Published on June 13, 2014
Demystifying VMware Mirage: Tips and Tricks for Success Simon Long, VMware Justin Venezia, VMware EUC4815 #EUC4815
2 Agenda Horizon Mirage – A Quick Overview Tips & Tricks For Success High-Level Architecture Examples Q & A
3 Horizon Mirage – A Quick Overview
6 Typical Use Cases Automated Windows OS Migration & Deployment System Recovery (BC/DR) Hardware Migration & Refresh Simplified Image Management BYOD (With Fusion Pro & VMware Workstation)
7 Mirage server • Images are stored and manipulated in datacenter • Unlike VDI, images do not run in datacenter • Images are automatically synchronized with endpoints • Logical layering of images increases granularity Centralized images Data Transfer optimized • Stores data only once • Transfers only what is not present on destination • All transfers are compressed Base layer Desktops or laptops with Mirage client • Endpoints always run local copy of Windows • Does not require hypervisor or format • Local drivers are leveraged • Changes from Mirage are merged directly into Windows End users Mirage Architecture – Manage Centrally, Execute Locally!
8 Layered, Single Image Management Horizon Mirage Layers Layers are stored in the data center Mirage performs granular operations on Mirage-managed endpoints Orange layers continuously backed up from endpoints Green layers managed by IT End User PC Machine Identity Layer (identity, customizations) User Personalization Layer (user data, installed apps & profile) Base Layer (OS, infra SW, core apps) Driver Library Mirage Application layers
9 Bringing it all Together: Single Image Management Single Base Layer Windows 7 Antivirus Common Apps Dell Drivers HP Drivers VMware Drivers Finance Apps HR Apps IT Apps Up to 20,000 Endpoints
10 Horizon Mirage Components Horizon Mirage Client Four Megabyte MSI deployed to all clients Mirage-related endpoint operations & File/Folder Recovery Horizon Mirage Servers Mirage Management Server (interfaces with DB) Mirage Server (controls all operations and objects) File Portal And Web Management Optional feature(s) used for Web Administration & File/Folder Recovery Must be on a server that is on the domain Can co-reside on the Mirage Server itself Branch Reflector “In-branch” device that can service base layers & updates, drivers, and migration functionality, eliminating WAN traffic for certain Mirage operations No additional setup/install required; simply designate an existing endpoint as a Branch Reflector Management Console MMC Admin Console to connect to Mirage Management server
11 Data center Mirage server cluster Load balancer Internet Typical Horizon Mirage Deployment NAS volumes Mirage consoleMobile VPN Mirage Clients
12 Tips and Tricks For Success
13 Endpoint Assessment Know Thy Endpoint! • If you don’t understand what’s on the desktop, you won’t know what or how much data you will be managing Good data drives good Mirage design decisions Tools & Techniques • Lakeside/Liquidware Labs • SCCM or other Desktop Inventory Tools • Mirage PoC (Sample of Desktops) Hardware, Networking & Security • Speed of Hardware • Connectivity (LAN/WAN/VPN) • Disk Encryption & Endpoint Protection
14 Endpoint Assessment (cont.) Application Rationalization • Installed Applications • Are those apps READY for Windows 7? User Data & Behavior • Personal vs. Corporate Data • Movies, Pictures, Music • The “Gypsy User”
15 Application Integration Mirage does not differentiate how applications are installed • It’s WHERE they are installed that’s important Place applications in the Base Layers when it makes sense • Globally-used applications • System-level software (AV, VPN, etc.) Continue leveraging the application delivery & integration strategy that works best for you • SCCM, Active Directory, Tivoli • Mirage Application Layers • ThinApp & App-V • User Installed Applications
16 Application Layers Application Isolation • Not part of Mirage Application Layers unless used with ThinApp • Appear and function as if natively installed Application Conflicts • Application conflicts can exist, even using Horizon Mirage Application Layers Application Packaging • Use a Virtual Machine for Application Layer Reference CVD • Restore VM to original state using VMware Snapshot before capturing another application • Application Packages are specific to OS version & type • Start with a clean capture machine
17 Base Layer Considerations Keep the amount of Base Layers to a minimum • Prevent image sprawl - keep image as generic as possible • The larger the image, the more data you will send across the wire When creating Driver Libraries, download the drivers from the hardware vendor Base Layer Applications • Include system-level software & globally-used applications Full Disk Encryption • Exclude from the base layer image
18 Base Layer Conflicts Base Layers can potentially conflict with software installed on Endpoints. • Older version of application in Base Layer conflict with updated application in Base Layer • Windows updates in Base Layer conflict with Endpoint application requirements • Newer updates on Endpoint conflict with versions in Base Layer Handling Conflicts 1. Test before deployment 2. Layer Dry-Run Reports 3. Base Layer Rules 4. Base Layer Override Policies
19 Upload Policies Upload Policy “Areas” • Protected Area – Files and folders on a device that are centralized in the datacenter • Unprotected Area – Files and folders that will NOT be centralized • User Area – Protected files and folders that belong solely to the endpoint user Applications or data placed into the user profile are captured in the user area Applications or data placed anywhere else are captured in the Protected Area.
