Archive for vdi

VDI Gateway Federation with BIG-IP

Posted in f5, big-ip, authentication, vdi, devcentral, access by psilva on November 14th, 2017

Today let’s look at how F5 BIGIP APM can consolidate, secure and federate all the core VDI gateways technology. For instance, if an organization decides move from one VDI technology to another or if you’re consolidating VDI technologies, BIG-IP can help.

On the BIG-IP we’ve set up three VDI environments. Microsoft RDS/RDP with a broker authentication server, VMware Horizon and Citrix ZenApp. With only a corporate account, a user can authenticate to all of them as needed and access all available desktop content.

In this example, we connect to the BIG-IP APM. This is the default view.

vdi1.png

 

And here we’ve put some advanced security fields like OTP or multifactor authentication for instance.

otp.png

 

So here we’d use our username and password and for additional security we'll choose a secondary grid. By default, a grid is not generally available from any of the VDI vendors. When we select grid, BIG-IP APM will present a grid for a PIN entry. This is provided through a partnership with Gemalto. BIG-IP is connecting to Gemalto servers to present the grid to the user. We then enter our confidential PIN.

vdi34.png

 

Upon auth, we’re presented with our BIG-IP APM Webtop and BIG-IP did the necessary single sign on for all the VDI technologies and environments assigned to us.

vdi6.jpg

 

With a single, multifactor authentication we’re able to gain access to our federated BIG-IP Webtop and select the specific VDI resource we need.

From an administrative view, here is the full Visual Policy Editor (VPE) for the overall solution. This also shows where the OTP/Grid is if you follow the Host FQDN path.

fullvpe.png

 

And here are the specific inspections and criteria for the VDI scenario. You can see a path for each VDI vendor along with specific inspections and actions depending on the situation.

vdivpe.png

Special thanks to F5 Sr. Security SE Matthieu Dierick for the explanation and you can watch the demo video.

ps

 

 

 

 

 

 

 

 

 




What is Virtual Desktop Infrastructure (VDI)

Posted in security, big-ip, cloud computing, mobile, vdi, devcentral, infrastructure, access by psilva on March 8th, 2017

devcentral_basics_article_banner.png

What is VDI?

vdicon.jpgImagine not having to carry around a laptop or be sitting in a cubicle to access your work desktop applications. Virtual desktop infrastructure (VDI) is appealing to many different constituencies because it combines the benefits of anywhere access with desktop support improvements.

Employees typically use a wide range of mobile devices from laptops to tablets and from desktops to smartphones are being used. The diversity of these mobile devices and the sheer number of them in the workplace can overwhelm IT and strain your resources.

Desktop Virtualization centralizes sets of desktops, usually in a data center or cloud environment, and then provide access to your employees whether they are in the office, at home or mobile.  VDI deployments virtualize user desktops by delivering them to distinctive endpoint devices over the network from a central location. There are many reasons why organizations deploy VDI solutions – it’s easier for IT to manage, it can reduce capital expenditures, improve security and helps companies run a ‘greener’ business.

Since users’ primary work tools are now located in a data center rather than on their own local machines, VDI can strain network resources, and the user experience can be negatively affected. Desktop virtualization is a bit more complex than server virtualization since it requires more network infrastructure, servers, server administrators, authentication systems, and storage. VDI’s effect on the network is significant; it may necessitate infrastructure changes to accommodate the large volume of client information that will be traversing the network. When a user’s desktop moves from a physical machine under the desk to the data center, the user experience becomes paramount; a poor VDI deployment will result in IT being flooded with “My desktop is too slow” calls.

DIAG-ARCH-AVAIL-16553-vdi_1_.png

Why VDI?

Mobile devices and bring your own computing are popular drivers for VDI deployments.  It enables employees to work from anywhere and simplifies/unifies desktop management, especially updating operating systems and applications.  It can lower costs, provide flexible remote access; improve security and compliance along with potentially offering organizations disaster recovery options.  It also enables employee flexibility and reduced IT risk of employee owned devices. VDI allows employees work with a wide range of devices from laptops to tablets to smartphones.  Employees can sign on from wherever they are, whenever they like and with whichever device they choose.

Deploying virtual desktops can also increase IT efficiency and reduce IT workload since the desktops are centralized.  It also benefits IT with greater access and compliance control, while at the same time, allowing employees the freedom to use their mobile device of choice. IT departments can remove obsolete versions of application software or perhaps enhance the security policy. Either way, the employee always has the most up to date desktop image.

Things to Consider

Desktop virtualization is no longer about the desktop, it’s about allowing employees desktop access from wherever they are. So things like availability, access, security, DR, authentication, storage, network latency and SSO are all areas to keep in mind when deploying a VDI solution.

VDI Providers

Some VDI solutions include VMware View, Citrix XenDesktop, and Microsoft RDS.

Next Steps

If you'd like to learn more or dig deeper into VDI, here are some additional resources:

Also, here are some other articles from the #Basics Series.

