The Managed Desktop Factory: Sun™ Virtual Desktop Infrastructure Software As A Service

THE MANAGED DESKTOP FACTORY
Sun™ Virtual Desktop Infrastructure Software as a Service
Michael Rosenthal
Stefan Schmitz-Homberg
Sun BluePrints™ Online
Part No 820-5065-10
Revision 1.0, 5/13/08
Sun Microsystems, Inc.
Table of Contents
Chapter 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1
Sun™ Virtual Desktop Infrastructure Software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
The Managed Desktop Factory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Chapter 2. An Overview of the Sun Virtual Desktop Infrastructure Software . . . . . .4

The Case for Virtual Desktops . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Market Evaluation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Centralization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Isolation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Sun Virtual Desktop Infrastructure Software Concepts and Architecture . . . . . . . . . . 7
Sun Ray™ Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Sun Secure Global Desktop Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Sun Virtual Desktop Connector Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Sun Virtual Desktop Infrastructure Software Building Block Architecture . . . . . . . 9
Migrating to Sun Virtual Desktop Infrastructure Software . . . . . . . . . . . . . . . . . . . . 10
Application Migration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Client Migration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Chapter 3. Operating a Managed Desktop Factory . . . . . . . . . . . . . . . . . . . . . . . . . 12

Roles and Responsibilities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Process Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Release Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Capacity Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
System Management Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Technical Building Blocks and Operational Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Asset Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Servers and Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
IP Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Storage Area Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
VMware ESX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
VMware VirtualCenter Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Sun Ray Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Sun Secure Global Desktop Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Impact of Failures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Managing the User Space. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
User to Image Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
General Datacenter Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Sun Virtual Desktop Infrastructure Software and Security . . . . . . . . . . . . . . . . . . . . 24
Sun Microsystems, Inc.
Chapter 4. The Managed Desktop Factory as a Service . . . . . . . . . . . . . . . . . . . . . . 25

Service Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Service Catalog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Key Performance Indicators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Service-Level Agreements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
The Managed Desktop Factory as a Business Model . . . . . . . . . . . . . . . . . . . . . . . . . 28
Major Advantages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Selecting a Business Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Understanding Cost Factors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Accounting Models for Costs and Charges . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Determining Total Cost of Ownership. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Chapter 5. For More Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

About the Authors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Acknowledgements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Related References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Ordering Sun Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Accessing Sun Documentation Online . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Appendix A. Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
1 Introduction Sun Microsystems, Inc.
Chapter 1
Introduction
IT organizations are constantly provisioning office workplaces to make services and

applications available to users. Doing so requires state-of-the-art IT environments that
are:
• Flexible—Adding and deleting users, changing configurations, providing new IT
applications and services, and moving an office from one country to another must
be possible in the age of global economics.
• Accessible—Accessing data and functionality from the office workplace, home, or
while traveling is essential for many users. Simple remote email access is no
longer sufficient.
• Adaptable—Handling specific user needs is paramount. For example, the optimal
office environment for a call center agent differs significantly from an
environment suited to a software developer, sales representative, or secretary. In
addition, IT departments must be able to handle changing user roles.
• Secure—Securing the IT infrastructure and safeguarding access to corporate
intellectual property is essential to the business. Access must be granted only to
authorized personnel, and IT systems must be able to defend against viruses and
malicious data, and cope with data loss in the event problems arise.
• Available—Keeping IT services running at agreed upon service times and levels is
key to minimizing lost productivity and lost revenue.
• Powerful—Supporting demanding modern office software requires adequate
compute power and network bandwidth. IT infrastructures must be able to handle
typical day to day and peak demand. While many organizations replace or add
systems whenever workloads rise, more efficient mechanisms for adding compute
power are needed.
• Prepared for future developments—Avoiding technology lock-in is important as
technology continues to evolve. IT infrastructures must be able to work with a
variety of operating systems, and support new services and access methods as
developments emerge.
• Easy to operate—Connecting company data and business processes is the job of IT
systems. Powerful, flexible, end-to-end services must be available. Unfortunately,
complex services often lead to time-consuming operations and high risk for
failures, and are difficult to operate.
• Cost-effective—Staying within budget is imperative in today’s global economy. IT
services are now a commodity, and competition is fierce among service providers.
While delivering service quality is challenging, companies and users are not
willing to pay more for provided services.
Sun™ Virtual Desktop Infrastructure Software

IT organizations with a large and sprawling desktop client community struggle with
complex and ineffective desktop management strategies. Traditionally, all applications
run directly on a local desktop. Every machine must be modified when software
installations or upgrades are required, making it difficult to keep track of the number,
kind, and version of applications in use.
Just as server virtualization revolutionized how IT managers think about compute

power and resource management in the datacenter, desktop virtualization is changing
the office landscape. Desktop virtualization enables some or all of the applications—
including the desktop environment—to be moved off individual desktops and
centralized on dedicated application tier servers in the datacenter. As a result,
organizations are better able to take advantage of client device independence, provide
true mobility for workers, streamline management, and keep information secure.
Sun™ Virtual Desktop Infrastructure Software is a compelling new architecture for

providing office desktop environments and IT services to users. It delivers applications
and full desktop environments to clients using a server-based computing model. All the
intelligence—compute power, storage, software, and administration—is concentrated
in the datacenter. Web browsers running on Sun Ray™ ultra-thin clients, PCs, or mobile
devices provide access to services and applications running in the datacenter.
The Managed Desktop Factory

Today, many operational datacenter practices are based on Information Technology
Infrastructure Library (ITIL) processes and best practices. By using the Sun Virtual
Desktop Infrastructure Software, organizations can create IT infrastructure that delivers
standardized, ready to use, high quality desktop environments and applications on an
as needed basis—with consistency.
Sun Virtual Desktop Infrastructure Software shifts compute power and disk space, as
well as operational workloads and skills, from distributed office environments into the
datacenter. As a result, most technical and administrative tasks take place in the
datacenter, with logistical work (parts replacement) remaining in user offices. This
paradigm shifting approach fosters improved service quality, greater flexibility, and
more security at a significantly lower cost per user. The business case for this approach
is evident and impressive.
This Sun BluePrints™ article suggests an operational model for a desktop environment
that is based on the Sun Virtual Desktop Infrastructure Software. Using ITIL as a
foundation, the concept presented illustrates opportunities for optimizing operations
and describe the next steps toward industrializing IT services—the managed desktop
factory.
• Chapter 2 describes the Sun Virtual Desktop Infrastructure Software architecture,

laying the foundation for later discussions on operating solutions.
• Chapter 3 discusses the operation of a managed desktop factory, describing roles,
responsibilities, and empirical data on operational tasks and efforts.
• Chapter 4 examines the managed desktop factory from a service management and
business perspective, including service and business models, financial aspects,
and ideas on how services can be offered using pay-per-desktop and utility models.
• Chapter 5 provides a list of references.
• Appendix A defines important terms used throughout this document.
4 An Overview of the Sun Virtual Desktop Infrastructure Software Sun Microsystems, Inc.
Chapter 2
An Overview of the Sun Virtual Desktop
Infrastructure Software
This chapter discusses the motivations and market characteristics that are driving
desktop virtualization, and provides an overview of the Sun Virtual Desktop
Infrastructure Software architecture.
The Case for Virtual Desktops

According to a Forrester Research report1, moving from desktop PCs to a virtual desktop
infrastructure is motivated by the key pain points in traditional environments—the
need to improve client system manageability and security. Such concerns stem from
the one-to-one relationship between workplaces and devices, and the difficulty involved
when systems are in the field and out of direct control of IT organizations.
“It’s a completely different trend. • Security—As more companies take advantage of the Internet and networked
While server virtualization is about environments, and more laptops connect to corporate local area networks (LANs),
saving money and consolidation, on security concerns rise. In addition, employees that work from home often connect
the desktop it’s much more about to corporate networks with virtual private network (VPN) connections that give
isolation, about being able to do stay at home workers full network access to corporate intranets. While IT
different things on the same organizations can set security policies and install virus scanners for remote
machine.” systems, enforcing their use is often difficult.
Quote by Tom Bittman, a vice president • Management—Desktop PC environments are filled with multiple generations of
and distinguished analyst at Gartner, Inc.,
from “Moving beyond server virtualization”, operating systems and many applications. Keeping administrative efforts in the
Network World, January 9, 2006, realm of operating staff, and strictly limiting user rights in desktop environments,
http://networkworld.com/news/2006/
010906-virtualization.html is the primary way to keep management efforts under control. Doing so is difficult
when users have physical access to systems and are granted rights to handle self-
support in an effort to lower maintenance costs. Desktop virtualization makes it
possible to reduce the dependence on specific hardware and operating system
configurations and to gain the possibility of centralized manageability. The workplace
can be used for different user roles, such as power users or knowledge workers. With
virtualization techniques, it is relatively easy to provide different environments for
different roles.
• Cost—Companies look for ways to spend the least amount of money possible
while still fulfilling business demands—they also try to use available budget to
create as much business value as possible. In this context, business value not only
means value that can be measured in monetary terms, but also flexibility,
usability, functionality, and agility, as well as the technical values of availability,
reliability, performance, and security.
1.Desktop Virtualization Is The Future Of The Corporate PC, David Friedlander and Simon Yates,
Forrester Research, January 5, 2006, http://www.sun.com/software/vmware/forrester_rr.pdf
Market Evaluation
Companies strive to deliver desktop workplaces to employees that are fast, secure, and
personalized with the applications needed to perform work. Traditional fat client
desktops, consisting of a personal computer running an operating system and locally
hosted applications, have several disadvantages:
• Complex client management
• Security only as good as the weakest client system
• One inflexible, dedicated PC assigned to each dedicated worker
...
...
...
...
Application ... Application ...

