sgrinker
Hot Shot
Hot Shot

Public Pools and change control...

Jump to solution

I'm throwing this one out there to get input on the concept from the group. During a conversation in house today, we got on the topic of Public Pools for VDI and change control. I know this somewhat piggybacks on Massimo's other thread, but this is more of a specific related question. Public pools do have their use, and as I've mentioned we are looking at training room scenarios for one of our primary goals. That being the case, I'll use that example to ask my question... bare with me.

User would go to class (with a set number of days) and logon with a given training ID. The broker would then assign a pooled computer to the user. The user would then go about the class making customizations to the machine throughout the course. Now at the end of the class it would be best to revert the machine to a gold master image in order to clear all the changes the user has made.

You now gain the benefit of an easy to "reset" machine, but now have created a management update headache. All Windows updates and other security patches/updates would need to be reapplied to the machine after each revert.

Is anyone aware of a way to better resolve this with technology as it sits today? ...if not, I'm more than interested in getting thoughts from others on how this could be addressed in the future as well. Is there any current way to push your updates cleanly to a master image (Ardence, etc) while users have already begun using the systems? In other words, could you make changes to the master image live, or does it need to be "redistributed" after each change is made? Hopefully the question makes sense, but let me know if there are any questions.

Thanks

Steve

0 Kudos
1 Solution

Accepted Solutions
admin
Immortal
Immortal

Yes, today the VM's have to be recreated from the master template after it has been updated. This is why its more appropriate for dynamic pools, where you want changes to be lost, starting over with a fresh clean machine should not be as much of an issue as in a environment where you do not want changes lost.

In the latter you can almost get away with it by playing with roaming profiles. But, it could be rough.

Nirvana, would be where updates to a Master are propagated to child's without loosing the personalization settings of the child. However, this is not possible today.

View solution in original post

0 Kudos
10 Replies
admin
Immortal
Immortal

If your broker is capable of it. It should not be that bad. If you have a golden master image or template, and your pool is cloned from that template. All you have to do is keep that template updated. Some can set an expiration on the pool so they are destroyed. Once that is complete the pool is recreated.

There is some management involved still and currently massive cloning of a pool is less than desirable so you have to be a little careful.

0 Kudos
sgrinker
Hot Shot
Hot Shot

I guess to clarify the question a little... would you have to redistribute the Master Template after every change/update is made?

In other words...

1. Master Template is created

2. Master Template is deployed

3. Clones are made from master and users begin work

4. Windows Updates or other security or settings need to be updated.

5. ....

What happens at #5 in regard to the master and current clones[/u]?

a. The updates are pushed to each clone, but do not exist for any new clone that is created.

b. The updates are pushed to the master, and the existing clones are updated via the master image without needing to reset the clones.

c. The master is taken "offline" in some form, updated, and then redistributed with the new updates. Each new clone will have the updates, but existing clones continue to run without updates.

d. The master is taken "offline" in some form, updated, and then redistributed with the new updates. Each new clone will have the updates, and[/b] the updates are pushed to all existing clones.

e. Something else entirely different...

Again, we're interested in both how this would be able to function with current technology, and what people think should/may be the future use. To me personally, option B would be the most desireable for future use of pooled VDI. If you can still maintain updates on a "core" master image, but allow users to do what they may on a clone... then you've created a true reusable public (pooled) machine. The other options aren't horrible, but just all seem to add extra overhead.

Any thoughts, input, questions?

Thanks again

Steve

0 Kudos
admin
Immortal
Immortal

Yes, today the VM's have to be recreated from the master template after it has been updated. This is why its more appropriate for dynamic pools, where you want changes to be lost, starting over with a fresh clean machine should not be as much of an issue as in a environment where you do not want changes lost.

In the latter you can almost get away with it by playing with roaming profiles. But, it could be rough.

Nirvana, would be where updates to a Master are propagated to child's without loosing the personalization settings of the child. However, this is not possible today.

0 Kudos
mreferre
Champion
Champion

However, this is not possible today

Warren, do you think this will be possible in the future? There was someone I was talking to that said it might be possible in the future to create a template and start a number of "differential" vm's on top of it (ala VMware Lab Manager so to speak) but with a potential option to apply sw changes (i.e. hotfixes, new software etc) to the master template and automatically be it visible to all the vm's that have been instantiated on top of that template maintaining the original per-vm customizations.

