We’ve written a lot here regarding XenDesktop’s two provisioning methods: Provisioning Services and Machine Creation Services. Earlier this week, at the Citrix Synergy Conference in San Francisco, there was a session specifically devoted to discussing those two provisioning methods, providing a high level overview of how they worked, the best practices for deploying each of them, and even some guidelines for how to determine which approach is best for your organization. For the benefit of those who couldn’t make it to Synergy - or those who did make it, but would like a better way to share that information with others in their organizations - that session was recorded and is available on Citrix TV. You can view it below:
Tag Archives: Provisioning Services
IntelliCache and the IOPS Problem
If you’ve been following this blog for any length of time, you know that we’ve written extensively about XenDesktop, and spent a lot of time on best practices and problems to avoid. And one of the biggest problems to avoid is poor storage design resulting in poor VDI performance.
In a nutshell, the problem is that a Windows desktop OS uses disk far differently than a Windows server OS. Thanks to the way Windows uses the swap file, disk writes outnumber disk reads by about 2 to 1. You can build your virtual desktop infrastructure on the latest and greatest server hardware, with tons of processing power and insanely huge amounts of RAM, but if all of the disk I/O for all of those virtual desktops is hitting your SAN, you’ve got a scalability problem on your hands.
Provisioning Services (“PVS”) can help to mitigate this in two ways (assuming for sake of argument that you’re provisioning multiple virtual systems from a common, read-only image): First, if you build your Provisioning Servers correctly, you should be able to serve up most of the OS read operations from the Provisioning Server’s own cache memory. Second, you can use the virtualization host’s local disk storage as the required “write cache” - because all of those write operations have to go somewhere while the virtual system is running.
But XenDesktop 5 introduced a new way to provision desktops called “Machine Creation Services” (“MCS”). We wrote about this in the April edition of our Moose Views newsletter, so if you’re not familiar with all the pros and cons of MCS vs. PVS, I’d encourage you to take a brief time out and read that article. Suffice it to say that, despite all the advantages of MCS, the biggest downside of using MCS to provision pooled desktops was that all of the IOPS hit your SAN storage, which limited the scalability of an MCS-provisioned VDI deployment.
But all of that just changed, with the release of XenDesktop 5 Service Pack 1, which was made available for download a week ago (May 13). With SP1, XenDesktop 5 is now able to take advantage of the “IntelliCache” feature that was introduced as part of XenServer v5.6 Service Pack 2. Using MCS with the combination of XenDesktop 5 SP1 and XenServer SP2…
- The first time a virtual desktop is booted on a given XenServer, the boot image is cached on that XenServer’s local storage.
- Subsequent virtual desktops booted on that same XenServer will boot and run from that locally cached image.
- You can use the XenServer’s local storage for the write cache as well.
The bottom line is that you can move as much as 90% of the IOPS off of the SAN and onto local XenServer storage, removing nearly all of the scalability limitations from an MCS-provisioned environment.
With most of the IOPS for running VMs taking place on local storage, it’s pretty straightforward to figure out how many VMs you can expect to support on a given virtualization host. Dan Feller’s blog post does a great job of walking through the process of calculating the functional IOPS that your local XenServer storage repository should be able to support, and inferring from that number how many light, normal, or power users you should be able to support as a result.
This also means that using XenServer as the hypervisor for your XenDesktop 5 deployment is going to yield a significant performance advantage over any other hypervisor, unless or until the other guys come out with similar local caching features. So, if you’re a VMware shop, my advice is this: Go ahead and virtualize all of the supporting XenDesktop server components on your VSphere infrastructure. Run your XenDesktop 5 VMs on XenServer hosts, and just don’t tell anyone! If you’re asked, just say, “Oh, yeah, these are my XenDesktop host systems - they’re completely separate from our VSphere infrastructure, because we don’t need the (insert favorite VSphere feature) function for these systems.” Your infrastructure will run better, and no one will know but you…
Top Ten VDI Mistakes (According to Dan Feller)
Dan Feller is a Lead Architect with the Citrix Consulting group, and has written extensively about XenDesktop. We found his series on the top ten mistakes people make when implementing desktop virtualization to be quite enlightening. In case you missed it, we thought we’d share his “top ten” list here, with links to the individual posts. We would highly recommend that you take the time to read through the series in its entirety:
#10 - Not calculating user bandwidth requirements
Back in the “good old days” of MetaFrame, when we didn’t particularly care about 3D graphics, multimedia content, etc., we could get by with roughly 20 Kbps of network bandwidth per user session. That’s not going to cut it for a virtualized desktop, for a number of reasons that Dan outlines in his blog post. He provides the following estimates for the average bandwidth required both with and without the presence of a pair of Citrix Branch Repeaters (which have some secret sauce that is specifically designed to accelerate Citrix traffic) between the client device and the virtual desktop session:
| Parameter | XenDesktop Bandwidth without Branch Repeater | XenDesktop Bandwidth with Branch Repeater |
|---|---|---|
| Office Productivity Apps | 43 Kbps | 31 Kbps |
| Internet | 85 Kbps | 38 Kbps |
| Printing | 553 - 593 Kbps | 155 - 180 Kbps |
| Flash Video (with HDX redirection) | 174 Kbps | 128 Kbps |
| Standard WMV Video (with HDX redirection) | 464 Kbps | 148 Kbps |
| HD WMV Video (with HDX redirection) | 1812 Kbps | 206 Kbps |
NOTE: These are estimates - your mileage may vary!
