Under Virtualised

A lot of customers have asked lately about the benifits of deploying Windows 7 using System Center Configuration Manager (Config Mgr) over Microsoft’s free deployment tools (e.g. MDT, MAP, WDS, WSUS, Group Policy software distribution).

The answer is simple: Full end-to-end integration of all build components, and ongoing management of the desktop after it is built.

Microsoft Deployment Toolkit (MDT) provides great guidance (and some extra tools) on how to use Microsoft’s free products to deploy Windows. Using them, you can deploy a hardware independent image, inject drivers during build, and install applications at build time. But the focus is on initail deployment of the machine – not ongoing management. MDT can’t deploy applications 2 weeks after the machine is built – you need to use Group Policy or another tool to do that.  And if you change your SOE, or deploy new patches to your environment, you will need to ensure those changes are reflected in the MDT build so that any new machines you deploy are up-to-date. If you don’t, deployments from that point on will be a multi-step process: build machine, then ensure SOE changes are applied (e.g. using WSUS or Group Policy software deployment).

Config Mgr can be used for all dektop deployment and management functions. It gathers inventory, deploys applications & patches, and reports on desired configuration drift. When you release patches using config manager to already deployed machines, those patches will automatically be installed on any new computers you deploy – and not 30 or 60 minutes after the build, but during the build before the user can log on.

Likewise, if you upgrade a version of software in your enviornment and use Config Mgr to deploy the new version to existing computers, it is very simple to ensure that new version is also deployed to new computers – again, fully integrated into the actual build process. This is true for both traditional and App-V virtual applications. So if you are virtualising your applications (which you should be), Config Mgr can deploy virtual applications in much the same way as traditional applications, using the same objects and terminolgy within Config Mgr – which means you don’t need to have seperate servers for App-V deployment.

And Config Mgr’s hardware and software inventory can be used to help plan your deployment. Yes, the Microsoft Assesment and Planning tool (MAP) can gather hardware and software inventory – but only for clients that are turned on and on the network at the time MAP is run. Config Mgr is client based, so the data it provides is more reliable and will be automatically updated if the inventory changes.

So whilst Microsoft provides a lot of great free tools for deploying Windows 7, they are, well, lots of tools. Config Mgr provides all the functions in one product, which means there’s not only consistancy in administration and reporting, but there is deep integeration between the functions. The end result is that deployment of a machine is fully automated end-to-end. That includes saving user data and settings from the existing installation, deploying Windows 7, patching Windows, deploying applications (including virtual apps), and restoring user data and settings. The deployment can be initiated by the user, or remotely by IT, and the user does not get a logon prompt until the mahcine is completely ready to use. And the whole process can be monitored by IT using web based reports. Plus ongoing management of the environment is performed using the same tools and processes – and changes that you make as part of that ongoing management are automatically reflected in new builds – with very little IT administrative effort. All of which is very important to ensure that future builds and rebuilds are efficient and correct.

If you would like to hear more of my thoughts on Deploying Windows 7 with Configuration Manager, checkout this video interview recorded at Tech Ed Australia in September

The Microsoft Office Engineering Blog has just published a post confirming that click-to-run will be a method that Microsoft will offer for Office 2010 download/run/updates.  In August, after rumours of a click-to-run beta, I posted my thoughts about what this might mean.

This is great news, as it will really help to bring Application Virtualisation to the masses, and hopefully other vendors will follow Microsoft’s lead.

To re-state my previous thoughts,I wouldn’t be surprised if we see the concept of having Configuration Manager subscribe to vendor application streams, and re-deliver the apps to enterprise desktops using App-V.

On-premise re-packing and software update release might become as easy as Microsoft Updates has in recent years.  Hopefully!

Yesterday I presented a session at Microsoft Tech Ed Australia on service monitoring of distributed applications and systems hosted on Hyper-V and VMware ESX using System Center Operations Manager (SCOM 2007 R2) and System Center Virtual Machine Manager (SCVMM 2008 R2).

I promised to post links to relevant resources, which are below. Feel free to let me know if you have any other questions from the session.
Also, if you attended, don’t forget to fill out your evaluation form – you can win stuff, and it lets me know what you thought. Thanks!

