Daily Archives: October 1, 2020

TSR – The Server Room Show – Episode 46 – VDI & Thin Clients

The Three Types of Client Virtualization

Presentation Virtualization

Think of RDP or VNC technologies or Microsoft Terminal Server / Citrix Metaframe where all the running applications lives, runs , consumes ram and cpu on the Remote Server while You the user interact with it through a presented window or shell to use a better word like a VNC Window or an RDP connection

VDI

Virtual Desktop Infrastructure , the topic of today so lets skip this for now.

Application Virtualization

a case where individual application/s can run on the client machine without ever being installed on it but consuming resources on it and running like it was installed on the client natively. The application runs itself in a sandbox or on top of an abstraction layer which allows even various versions of the same application to be executed in the same time f.e Office 2003 and Office 2019 side by side without causing any compatibility or other issues on the client itself. Wine the windows emulation layer for linux is very similar in fact and if You ask me I consider it a form of Application Virtualization as it fits the example nearly perfectly with the exception that apps in wine indeed installs locally on a specific folder when You run/install them. It does however fulfills the function of allowing an applciation to run in a foreign client or on top of an OS where otherwise it would not be possible natively. (Windows app on Linux or vice versa)

What is it Virtual Desktop Infrastructure?

Virtual desktop infrastructure or VDI is a technology that refers to the use of virtual machines to provide and manage virtual desktops. VDI hosts desktop environments on a centralized server and deploys them to end-users on request. 

In VDI, a hypervisor segments servers into virtual machines that in turn host virtual desktops, which users access remotely from their devices. Users can access these virtual desktops from any device or location, and all processing is done on the host server. Users connect to their desktop instances through a connection broker, which is a software-based gateway that acts as an intermediary between the user and the server.

VDI can be either persistent or nonpersistent. Each type offers different benefits:

  • With persistent VDI, a user connects to the same desktop each time, and users are able to personalize the desktop for their needs since changes are saved even after the connection is reset. In other words, desktops in a persistent VDI environment act exactly like a personal physical desktop. 
  • In contrast, nonpersistent VDI, where users connect to generic desktops and no changes are saved, is usually simpler and cheaper, since there is no need to maintain customized desktops between sessions. Nonpersistent VDI is often used in organizations with a lot of task workers, or employees who perform a limited set of repetitive tasks and don’t need a customized desktop.

Why VDI?

VDI offers a number of advantages, such as user mobility, ease of access, flexibility and greater security. In the past, its high-performance requirements made it costly and challenging to deploy on legacy systems, which posed a barrier for many businesses. However, the rise in enterprise adoption of hyperconverged infrastructure (HCI) offers a solution that provides scalability and high performance at a lower cost.

What are the benefits of VDI?

Although VDI’s complexity means that it isn’t necessarily the right choice for every organization, it offers a number of benefits for organizations that do use it. Some of these benefits include: 

  • Remote access: VDI users can connect to their virtual desktop from any location or device, making it easy for employees to access all their files and applications and work remotely from anywhere in the world.
  • Cost savings: Since processing is done on the server, the hardware requirements for end devices are much lower. Users can access their virtual desktops from older devices, thin clients, or even tablets, reducing the need for IT to purchase new and expensive hardware. 
  • Security: In a VDI environment, data lives on the server rather than the end client device. This serves to protect data if an endpoint device is ever stolen or compromised.
  • Centralized management: VDI’s centralized format allows IT to easily patch, update or configure all the virtual desktops in a system.

What is VDI used for?

Although VDI can be used in all sorts of environments, there are a number of use cases that are uniquely suited for VDI, including:

  • Remote work: Since VDI makes virtual desktops easy to deploy and update from a centralized location, an increasing number of companies are implementing it for remote workers.
  • Bring your own device (BYOD): VDI is an ideal solution for environments that allow or require employees to use their own devices. Since processing is done on a centralized server, VDI allows the use of a wider range of devices. It also offers better security, since data lives on the server and is not retained on the end client device.
  • Task or shift work: Nonpersistent VDI is particularly well suited to organizations such as call centers that have a large number of employees who use the same software to perform limited tasks. 