One thing that should come across loud and clear from the table above is what a huge difference the Citrix Branch Repeater can make in your bandwidth utilization. And as we’ve always said: you only buy hardware once – bandwidth costs go on forever!
#9 - Not considering the user profile
It should go without saying that user profiles are important. But if it’s number 9 on the list of things people most often screw up, then apparently it doesn’t. In a nutshell: If you mess up the users’ profiles, the users won’t be happy – logon/logoff performance will suffer, settings (including personalization) will be lost. If the users aren’t happy, they will be extremely vocal about it, and your VDI deployment will fail for lack of user buy-in and support. There are some great tools available for managing user profiles, including the Citrix Profile Manager, and the AppSense Environment Manager. AppSense can even maintain a consistent user experience across platforms – making sure that the user profile is the same regardless of whether the user is logged onto a Windows XP system, a Windows 7 System, or a Windows Server 2008 R2-based XenApp server.
Do yourself a favor and make sure you understand what your users’ profile requirements are, then investigate the available tools and plan accordingly.
#8 - Lack of an application virtualization strategy
How many applications are actually deployed in your organization? Do you even know? Are the versions consistent across all users? Which users use which applications? You have to understand the application landscape before you can decide how you’re going to deploy applications in your new virtualized desktop environment.
You have three basic choices on how to deliver apps:
- You can install every application into a single desktop image. That means that whenever an application changes, you have to change your base image, and do regression testing to make sure that the new or changed application didn’t break something else.
- You can create multiple desktop images with different application sets in each image, depending on the needs of your different user groups. Now if an application changes, you may have to change and do regression testing on multiple images. It’s worth noting that many organizations have been taking this approach in managing PC desktop images for years…but part of the promise of desktop virtualization is that, if done correctly, you can break out of that cycle. But to do that, you must…
- Remove the applications from the desktop image and deliver them some other way: either by running them on a XenApp server, or by streaming the application using either the native XenApp streaming technology or Microsoft’s App-V (or some other streaming technology of your choice).
Ultimately, you may end up with a mixed approach, where some core applications that everyone uses are installed in the desktop image, and the rest are virtualized. But, once again, it’s critical to first understand the application landscape within your organization, and then plan (and test) carefully to determine the best application delivery approach.
#7 - Improper resource allocation
Quoting Dan: “Like me, many users only consume a fraction of their total potential desktop computing power, which makes desktop virtualization extremely attractive. By sharing the resources between all users, the overall amount of required resources is reduced. However, there is a fine line between maximizing the number of users a single server can support and providing the user with a good virtual desktop computing experience.”
This post provides some great guidelines on how to optimize the environment, depending on the underlying hypervisor you’re planning to use.
#6 - Protection from Anti-Virus (as well as protection from viruses)
If you are provisioning desktops from a shared read-only image (e.g., Citrix Provisioning Services), then any virus infection will go away when the virtual PC is rebooted, because changes to the base image – including the virus – are discarded by design. But you still need AV protection, because the virus can use the interval between infection and reboot to propagate itself to other systems. The gotcha here is that the AV software itself can cause serious performance issues if it is not configured properly. Dan provides a great outline in this post for how to approach AV protection in a virtual desktop environment.
#5 - Managing the incoming storm
In most organizations, the majority of users arrive and start logging into their desktops at approximately the same time. What you don’t want is dozens, or hundreds, of virtual desktops trying to start up simultaneously, because it will hammer your virtualization environment. There are some very specific things you need to do to survive the “boot storm,” and Dan outlines them in this post.
#4 - Not optimizing the virtual desktop image
Dan provides several tips on things you should do to optimize your desktop image for the virtual environment. He also has specific sections on his blog that deal with recommended optimizations for Windows 7.
#3 - Not spending your cache wisely
Specifically, we’re talking about configuring the system cache on your Provisioning Server appropriately, depending on the OS and amount of RAM in your Provisioning Server, and the type of storage repository you’re using for your vDisk(s).
#2 - Using VDI defaults
Default settings are great for getting a small Proof of Concept up and running quickly. But as you scale up your VDI environment, there are a number of things you should do. If you ignore them, performance will suffer, which means that users will be upset, which means that your VDI project is more likely to fail.