...
...
...
...
...
...
Operating System ... ...
Figure 2-1. In a traditional fat client architecture, each desktop runs its own
copies of environments and applications, increasing management complexity as
the number of systems grows
With the cost of PC systems remaining relatively inexpensive when compared to

datacenter servers, organizations continue to cope with the disadvantages of fat client
solutions. In many environments, some services have moved into the datacenter, such
as collaborative disk space and a few key server-based applications. Now, organizations
can take advantage of several trends that can help reduce the management burden
and create more cost-effective environments.
Centralization
In a centralized environment, distributed operating systems and applications move into
the datacenter. Typically, datacenter-class servers are used to host applications and
services, with thin clients residing at the desktop for user access. Because datacenter
hardware tends to be more expensive than traditional PC desktops, organizations must
often find ways to finance the move to a centralized approach.
Isolation
Isolation techniques move an application into a dedicated environment with clear
control points for transferring data. Such an approach offers improved security and
reduced complexity than typical deployment architectures. Security checks and security
policy enforcement are easier to perform in an isolated and controlled environment in
which all systems run the same desktop and applications. Because only the dedicated
environment must be checked and maintained in the event of changes or incidents,
management complexity is reduced.
Virtualization
1. The Rise Of The Virtual Machine And The Virtualization is defined in many ways. The Rise of the Virtual Machine and the Real
Real Impact It Will Have , Tim Klasell, Impact It Will Have defines virtualization as “a loose definition that applies to
Jeffrey Peck, Thomas Weisel Partners.
technologies that allow software applications to view computing resources, typically
server hardware or storage systems, as either many smaller units (partitioning) or
multiple units grouped together to appear as one larger system (clustering).
Virtualization essentially allows software to decouple from the physical hardware. The
end result is that IT departments are able to optimize their operations by flexibly
adding, subtracting, mixing, and matching hardware and software resources to
enhance efficiency and reliability.”1
2, 3. Desktop Virtualization is the Future of Building on that general definition, Forrester Research defines desktop virtualization as
the Corporate PC, David Friedlander and “a PC environment where some or all components of the system, including operating
Simon Yates, Forrester Research, January 5,
systems and applications, execute in a protected environment, isolated from the
2006, http://www.sun.com/software/
vmware/forrester_rr.pdf. underlying hardware and software platform. The virtualization layer controls
interactions between the virtual environment and the rest of the system.”2
Virtualization is a key technique that makes it possible to improve datacenter hardware

capacity utilization. That is why it is now possible to fund the move of desktop
environments into the datacenter. According to Forrester Research, desktop
virtualization techniques can be divided into several categories:3
• Server-based computing virtualizes multiple application instances on a single
server operating system and gives users remote access to those applications.
• Virtual systems run the entire operating system and application instances on a
host system. Desktop clients establish a connection and present the virtual system
to users. No other software is executed on the local system.
• Other forms of virtualization exist, such as blade PCs and application sandboxing.
However, these techniques often fail to deliver the full power of virtualization.
Blade PCs move the system from the desktop and into the datacenter on more
expensive hardware, providing limited capacity utilization benefits. Application
sandboxing only enables isolation on the desktop fat client—without
centralization, management complexity remains. The combination of both
methods makes it possible to utilize the full power of the concept. For example,
connector software provides a bridge between access technologies and a
virtualization back-end, and assists with the management and assignment of
virtual desktop environments running on virtual machines to users of display
client devices.
Sun Virtual Desktop Infrastructure Software Concepts and

Architecture
Sun Virtual Desktop Infrastructure Software can help organizations move applications
and operating systems off personal computers and consolidate them on servers in the
datacenter. It offers a highly secure platform for accessing virtualized Microsoft
Windows or other operating system desktop environments and applications from a
wide variety of client devices using high-performance display protocols. When
combined with VMware Infrastructure 3 software, desktops can be consolidated onto
servers in the datacenter, with each user owning a dedicated virtual machine that is
customized for use and isolated from other users.
Sun Virtual Desktop Infrastructure Software consists of the Sun Ray Software and the
Sun Secure Global Desktop Software for providing access to virtualized desktops via
ultra-thin Sun Ray devices, PCs, or other client devices running a Java™ technology-
based browser (Figure 2-2).
Sun Virtual Desktop Infrastructure Software
Sun Secure Global Sun Ray

Desktop Software Software
Sun Virtual Desktop Connector
Solaris 10 Microsoft Microsoft

Operating System Windows XP Windows XP
Virtual Machine Virtual Machine Virtual Machine
VMware Infrastructure 3 Software
Sun x64 Servers
Figure 2-2. The Sun Virtual Desktop Infrastructure Software architecture
Sun Ray™ Software

Sun Ray Software gives users access to applications and services from any location
using Sun Ray compatible thin client devices. Since these ultra-thin clients do not
contain any local processing or storage resources, these functions are performed
centrally on servers in the datacenter. In essence, Sun Ray Software acts as a
broadcaster, delivering customized content to each Run Ray client on the network. It
provides user authentication and encryption between servers and clients, as well as
user session management. Fully stateless connectivity to Sun Ray clients means users
can move from one device to another and resume a desktop session—instantly picking
up where right they left off.
Sun Secure Global Desktop Software

Sun Secure Global Desktop Software gives organizations the ability to centralize
applications in the datacenter. Operating systems, applications, and data no longer
reside on private desktop or laptop computers. Environments and applications run on
dedicated systems in the datacenter and are displayed on client devices, providing
anytime, anywhere access from any device. Organizations can publish most Microsoft
Windows, UNIX®, midrange, or mainframe applications to any network-attached client,
including PCs, Macintosh computers, laptops, wireless devices, and more.
Sun Virtual Desktop Connector Software

Sun Virtual Desktop Connector software offers a highly secure platform for accessing
virtualized Microsoft Windows desktop environments from client devices. Easy to install
and configure, the software eliminates guesswork by including pre-made scripts that let
client devices access virtual desktops through Sun Secure Global Desktop or Sun Ray
software. Both the dynamic and static assignment of desktops to users is supported.
The system uses a three-tiered architecture (Figure 2-3).

