windows, you get typical Windows problems, and if it is Linux, you will probably find that your hardware is not really compatible with anything but Windows.
2. Do you want to use one image, or a different image per user? If you use one image, you will immediately run into license problems with the software. If you use several images, you need a lot of storage space, and you need to copy the images back in the evening.
But most
Keep the VM file local (Score:3, Interesting)
Your goals may be better accomplished with a different approach.
Now you have most of the benefits you asked for: you can have users switch places at random, you can replace physical computers and set them all up with the same VM... you can even have them all run windows on a linux host if this helps prepare for "the big switch". :)
As for your maintenance of the VMs, you can remotely log in to any of the workstations and replace the old VMs with new ones when you need to update something. Ocasionally you can wipe out all files that are kept on workstations to ensure that no kiddie p0rn is found, and to further illustrate that it is essential to keep all work-related files on the server as instructed in 2)
Several options. Very workable for laptops. (Score:3, Insightful)
VM's can run off of network shares if you set things up right. Fast network, and you won't see a problem. I have run VM's off mirrored ximeta netdisks over 100meg with NTFS as the partition type, and it worked great, although it was only about 4 machines accessing it at one time. For office apps and such, it's a piece of cake.
I encourage people to use vmware for laptops. Create an encrypted disk with the vmware image that they want to run, then if the laptop gets stolen, you have to decrypt the disk before you can get to the really good stuff. Backups are easy, and it makes if necessary, laptop "sharing" something that you can do pretty easily as well. Multiple shifts can PC share easily as well. It's also easier to fix problems test updates and such by just snagging a copy of the image, and monkeying with it.
Citrix and remote desktop have their places as well.
Our experiences (Score:3, Informative)
For remote users we use Cisco VPN to the remote desktop.
Citrix licensing is expensive but you should first rough out some numbers as to how much it costs to support the desktops individually versus the same tasks by one or 2 techs on one or two servers plus Citrix costs.
We are using VMs in our development and test environments on an older AMD 64 bit machine. It still bogs down after 3-4 Vm's are running so my advice is to by the biggest, fastest and most reliable box you can. Lots of memory, fast disks and memory and CPUs. Newer 64 bit hardaware would be sweet as you should be able to set up 32 bit OS's on it and support older apps without having to upgrade everything to 64 bits all at once. Make sure it is not 'cutting edge', rather if it is for critical apps make sure it is stable on the hardware side, even if you sacrifice a little speed. Think in terms of how mainframes do things.
HTH
What my employer does (Score:3, Interesting)
My employer uses Thinkpads with docking stations as standard issue. For those of us who need more power, we just use Terminal Server (or another remote access program for non-Windows computers.) We use Connected Backup to backup the laptops on a daily basis over the network.
While I personally would prefer a more powerful laptop, (as I do serious development,) I'd rather use a laptop then a generic workstation. I can telecommute with it anywhere in the world, and I can use it in meetings with a projector. This is more difficult with generic workstations.
I work like that now, but 2000 miles away (Score:3, Informative)
This works great, with one major caveat. If the network starts stuttering, performance of remote desktop and citrix both suffer badly. Otherwise, the benefits are great: much reduced amount of sensitive data on laptop, access to
Re: (Score:2)
Re: (Score:3, Informative)
I'm amazed nobody has brought this up. Someone said you'd need twice the XP licenses. That isn't true if the host OS on each PC is Linux. VMware DOES have a client for Linux. I imagine it would be a lot more secure if Linux was the host, and you can customize all the startup scripts so you wouldn't have any unncessary overhead.
I'm not sure on the loading time differences between XP host and Linux host, but last time I ran VMware on my XP laptop, it was slower than shit. 1gb of ra
Re:Inevitably (Score:5, Informative)
My friend had setup Windows for his girlfriend as guest OS under Linux host. He was using VMWare. His girlfriend was forced to use IE to access her University Intranet. Also she needed M$Office for documents from profs. The notebook was constantly plagued by malware/spyware/etc making it barely usable.