I don't see how this could be possible due to the hierarchy involved in adding/removing software in a vm. So say you have a template with Software XY and you start three differential vm's on top of it which will be installed with a "list of additional software" customized per vm.

If I then add Software Z to the template (XYZ) how can this leave in peace with ALL the customizations that have been ALREADY done in the vm ? Say for example that an additional software installed in one of the vm would have installed differently whether Z was present or not so it got installed without Z being seen and now all of a sudden it appears ....... and it doesn't appear through a standard setup which could detect what's software is already installed in the vm ..... it just appear out of the blue since it has been installed on a vanilla template with a software stack that is just a fraction of what's already running in the vm's.

I am not saying no one will be able to solve this problem but this completely breaks all the hierachies of standard software setup and it will not be completely transparent in my opinion.

That is why, getting to Steve's question, I don't see at least for the moment an alternative to updating the template and re-create the pool from the template from scracth (which I agree that it would be not very efficient.....).

Massimo.

Massimo Re Ferre' VMware vCloud Architect twitter.com/mreferre www.it20.info
admin
Immortal
Immortal

Its for sure possible. Will it be available in a VMware world? That's hard to say. Its realistically possible though. I am not trying to minimize the effort or challenge thats involved. Its a complex task no doubt, with lost to consider and overcome. Outside the world of VDI, there are very similar things available today.

One example is zones in Solaris. With zones there is a concept of a Global Zone. This is the initial bare metal install. From that Global zone there can be local zones which are a duplicate of the global zone that act independently, has its own IP address, user space, directory's etc. However, if you apply a patch to the global zone that patch can be inherited by the local zone. However, if you decide to install and run Websphere in a local zone it only exists in that zone. A local zone can also be flashed and used to create a new Global zone on a new system.

Another example is win4lin. Win4lin enables the ability run Windows on top of Linux its similar to VMware workstation or server but, can be used kinda like VDI. It allows you to have a master instance. From that master, independent copies of can also be created. Updates to the parent are inherited by the child's. Problem last I checked is they had not figured out some of the tricky stuff that IMO are must haves for real world large scale use.

They can not change or fool SID's so, all the child's have duplicate SIDS which means you cannot not join a domain.

I also do not think they have persistence meaning that when a child is shutdown all changes are tossed. It might be that they have it if you break the child from the parent.

There is also the consideration of performance, finding the right balance of how man child's could a master handle before things start to tank and does it actually improve management or make it more difficult?

I am just using these as examples of the challenges that need to be addressed in such a solution. Similar challenges exist with solutions like Ardence. They had the same issue with SID's but have implemented a workaround.

sgrinker
Hot Shot
Hot Shot

Well first off, thank you both again for your posts. This is all helping to add to our internal conversation about this very topic. I really couldn't come up with any way to do this more effiecitently either using today's technology, but I wanted to tap the resources of everyone else here to see if someone had come accross anything. Still doesn't say for certain that a solution could not be found to make this better today, it just says that we haven't necessarily found a better way to do this yet.

When thinking about future possibilities, I tend to agree with Massimo's explanation. Realistically I can't think how this could be acheived with the way softwware is layered on to a system. That leads me to believe that some combination of software virtualization/streaming (Softgrid, Tarpon, etc, etc) and coupled with Ardence could possibly get closer. It might be a ways off yet, but still seems like an eventual possibility. Definitely keep the thoughts/posts coming.

Thanks again

Steve

0 Kudos
mreferre
Champion
Champion

Warren, spot on with the Solaris Contaners. You are right.

However, as you seem to point out, there might be situations where it could be easy to switch a piece of the base sw stack with this idea (i.e. for example installing an OS hotfix which changes a very low level sw component an add-on software wouldn't/shouldn't bother of.......) but there are other situations where it would be much (more) challenging. Let's think for example the setup of a program that, should it find IIS, it would default to use it while shouldn't it find IIS it would install Apache. Since the master image didn't have IIS... Apache gets installed on port 80. 2 weeks later you decide to add IIS to the master image and since there is no other web server running on the base master it will install flawlessy onto default port 80. When this gets exported to the partitions that live from this master zone/template ..... BOOOOOOM \!!!

This is just an example and it would be (VERY) interesting to see how anyone (VMware or others) are going to solve this. My susepct is that if they will ever do there will be tons of limitations / implications and the usage of such "differenting" technologies will be very weak in terms of transparency.