What is the difference between VDI and desktop virtualization?

Desktop virtualization is a generic term for any technology that separates a desktop environment from the hardware used to access it. VDI is a type of desktop virtualization, but desktop virtualization can also be implemented in different ways, such as remote desktop services (RDS), where users connect to a shared desktop that runs on a remote server.

What is the difference between VDI and virtual machines (VMs)?

Virtual machines are the technology that powers VDI. VMs are software “machines” created by partitioning a physical server into multiple virtual servers through the use of a hypervisor. (This process is also known as server virtualization.) Virtual machines can be used for a number of applications, one of which is running a virtual desktop in a VDI environment.

What is Virtual Desktop?

Virtual desktops are preconfigured images of operating systems and applications in which the desktop environment is separated from the physical device used to access it. Users can access their virtual desktops remotely over a network. Any endpoint device, such as a laptop, smartphone or tablet, can be used to access a virtual desktop. The virtual desktop provider installs client software on the endpoint device, and the user then interacts with that software on the device. 

A virtual desktop looks and feels like a physical workstation. The user experience is often even better than a physical workstation because powerful resources, such as storage and back-end databases, are readily available. Users may or may not be able to save changes or permanently install applications, depending on how the virtual desktop is configured. Users experience their desktop exactly the same way every time they log in, no matter which device they are logging into it from.

Types of virtual desktops

There are a few different types of virtual desktops and desktop virtualization technologies. Desktop virtualization means that you run a virtual machine on your desktop computer, think KVM, VirtualBox , VMware , Vagrant. Meanwhile Virtual desktop infrastructure (VDI) is a data center technology that supplies hosted desktop images to remote users.With host-based virtual machines, one virtual machine is allocated to each individual user at login. With persistent desktop technology, that user connects to the same VM each time they log in, which allows for desktop personalization. Host-based machines can also be physical machines hosting an operating system that remote users log into.

A virtual machine can also be client-based, where the operating system is executed locally on the endpoint. The advantage of this type of virtual desktop is that a network connection is not required for the user to access the desktop.

Virtual desktop infrastructure (VDI) refers to a type of desktop virtualization that allows desktop workstation or server operating systems to run on virtual machines that are hosted on a hypervisor in on-premises servers. The user experiences the operating system and applications on an endpoint device, just as if they were running locally. With desktops as a service (DaaS), a service provider hosts VDI workloads out of the cloud and provides apps and support for enterprise users.

How a virtual desktop works?

Virtual desktop providers abstract the operating system from a computer’s hardware with virtualization software. Instead of running on the hardware, the operating system, applications and data run on a virtual machine. An organization may host the virtual machine on premises. It is also common to run a virtual desktop on cloud-based virtual machines. Previously, only one user could access a virtual desktop from a single operating system. The technology has evolved to allow many users to share an operating system that is running multiple desktops.

IT administrators can choose to purchase virtual desktop thin clients for their VDI, or repurpose older or even obsolete PCs by using them as virtual desktop endpoints, which can save money. However, any money saved on physical infrastructure costs may need to be quickly reallocated to software licensing fees for virtual desktops. 

A virtual desktop infrastructure provides the option for users to bring their own device, which can again save IT departments money. This flexibility makes virtual desktops ideal for seasonal work or organizations that employ contractors for temporary work on big projects. Virtual desktops also work well for salespeople who travel frequently because their desktop is the same and they have access to all the same files and applications no matter where they are working.

What is the purpose of a virtual desktop?

A virtual desktop allows users to access their desktop and applications from anywhere on any kind of endpoint device, while IT organizations can deploy and manage these desktops from a centrally located data center.

Many organizations move to a virtual desktop environment because virtual desktops are usually centrally managed, which eliminates the need for updates and app installations on individual machines. Also, endpoint machines can be less powerful, since most computing happens in the data center.

How to use virtual desktops?