My friend installed Linux (Gentoo one) and VMWare Workstation. Inside the VMWare he installed the OEM Windows off the notebook. State of Windows - fully updated and with M$Office installed - was saved on backup image. In guest Windows, all work was done on SMB/CIFS drive of host Linux.
The only problem was video performance - e.g. macromedia flash animations at times were making the notebook to melt. Also there were some sporadic network problems - mostly attributed to poor Windows network stack implementation. (IOW, the network problems occurring with normal Windows installation under VMWare were occurring more often. E.g. Windows DHCP client was at times failing to get address from host Linux. That IE thing was at times failing to load pages properly or simply hanging. The usual WinXP/IE problems.)
Advantages were clear. Spyware/malware got to notebook? - recover from backup image. Something crashed? - data are most likely are Okay on host Linux hard drive. Also, gradually girlfriend ha been taught how to use Linux and how to get around the University Intranet with Linux and Firefox/Konqueror. Though most documents she used still required M$Office under Windows.
Re:Inevitably (Score:5, Funny)
Re:Inevitably (Score:4, Funny)
Besides, think of the geeks. A girl, at university, that will seek you out because you can fix her laptop--that's running Linux--and who might find out that you DON'T have a tentacle pr0n fetish like her current boyfriend. The romantic possibilities are endless! Don't be selfish...
Re:Inevitably (Score:4, Funny)
As I've seen your pr0n collection firsthand, I assume that you're speaking hypothetically?
Re: (Score:3, Insightful)
And yes, I'm blaming the victim. While there
Re:Inevitably (Score:5, Insightful)
From a practical perspective, telling college students not to download music, to avoid MySpace, and to not download seemingly harmless things like Screensavers and Wallpaper is about as effective as the rhythm method [wikipedia.org]. Sure, they're "sinners" with their pr0n and their music. How dare they? They get what they deserve by using a computer on the internet to download the information they want. That's a sin to be sure. It's strange how that apparently makes them culpable for systematic, intentional, and malicious exploiting of their computers. Of course, the long-term social effects of corporate self interest manipulating law and public opinion to create stigma in their economic interest is beyond the scope of a Slashdot comment.
Back to the technical issues. Understand that a lot of malware immediately turns off ActiveX security. They leave the door wide open behind them. In your perfect world, not only does every user have to be perfectly responsible and knowledgable, but they also can't make even a single mistake--since this basically leaves them wide open (i.e. it doesn't ask, just downloads and installs any application that asks) in many cases.
Similarly, there is no safe site. A vast majority of the web is ad sponsored. A single malicious banner ad can catch millions (the recent MySpace incident for example). Expecting every user and every advertising company (with possibly tens of thousands of ads) to not ever make a single mistake is unrealistic as it is lazy. The web can be secure if people would put the effort into getting secure systems developed and into place instead of blaming security problems on the sinners.
Ironically, one of your "solutions", Antivirus Software (a.k.a. stopgap measure or snake oil depending on your inclination), is probably the reason things are as bad as they are. Rather than closing holes, AV just stomps the critters that run in through them. If users had insisted on fixes and security rather than installing Norton Antivirus (and considering it "fixed", things probably wouldn't be nearly so bad as they are. It would also be nice if the economic disincentive for insecurity would lie with the vendors where it belongs, not with each and every user.
People don't realize it, but this is really an old misconception. Make something illegal, and its sources become disreputable. This then reinforces the belief that it's inherently bad. My issues of concern are software licensing, patents, and copyright reform. I'm sure the same argument could (validly) be made for marijuana, prohibition, and prostitution.
Of course we've got a double-whammy with software security. Not only are the sinners browsing seedy sites, there is also no one responsible for protecting them (since the vendors have all licensed their cares away).
Re: (Score:3, Interesting)
Yes, yes you are. First of all, it is entirely possible to download music and movies without being infected. Second of all, with the right operating system, you can do all that shit without even any significant risk of being infected. Yet, many are locked into Windows.
Then again, I do run windows (hardware support issues) and I'
Re: (Score:2)
cards in those PCs.