Can You Really Deploy VDI for Less than New PCs?

Citrix has been very vocal, lately, about the latest version of VDI-in-a-Box (“ViaB”), and has suggested that ViaB can be deployed for less than the cost of buying new PCs. But is that claim valid? With all due respect to my friends at Citrix – it depends. Specifically, it depends on the cost of the new PCs you’re considering, and on whether you have Microsoft Software Assurance on your existing desktop PCs, and on the level of reliability you want to have in your VDI infrastructure.

Don’t get me wrong – ViaB is a great product, and is, in my opinion, much easier to implement and manage than anything else I’ve seen out there, including XenDesktop. (In fact, in a future article, we’ll discuss when it makes sense to deploy full-blown XenDesktop vs. ViaB.) But we aren’t doing anyone any favors if we use misleading data.

For example, I’ve seen a pricing calculator from Citrix that states that a commodity server with 8 CPU cores (dual, quad-core processors), 32 Gb of RAM, and 250 Gb of direct-attached storage “can easily serve at least 30 desktops.” That same pricing calculator shows the cost of such a server as $3,000, with a qualifying note that it could be as much as $4,500. I have several problems with this:

RAM - Citrix’s own sizing guidelines indicates that you should allow for at least 1.5 Gb of RAM each, and preferably 2.0 Gb (sometimes more, depending on the workload) for virtual Windows 7 desktops. And, even if you’re still on Windows XP today and don’t want to change anytime soon, would you really want to deploy a new VDI system that wasn’t capable of supporting Windows 7 desktops when you do upgrade?

Personally, I would recommend at least 2 Gb per desktop. You also need to factor in “at least 1 Gb” (Citrix's words) for the hypervisor, and “at least 1 Gb” for the ViaB virtual appliance. That tells me that we’re looking at about 64 Gb of RAM, not 32 Gb, and that, in turn, is likely to push us to a more expensive server platform that's capable of handling that amount of RAM.

Storage - The ability to use direct-attached storage is a huge advantage for SMBs, because it eliminates reliance on a SAN. The ViaB appliances take care of replicating your “Golden Images” (the master images that you use to create VDI desktops) among themselves. But you have to include storage for those Golden Images when you design your servers.

The guideline here is to allow for 2x the size of your Golden Image (times the number of Golden Images, if you have more than one). So, let’s assume our Golden Image is 20 Gb, and that we have two different images that we’re going to use to provision desktops. That means we need 80 Gb for image storage.

We also need roughly 70 Gb for the ViaB virtual appliance itself. Then, assuming that we’re using the “linked clones” method of provisioning desktops (because that’s the most efficient use of space), we need to factor in 15% of the image size per desktop – so that’s 15% of 20 Gb x 30 desktops, which is another 90 Gb.

That brings us to 240 Gb…but we haven’t accounted for the space consumed by the hypervisor installation itself, and we haven’t factored in anything for swap files and any kind of transient activity. So 250 Gb probably isn’t going to do it in any case. And, if you plan to use persistent desktops for any of your users, remember that, given enough time, they will eventually grow to the size of your Golden Image itself.

IOPS – We also need to factor in the disk IOPS that our virtual desktops will need while they’re running. A Windows 7 desktop will consume 10 – 20 IOPS, depending on the use case. Again, using Citrix’s own sizing guidelines, you would need at least four 15K SAS drives to support 25 – 50 virtual desktops. With any drive available on the market today, that’s going to total far more than 250 Gb of storage. (For more details on this subject, cruise on over to our Moose Logic blog site, and search for “IOPS.”) Redundancy—If a PC fails, you have a user down. If your VDI fails, you have multiple users down. So, if we’re talking about anything other than a proof-of-concept, you’re going to want some redundancy in that server. That means, at a minimum, redundant power supplies. I’d recommend RAID 10 for the disk drives as the best mix of performance and redundancy. You’re probably going to want hot-swap drives as well, so you don’t have to take the whole platform down to change out a failed disk drive. Again, these are not features you’re likely to find in a $3,000 server, or even in a $4,500 server. And if you really want high availability, you would build an “N+1” server array – meaning that if you can support your users on one server, you buy two; if you can support them on two, you buy three; if you can support them on three, you buy four; etc.

VDA Licenses – If you do not have Microsoft Software Assurance on your client PCs, or if you plan to use non-PC clients, like Macs or thin clients, you will need to purchase Microsoft Virtual Desktop Access (“VDA”) licenses. At present, these are only available on a subscription basis, at $100/user/year. So, to be fair, you can’t just lump in $100/user. You need to lump in $100 x the useful life of the PC you would otherwise purchase. If you tend to replace your PCs on a 3-year cycle, that’s $300/user.