Virtual desktops are as easy to use as physical desktops. Users simply log in to their desktop from their chosen device and connect via the network to a remotely located virtual machine that presents the desktop on the endpoint device. Users can interact with applications on a virtual desktop in the same way that they would on a physical desktop. Users may or may not be able to personalize or save data locally on a virtual desktop, depending on which desktop virtualization technology they are using.



How We used Virtual Desktop Infrastructure backed by VMware Horizon at work in the past?

We used VMware Horizon product to serve the persistent-VDI’s ( always accessing the same Virtual machine image/clone) with the possibility to customize and keep things there like documents on the desktop or links in the web browser)

We might have used Citrix backend previously as in some documentation i saw hints to Citrix and I do not think that the two environments can mix&match.

Two factor authentication with Microsoft Authenticator which also tied into Azure and our AD credentials were mandatory it was pretty much SSO (Single Sign On) everywhere with 2FA as default.


Thin Clients


Thin Clients – My Thin Clients ( Fujitsu physical and Virtual/VM one I use)

Software (form of a VM like Unicorn Software eLux can run in a VM just like on a Physical HW) and Hardware offerings both exists.


What is a Thin Client / Zero Client?

In computer networking, a thin client is a simple (low-performance) computer that has been optimized for establishing a remote connection with a server-based computing environment. The server does most of the work, which can include launching software programs, performing calculations, and storing data. This contrasts with a fat client or a conventional personal computer; the former is also intended for working in a client–server model but has significant local processing power, while the latter aims to perform its function mostly locally.

Thin clients occur as components of a broader computing infrastructure, where many clients share their computations with a server or server farm. The server-side infrastructure uses cloud computing software such as application virtualization, hosted shared desktop (HSD) or desktop virtualization (VDI). This combination forms what is known as a cloud-based system, where desktop resources are centralized at one or more data centers. The benefits of centralization are hardware resource optimization, reduced software maintenance, and improved security.

  • Example of hardware resource optimization: Cabling, bussing and I/O can be minimized while idle memory and processing power can be applied to user sessions that most need it.
  • Example of reduced software maintenance: Software patching and operating system (OS) migrations can be applied, tested and activated for all users in one instance to accelerate roll-out and improve administrative efficiency.
  • Example of improved security: Software assets are centralized and easily firewalled, monitored and protected. Sensitive data is uncompromised in cases of desktop loss or theft.

Thin client hardware generally supports common peripherals, such as keyboards, mouses, monitors, jacks for sound peripherals, and open ports for USB devices (e.g., printer, flash drive, webcam). Some thin clients include (legacy) serial or parallel ports to support older devices, such as receipt printers, scales or time clocks. Thin client software typically consists of a graphical user interface (GUI), cloud access agents (e.g., RDP, ICA, PCoIP), a local web browser, terminal emulators (in some cases), and a basic set of local utilities.

Zero Clients

Zero client is also referred as ultra thin client, contains no moving parts but centralizes all processing and storage to just what is running on the server. As a result, it requires no local driver to install, no patch management, and no local operating system licensing fees or updates. The device consumes very little power and is tamper-resistant and completely incapable of storing any data locally, providing a more secure endpoint. While a traditional thin client is streamlined for multi-protocol client-server communication, a zero client has a highly tuned on board processor specifically designed for one possible protocol (PCoIP, HDX, RemoteFX, DDP). A zero client makes use of very lightweight firmware that merely initializes network communication through a basic GUI (Graphical User Interface), decodes display information received from the server, and sends local input back to the host. A device with such simple functionality has less demand for complex hardware or silicon, and therefore becomes less prone to obsolescence. Another key benefit of the zero client model is that its lightweight firmware represents an ultra-small attack surface making it more secure than a thin client. Further, the local firmware is so simple that it requires very little setup or ongoing administration. It’s the ultimate in desktop simplification but the trade-off is flexibility. Most mainstream zero clients are optimized for one communication protocol only. This limits the number of host environments that a zero client can provide its users with access to.