• The virtualization layer hosts multiple virtual Microsoft Windows desktops
running on one or multiple VMware ESX servers. VMware VirtualCenter software
orchestrates the VMware ESX servers.
• The client access layer contains the Sun Virtual Desktop Connector software, a
session broker for intelligent and automated virtual machine administration and
assignment. The service communicates with the VMware VirtualCenter software
or directly with VMware ESX servers.
• The desktop layer consists of Sun Ray Software and/or Sun Secure Global Desktop
Software. Both components communicate with the Sun Virtual Desktop Connector
software and publish virtual desktops to clients in the right layer. Multiple
instances are possible for maximum horizontal scaling.
Users connect to the system via the access layer using a device connected to the
Internet. Sun Virtual Desktop Infrastructure Connector software associates all users
directly to the assigned (static or dynamic) virtual machines. If users move to a new
location or switch to a Sun Ray client from a Web browser, the same assigned virtual
machines can be accessed.
Sun Ray Software Sun Secure Global

Desktop Access Layer Desktop Software
SVDC Client SVDC Client
Session Management Layer Sun Virtual Desktop Connector (SVDC)

Service
SVDC Agent
Virtualization Layer
VMware Virtual Center
ESX ESX ESX
Figure 2-3. Sun Virtual Desktop Connector gives users access to Microsoft Windows
desktop environments that are running in virtual machines
Sun Virtual Desktop Infrastructure Software Building Block

Architecture
Figure 2-4 depicts the Sun Virtual Desktop Infrastructure Software building block
architecture. Key components include:
• Desktop virtualization
Although few solutions for desktop virtualization exist on the market today, those
based on VMware ESX are becoming popular and gaining acceptance. Sun’s
solution takes advantage of this proven technology to create an end-to-end
solution.
• Session broker
The session broker is a core component that controls the entire desktop
virtualization environment. It is also the key interface between the virtualization
back-end servers hosted in the central datacenter and the thin clients used by
users. The session broker consists of the Sun Ray Connector for Windows OS and
the Sun Virtual Desktop Connector software. Note that the Sun Secure Global
Desktop software can be integrated for fat client PC connectivity. As a central
control function, the session broker takes care of the entire lifecycle management
of all virtual instances—the login and authentication process, assignment and
administration of virtual machine resources, the logout process, and the release
of corresponding virtual machine resources.
• Ultra-thin clients
Sun Ray 2 Virtual Display Clients and Sun Ray 270 Virtual Display Clients with an
integrated display provide sophisticated desktop front-ends to users. A variety of
third-party products based on Sun technology, such as portable laptops with
wireless LAN (WLAN) technology, can be used to handle different user
requirements.
Desktop Vitualization Session Brocker
Desktop Desktop Desktop Sun Ray Sun Ray Datacenter

Appl. Appl. Appl. Server Connector SSGD Application
VDA Kit
Operating
VMware Hypervisor System
Hardware
Network
Desktop
Ultra Thin
Client
Figure 2-4. Sun Virtual Desktop Infrastructure Software building block architecture
Migrating to Sun Virtual Desktop Infrastructure Software

When migrating from existing environments to solutions based on Sun Virtual Desktop
Infrastructure Software, enterprises must migrate applications and clients. The
following sections provide an overview of these processes, and do not represent a
complete installation and migration plan.
Application Migration
When enterprises use a server-based computing model, all users access a single
instance of an application. To make this work, the application must be able to handle
multiple users. Because some applications do not offer multiuser support,
organizations must test applications with load conditions that simulate expected
workloads. These issues are eliminated when Sun Virtual Desktop Infrastructure
Software is deployed. In the Sun environment, a dedicated operating system instance is
available to each user. Dedicated application instances run on these operating system
instances, without modification or knowledge of the underlying environment. IT

organizations simply build and maintain a golden image of the software stack.
Client Migration
When deploying Sun Virtual Desktop Infrastructure Software, enterprises can replace
fat clients with Sun Ray clients to reduce maintenance and operational costs. Sun Ray
clients are stateless devices that require little or no administration, and typically
consume only 4 Watts of electricity when operating—approximately five percent of the
power consumed by a typical PC system.
Enterprises with existing installations of fat clients can utilize Sun Secure Global
Desktop Software to give these clients access to applications and services. The software
delivers a graphical session from a UNIX or Microsoft Windows server to local fat clients
over the network. As a result, PCs can be used until a failure or end of lease term
occurs, and replaced with a thin client. Best practices suggest developing a standard,
restricted operating system installation for recycled PCs. The operating system
installation must only run the Sun Secure Global Desktop Software client or a Web
browser. Other applications are not needed—all functionality is delivered to clients by
the software over the network.
12 Operating a Managed Desktop Factory Sun Microsystems, Inc.
Chapter 3
Operating a Managed Desktop Factory
This chapter describes the work to be done to operate a managed desktop factory.
Doing so is a major shift from traditional desktop management concepts, using new
technology and moving most operational tasks into the datacenter. While transitioning
to a managed desktop factory that uses ITIL best practices often requires an investment
in time and money, changes tend to occur infrequently once the architecture and
operational processes are put in place. In short, setting up a new production line is
complex. But once it is up and running, it continues to run and provide a state-of-the-
art way to build modern devices and services.
Roles and Responsibilities

ITIL processes and best practices detail the methodology of organizing a datacenter. Of
particular interest to managed desktop environments are service operations. Three
team roles are key, and can be performed by one or more staff members, depending on
the size of the IT organization.
• The user help desk builds a front line of support for users. It receives and qualifies
user calls, solves issues whenever possible with a known repair or workaround, or
escalates problems to a second level of support services. Staff members must be
skilled in guest operating systems and user applications.
• The service desk operates the managed desktop factory and acts as a second level
of support. It is responsible for incident management and administrative tasks to
help ensure service availability. Staff members must be trained to handle issues
related to VMware ESX, the Solaris™ Operating System, guest operating systems,
Sun Ray Software, Sun Secure Global Desktop software, storage area networks
(SANs), and Oracle database technology.
• The project office maintains golden images of the software and develops the
environment based on changes received from service transition processes. Staff
members must be skilled in VMware ESX and guest operating systems.
Note – User help desk and project office are not ITIL terms. These terms are used for brevity
and to provide a clear view of the different responsibilities of first and second level support.
Traditional ITIL deployments include a service that operates the desktop environment, and
another that operates the datacenter service. With a managed desktop factory, desktop
services are delivered by the datacenter. Because users can consume a great deal of support
time, giving users access to datacenter staff is not ideal. Establishing a first level of support
for user requests, such as a help desk, can mitigate cost and productivity concerns.
Process Design
Few organizations have all ITIL processes implemented. In fact, many enterprises have
partially implemented process stacks in the field, with the focus on service operation
processes. While the full stack of ITIL processes—service design, service strategy,
service transition, and service operation—are important, this document highlights
release and capacity management efforts and related special tasks for managed
desktops.
Release Management
In a managed desktop environment, release management focuses on the release of
golden images and the virtualization software stack. A new release of a golden image
can include additional applications, new versions of applications, new or patched
versions of guest operating systems, security updates, and more. When a golden image
is changed, the working desktop environment for all users is changed automatically. As
a result, a release management policy is recommended to help ensure quality and
reduce the likelihood of problems. Expensive test systems are not required. A standard
desktop can be used, with special images assigned only to developers.
The virtualization stack includes the software needed to deploy running application
images to clients, such as VMware ESX, Sun Ray Software, and Sun Secure Global
Desktop Software. While new releases of the virtualization stack tend to be rare, test
environments must be in place to perform quality checks before deployment.
Capacity Management
System performance is key to user satisfaction, and capacity characteristics must be
watched in order to fulfill expectations. Performance analysis looks at how fast an
application runs, determines why it runs the way it does, and finds ways to improve
performance. In a managed desktop environment, the major factor affecting capacity is
the number of desktop workplaces to be supported.
Assume CW represents the number of concurrent workplaces, and TW is the total

number of workplaces. A linear dependence exists between CW and the number of
systems needed for VMware ESX desktop virtualization. In addition, there is a linear
dependence between TW and storage capacity requirements. As a result, capacity
management for these resources is straightforward.
More effort is needed to make a correlation between CW and the VMware software and
Sun Ray Software infrastructure. Application performance depends on several hardware
and software factors. Considering system and application views of performance can
help. System performance can be measured using system monitoring tools, such as Sun
Management Center, or Solaris Operating System tools, such as vmstat, mpstat, iostat,
lockstat, netstat, and sar, or third-party analysis tools. Application performance can be
measured using the VMware VirtualCenter tools supplied with the VMware software.
System Management Tools

System management refers to the administration of distributed computer systems.
System management tools provide a centralized approach to automating day-to-day
operations and monitoring. A variety of off-the-shelf system management tools are
available, including Altiris, BMC Patrol, CA Unicenter Network and Systems
Management (NSM), HP OpenView, IBM Tivoli, Sun xVM Ops Center, and Sun
Management Center software. Key functions of typical system management tools
include:
• Performance management tools—software that monitors the performance and
availability of the hardware and software in the environment. Resource utilization
statistics are reported to aid in performance tuning efforts.
• Incident management tools—software that monitors events and other vital
information about the operating system and applications running on systems in
the environment.
System management tools provide the ability to look at different scopes or areas of
interest, including:
• Host operating system—Because the solution presented in this document is built
on Sun servers running the Solaris Operating System, Sun Management Center is
a preferred tool for performing in-depth monitoring and management of
enterprise servers and operating systems.
• Guest operating systems—Selecting the right tool for monitoring and managing
guest operating systems depends on the environment in use. Enterprises running
Linux or the Solaris Operating System can use Sun Management Center software.
Other tools must be used for Microsoft Windows environments. Leaving the guest
operating system unmanaged is not unrealistic, and can free staff and budget
resources. For example, monitoring all guest operating system instances requires
a license for the management tool for each workplace in use. Administrators must
parameterize agents and handle a large number of events. Since traditional
desktops typically are not managed, it is not unreasonable to leave guest
operating systems alone unless cost-effective solutions can be found.
• Virtualization software stack—In a managed desktop environment running the
Sun Virtual Desktop Infrastructure Software, it can be important to monitor the
VMware ESX, Sun Ray Software, and Oracle Database software. Sun Ray Software
and Oracle Database software monitoring can be performed using Sun
Management Center software. VMware ESX can be monitored using VMware
supplied tools.
Technical Building Blocks and Operational Tasks