System Center Operations Manager

• Main product page
• SCOM 2007 R2 eval download
• What’s new in R2
• Operations Manager 2007 videos – Lots of videos, including this one on Distributed Application Designer
• Operations Manager 2007 SP1 videos – Some more videos, related to some of the new SP1 features
• Building PRO-enabled management packs
• Service Level Dashboard solution accelerator

System Center Virtual Machine Manager

• Main product page
• VMM 2008 R2 eval download
• VMM overview video – excellent introduction to VMM
• Virtual Machine Manager whitepaper -  overview of VMM and server virtualisation
• VMM Product documentation, including:
• How to Integrate Operations Manager with VMM 2008 R2
• Podcast on VMM 2008 R2 – Kenon Owens – technical product manager on the integrated virtualization team
• Hyper-V planning and deployment guide

Ars Technica is reporting that Microsoft is testing streaming the Office 2010 tech preview straight to users.

They’re calling it “click-to-run”, and basically it uses Microsoft’s application virtualisation technology to run the application virtualised on the user’s desktop. The application is delivered over the internet, straight from Microsoft as a “stream”. I imagine that would mean, like with App-V, the application can start quickly with only a core download. The rest of the application can then be trickled down, or downloaded on demand as more features of the applications are used.

I assume that patches and updates would also automatically be downloaded when the application is run next – in a quick and easy way.  And I also assume that Microsoft would be able to revoke or remove the software when the client checks-in. This would open the door to subscription based software purchasing, delivered straight from Microsoft, but run on your own computer (so not to be confused with software as a service – although it does overlap somewhat).

Very interesting stuff, and I’m sure it is a taste of one of Microsoft’s new future software delivery mechanisms.

I wouldn’t be surprised if we see the concept of having Configuration Manager subscribe to vendor application streams, and re-deliver the apps to enterprise desktops using App-V.

On-premise re-packing and software update release might become as easy as Microsoft Updates has in recent years. Lets hope.

One of the reasons people look at implementing virtual desktops over the traditional terminal services/presentation server/XenApp server based computing environment is application compatibility and co-existence.  In those server based multi-user environments, some applications don’t work – or at least require a fair bit of time to get working and keep working. Sometimes applications simply require the workstation version of the OS. Sometimes the apps don’t like to be run by multiple users at the same time. Even in a well designed and well managed environment, and even using application visualisation, some apps still don’t run or don’t run well.  In a virtual desktop environment, the remote session is running on a workstation OS (rather than a server OS), and the session is dedicated to a single user. As such, many of those applications that have issues in the terminal server environment work fine in a virtual desktop. And if they don’t, since the environment isn’t shared, the problem only affects the one user.

However,  giving users a whole virtual desktop so they can run a couple of extra applications remotely isn’t always desirable. Sometimes it would be ideal to publish an application that is installed on a virtual desktop to a user, so they can run that application without also presenting them a whole desktop. Remember back to when  Citrix introduced seamless published applications – so much of that complexity went away for the user when they could just run the application, without also having to interact with a second desktop session.

Another usage scenario applies to thin terminal users – the users today that do run a whole published desktop from a multi-user server OS. Administrators could provide those users a published application within their published desktop – but instead of running on the server desktop, the application runs from a workstation virtual desktop, and is presented into the user’s server desktop session. This would effectively allow more applications to be provided in the thin client environment, without switching over to a completely virtual desktop environment. In essence, it would allow you to run some server based pulished apps, and some desktop based published apps – whatever was needed and whatever made sense for the administrators.

So, sounds like something that makes sense, right?  Citrix thought so, and have recently announced this new feature (planned for Q3 2009) that allows you to publish applications that are running on virtual desktops. These applications can then be run remotely, just like any other XenApp seemless published application.

Citrix has called the feature VM Hosted Apps, and it will be a great addition to the XenApp suite which will give orgainisations another option for those applications that don’t like running in a multi-user, or server based environment.

Of course Quest has had this capability for a while now with via their vWorkspace product.  In fact Quest has long been promoting a use case for virtual desktops along these lines – using the single user workstation OS to run applications that the terminal servers can’t – but publish the apps through to the terminal server environment where user density is more cost effective.

And I should also mention Microsoft’s RAIL – Remote Applications Integrated Locally. It’s essentially the same concept also, and is used in Windows 7 to publish applications that are running on the “XP Mode” virtual desktop through to the Windows 7 start menu and desktop.

