The Magic of Non-Persistency in Desktop Virtualization
Let us be honest, deep down we all believe in magic and if you don’t then reassure yourself with the fact that once upon a time in your youth, you did. Somewhere along the way you forgot how to believe in magic and that’s ok because, happily, technology gives us lots of reasons to start believing again.
Right now I am seeing magic in desktop virtualization, it’s the best way I can think of describing it, magic comes in many shapes and sizes and for me it can be found specifically in non-persistency.
Before we talk about the concept of non-persistency, perhaps we should take a little walk down persistency lane and being a cloud desktop kind of guy, this is a story about cloud hosted virtual desktops.
Most of you will be comfortable with the idea of a traditional persistent desktop, if were to hazard a guess, I would say that most of you reading this article are doing so on a traditional persistent desktop that probably has not been virtualized.
If I am wrong then consider yourself lucky early-adopter, because most of the desktop using world still has not seen a virtual desktop, let alone a non-persistent one.
What is Persistency ?
When I say 'traditional persistent desktop' I mean the MS Windows (or Mac OS X) desktop that lives on your machine, persistent in the sense that any changes you make to that desktop persist across your user sessions.
We have been using these persistent desktops that live on a piece of hardware for the best part of 25 years, I first saw Windows when I was twelve years old and hated it instantly, I loved the command prompt, but that soon passed and over time I slowly fell in love with the idea of the ‘desktop’.
A lifelong power user, I did not begin to get really intimate with the desktop until we began to virtualize them, suddenly what we could do with the desktop became much more interesting than what we could do on the desktop.
After virtualizing them, the next coolest thing to do was put them in the cloud, the word ‘cloud’ was more innocent back then of course.
My own company tuCloud was the first in the world to offer a cloud hosted desktops as a service (DaaS), others soon followed and in 2009 the cloud hosted virtual desktop industry was born.
Early on though, we were all building clouds of persistent hosted virtual desktops, it made sense to our thinking at the time.
We took whole desktops and virtualized them, giving them their own little virtual machine, then ran them in the cloud and let users access them remotely for use in a persistent fashion.
This is the basic definition of VDI/SBC, the idea that you put all of your desktops in the DC and manage them centrally and sure the model has benefits, any fool can see that, but that does not mean this is the way forward.
It certainly is not what desktop virtualization is all about and the VDI model using thin clients is closer to the days of the mainframe than real desktop virtualization, meaning a dinosaur.
What is Non-Persistency ?
When we talk about non-persistent cloud hosted virtual desktops, in simple terms we mean that we present users with cloud hosted MS windows virtual desktop to use as per usual, but that any changes a user makes will not be saved across user sessions.
Any applications they install, or changes they make on a non-persistent hosted virtual desktop will be washed away when the user logs out and when they log back in again, they get a fresh desktop, in its original golden state.
Users actually find this lack of persistency incredibly annoying, but that is the basic definition of a non-persistent desktop. They are fresh copies of a ‘golden image’ and you always get the same kind of desktop for one-time use.
Think of it as a disposable desktop, when the user logs in they are given a fresh desktop and when they log out, that desktop is destroyed and the resources are returned to the ‘cloud’ for use by others.
tuCloud’s own hosted virtual desktop estate is now 100% non-persistent, we deliver to our users a non-persistent hosted virtual desktop on demand, that has nothing but the base desktop OS, IM and web browsers installed.
These cloud desktops are brilliant if all you need to do is use SalesForce CRM or any other cloud based applications that you can use through a browser window, they are also brilliant for the lowest form of desktop user, the ‘task worker’.
You can cleanly present the same desktop, with the same set of applications to the same users every-time and it doesn't matter if your users screw up the desktop, their changes will be washed away when they log out.
But what if your business contains a more advanced kind of desktop user, such as the ‘knowledge worker’ or even worse the ‘power user’ ?
These more evolved and sophisticated desktop users revolt at the idea of non-persistency, they rebel against the idea that they cannot customize or have complete control over their desktop work environment.
How do we deal with them using a non-persistent model ?