From an operational standpoint, several components create the core of a managed
desktop factory—server hardware and operating systems, network services, file
systems, clustering software, networking hardware, storage systems and configuration,
databases, Sun Ray Software, and VMware ESX software. Together, these components
comprise the assembly line of the managed desktop factory. Table 3-1 defines the key
tasks that must be undertaken for these components.
Table 3-1. Operational tasks for managed desktop factory building block components
Monitoring and Reporting • Monitoring of devices, platforms, operating systems,

and services
• Measurement of key performance indicators (KPIs)
• Delivery of data and reports for other processes
Reactive Administration Tasks • Incident isolation

(Incident Management) • Reactive patching
• Break and fix
Proactive Administration Tasks • Change management

• Release management
• Performance management
• Capacity management
• Proactive patching
• Asset management
The following sections discuss the tasks and estimated operational efforts for each
component. In many cases, the tasks do not differ from standard operation. Differences
that exist are highlighted. Key notes include:
• A fundamental difference from standard operation is that many components can
be regarded as largely static, including operating systems, storage area networks,
networks, and databases. As a result, fewer changes to these components are
likely to be required compared to a standard environment.
• Software patching is a significant proactive task.
• The number of reactive administration tasks depends on the quality of the
products in use and chosen maintenance service levels.
• A second level support function for incident isolation is recommended. Incident
isolation is intended to isolate the area of the managed desktop factory that is
causing the issue. A broad knowledge of the components and their interaction is
required.
Asset Overview
Table 3-2 lists the assets that typically comprise the foundation of a managed desktop
factory.
Table 3-2. Managed desktop factory assets
Asset Type Asset Comments
x86 or x64 servers with AMD Run VMware ESX and VMware
Opteron™ or Intel® VirtualCenter software
processors
Servers
x86, x64, or SPARC® Run Sun Ray Software
processor-based servers
Storage area network

recommended; network attached
Fibre Channel switch storage or direct attached storage
also supported

Storage Area Network RAID controller storage or direct attached storage
also supported

Fibre Channel disk modules storage or direct attached storage
also supported
Internet Protocol (IP) Ethernet switches

Networks
Clients Sun Ray clients
Solaris Operating System Runs Sun software
Microsoft Windows 2003 Runs VMware VirtualCenter

Operating System Server software
Microsoft Windows XP or Runs applications for users

other user applications
Provides a platform for virtual

VMware ESX machines
VMware Software
VMware VirtualCenter Manages VMware ESX
software
Provides user desktop access to

Sun Ray Software Sun Ray clients
Sun Secure Global Desktop Provides user desktop access via a

Sun Software Software Web browser
Connects Sun Ray Software and

Sun Virtual Desktop Sun Secure Global Desktop
Connector software Software to VMware ESX
Used by VMware VirtualCenter

Database Software Database software software
Servers and Operating Systems

Industry-standard servers that can handle 24x7 operation are recommended as the
hardware platforms for a managed desktop factory deployment. Servers are needed as
platforms for Sun Ray Software, Oracle databases, VMware ESX, VMware VirtualCenter
software, network services, and administration consoles. Servers running VMware ESX
create virtual platforms for Microsoft Windows XP operating environment instances,
and VMware VirtualCenter software runs on Microsoft Windows environments. All
other servers run the Solaris Operating System.
• Operating system clustering is not necessary for most software components.
Database server clustering can be performed at the operating system or database
level.
• Two network services are required for operation. The Domain Name Service (DNS)
is needed for VMware ESX operation. The Dynamic Host Configuration Protocol
(DHCP) is used by the Sun Ray Software.
Monitoring and Reporting

When the Solaris Operating System and Microsoft Windows environments run on
industry-standard Sun servers, Simple Network Management Protocol (SNMP) based
tools, like Sun Management Center software, can be utilized. Since no specific
requirements for monitoring exist, standard datacenter tools and processes can be
used. Servers running VMware ESX can be monitored at the hardware level (depending
on the platform) or the Linux operating system level.
Reactive and Proactive Tasks

In general, platforms can be regarded as static. As a result, the number of required
changes tends to be less than typical servers. If more compute power is needed, new
servers can be added rather than reconfiguring existing servers. In addition, platform
administration can follow standard processes. Processes and tools for patch
management are a necessity to support twice yearly proactive patching of systems, as
well as emergency patching tasks.
IP Networks
Network management consists of several tasks. Depending on the services included,
these tasks can be handled by users (user office network) or third-parties (network
service providers). All network components are standard network elements and are
considered static. Changes are necessary only when factory capacity is increased. Tasks
include:
• Monitoring and management of internal networks of the managed desktop factory
• Monitoring and management of the network to users and user offices
• Service management of the wide area network (WAN) service provider, if a WAN
connection to user offices is required
Storage Area Networks

It is recommended that storage area networks use highly standardized and
homogeneous components—one type of disk, controller, and SAN switch. Fibre
Channel disks are preferred and provide a high mean time between failure (MTBF).
RAID-5 or higher technology is suggested for storage systems. Furthermore, SANs can
be considered static. New components can be added as capacity demands rise, rather
than changing existing configurations.
Depending on the details of the implemented architecture, the SAN provides a number
of logical unit numbers (LUNs) that contain a directory for every user. Each directory
contains configuration files, a swap file, and a file for each user drive (C:) in use. Files
for users in each user profile type are expected to be similar.
• The static nature of the SAN means that monitoring tasks can be reduced to
checking for SNMP traps.
• Major reactive and proactive tasks consist of incident management, the initiation
and control of maintenance services, performance checks, redistribution of
images for optimal load balancing, and firmware updates.
Databases
VMware VirtualCenter software utilizes databases, such as Oracle Database, for
operation. Databases can be considered static. Because the database is critical for the
operation of the managed desktop factory, it is recommended that the database be
clustered at the database or operating system level. All database instances are identical
in terms of structure and administration. Typically, database administration is not
needed during standard operation, and standard database monitoring and
management concepts apply.
VMware ESX
VMware ESX is a software component that builds the virtualization layer, offers a
console operating system, and provides the platform for user operating system images.
One instance of VMware ESX is installed per machine, with all servers configured
identically.
• Monitoring is performed on two levels. Hardware monitoring is handled by an
SNMP agent in the VMware ESX environment. VMware ESX monitoring is achieved
using the VMware VirtualCenter software.
• Administration tasks consist of patching the VMware ESX software as needed. It is
recommended that patching be performed using scripts or patch management
tools.
VMware VirtualCenter Software

VMware VirtualCenter software is the primary management and administration tool for
VMware ESX environments, and supports performance and capacity monitoring.
VMware VirtualCenter software is used for the following tasks:
• Central administration of all virtual machine images
• Distribution of operating system image templates (golden images) to users
• Provisioning of new virtual machines using standardized operating system image
templates, including testing and change management
• Monitoring of individual usage of virtual machines and system resources
• Creation of incidents and tasks based on alarms or signals from the virtual
machine or schedules
• Creation of configuration and performance reports for performance optimization
• Provisioning high availability functionality, including the ability to automatically
restart sessions on other VMware ESX servers in the group in the event of a failure
• Functionality for moving live sessions from one VMware ESX server to another
using VMware VMotion software for maintenance and change management
purposes
The VMware VirtualCenter software runs on the Microsoft Windows 2003 Server
environment. It can be helpful to run the Microsoft Windows operating system instance
on a VMware ESX server. Doing so enables VMware VirtualCenter software to be
restarted easily on a spare machine, and lets more Solaris Operating System or
Microsoft Windows administration servers run on one physical server. In addition to
standard VMware software installation processes, the Sun Virtual Desktop Connector
component of the Sun Virtual Desktop Infrastructure software must be configured for
interaction with Sun Ray Software.
Monitoring and Administration