Whichever way you look at it, publishing applications from a variety of machines and OS’s, and running them in a variety of combinations and locations will soon be possible from multiple vendors. More options. More flexibility. More complexity?  The question is, how will we manage and assign apps? But that’s a conversation for another day.

I haven’t been blogging about it much, but I’ve been working like crazy with Windows 7 and deploying it with Configuration Manager. We have been doing a series of customer presentations around Australia on Windows 7 (beta), Configuration Manager SP2 (alpha), the virtual desktop broker in Remote Desktop Services (part of Windows Server 2008 R2 (beta)), and a third party product called Activate (not beta!). Quite a bit of new technology all together in one presentation – all live. When planning it we gave it the code name  ‘extravaganza’.

I’ve also been heavily involved with the Dimension Data internal TAP deployment of Windows 7, and with some early adopter customers.

A couple of weeks ago, Microsoft interviewed myself and some colleges about our experience with Windows 7. You can find the video on Microsoft Showcase

(yes, I know, a little self promotion.. but hey, isn’t that what blogs are for?)

Ever since I first heard about a client side hyper visor back in 2008 (I happened to hear it from VMWare first), I have been excited and anxious for the technology to be ready for mainstream use. I strongly believe that client hyper visors will be the thing that makes desktop virtualisation – in all it’s forms – become common place.

Centralised Virtual Desktops

Centralised Virtual Desktops (or Virtual Desktops hosted on central Infrastructure – VDI) have a range of benefits today.  For a start, most VDI implementations force you to separate the OS, from the apps, from the user data and settings. That in itself provides greater flexibility and more granular options for quick troubleshooting and repair (each layer can be treated separately by IT). And the fact that the virtual desktops are usually hosted in a central data centre that is “near” the data and application back-ends enables much of the layering to work efficiently, and can provide a better user experience in some cases for remote offices/home workers. And of course it also allows orgainisations to control their data and applications more closely – they never leave their network.

However, the number of VDI implementations in the world are relatively small. When many of my customers have looked to implement VDI solutions, they have found it doesn’t suite the requirements of the whole organisation. Now to be clear, I have nothing against VDI – in fact I think virtual desktops are great! Problem is, many people still have really valid reasons why centralised (or remote) virtual desktops aren’t always what they need.

Distributed Virtual Desktops

And that’s where client side hyper visors come in.  Client hyper visors will allow the virtual desktop to be run on user hardware (like a laptop), rather than on centralised servers. So it can be run offline, and you don’t have the constraints that remote video/audio imply.

So what is good about the client OS running virtually? Essentially, it’s about abstraction of the OS from the hardware. Once we have decoupled the OS, it becomes really easy to take snapshots, incremental backups, restore those snapshots/backups, or move the computer to new hardware. And speaking of moving the OS to new hardware – we should expect that most of the client hyper visors will have the ability to sync changes made locally up to a central copy, so that you can actually run that same environment from a variety of devices.  When you log off your computer at work, all changes are sync’d up to the network, so you can use the same virtual machine remotely from home  – this time running from a server hyper visor in your data centre – or in someone else’s data center on the internet (in the cloud). And changes made from home will be sync’d back down to your work computer when you turn it on next. Or if you loose your laptop and get a new one, then the whole virtual machine will be downloaded and you will be right where you left off.

The other great advantage of the client OS running virtually is that you can run multiple client OS’ at the same time – without any one of them being the ‘master’ or host. A typical example the vendors are talking about is running a personal desktop and work desktop. But there are many other scenarios, like different SOE versions, test machines, developer machines, etc.

Management

Both Citrix and VMware recognise the need for the client hyper visors to have management capabilities – these will be crucial to the successful adoption of client side desktop virtualisation. IT departments will need to be able to manage OS assignment, push, and sync. And controlling which devices/storage/networks the various virtual machines have access to will be critical in controlling the security and reliability of the environment.

After the market matures a little, the exact type of hyper-visor implemented will not be the major factor when choosing a client hyper-visor vendor. Instead, the  management capability, third party extension/plugin model, and integration with existing systems and processes (e.g. Microsoft Configuration Manager and Active Directory) will be the key differentiators orgainisations will be considering when choosing a product set.