#1 - Improper storage design
This shouldn’t be a surprise, because we’ve written about this before, and even linked to a Citrix TV video of Dan discussing this very thing as part of developing a reference architecture for an SMB (under 500 desktops) deployment. We’re talking here about how to calculate the “functional IOPS” available from a given storage system, and what that means in relation to the number of IOPS a typical user will need at boot time, logon time, working hours (which will vary depending on the users themselves), and logoff time.
Just to round things out, Dan also tossed in a few “honorable mentions,” like the improper use of NIC teaming or not optimizing the NIC configuration in Provisioning Servers, trying to provision images to hardware with mismatched hardware device drivers (generally not an issue if you’re provisioning into a virtual environment), and failing to have a good business reason for launching a VDI project in the first place.
Again, this post was intended to whet your appetite by giving you enough information that you’ll want to read through Dan’s individual “top ten” posts. We would heartily recommend that you do that - you’ll probably learn a lot. (We certainly did!)
Machine Creation Services and KMS
We’ve written extensively here about the challenges of using Citrix Provisioning Services to provision VMs that require key activation (i.e., Vista, Win7, and Server 2008/2008R2). We publicly rejoiced when the news broke that PVS v5.6, SP1, supported both KMS and MAK activation.
But now, with the advent of XenDesktop 5, there is a new way to provision desktops: Machine Creation Services (“MCS”). As a public service to those who follow this blog, I thought I’d share Citrix’s official statement regarding MCS and KMS activation:
MCS does not support or work with KMS based Microsoft Windows 7 activation by default, however the following workaround has been provided and will be supported by Citrix Support should an issue arise.
For details on the workaround, click through the link above to the KB article.
It does not appear that there is a workaround that will allow MCS to be used with MAK activation, and I saw a comment by a Citrix employee on a forum post that indicated that there were “no plans to support it in the near future.” So…MCS with KMS, yes; MCS with MAK, no.
Not having MAK support probably isn’t a big deal, since the main reason why you would go with MAK activation rather than KMS activation would be if you had fewer than 25 desktops to activate, and if you have fewer than 25 virtual desktops, you may as well just stick with 1-to-1 images instead of messing around with provisioning anyway. But we thought you should know.
You’re welcome.
Citrix Fixes the Provisioning Services - KMS Problem!
This is big news for anyone who wants to use XenDesktop to facilitate a Windows 7 migration. Here’s why: It only takes a moment’s thought to realize that if your desktop virtualization project simply trades inexpensive desktop SATA storage for expensive data center SAN storage, it’s not going to do good things for your ROI. So provisioning your virtual desktops from a shared Standard Image is a must. And that’s what Provisioning Services (“PVS”) allows you to do. If your standard Windows 7 OS image is, say, 15 Gb, you only need one instance of it on your SAN regardless of how many virtual PCs you’re provisioning from it. Then, using the Citrix Profile Management tool in conjunction with standard Group Policy folder redirection techniques, you can merge user personalization at logon time.
There was only one problem…turning a Win7 vDisk into a Standard Image broke the Microsoft license key. The only way around that was to use Key Management Services (KMS) to auto-activate systems as they were provisioned, but there were problems in using KMS with PVS, as we’ve documented in earlier posts.
I am happy to report that the problem has been addressed in PVS v5.6, SP1, which is now available for download at the Citrix download site. Not only that, but PVS v5.6, SP1, also works with a Multiple Activation Key (MAK) for smaller environments where KMS is not justified. Here’s the difference between the two activation methods:
KMS is a service that runs on a server in your own network. It supports Windows Server 2008 and 2008 R2, Vista, Win7, and Office 2010. However, it requires a minimum number of systems checking in for activation before any systems will be activated. That threshold is 8 systems for server activation, and 25 systems for workstation activation. Prior to SP1, systems provisioned from a Standard Image looked to the KMS server like the same system checking in again and again, so the threshold counter didn’t increment. SP1 fixes that. Please note, however, that you must be running KMS on a 2008 R2 server if you want virtual machines to increment the threshold counter.
With an MAK, the activation server is hosted at Microsoft. The MAK is a reusable key that’s good for a predefined number of activations. With SP1, PVS will cache the activation confirmation code for each system, so they will automatically reactivate on subsequent reboots.
Here is the configuration process, straight from Citrix. First of all, the Imaging Wizard allows you to choose which activation method you’re going to use:
Choosing the Activation Method
Once you’ve chosen either KMS or MAK, here are the next steps:
KMS Activation
- Reset the activation status on the vDisk image:
- Boot the master target device from vDisk in Private Image mode
- Run slmgr.vbs -rearm in console on master target device
- Shut-down master target device
- Put disk in Standard Image mode and stream. Target devices will automatically register with KMS server, and activate (provided there are at least 25 systems checking in).
MAK Activation
- Put disk in Standard Image mode and stream.
- Use “Manage MAK Activations” to remotely activate streamed target devices. This is done only once per group of devices.
- Provisioning Services will cache activation confirmation code for each device so that devices will automatically reactivate on subsequent reboots.
Kudos to the Citrix PVS development team for getting this done and out the door. Great job!