Several items relating to monitoring and administration tasks must be considered:
• Monitoring must be performed with standard agents.
• Since VMware VirtualCenter software runs on Microsoft Windows with a graphical
user interface, a Microsoft Windows helper host is needed for display redirection
for remote management.
• Efforts for patching the Microsoft Windows binary must be taken into account.
• Administrative access must be configured. Up to 48 VMware ESX servers establish
a group in terms of administration and high availability. These servers are
operated by a single VMware VirtualCenter software instance. Administrators
must not be granted Microsoft Windows administration rights. An access concept
is recommended for administrators that is based on active directory or identity

management.
• VMware VirtualCenter software uses an internal database that is typically
managed directly by the software. Direct database management is not required.
• All instances of VMware VirtualCenter software must be configured identically.
Sun Ray Servers

Sun Ray servers run the Sun Ray Software and deliver images that reside on VMware
ESX servers to users with Sun Rays clients. Sun Ray servers have several characteristics:
• Configuration—a standard kiosk mode configuration is used. All Sun Ray servers
include a Remote Desktop Protocol (RDP) connector. Several servers are connected
together to form an application cluster. No users work on Sun Ray servers. As a
result, Lightweight Directory Access Protocol (LDAP) or identity management-
based user management is required.
• Monitoring—Since a Sun Ray Software instance is a standard UNIX process that
creates a log file, monitoring can be established using standard methods.
Monitoring of single user sessions is not required.
• Management—Sun Ray Software tools provide a graphical user interface and
command line interface for managing configuration data. These tools are used to
create, delete, modify, assign, and reassign profiles. Profile creation is performed
during managed desktop factory implementation. Thereafter, management tasks
tend to focus on incident and patch management. It is recommended that all Sun
Ray servers be identical in terms of hardware configuration, structure, and
administration.

Users can also access desktop environments and applications via the Sun Secure Global
Desktop software. This software gives users remote access to a Microsoft Windows or
other operating system session via a Web browser. The Sun Secure Global Desktop
software can be used in addition to the Sun Ray Software, and creates additional access
flexibility for mobile users. It can also be used as a tool for migrating from existing fat
client environments to thin client solutions.
The Sun Secure Global Desktop software employs the same back-end infrastructure as
the Sun Ray Software, and requires similar monitoring and management tasks.
• Monitoring of UNIX processes, but not user sessions
• Application clustering
• No user management required
• Near static environment once the implementation phase is complete
Impact of Failures
Table 3-3 provides an overview of the impact of failures on managed desktop factory
components. Information in the table can aid discussions regarding reaction times for
service contracts and administrators, and hardware architecture. Because Sun Virtual
Desktop Infrastructure Software is a datacenter-class application, companies can use
established techniques, including clustering, separate fire compartments, and Solaris
JumpStart™ software, to build a robust environment without a single point of failure.
Table 3-3. The impact of failures on managed desktop factory components
Component Impact of Failures Recommendation
IP Switch • Used for user sessions and administration • Solution 1: Keep a cold standby/spare part for every rack for manual
access replacement; inexpensive solution with nontrivial downtime
• If a switch fails, users cannot work • Solution 2: Maintain a redundant network; more expensive solution
• Remote administration no longer possible with less downtime
DHCP Server, • Failure leads to a complete blackout • Operate DHCP and DNS in failsafe mode
DNS Server • Does not add to administration efforts
SAN Switch • User workplaces that use the disks fail • Solution 1: Keep a cold standby as suggested for IP switches
• Solution 2: Define privileged users; manually shift users and restart on
remaining SAN components
• Solution 3: Use redundant switches
SAN Disk • Impact depends on RAID level in use • Use an appropriate RAID level on storage devices
• Suitable RAID levels result in no impact
Full SAN System • Sessions abort • Solution 1: Implement appropriate backup and restore functions
• Unsaved data is lost • Solution 2: Deploy a redundant SAN
Database • System states freeze • Solution 1: Cluster at the operating system level
• Existing sessions work • Solution 2: Cluster at the database level (recommended)
• New sessions cannot be initiated • Proper cluster function mitigates the impact of failures
Sun Ray • Sessions abort • Use provided Sun Ray application clustering
Software • Microsoft Windows instances remain active • No extra effort necessary
but are eventually disconnected
• After a short while, users get a new login
screen from another Sun Ray server within
the same availability group
Sun Secure • Users lose connections • Use provided application clustering

Global Desktop • Users are presented with a link for a new • No extra effort necessary
Software login
• Microsoft Windows instances run
VMware ESX • Failure of one VMware ESX server results in • Behavior is typically acceptable
session termination and display of a blue • VMware VirtualCenter software controls VMware ESX servers and the
screen for users on the system virtual machines
• When restarted, fsck is run • If a server fails, the virtual machines are restarted automatically on a
• Unsaved data is lost remaining VMware ESX server (if configured)
VMware • System states freeze • It is recommended to run VMware VirtualCenter software in a private
VirtualCenter • Existing sessions work VMware ESX server environment
Software • New sessions cannot be initiated • Restart of VMware VirtualCenter software on a different machine is
easy
• Failures typically are not noticed by all users
• Existing sessions are not affected
• It is recommended to have at least one hot standby machine per rack
• Alternatively, use Microsoft Windows clustering
Managing the User Space

In the context of the managed desktop factory, IT organizations must operate and
maintain two domains:
• Sun Virtual Desktop Infrastructure Software domain—Sun Virtual Desktop
Infrastructure Software provides the infrastructure that gives users access to desktop
environment and application images. In this datacenter-centric domain,
administrators keep track of the kind of images provided. Any kind of application or
service can be supported. The domain is generic and can be standardized.
• Golden image and user space domain—This user-centric domain provides services
that are similar to those in a traditional fat client distributed environment.
Administrators must think about guest operating systems and applications
maintained in a golden image, as well as identity management, user help desk
functionality, and more. The domain is customized to support business tasks and
priorities.
Because these two domains are so different, the logical conclusion is to have different
IT teams handle them. Internal teams or outsourced services, like SunSM Managed
Services, can be employed. It is recommended to build an organizational structure that
includes a user help desk for first level user support, and a service desk for second level
support for Sun Virtual Desktop Infrastructure Software operations.
Several jobs and services are required for managing the user space in both domains.
Because the Sun Virtual Desktop Infrastructure Software domain provides indirect
services, it is recommended that users not be able to make requests of the service
desk and use the help desk instead.
Potential tasks and services for managing the user space in the Sun Virtual Desktop
Infrastructure Software domain include backup, data restoration, and the restoration of
a personalized image from a golden image. Potential tasks and services for managing
the user space in the image domain include:
• Handling of service requests and the user help desk
• User and identity management
• Application support
• Image creation and maintenance
User to Image Mapping

A golden image is a virtual machine template that is used to create new virtual
desktops through the cloning mechanism provided by the VMware software. Virtual
desktops can be static or dynamic. Static virtual desktops are assigned to a specific
user, and the user is always connected to, and only uses, that virtual desktop. Dynamic
virtual desktops are created dynamically and assigned upon request to users. After a
user finishes using a dynamically assigned virtual desktop, the desktop reverts to a
clean state and is returned to an available pool. The key is for administrators to create
user roles based on duties performed, and map these roles to pools of dynamic or static
images. Doing so provides a flexible way to supply user environments with different
configurations to various job functions within the enterprise. Because thin clients are
stateless, users can move from place to place, or role to role, and automatically and
transparently access an adjusted desktop. More information on this topic can be found
in the Sun Virtual Desktop Access Kit for VMware Sun BluePrints article located at
http://sun.com/blueprints/0307/820-1325.html
General Datacenter Services

Operating a managed desktop factory requires the use of several standard services,
including:
• The hardware used in the infrastructure is designed to be operated in an industry-
standard environment with power, cooling, access control, and other features.
Service levels can range from the use of a single rack in an open and shared room,
to dedicated, restricted access rooms with several fire compartments or remote
disaster recovery sites.
• Datacenter power and cooling must be provided at industry-standard rates.
• Smart hand services can be made available when needed.
• Datacenters must be capable of connecting to user office sites, with a choice of
network providers.
• Backup and recovery services tend to be provided as a routine part of datacenter
operation. Detailed methods and strategies can vary based on targeted service
levels. The amount of data to be backed up depends on factory implementation
and the number of different golden images used in the environment.
• Configuration data and operating system and software libraries must be backed up
separately from user data. Only user data is intended to be included in regular
backup cycles. Ideally, only one image with all supporting static data needs to be
stored per golden image.
• Backup strategies and frequencies must be considered relative to old
environments. Standard PC environments often are not covered by datacenter
backup solutions. When comparing current solutions with the managed desktop
factory approach, existing methodologies can be taken into account when
deciding on new procedures.
• Disaster recovery mechanisms need to consider the type of disasters and failures
that are possible, and the service levels required. Today, most office environments
are not protected against disasters. However, it is important to consider that any
remaining portion of a factory infrastructure that is usable after a catastrophic
event often can be configured to service a privileged group of users.
Sun Virtual Desktop Infrastructure Software and Security