So where does this leave us?

Well, here’s the kind of server I would actually recommend to someone who was doing a production deployment of ViaB for 30 users:

• Dual-processor, quad– or six-core
• Minimum of 64 Gb RAM
• Six 15K, hot-swap, SAS drives, with a high-end RAID controller tha has at least 512 Mb of read/write cache—two drives in a RAID1 configuration for the XenServer OS, and four drives in a RAID 10 configuration for the storage repository that will contain everything else. Those four should be 300 Gb drives. The first two could be smaller, but it’s probably simpler to standardize on one drive size.
• Hot-swap, redundant power supplies.
• 3 year, on-site, 7x24 manufacturer’s warranty, with 4-hour response.

My research suggests that a server that meets these specifications is likely to cost somewhere in the $10,000—$12,000 range, depending on manufacturer, model, additional NICs, etc.

Assuming it’s at the lower end of that range, and that you’re OK with having a single server, the numbers look like this:

• $10,000 / 30 users = $333 per user
• VDA Licenses (over three years) = $300 per user
• ViaB licenses + first year maintenance = $195 per user

Total: $828.00/user – which is probably pretty close to the cost of a decent, business-class PC, like a Dell Optiplex 390. That’s not a bad story, considering the ongoing flexibility that VDI can give you in supporting remote access, access from a wide variety of client devices including smart phones and iPad and Android tablets, and, arguably, lower ongoing management costs. Of course, if you want two servers, for redundancy, that pushes the cost to $1,161/user.

Let’s scale things up a bit, though. If you needed to support, say, 100 users, we could build the individual servers to support 50 each, and provision three servers so we could have that N+1 redundancy. The primary impact on the server cost would be more RAM, so let’s use the $12,000 price tag for the servers. That’s $36,000 for three servers, or $360/user. Add in the other pieces, and we’re at $855/user for a fully-redundant, highly-available VDI infrastructure. That’s starting to look a little more compelling to me.

So, to our original question: Can you really deploy VDI for less than the cost of a new PC? Maybe, maybe not. But I think we’ve demonstrated that the cost of VDI-in-a-Box can be very competitive with the cost of new PCs, and that, in itself, is pretty remarkable, because it now allows us to frame our business decision in terms of the strategic things that VDI can do for an organization without having to worry about paying a lot more for those strategic advantages.

Data Destruction and Data Security - Making a Plan

NOTE: This article was contributed by our friends at 3R Technology, specialists in data destruction services.

It’s official. Data is everywhere. You may have heard horror stories of government laptops being stolen or lost and thousands of confidential records being released. Or someone buying a hard drive on eBay and finding out that it contains sensitive data. (A 2009 investigation found that 34% of hard drives purchased on eBay contained sensitive data – including bank account information, medical records, and confidential business plans).

Now, with the advent of ‘cloud computing’ and mobile devices, data in many organizations is distributed much more widely, and thus is even more difficult to manage and prevent inadvertent or malicious release. Access and security are traditionally at odds with each other, and users want both.

Users may have information on desktop hard drives, laptop hard drives, data CDs, DVDs, and tapes. In addition, there now may also be information on flash drives, smart phones, and even copiers. (Most digital copiers made in the last 8 years have a hard drive, and many files that have been printed, emailed or copied may still be present on the hard drive.)

Data security is also becoming increasingly regulated to protect consumers. Healthcare organizations must comply with HIPAA. Financial institutions may have to comply with Sarbanes Oxley, GLBA or other legislation that mandates protection of sensitive information and punitive action if an organization does not comply.

What to do? Make a plan.

1. Start by identifying where and how information should be shared and with whom. Restrict information appropriately—if someone doesn’t need access to information, don’t allow it.
2. Identify compliance requirements for your industry.
3. Inventory all data-containing assets.
4. Limit access to mobile devices or data backups unless absolutely necessary.
5. Encrypt backups and mobile devices if possible and define who is responsible for the physical management of these devices.
6. Define how and when mobile devices should be returned to the company or reported if lost.
7. Decide how to respond and what resources are necessary in case of a data breach or theft. Again, data encryption methods are highly advised.
8. Finally, identify which methods of data destruction meet your requirements on devices that fail or are no longer needed.

Data Destruction Options
Generally, there are three types of data destruction—some of which work with any media, and some of which only apply to particular types of media.