20 Upload Policies Upload Policies impact centralization & synchronization Don’t back up what you don’t need! Do you NEED to back up the endpoints for OS migrations? • Accelerates migration timeline & reduces storage needs for Mirage • No roll-back of Windows XP or Windows 7 Endpoint during OS Migration Large Files • To back them up or not?
21 Steady State Synchronization – The Balancing Act Getting the right synchronization interval is key Network speed (LAN/WAN/VPN) • Type of connection & available bandwidth Amount of changed data on endpoint • Data de-duplication – does it already exists (i.e. Patch Tuesday)? • Upload policies – do I need to backup all changed data? • How long does an incremental upload take? Storage performance & capacity • IOPS • Available disk space Endpoint availability • Stationary vs. mobile/laptop users
22 Branch Reflector Branch Reflectors are your FRIEND • Use it on the LAN & WAN • Make sure your AD Sites & Services are configured properly • Only supports “Downstream” operations ONLY Use desktop PC that is not assigned to a user & has ample compute/storage resources Powered on 24/7 to support Mirage operations Avoid using laptops, if possible • Taken home or moved between offices • If laptops are the Branch Reflector available • Use cabled connection & no power management • Ensure ample compute/storage
23 Networking Know Thy Network! • Map it out – know bandwidth capacity and utilization of the network • Wi-Fi Considerations Mirage Network Necessities • Quality and Class of Service/Priority Queuing/Traffic Shaping critical • Network maps and performance statistics • Understand the Mirage network usage patterns from a PoC/Pilot What should I expect on the network with Mirage? • LAN vs. WAN centralization/synchronization • Amount of data centralized/synchronized – more data, more bandwidth
24 Networking (cont.) Don’t forget the network path to the storage • Separation of client & storage network traffic, if at all possible • End-to-end networking (Mirage NIC out, the path, and the File Server NIC in) Include “Downstream” Operations in planning • Base Layer/App Layers, etc. If the network path to storage or networking is oversubscribed, Mirage will “throttle” the server. • It’s a safety net, not an design principle
25 Storage Sizing your storage is massively important • Conduct a PoC/Pilot to help with storage sizing estimates (IOPS, Capacity) • Pilot multiple use cases and variations of desktops, not just one • The IOPS requirements will depend on multiple factors • Amount of concurrent centralizations & downstream operations • Network bandwidth • User connectivity (on and off the network) • User productivity (how often the machine is in use) • Snapshot policy Local vs. Shared Storage • Shared storage is recommended (required for Mirage Clustering/Single Instance) • Local storage in a Mirage Cluster – it may work at first, but it will break Place Mirage Cache on Flash/SSD where possible
26 Storage (cont.) Single vs. Multiple CIFS shares • Better data de-duplication seen when more CVD’s are on a share • Recovery and other Single Instance Store maintenance operations can be significantly extended when using a single CIFS share • Shares with more CVDs become extremely large in size • Balance number of CIFS based on the needs and requirements of your organization Driver libraries are stored on the default Mirage SiS • If you delete this store, your drivers are gone
27 Security Full Disk Encryption • Enable Full Disk Encryption (FDE) that modify hard drives after Mirage integration • Decrypt FDE before any operation that modified MBR • Data files are NOT stored in an encrypted format on the Mirage Single Instance Store (SiS) when using FDE Microsoft Bitlocker & Sophos FDE are Supported • Bitlocker - upstream/downstream operations function properly • Sophos - disk encryption supported for OS Migration Microsoft Encrypted File System (EFS) • Encrypted files uploaded with EFS are restored with EFS Centralization over the Internet not supported • Must use VPN connection