Security is a major design goal of the Sun Virtual Desktop Infrastructure Software
architecture. Common security features provided by the solution include:
• Authentication—The software supports LDAP-based user authentication and role-
based access controls, and is two-factor authentication compatible.
• Encryption—The software supports the Alleged RC4 (ARC4) protocol for Sun Ray
client traffic, the Secure Sockets Layer (SSL) protocol for secure remote access, a
secure shell (SSH) for secure communication between systems, and the Transport
Layer Security protocol for directory server traffic encryption.
• Data protection—By design, a network delivered desktop solution tends to be
more secure than a traditional distributed PC-based solution. There is less risk of
data loss since data is not distributed on local desktop hard drives. It is centralized
in the datacenter and can be encrypted easily. Most importantly, network
delivered desktops can help solve the dreaded “stolen laptop” problem, where
confidential corporate data is lost or stolen from a portable computer.
• Layer security—Internal and perimeter firewalls can be used to prevent
unauthorized traffic between deployment architecture tiers.
• Endpoint security—Sun Virtual Desktop Infrastructure Software lets desktop
environments be hosted in the datacenter, enabling centralized management of
desktop profiles and resources. However, security risks associated with network
endpoints—desktops, laptops, and personal digital assistants (PDAs)—persist.
Use of the Sun Virtual Desktop Infrastructure Software can help shield the
enterprise infrastructure from risks associated with remote fat clients. If fat clients
are used in the office or at remote locations, it is recommended that enterprises
put standard security software and processes in place.
25 The Managed Desktop Factory as a Service Sun Microsystems, Inc.
Chapter 4
The Managed Desktop Factory as a Service
This chapter focuses on how a managed desktop factory can be operated from a
business perspective. When looking at the parameters to be considered, it is clear that
one size does not fit all. However, creating the right solution for a specific set of needs
is not complex—and operating a managed desktop factory and establishing a business
model is not more difficult than older approaches. In the end, complexity can be
condensed into a clear and easy to understand pricing model.
Service Management
1. See http://en.wikipedia.org/wiki/ Wikipedia defines IT Service Management (ITSM) as “a discipline for managing
IT_Service Management information technology (IT) systems, philosophically centered on the customer’s
2. See http://www.ogc.gov.uk/ perspective of IT’s contribution to the business. ITSM stands in deliberate contrast to
delivery_lifecycle_co-
technology-centered approaches to IT management and business interaction1.
ordinating_service_management.asp
Similarly, the OGC states that “Service management aims to achieve common
understanding between the customer and provider through managing service level
expectations and delivering and supporting desired results.”2
The idea is to abstract technology, software, and assets and take the viewpoint of
customers. Organizations wonder what delivers IT, and the value of IT to their
enterprise. The benefit for IT providers that use this technique is improved
communications with customers. In addition, a service view supports different pricing
models, such as pay for resources, pay for service usage, and more. The following
sections examine the ITSM concepts relevant to managed desktop environments.
Service Catalog
The Service catalog lists the services provided to customers. Each service listed in the
catalog includes at least a service description, a service-level agreement, and
associated costs. A properly conceived and constructed service catalog is paramount to
ITSM success. It must be aligned with business priorities and customer expectations.
Several best practices can be used to create an effective service catalog for managed
desktop environments.
• Find the right granularity of service.
• Consider user profiles and cost. While all inclusive services sounds like a smart
idea, and look simple to implement, service details often are overlooked. Different
user profiles, such as sales, developers, and call center agents, require access to
different resources, service levels, and resolution time frames in order to be
effective. For example, sales staff often require printers as standard equipment,
while call center agents can work without them. Organizations must decide if a
single printer service, including hardware, device drivers, toner, paper, technical
support, and incident resolution is required, or if customized printer services are
desirable. Similarly, developers need administrative access to golden images,

while a call center agent needs an image that provides access to a problem ticket
and resolution system. Both situations can be handled by one or more services.
• Include service attributes if needed by every user. If only one group needs an
attribute, consider making it a separate service.
• Make attributes that are cost factors, such as hard disk space, separate services.
Doing so makes it clear to users where costs come from and elevates awareness.
Keep in mind that the higher the level of granularity, the more likely services are
to become complex and difficult to manage, thereby increasing costs.
• Define a comprehensive list of services. Potential services for a managed desktop
service catalog include personalized images, shared images, fat client workplaces,
thin client workplaces, and color printer access.
Key Performance Indicators

What cannot be measured cannot be managed. Measurements are not the entire
solution, but do provide an important tool that supports the daily tasks of service-level
managers. Key Performance Indicators (KPIs) are metrics that are used to quantify
objectives and determine the strategic performance of an IT organization. KPIs are used
to create reports for service-level and quality managers, so that they can determine
how to goal service delivery performance. In the well-known plan, do, check, and act
methodology, KPIs fall in the check phase. Table 4-1 provides an idea of the metrics to
consider in a managed desktop environment.
Table 4-1. Suggested Key Performance Indicators for a managed desktop environment
KPI Description
%AVA Service availability
#CW Number of concurrent workplaces in use (average)
#TW Total number of workplaces
%HDU Hard disk space used by an image (average)
#TTR Time to repair a failed component (in minutes)
#CUHD Total number of user help desk calls
#CSD Total number of service desk calls
#RT Resolution time (average)
Service-Level Agreements
A service-level agreement (SLA) formally defines the level of service provided. It is an
agreement between the consumer and the provider of a service. It records the common
understanding about the level of service to be achieved, such as priorities,
responsibilities, guaranteed values, coverage times, availability, and more. It is
recommended that each SLA specify a metric for measuring fulfillment, and that the
metric consist of one or more KPIs. With SLAs, organizations can turn to reports and
determine quality of service rather than relying on subjective evaluations.
Consider a managed desktop environment with two services: a personalized image

service and a thin client workplace service. Table 4-2 details several example SLAs that
can be defined for these services.
Table 4-2. Example service-level agreements
Service-Level Agreement Service-Level Agreement Details
Personalized Image Service—Provides personalized images to users
Image Count and Availability • 99.9 percent image availability

• 1,000 initial images with support for up to 1,500
images
• Provisioning of new images upon request, no later
than next business day
Hours of Coverage • Monday through Friday (5x24)
Measurement • Image availability measured with a test client at the
customer site with a dedicated test image
Reporting • SLAs are measured and reported on a quarterly basis
Charges • Customer agrees to pay a specified amount per
personalized image, provided as a monthly service
charge
Disk Space Service—Assigns disk space to a personalized image for arbitrary use
Capacity and Availability • 3 GB initial size

• Data growth of 1 GB within one business day of request
• 99.9 percent availability
• Weekly full backups, daily incremental backups
• Data restored within one business day of request
Hours of Coverage • Monday through Friday (5x24)
Measurement • Availability measured with a test client at the
customer site with a dedicated test image
Charges • Customer agrees to pay a specified amount per
gigabyte of storage space used on a monthly basis
Thin Client Replacement and Provisioning Service—Provides break and fix services for
thin client devices
Capacity and Availability • Initial provisioning of 800 thin client workplaces

• Replacement of a thin client workplace within one
business day of the request
• Provisioning of a new thin client workplace within one
business week of the request
Hours of Coverage • Monday through Friday, 8:00 am to 5:00 pm
Measurement • Measured by tickets submitted, no automatic technical
measurement
Charges • Customer agrees to pay a specified basis fee, as well as
a specified cost per client replacement and a specified
cost per new client
It is important to note the following points:

• Fine-grained charging algorithms can be based on usage with an on-demand model.
• Because it is possible to access a personalized image from an arbitrary thin client, it
makes sense to agree to an image availability of 99.9 percent, with replacement of a
thin client taking place the next business day.
The Managed Desktop Factory as a Business Model