Software – this method works with any rewriteable media – generally hard drives, but also can be used with dynamic media such as a flash drive. A generally accepted industry standard is the DoD 5220.22-M (US Department of Defense) binary wipe. Most organizations rightly assume that if it’s good enough for the Department of Defense, it’s probably good enough for them. This process is a 3 pass binary wipe on every byte of media with zeros, FFFFs, and then random characters. The final stage of the process is a verify of the wipe. This wiping process is significantly different than a format, which just erases the table or index specifying where data is on the drive, but not the actual data itself. Examples of binary wiping software include KillDisk, BCWipe, and DBAN, and their feature sets are fairly similar.

Advantages: Very inexpensive, plus the hard drive or media can be reused after this process as only the information has been removed from the drive and not its functionality. This can preserve the value of an IT asset that contains a hard drive.

Disadvantage: A time consuming process – made significantly longer by larger quantities and greater capacity of drives.

Degaussing – this method works on any magnetic media – such as a hard drive or data tape. It will not work on optical media such as CDs or Tapes. In the case of a hard drive, it not only erases information on the platter but causes the drive mechanism to no longer function as designed.

Advantage: Inexpensive compared to physical destruction.

Disadvantages: It’s not always reliable, can be a user-‘unfriendly’ process to manage, and it’s difficult to test whether it has been successful – visually a hard drive will look the same.

Physical destruction – this method is the most reliable and least time consuming. Hard drives can be crushed or shredded or holes are punched through the platter(s). Tapes and optical media can be shredded, as well.

Advantages: Fast, effective, and reassuring.

Disadvantages: The main disadvantage is that the media cannot (obviously) be reused. It also can be messy, require special power considerations, and create environmental concerns for machine operators. This is often the most expensive method as well, due to the cost of the equipment to process the media.

Outsourcing — Certification and Contracts
If you choose to outsource data destruction – and many IT departments do - audit your vendor and make sure they provide a certificate of recycling or destruction that outlines their process and guarantee. Requesting a report with serial numbers and/or asset tag information on the data assets they are destroying helps ensure further proof of data security compliance and peace of mind.

If possible, obtain a contract. This is generally a best business practice for recycling, and especially for data destruction. Get the process, liability boundaries, and guarantees in writing, and have your legal advisor review it. This can help assure that your recycling and data destruction processes are that much clearer and safer. It should also provide guarantees for how end-of-life material is managed, such as the circuit boards on the hard drives.

Conclusion
However you decide to manage your data security and data destruction, whether by your own organization or by an outside vendor, make sure you have a plan, understand it fully, and execute it effectively. Beyond the obvious liability concerns, no company wants the public scrutiny and poor media image that may result from having confidential information released.

Contributed by Glen Gaidos, CEO and founder of 3R Technology, a firm specializing in the management of IT assets, electronics recycling and data destruction services.

Important Citrix End-of-Life Dates

If you are still running a Citrix server farm built on Windows Server 2003, you need to begin planning your transition, because both Presentation Server v4.5 and XenApp v5 for Server 2003 will both hit End of Life on March 31, 2013. That’s only a year away. At that point, there will be no support available for those products from Citrix whatsoever.

XenApp v5 for Windows Server 2008 and XenApp v6.0 for Windows Server 2008 R2 will both hit End of Life just four months later: July 15, 2013.

That means by mid-July of next year, the earliest version of XenApp that will still be supported by Citrix will be XenApp v6.5 for Windows Server 2008 R2. Since 2008 R2 is a 64-bit-only Operating System, that means all of your applications must be able to run on a 64-bit OS, all of your printers must have 64-bit drivers (or work with the Citrix Universal Print Driver), etc.

What if you can’t get there in time? Your best way out may be to deploy some virtual Windows XP PCs if you are stuck supporting otherwise-incompatible apps. You can do that via XenDesktop, VDI-in-a-Box, or the “VM Hosted Apps” feature that’s available in XenApp 5, Feature Pack 2, and later.

Irish Americans By the Numbers

• There are almost 35 million Americans that claim Irish ancestry, more than seven times the population of Ireland itself.
• There are seven places in the United States with Shamrock in their names. These towns can be found in West Virginia, Texas, Indiana, Oklahoma, Minnesota, Nebraska, and Missouri.
• There are about 145,000 Irish-born naturalized residents in the United States.
• Every year the U.S. produces 2.3 billion pounds of cabbage, with much of it going toward St. Patrick Day celebrations.

Good Directions

Seamus was trimming a hedge when a big car drew up beside him. An Englishman leaned out the window and said, "Can you tell me way to Balbriggan, please?"

"Certainly," said Seamus. "You take the first road to the right. No, that is not it. No, drive on for about three miles and then turn left at the crossroads. Wait, that will not do either."

Seamus scratched his head thoughtfully. "You know, sir, if I was going to Balbriggan, I wouldna start from here at all."