28 Security (Cont.) Single Instance Store (SiS) Security • Files stored on Mirage SiS cannot be executed • Use NTFS, Share & ACL Permissions to secure Mirage SiS access • Limit data on share to ONLY Mirage-related data SSL • Encrypts Mirage network traffic over TCP 8000 – Use it! • All or nothing • Use it for the Web & File Portals Anti-Virus • It WILL affect Mirage Performance and Operations • Exclude Mirage Cache & Wanova.Server.Service.exe process • NAS and CIFS/SMB Filer Anti-Virus implementations are typically independent of scanning on Mirage Server
29 Operations & Administration Delegated Administration • Delegate based on risk, job responsibility and best suited IT group to support Mirage • Roles are Active Directory-integrated – use AD groups Operational Procedures • Run books for OS and hardware migrations, desktop backup/recovery, archiving & other Mirage operations • Run books for Help Desk - common support issues • Endpoint Centralization – Automatic vs. IT-initiated User Self Service – File/Folder Recovery • Provide simple procedures for file/folder recovery
30 Backup & Recovery Don’t forget the Mirage Database Lots and lots of files and folders means longer backup windows • Restoring Mirage components will also take awhile Integrate Mirage into corporate DR strategy • Conduct simulated Mirage recovery & document recovery procedures
31 Availability & Resiliency Use multiple Mirage servers in a clustered configuration (N+1) Use a Load-Balancing solution to distribute load across all Mirage Servers in a cluster Consider a dedicated/clustered MS SQL Database
32 Sizing Considerations Network • “You can’t drive a Buick through the eye of a needle.” • Bandwidth Speed & Overall Circuit Utilization are critical • Quality of Service/Class of Service or Priority Queuing • LAN-speed considerations Storage • IOPS, Connection Speed/Capacity to Storage • Amount of Data • Single vs. Multiple CIFS Shares
33 Sizing Considerations (cont.) Upload Policies • More Data = More Resources (Storage, Network) = More Time to complete a Mirage task Differential Data • Data change impacts how much data can be uploaded in a given time period Endpoint Availability and Connectivity • Laptops or Mobile Users - On/Off Network • Remote Users (VPN) Consider the volume & frequency of centralization, steady state & base layer operations Centralized vs. Distributed Architecture
34 Sizing Considerations (cont.) Gather REAL WORLD data through effective testing & validation • Environment uniqueness impacts the design • Real-world sampling/assessment & planning is critical to sizing Physical vs. Virtual Mirage Servers General guidelines • Appropriately size the environment based on real world data (PoC/Pilot) implementation • Don’t size for 100% utilization – size for target of 80% Don’t ignore the dependent infrastructure (i.e. storage & networking)
35 High-Level Architecture Examples
36 High Level Architecture Example #1
37 High Level Architecture Example #2
Demystifying VMware Mirage: Tips and Tricks for Success Simon Long, VMware Justin Venezia, VMware EUC4815 #EUC4815
Presentación que realice en el Evento Nacional de Gobierno Abierto, realizado los ...
In this presentation we will describe our experience developing with a highly dyna...
Presentation to the LITA Forum 7th November 2014 Albuquerque, NM
Un recorrido por los cambios que nos generará el wearabletech en el futuro
Um paralelo entre as novidades & mercado em Wearable Computing e Tecnologias Assis...
VMworld 2013 – Time to Vote! ... Demystifying VMware Mirage – Tips and Tricks for Success: ... ESX Top Tips and Tricks to Keep You on Top of ...
Home > Blogs > Support Insider > Tag Archives: VMworld. ... from VMworld 2013 featuring a VMware user from ... VMware Mirage – Tips and Tricks for Success:
My VMworld 2013 San ... VMware has just release their VMworld 2013 app for both ... Demystifying VMware Mirage: Tips and Tricks for Success ...
... VMware > VMworld Europe 2013 Day 2 and the VMworld Party VMworld Europe 2013 Day 2 and the ... Demystifying VMware Mirage: Tips and Tricks for ...
Voting for VMworld 2013 Sessions is now open to all. Do you believe it’s that time of year already? ... VMware Support Insider: VMworld 2013 ...
EUC4815 Demistifying VMware Mirage: Tips and Tricks for Success BCO5162 Implementing a Holistic BC/DR Strategy with VMware ... 8/26/2013 12:31:24 PM ...
... VMware has just release their VMworld 2013 app ... Demystifying VMware Mirage: Tips and Tricks ... I'm Simon Long and I've setup this Blog to pass ...