Business models depend on unique organizational situations and user requirements. As
a result, a managed desktop factory can be implemented in various ways: as part of an
in-house IT solution, as a hosted, full service offering, or a combination of both
approaches. Consequently, enterprises must consider several key questions when
defining a managed desktop environment.
• What are the different ways to offer and buy managed desktop factory services?
• What is needed for a complete service offering?
• What are the major cost factors?
• What financial options are available?
• How can accounting be realized?
Managed desktop factories can be used by a wide range of companies, including those
that want to:
• Offer standardized desktop environments to other companies (business-to-business)
• Provide standardized desktop environments to end users (business-to-enterprise)
• Find a replacement for office IT and build a managed desktop factory
Typical user scenarios include:

• Small and medium enterprises struggling with in-house solutions (buy-in)
• Call centers (buy-in or build to suit)
• Telecommunications and network providers (business-to-business and business-to-
enterprise)
• Government agencies (buy-in or build to suit)
• Banks and shops with sensitive data that must be stored in central datacenter
repositories and users in a public environment (buy-in or build to suit)
• Public environments, such as schools, universities, and hospitals
Major Advantages
A managed desktop factory provides several advantages to users that make business
justification straightforward, including:
• Significant cost savings in terms of people, energy consumption, software licenses,
and more
• Ability to simply use technology without understanding the underlying details
• An easy to use environment that eliminates the need for IT experts in the office
• Flexibility that lets users access systems and services from any location with WAN
access, and focus on individual job functions and core competencies
• Security measures, including central datacenter storage, ID cards, and more
• Ability to share high quality components with other users
• Easy maintenance and simple replacement of Sun Ray client devices
• Improved service quality and datacenter service levels
• Comfort and compatibility of a native Microsoft Windows environment
Selecting a Business Model

No two enterprises have the same set of requirements. As a result, it is important for
companies to look at a variety of characteristics before deciding whether to build or buy
a managed desktop solution.
• Define the scope of services to be provided. Understand what is in scope, and
what is out of scope.
• Determine if portions of the existing infrastructure, assets, and services can be
used in the new environment. Consider related technical, financial, and legal
constraints.
• Define service-level agreements.
• Decide whether to build or buy a solution. Consider whether it makes sense to
create the new environment with existing resources, or purchase parts or
complete solutions from a service provider. Many companies now buy services,
and pay-per-use and utility models are gaining in popularity due to the flexibility
and simplicity such solutions provide to organizations.
Understanding Cost Factors

Whether an enterprise builds or buys a managed desktop solution, it is important to
understand the cost factors associated with service building blocks and complete
service offerings. Table 4-3 lists the major cost factors for creating a managed desktop
factory service.
Table 4-3. Major cost factors for creating a managed desktop environment
Setup and One-Time Costs Ongoing Costs
• Planning and project management • Administration of operating systems,

• Performing pilot installations and testing storage systems, and switches
golden images on proposed solutions • Network operations and services (WAN)
• Ordering hardware and software assets, • Database and application operations
including management tools and • Maintenance contracts
components • Service operations management
• Setting up the environment and preparing • Help desk and single point of contact
the datacenter for factory installation operations
• Setting up the factory, including • Datacenter real estate, power, and cooling
installation, connection to the network,
and testing • Datacenter smart hand devices and
storage
• Setting up the management infrastructure
• Advanced datacenter services, such as
• Setting up remote management backup and restore
connections
• Migrating existing data and users to the
new system
In addition, provisioning and maintaining golden images with user management, user
help desk functions, and the management of applications, licenses, and services create
further one-time and ongoing costs. If particular security mechanisms must be
established for the factory, additional setup, asset, and operational costs are to be
expected.
Numerous options can be part of a managed desktop service, and each contributes to
cost calculations.
• Provisioning of printers, scanners, and special devices
• Web services, such as mail, calendar, and instant messaging
• Identity and user management
The amount and type of professional and project-based services that are needed
depend on how the factory is used and how often changes and enhancements are
implemented. Work effort and costs must be calculated separately for these tasks.
• Addition or replacement of systems
• Changes to the basic configuration
• Major updates to the operating system or services
• Movement of systems
• Disaster recovery (server restarts and standard maintenance services must be
included in everyday tasks)
• Changes to user profiles (Sun Ray clients)
Accounting Models for Costs and Charges

Once an organizations knows what services are included, one-time and monthly costs
can be determined. Monthly costs typically rise in a step-wise fashion. One-time costs
can be transformed into monthly costs by using leasing models. Discuss what is best for
a given scenario. Possible pricing parameters include:
• More or less one-time costs
• Monthly flat fees or very detailed options (often lead to more overhead)
• Contract run time, for a minimum charge or minimum number of desktops
• Number of concurrent users and named users
• Number of offices
• Pricing based on KPIs and fulfillment of SLAs
Determining Total Cost of Ownership

Given the variety of possibilities for implementing a managed desktop factory, it is
impossible to generalize total cost of ownership (TCO) and return on investment (ROI).
However, the core functionality of a managed desktop factory can provide significant
cost savings. These savings result from virtualization techniques that can help improve
infrastructure utilization, lower power and cooling costs, and reduce the amount of
labor-intensive administration. In addition, a managed desktop factory creates huge
potential for optimized workflows. For example, calculations for factories with 2,000,
8,000, and 20,000 seats show a potential for double-digit savings in percentage of TCO
over a period of 36 months when compared with typical PC desktop environments. To
obtain TCO and ROI estimates for a specific situation, contact Sun Professional Services
for an analysis.
31 For More Information Sun Microsystems, Inc.
Chapter 5
For More Information
About the Authors

Stefan Schmitz-Homberg is a Solution Architect in the service practice of Sun
Microsystems in Germany. Initially a Systems Engineer for remote system management,
his current role is to develop managed service architectures for Sun service customers.
Today, Stefan specializes in solutions for telecommunications and financial services
companies. He holds a masters degree in computer science from the University of Bonn
and is an ITIL certified Service Manager.
Michael Rosenthal is Global Product Manager for Sun Managed Services. He works on
the ongoing development of new and in-market Sun Managed Services offerings, such
as Remote Management, Interim Operations Management, and Utility Computing.
Prior to this role, Michael worked as Solution Architect for Sun Managed Services in
Germany. He holds a masters degree in computer science from the University of
Hamburg and the University of Erlangen, and is an ITIL certified Service Manager.
Acknowledgements
The authors would like to recognize the following individuals for their contributions to
this article:
• Dirk Grobler
• Birgit Kreuz
• Jorgen Skogstad
• Rolf-Per Thulin
References
Sun Desktop Infrastructure:
http://sun.com/software/sdis
Sun Managed Services:

http://sun.com/service/managedservices
Sun Microsystems Documentation:

http://docs.sun.com
Sun Ray Clients:

http://sun.com/sunray
Sun Ray Software 4 09/07 Collection:

http://docs.sun.com/app/docs/coll/1230.6
Sun Secure Global Desktop Software:

http://sun.com/software/products/sgd
Sun Virtual Desktop Connector 1.0 Beta:

http://sun.com/download/products.xml?id=473df2c6
Sun Virtual Desktop Infrastructure Software:

http://sun.com/software/vdi
Grobler, Dirk and Warren Ponder. “Sun Virtual Desktop Access Kit for VMware,” Sun
BluePrints OnLine, March 2007. To access this article online, go to
http://sun.com/blueprints/0307/820-1325.html
Ponder, Warren. “Sun Desktop Virtualization Solution,” White Paper, April 2006.
http://sun.com/software/sdis/wp_desktop_virtualization_
blueprint.pdf
Related References
“Co-ordinating service management”, Office of Government Commerce (OCG),
http://www.ogc.gov.uk/delivery_lifecycle_co-ordinating_service_
management.asp
Friedlander, David and Simon Yates. “Desktop Virtualization Is The Future Of The
Corporate PC,” January 2006.
http://sun.com/software/vmware/forrester_rr.pdf
IT Service Management, wikipedia.org,

http://en.wikipedia.org/wiki/IT_Service_Management
Klasell, Tim and Jeffrey Peck. “The Rise Of The Virtual Machine And The Real Impact It
Will Have,” Thomas Weisel Partners, February 2006.
http://sun.com/software/vmware/twp_wp.pdf
Mears, Jennifer. “Moving beyond server virtualization,” Networkworld, January 2006.