This is where the magic lives and the concept becomes really interesting, as the conversation moves towards the concept of layering in desktop virtualization.
It’s A Kind of Magic
When we talk about non-persistent hosted virtual desktops with persistent user, data and application layers applied to them we really are talking about a kind of magic.
Clarke’s third law states that any sufficiently advanced technology is indistinguishable from magic and on that basis;
If you can migrate a desktop user from a persistent desktop across to a non-persistent one and deliver it in such a way that, to the user, their new desktop is indistinguishable from the old one, then that’s magic folks.
At least I believe so and I haven’t yet forgotten how to believe in magic :)
Lets Talk about Layering
This really is a simple explanation of the art and magic of delivering non-persistent hosted virtual desktops using virtualization layering, but one that explains the concept beautifully I think.
Who amongst us does not like cake ?
In order for the non-persistent model to work effectively for all types of desktop users, there needs to be some level of persistency involved in order for the desktop to become useful to the user and also for the user to want to use it.
Virtualized applications can be streamed to users on demand, we can simply take a persistent virtual application layer and apply it to the non-persistent virtual desktop upon user login.
The fact the desktop you are using does not have Office installed on it, does not mean that you can not use Office, on that desktop, we simply layer the virtual Office application onto the desktop when you login and you use it normally.
User Personalization Layering
In much the same way, we can take a users personalizations and virtualize them into yet another persistent layer that we can apply onto a non-persistent desktop upon user login.
The fact the desktop you are using does not have your screensaver, background, address book, browser bookmarks or documents folder living on it, does not mean you can not have all of those when you log in.
Maintaining a non-persistent virtual desktop estate, whilst giving your users all of the persistency they need in this way is a relatively new idea, but one that is gaining traction rapidly in cloud hosted virtual desktop deployments globally for a number of reasons.
I consider myself champion of this model and I am quietly proud that my own company tuCloud were the first to commercialize this model and put it into production in any significant way, in collaboration with the National Nuclear Security Administration (NNSA), who have thousands of users on our hosted virtual desktop cloud.
We are certainly not the only ones to use the non-persistent model, I see the non-persistent model gaining traction in the US Federal Government and military/defense sectors.
This is primarily because the non-persistent model solves a few of the problems with persistent desktop OS’s, also because it creates infrastructure efficiencies and savings over the longer term compared to VDI.
More than anything though, I think because it is simply a more intelligent and elegant model than persistent VDI can ever hope to be.
Time will tell if the non-persistent model becomes the dominant one, but there are lots of good reasons why it should which brings me onto my next subject beautifully.
Lets take a look at exactly why the NNSA saw magic in non-persistency and embraced a desktop cloud provided to them by a third party desktop provider like tuCloud.
The Non-Persistent Model from a Cyber Security Perspective
One of the major threats to Western capitalist model is the sustained loss of intellectual property to foreign agents caused by “Advanced Persistent Threats”.
If you were a high security organization dealing with sensitive information, you would know that the primary source of these threats comes from giving your employees access to the open internet and also through email communication.
The problem is that your employees probably need access to the open internet to do their jobs effectively and use things like webmail, and social networks to stay in touch with their loved ones.
Banning access to this kind of freedom causes lots of unhappiness and frustration amongst your employees
What typically happens is that an organization gets breached by an advanced persistent threat and they immediately lock down their internal networks, blocking access to the open internet on their employees PC’s.
Locking down internet access every time you are attacked is not a plan for dealing with these threats and blankets bans do not usually stay in place for long, employee pressure to resume service as normal builds up and there is often no point locking all the windows after the thieves have already been and gone. We typically resume business as normal and beef up security a bit.
This is a reactive model and a very ineffective way of mitigating against the kind of cyber threats the corporate desktop world faces today.
The non-persistent model offers a viable alternative, one that creates a no-compromise solution and allows your organization to mitigate against cyber-security threats in a proactive way.
In this scenario we provide your users with a second desktop, a non-persistent one that is hosted separately and externally to your own infrastructure and DC.