Web Clients

Some Web Thin Clients examples are Chromebooks and Chromeboxes

Web clients only provide a web browser, and rely on web apps to provide general-purpose computing functionality. However, note that web applications may use web storage to store some data locally, e.g. for “offline mode”, and they can perform significant processing tasks as well. Rich Internet Applications for instance may cross the boundary, and HTML5 web apps can leverage browsers as run-time environments through the use of a cache manifest or so-called “packaged apps” (in Firefox OS and Google Chrome).

Examples of web thin clients include Chromebooks and Chromeboxes (which run Chrome OS) and phones running Firefox OS. O Chromebooks and Chromeboxes also have the capability of remote desktop using the free Chrome Remote Desktop browser extension, which means, other than being a web thin client, they can also be used as an ultra-thin client (see above) to access PC or Mac applications that do not run on the Chromebook directly. Indeed, they can be used as a web thin client and an ultra-thin-client simultaneously, with the user switching between web browser and PC or Mac application windows with a click.

Chromebooks are also able to store user documents locally – though, with the exception of media files (which have a dedicated player application to play them), all such files can only be opened and processed with web applications, since traditional desktop applications cannot be installed in Chrome OS.

Providers

Popular providers of zero clients include Wyse (Xenith), IGEL Technology, 10ZiG, Teradici, vCloudPoint

Fujitsu , HP , Wyse , Dell .. other open source HW like Openthinclient

Clearcube

Windows Thin PC OS for Thin Clients ( Windows 7 Thin Client OS x86 still supported till the end of 2021)

Unicorn Software – eLux ( i run it in a VM and works perfectly)


PXE Boot for those thin clients

In computing, the Preboot eXecution Environment (PXE, most often pronounced as pixie) specification describes a standardized client-server environment that boots a software assembly, retrieved from a network, on PXE-enabled clients. On the client side it requires only a PXE-capable network interface controller (NIC), and uses a small set of industry-standard network protocols such as DHCP and TFTP.

The concept behind the PXE originated in the early days of protocols like BOOTP/DHCP/TFTP, and as of 2015 it forms part of the Unified Extensible Firmware Interface (UEFI) standard. In modern data centers, PXE is the most frequent choice[1] for operating system booting, installation and deployment.

The PXE environment relies on a combination of industry-standard Internet protocols, namely UDP/IP, DHCP and TFTP. These protocols have been selected because they are easily implemented in the client’s NIC firmware, resulting in standardized small-footprint PXE ROMs. Standardization, small size of PXE firmware images and their low use of resources are some of the primary design goals, allowing the client side of the PXE standard to be identically implemented on a wide variety of systems, ranging from powerful client computers to resource-limited single-board computers (SBC) and system-on-a-chip (SoC) computers.

DHCP is used to provide the appropriate client network parameters and specifically the location (IP address) of the TFTP server hosting, ready for download, the initial bootstrap program (NBP) and complementary files. To initiate a PXE bootstrap session the DHCP component of the client’s PXE firmware broadcasts a DHCPDISCOVER packet containing PXE-specific options to port 67/UDP (DHCP server port); it asks for the required network configuration and network booting parameters. The PXE-specific options identify the initiated DHCP transaction as a PXE transaction. Standard DHCP servers (non PXE enabled) will be able to answer with a regular DHCPOFFER carrying networking information (i.e. IP address) but not the PXE specific parameters. A PXE client will not be able to boot if it only receives an answer from a non PXE enabled DHCP server.

After parsing a PXE enabled DHCP server DHCPOFFER, the client will be able to set its own network IP address, IP Mask, etc., and to point to the network located booting resources, based on the received TFTP Server IP address and the name of the NBP. The client next transfers the NBP into its own random-access memory (RAM) using TFTP, possibly verifies it (i.e. UEFI Secure Boot), and finally boots from it. NBPs are just the first link in the boot chain process and they generally request via TFTP a small set of complementary files in order to get running a minimalistic OS executive (i.e. WindowsPE, or a basic Linux kernel+initrd). The small OS executive loads its own network drivers and TCP/IP stack. At this point, the remaining instructions required to boot or install a full OS are provided not over TFTP, but using a robust transfer protocol (such as HTTP, CIFS, or NFS).