http://www.networkworld.com/news/2006/010906-virtualization.html
Re Ferrè, Massimmo. “Virtual Infrastructure products: features comparison,”

http://www.it20.info/misc/virtualizationscomparison.htm
“Solaris Performance Monitoring & Tuning - iostat , vmstat & netstat,” Admin’s Choice,
http://www.adminschoice.com/docs/iostat_vmstat_netstat.html
“VirtualCenter Monitoring and Performance Statistics,” VMware Tech Note,

http://www.vmware.com/pdf/vi3_monitoring_statistics_note.pdf
Ordering Sun Documents

The SunDocsSM program provides more than 250 manuals from Sun Microsystems, Inc.
If you live in the United States, Canada, Europe, or Japan, you can purchase
documentation sets or individual manuals through this program.
Accessing Sun Documentation Online

The docs.sun.com Web site enables you to access Sun technical documentation
online. You can browse the docs.sun.com archive or search for a specific book title
or subject. The URL is
http://docs.sun.com/
To reference Sun BluePrints articles, visit the Sun BluePrints Program Web site at:
http://www.sun.com/blueprints/online.html
34 Glossary Sun Microsystems, Inc.
Appendix A
Glossary
Availability
A measure of the total time that data, applications, and services are available from a system.
Cluster
Two or more interconnected systems or domains that share a cluster file system and are
configured together to run failover, parallel, or scalable services.
DAS
Direct attached storage.
DHCP
Dynamic Host Configuration Protocol.
DNS
Domain Name Service.
Domain Name Service

A distributed name and address lookup mechanism used to translate domain names to IP
addresses.
Dynamic Host Configuration Protocol

A framework for passing configuration information to hosts and managing IP addresses.
Golden image or master

An operating system image that is used as a template for operating system instances for users
belonging to a particular user group. Also known as an operating system template in the
VMware environment.
Internet Protocol
A set of protocols developed by the United States Department of Defense to communicate
between dissimilar computers across networks.
IP
Internet Protocol.
IT
Information technology.
ITIL
Information Technology Infrastructure Library.
ITSM
Information Technology Service Management.
Key Performance Indicators

Metrics that are used to quantify objectives and determine the strategic performance of an IT
organization.
KPIs
Key performance indicators.
LAN
Local Area Network.
LDAP
Lightweight Directory Access Protocol.
Lightweight Directory Access Protocol

A standard, extensible directory access protocol used by LDAP naming service clients and
servers to communicate with each other.
Load balancing
The process of distributing application service loads across systems to increase performance.
Local area network

A network topology that provides a means to connect systems within a limited distance.
MTBF
Mean time between failure.
NAS
Network attached storage.
RAID
Redundant array of independent (or inexpensive) disks. A technique for aggregating a set of
disk drives and making them appear to be a single logical disk drive to an application. Different
RAID levels provide different capacity, performance, availability, and cost characteristics.
RAID-5
RAID level 5, or striping with distributed parity. Both data and parity are distributed across
disks. No single disk can compromise the integrity of the data. RAID-5 optimizes performance,
reliability, and cost.
SAN
Storage area network.
Service-level agreement
A guarantee of the service level provided by a computing environment to a user or set of users.
Simple Network Management Protocol

The standard network management protocol used in TCP/IP networks.
SLA
Service-level agreement.
SNMP
Simple Network Management Protocol.
SPOF
Single point of failure.
Sun Management Center

Software that provides a powerful, easy-to-use platform for administrative and management
operations. Providing a single point of management for all Sun systems, Sun Management
Center can help system administrators to perform remote system configuration, monitor
performance, and isolate hardware and software faults.
Sun Ray Software

Software that gives users access to applications and services from any location using Sun Ray
compatible thin client devices.

Software that delivers secure, universal, and portable access to applications, data, and
services to users. Users can interact with familiar collections of applications using familiar
devices, and uniform services can be received from a fixed office at the enterprise, or any
location around the globe that is accessible to the Internet or telephone network.
Sun Virtual Desktop Connector software

A brokering service that integrates with VMware Infrastructure 3 software to deliver desktop
environments running in virtual machines to users.
Switch
A networking device that isolates network traffic to the segments and devices for which the
traffic is intended.
VDI
Virtual Desktop Infrastructure.
Virtual Desktop Infrastructure Software

Software that delivers applications and full desktop environments to clients using a server-
based computing model. Users access applications and desktop environments that are hosted
on centralized datacenter servers over the network.
VPN
Virtual private network.
WAN
Wide area network.
Wide area network

A network topology that provides a means to connect systems that are distributed over a large
geographic area via telephone, fibre optic, or satellite links.
WLAN
Wireless LAN, or wireless local area network.
The Managed Desktop Factory On the Web sun.com
Sun Microsystems, Inc. 4150 Network Circle, Santa Clara, CA 95054 USA Phone 1-650-960-1300 or 1-800-555-9SUN (9786) Web sun.com
© 2008 Sun Microsystems, Inc. All rights reserved. Sun, Sun Microsystems, the Sun logo, Java, Solaris, Solaris JumpStart, Sun BluePrints, Sun Fire, Sun Ray, and SunDocs, are trademarks or registered trademarks of
Sun Microsystems, Inc. in the United States and other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the US and other countries.
Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc. AMD and Opteron are trademarks or registered trademarks of Advanced Micro Devices. Intel is a trademark
or registered trademark of Intel Corporation or its subsidiaries in the United States and other countries. UNIX is a registered trademark in the United States and other countries, exclusively licensed through X/Open
Company, Ltd. Information subject to change without notice. Printed in USA 05/08

The Managed Desktop Factory: Sun™ Virtual Desktop Infrastructure Software As A Service

Uploaded by

Copyright:

Available Formats

The Managed Desktop Factory: Sun™ Virtual Desktop Infrastructure Software As A Service

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

The Managed Desktop Factory: Sun™ Virtual Desktop Infrastructure Software As A Service

Uploaded by

Copyright:

Available Formats

THE MANAGED DESKTOP FACTORY

Sun™ Virtual Desktop Infrastructure Software as a Service

Sun BluePrints™ Online

Chapter 2. An Overview of the Sun Virtual Desktop Infrastructure Software . . . . . .4

Chapter 3. Operating a Managed Desktop Factory . . . . . . . . . . . . . . . . . . . . . . . . . 12

Chapter 4. The Managed Desktop Factory as a Service . . . . . . . . . . . . . . . . . . . . . . 25

Chapter 5. For More Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

IT organizations are constantly provisioning ofﬁce workplaces to make services and

Sun™ Virtual Desktop Infrastructure Software

Just as server virtualization revolutionized how IT managers think about compute

Sun™ Virtual Desktop Infrastructure Software is a compelling new architecture for

The Managed Desktop Factory

• Chapter 2 describes the Sun Virtual Desktop Infrastructure Software architecture,

The Case for Virtual Desktops

Application ... Application ...

Operating System ... ...

With the cost of PC systems remaining relatively inexpensive when compared to

Virtualization is a key technique that makes it possible to improve datacenter hardware

Sun Virtual Desktop Infrastructure Software Concepts and

Sun Virtual Desktop Infrastructure Software

Sun Secure Global Sun Ray

Sun Virtual Desktop Connector

Solaris 10 Microsoft Microsoft

VMware Infrastructure 3 Software

Sun x64 Servers

Figure 2-2. The Sun Virtual Desktop Infrastructure Software architecture

Sun Ray™ Software

Sun Secure Global Desktop Software

Sun Virtual Desktop Connector Software

The system uses a three-tiered architecture (Figure 2-3).

Sun Ray Software Sun Secure Global

Session Management Layer Sun Virtual Desktop Connector (SVDC)

ESX ESX ESX

Sun Virtual Desktop Infrastructure Software Building Block

Desktop Vitualization Session Brocker

Desktop Desktop Desktop Sun Ray Sun Ray Datacenter

Migrating to Sun Virtual Desktop Infrastructure Software

instances, without modiﬁcation or knowledge of the underlying environment. IT

Roles and Responsibilities

Assume CW represents the number of concurrent workplaces, and TW is the total

System Management Tools

Technical Building Blocks and Operational Tasks

Monitoring and Reporting • Monitoring of devices, platforms, operating systems,

Reactive Administration Tasks • Incident isolation

Proactive Administration Tasks • Change management

Table 3-2. Managed desktop factory assets

Asset Type Asset Comments

Storage area network

Storage area network

Storage area network

Internet Protocol (IP) Ethernet switches

Clients Sun Ray clients

Solaris Operating System Runs Sun software

Microsoft Windows 2003 Runs VMware VirtualCenter

Microsoft Windows XP or Runs applications for users

Provides a platform for virtual

Provides user desktop access to

Sun Secure Global Desktop Provides user desktop access via a

Connects Sun Ray Software and