On this desktop your users have complete freedom to surf the open Internet and use all of the goodness that the web has to offer, except for porn, gambling and so on, allowing them to surf the open internet without putting your internal networks at risk.
What Does That Model Look Like ?
This is what the non-persistent model in that context looks like :
Step one involves the user requesting a desktop, once the user initiates the connection in step two their credentials are authenticated against Active Directory and in step three after authentication occurs, the user is granted authorization to draw a desktop from the pool.
In step four a fresh snapshot is taken of the ‘golden’ desktop image, the user personalizations are applied to the snapshot and the desktop is deployed to the user, generally within seconds of them logging in.
In step five the user gets a persistent desktop in that they get the same desktop experience every time with all of their browser bookmarks, desktop background, and browser add-ons applied.
Finally in step six, the user finishes up their session and the desktop is completely destroyed, taking any kind of infection that your users may have picked up whilst using the desktop on the open internet with it.
Using the non-persistent model in this way, you can proactively mitigate against cyber-security threats by completely locking down all of your internal desktops, restricting access to the open internet.
At the same time, you give users a second desktop on which they have all of the freedoms you just took away from them, a no-compromise solution.
IT central gets what they want and so do the users. By design, no data can pass from the hosted virtual desktops to the users local traditional desktop, unless it’s scribbled onto a piece of paper. The breach risk your internal network and infrastructure faces on a daily basis is dramatically reduced.
You Mentioned Something About Cutting Costs ?
If you ask most IT buyers about the biggest benefit they expect to get when looking at desktop virtualization, they will typically tell you that they expect to substantially reduce the cost of ownership, which makes sense as desktop management has typically been one of the largest cost centers in IT.
In very much the same way, managing a cloud of persistent hosted virtual desktops in the same way as you did a traditional persistent desktop is actually a very expensive thing to do, ask anyone who tries to make ROI cases for VDI on a regular basis.
If the cloud hosted virtual desktop model is to grow and prosper, it will be because non-persistency offers a more cost-effective route and delivers tangible benefits that save your organization money over the long term.
I you choose to go down the non-persistent route then your costs will almost certainly be lowered and the ROI case begins to make a lot more sense.
Its only when you begin to look at the non-persistent model that you will be able to reach TCO figures that resemble traditional desktop TCO.
Non-persistency also offers a way to drive operating efficiency deeper into your organization by enabling an architecture that increases efficiency over the longer term.
If you look around the internet for a suitable cost-calculator to compare persistent virtual desktop infrastructures to non-persistent ones and work out the savings yourself, you will have a hard time because their isn’t one, although there are lots that compare VDI to traditional desktop management.
But what about hardware and infrastructure costs ?
Non-persistency is key to making cloud-hosted virtual desktops attractive as it enables the lower costs, which can then be passed onto the customer.
Its difficult to put a figure on the total savings the non-persistent model offers compared to a persistent one, partly because of the complexity involved. If you lack persistency on the desktop, you will almost certainly need some kind of application and user personalization layering in your deployments and this varies for each organization.
When pushed, my own technical engineering team will quote anything from a 25-35% drop in storage and infrastructure costs using a non-persistent model, partly why we are committed to this model in the first place.
A sweet spot for the non-persistent model is when your desktop users do not need to use the desktop all of the time, at Lawrence Livermore National Laboratory for example, if we need to, we can support up to 5000 users with just 1000 concurrently running non-persistent hosted virtual desktops, saving a huge amount of money, approximately four fifths of the cost compared to a persistent model.
This casual user effect is even more magnified at UCLA, where we are in the middle of rolling out a non-persistent hosted desktops to thousands of desktop users using just a handful of concurrently running desktops, available in all UCLA libraries across campus.
In any situation where you have users that need desktop access at different times, you can support many more users with a much smaller number concurrently running desktops using the non-persistent model.
Desktops are provided on demand and new desktop resources are only drawn from the cloud when needed.
There are other reasons you would consider using non-persistency as a model and we want to hear about yours in the comments section below.
This article was originally published in his column over at DABCC.