PXE acceptance since v2.1 has been ubiquitous; today it is virtually impossible to find a network card without PXE firmware on it. The availability of inexpensive Gigabit Ethernet hardware (NICs, switches, routers, etc.) has made PXE the fastest method available for installing an operating system on a client when competing against the classic CD, DVD, and USB flash drive alternatives.

Over the years several major projects have included PXE support, including:

  • All the major Linux distributions.
  • HP OpenVMS on Itanium hardware.
  • Microsoft Remote Installation Services (RIS)
  • Microsoft Windows Deployment Services (WDS)
  • Microsoft Deployment Toolkit (MDT)
  • Microsoft System Center Configuration Manager (SCCM)

In regard to NBP development there are several projects implementing Boot Managers able to offer boot menu extended features, scripting capabilities, etc.:

  • Syslinux PXELINUX
  • gPXE/iPXE

All the above-mentioned projects, when they are able to boot/install more than one OS, work under a “Boot Manager – Boot Loader” paradigm. The initial NBP is a Boot Manager able to retrieve its own configuration and deploy a menu of booting options. The user selects a booting option and an OS dependent Boot Loader is downloaded and run in order to continue with the selected specific booting procedure.



PXE Boot over WAN?

2PrintSoftware ipxeanywhere claims it can PXE Boot over Cloud or WAN .. interesting but I would like to find open source solutions which work and well documented.

I saw some posts about people trying to set this up over WAN with not much success.
Im sure with cloud offerings or some of the infrastructure parts running on the cloud it is easier to do now than before? maybe its just my assumption blindly.

——-


Perhaps this is as good place as any to mention Desktop As a Service Vs VDI (hinted at it previously)

DaaS is a form of Virtual Desktop Infrastructure (VDI), hosted in the cloud. With VDI, an organization deploys virtual desktops from its own on-premises data centers. In-house IT teams are responsible for deploying the virtual desktops as well as purchasing, managing, and upgrading the infrastructure.

DaaS is essentially the same thing but the infrastructure is cloud-based. Organizations that subscribe to a DaaS solution don’t need to manage their own hardware.

DaaS providers manage the VDI deployment, as well as the maintenance, security, upgrades, data backup, and storage. And the customer manages the applications and desktop images. DaaS is a good choice for organizations that don’t want to invest in and manage their own on-premises VDI solution.

So in a few words DaaS can be a great solution *the correct form of Virtual Desktop Infrastructure* when You want to cross the internet or move the whole infrastructure to the cloud instead of doing it on permises with internal IT Teams on Your own intranet/network


Open Source Vs Commercial Offerings

VMware Horizon (on permises)

Citrix Virtual Apps and Desktop (used to be called Xenapp)

Microsoft Windows Virtual Desktop backed by Azure VM ( use windows on any device)

Amazon Workspaces (cloud)

Parallels RAS

SoftOnNet

flexVDI

FOSS-Cloud

Links

https://www.goodfirms.co/blog/best-free-open-source-virtual-desktop-infrastructure-software

https://www.zdnet.com/article/desktop-virtualization-vs-virtual-desktop-infrastructure/

https://openthinclient.com/en/

https://openthinclient.com/en/shop/hardware/

https://thinstation.github.io/thinstation/

http://rpitc.blogspot.com/

https://superuser.com/questions/1237099/how-to-pxe-boot-over-wan

https://docs.microsoft.com/en-us/troubleshoot/mem/configmgr/boot-from-pxe-server

https://netboot.xyz/

http://www.softonnet.com/eng/technologies/desktop-virtualization

https://betawiki.net/wiki/Windows_Thin_PC

https://unicorn-software.com

http://undeadly.org/cgi?action=article&sid=20121026064602

igel.com