Perhaps, as Steve was mentioning, with the mix of vanilla templates complemented with virtualized and prepackaged applications could be easier to achieve the goal ...... where your vm's are being instantiated COMPLETELY statelessly and gets provisioned with an OS via PXE and with applications by mean of other technologies such as Softgrid/Tarpon/Thinstall etc etc ...... this way you really create hard boundaries among the OS and the various applications that you could take apart and rebuild as you like similar to what you would do with a lego ..... where if you want to take one of the lego pieces apart you don't ruine all the castle...........

Interesting .....

Massimo.

P.S. Steve.... would you please STOP asking these questions ?!?!?!?!? My brain is toasted !! Thanks. Smiley Wink

Massimo Re Ferre' VMware vCloud Architect twitter.com/mreferre www.it20.info
0 Kudos
sgrinker
Hot Shot
Hot Shot

P.S. Steve.... would you please STOP asking these

questions ?!?!?!?!? My brain is toasted !! Thanks. Smiley Wink

LOL!! Sorry, but ALL of the input you ALL provide has definitely furthered these thoughts, and in a lot of cases helped to find a solution. So it is very much appreciated by me personally, and those I work with. I guess I'm just very intrigued by all of these new concepts/technologies, and my brain sometimes starts to get the better of me. There just seems to be so much potential, but as a lot of this is still "young" it might be some time until they are actuality. We tend to push a lot of technology to it's limits around here Smiley Happy

I'm just glad that others have been able to understand the point I'm trying to get accross in most cases. At least it's not just a bunch of people going... "HUH?!?!" At least that makes me feel a little better and that I'm not going completely crazy.

0 Kudos
admin
Immortal
Immortal

Personally, I view a happy world as something being close to what Steve mentions. Where you have a blended environment. OS patches, virus updates and maybe the trivial standard enterprise applications such as an office suite etc. are preloaded into the Master, and updates are propagated safely to a child.

With more complex or sensitive applications or even in a situation where they are distributed by group or user another mechanism could be leveraged such as thin stall, softgrid, PS4 Application streaming etc. to deliver the others.

I think something like master images updating child images has more benefit in reducing the cost of storing virtual disks as well as improving the way a lot of virtual desktops are created and by inheritance, brings the added value of possibly reducing the effort and complexity of desktop updates/patch management.

So here is a question... App streaming has a great deal of value for a SBC architecture where applications do not play nice blah blah blah. However, MTS + App virtualization, some might argue is like building VDI with more infrastructure without the fault isolation. So, does app streaming add value to a VDI architecture? Is their enough management savings to justify the added infrastructure? Is the goal inside the enterprise in 5 - 10 - 15 years to have application management separated from the desktop?

Message was edited by:

wponder

0 Kudos
sgrinker
Hot Shot
Hot Shot

Another great post...

Personally, I view a happy world as something being

close to what Steve mentions. Where you have a

blended environment. OS patches, virus updates and

maybe the trivial standard enterprise applications

such as an office suite etc. are preloaded into the

Master, and updates are propagated safely to a child.

I couldn't agree more with the scenario you painted.

So, does app streaming add value to a VDI

architecture? Is their enough management savings

to justify the added infrastructure?

My opinion is, yes. I don't think there will come a time that ALL applications are going to work in the TS world the same that they do on a workstation. (Granted, that would be a wonderful time if it did come) Brian Madden has said this a few times in different articles, and I have to agree. I think that each of these SBC, VDI, App Streaming, Ardence, etc is just one of many pieces that can all be used together. I don't think that one will necessarily ever overtake the other completely. It all depends on what you are trying to acheive in any given solution. The beauty with App Streaming though, is that the same "package" should be able to work in all of these environments, thereby reducing the total overhead.

To address the second part of the question regarding savings, I think that will all come down to what your infrastructure looks like in the future. If you already have the systems in place to support VDI and/or TS/Citrix, then it's a viable option to continue using both. If you only have one of the other in place, there may not be enough value to add the other.

A lot of this is going to come down to (in my opinion) where the ability to integrate Virtualized Applications lands. Right now, you have to contain applications within the hsame "bubble" for them to talk to each other, or include "core" apps within the base image. If the technology gets to a point you can better control communication between the applications, then there is less chance of complications when ONE application needs to change.

Is the goal inside the enterprise in 5 - 10 - 15

years to have application management

separated from the desktop?

I don't know about management per se, but looking at the technology and where it's headed... I'd personally say that should be a goal. Granted as has been brought up in other threads, this definitely brings back memories of 3270 green screen dumb terminal days... Smiley Happy

0 Kudos