While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
Virtual desktop infrastructures provide a wide array of advantages compared with traditional desktop workstations, including centralized management, improved security and cost savings.
But as agencies pursue these benefits, they must keep users in mind. Ultimately, users will compare the VDI experience to the computing endpoints with which they are familiar. If a VDI solution does not deliver similar performance, users won’t be satisfied.
Storage is a key factor in VDI performance. If the IT staff gets storage right, it’s likely to satisfy users’ demands for performance. As agencies strive to achieve this goal, they should consider the following strategies to maximize user satisfaction and minimize expenditures.
One of the advantages of VDI is its ability to provide a centrally configured set of operating system images and to provision those images to users very quickly. Administrators can define the installed software and configurations once and be confident that instances of that image are the same. Discarding these instances once they are no longer needed provides a great deal of flexibility for administrators as well as opportunities for architects to design cost-effective VDI storage solutions. Direct-attached storage can be very cost-effective, but at the expense of redundancy and other features. A lack of redundancy may be acceptable, as users can be directed to a different server upon reconnection if one develops a problem.
The choice of hypervisor can greatly influence storage requirements. Choosing a hypervisor that implements copy-on-write (COW) strategies for images is particularly useful for some workloads. Hypervisors designed for COW allow administrators to configure an image once and create many VDI instances from it.
Only the differences from the original image are written to storage. This allows a high degree of caching on the storage server and therefore reduces the number of input-output operations that disk drives must perform.
Another option for reducing VDI storage requirements is to deploy traditional network-attached storage for user files. Disabling disk encryption and search indexing of system drives within the VDI instance will reduce performance requirements.
If encryption is needed, it is far more efficient to deploy it on the VDI storage directly. Depending on regulatory requirements, some agencies can consider disabling the features of anti-virus software that periodically scan on-disk files. This scanning activity can place a significant burden on VDI storage. Of course, scanning files as they are accessed or created is still appropriate.
The storage patterns exhibited by VDI hypervisors are quite different from those usually seen in traditional enterprise storage. They typically require random access patterns and a high rate of input-output operations per second, a combination of factors that generally runs counter to common enterprise storage designs. Various storage solutions can address these needs. Solid-state drives (SSDs), data deduplication and compression are all features that can help, especially when used in concert with hypervisor caching technologies.
SSDs and caching technologies deployed in each VDI server can greatly reduce the performance required by central storage. In addition, they transform the random access patterns into far more predictable serial patterns. This can reduce the performance requirements and cost of shared storage.
To ensure a successful VDI deployment, IT leaders should define the agency’s desired outcomes in specific terms. They should clearly express goals, workloads and performance expectations. Rather than being stated in terms of gigabits, terabytes and input-output operations per second (IOPS), these goals should be stated in terms that users see, such as the desired time to start a particular VDI instance, the number of instances that can be started concurrently, the number that can be run concurrently without performance degradation, and desired levels of application performance (such as concurrent website visitors or trans-action throughput).
These specific goals should accurately reflect the desired user experience and not simply synthetic benchmarks derived from marketing literature. A successful deployment will need to withstand these real-world scenarios.
Agencies have a wide variety of VDI solutions to choose from, created by numerous vendors. Choosing the right suite of products requires consideration of far more important factors than the gigabits, terabytes and IOPS provided by the underlying storage technology. What really matters is that the end-to-end solution is responsive and provides sufficient performance to deliver the desired user experience.
Agency IT leaders should make sure that VDI vendors understand these goals by describing them to a high level of detail and establishing a test plan with specific targets that can be objectively verified. Any vendor agreement should specify who will be responsible for various operations and clearly delineate where areas of responsibility intersect.
These measures should be included in the agency’s VDI contracts, and they should ensure that payment is contingent on the successful achievement of these tests. This will serve a number of purposes: It will ensure that agency and vendor expectations match, it will provide clarity about who bears the burden if something goes wrong, and it will provide protection if the VDI reality doesn’t match the vendor’s promises.