 

 

 

 




Lightboard Lessons: Secure & Optimize VDI

Posted in security, big-ip, virtualization, silva, vmware, lightboard, vdi, devcentral, access by psilva on September 28th, 2016

Virtualization continues to impact the enterprise and how IT delivers services to meet business needs. Desktop Virtualization (VDI) offers employees anywhere, anytime, flexible access to their desktops whether they are at home, on the road, in the office or on a mobile device. In this edition of Lightboard Lessons, I show how BIG-IP can secure, optimize and consolidate your VMware Horizon View environment, providing a secure front end access layer for VMware’s VDI infrastructure.

ps

Related:

Watch Now:



A ‘Horizon’ View from Above

Posted in security, f5, big-ip, cloud computing, silva, vmware, vdi, byod, pcoip by psilva on February 19th, 2014

Desktop and endpoint device management has long been a challenge for IT. People demand flexibility, multiple access options, and desktop customization, while business groups often require multiple desktop types based on business and/or technical requirements. This sour mash of devices can be a major management headache. Add in support for all the different desktop/laptop needs and desktop management can all but consume IT.

VMware User Computing
VMware Horizon View—part of VMware’s Horizon Suite of products—alleviates two major management headaches: location and standardization. To solve the location problem, virtual desktop infrastructure (VDI) deployments virtualize user desktops by delivering them to individual clients over the network from a central location. Those desktops are stored and run in the data center, rather than having individual desktop/laptop machines in the field running localized operating systems. This seamless virtualization goes undetected by users.

To solve the standardization problem, VMware enables business groups with specific desktop needs to be clustered together in the data center and managed as a unit. For example, when all the Windows machines need a new service pack, it can be installed to the master image in the data center, which is delivered to users the next morning when they log in. Because IT staff no longer have to visit each local system or push software installations down through remote tools, employees aren’t forced to reboot during the business day.

In addition to these location and standardization concerns, the user experience is consistently cited by organizations as critical to the success of virtual desktop deployments. Performance has to compare favorably to a conventional desktop while availability and security need to be even greater.  

F5 offers a variety of solutions to help organizations maximize the success of these critical elements in their View desktop deployments. Together, F5 and VMware have thoroughly tested and documented the benefits of using F5 Application Delivery Networking (ADN)
solutions with VMware View to address the needs for secure access, a single namespace, load balancing, server health monitoring, and more.

Performance and Scalability
The larger the VMware Horizon View deployment, the more View Connection Servers are needed to handle the concurrent desktop connections. VMware Horizon View Optimized Secure Access & Traffic Management by F5 provides valuable load balancing and health monitoring, resulting in higher system availability and greater scalability—and ultimately, a better user experience. Additionally, an F5 iApps Template makes configuration straightforward, simplifying setup by providing the recommended settings and helping to prevent human error.

VMware View client connectivity utilizes multiple ports and protocols that must be directed at the same View Connection Server for a successful session. While PC over IP (PCoIP), the View desktop streaming protocol is UDP-based, SSL-encrypted TCP connections are utilized for authentication and USB tunneling. Save capacity on the View Connection Servers by offloading this encryption to an F5 BIG-IP.

Enhanced Security and Access Control
Ensuring secure remote access is critical to protecting corporate information and often required in certain regulatory situations. To route incoming Horizon View connections to the internal network, a PCoIP proxy is needed in an organization’s DMZ. BIG-IP Access Policy Manager (APM) fulfills this function in a secure and scalable way. Placing BIG-IP APM in the DMZ avoids the need to expose sensitive Windows servers, Active Directory domain-joined servers, or View Connection Servers to the potentially risky DMZ. It also eliminates the requirement for VMware Security Gateway servers in the DMZ. The BIG-IP APM appliance proxies the PCoIP connection, passing it internally to any available Connection Server within the View pod, which then interprets the connection as a normal internal PCoIP session. This provides the scalability benefits of a BIG-IP appliance and gives BIG-IP APM and BIG-IP Local Traffic Manager (LTM) visibility into the PCoIP traffic, enabling more advanced access management decisions. A streamlined iApp Template is also included to ease deployment. This custom iApp presents fewer configuration options than the full iApp for View, which can be used if advanced functions are required. Either iApp yields a configuration that can be modified as needed to address specific business and technical requirements.

These new F5 solution options were developed in conjunction with VMware and is easy for organizations to deploy and support.

There are certainly advantages of deploying a virtualized desktop solution like VMware Horizon View throughout the enterprise. By deploying the F5 BIG-IP system alongside it, organizations can achieve higher security, availability, and scalability while improving the worker's experience. In addition, new and optimized solutions reduce both the cost and deployment complexity to ensure a BIG-IP ADC becomes a standard View component.

ps

Related

 

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]



VMware PEX 2014: Optimized Horizon View Technical Whiteboard (feat Pindell)

Posted in security, f5, big-ip, cloud computing, silva, video, application delivery, vdi, infrastructure, access by psilva on February 12th, 2014

I watch as F5 Biz Dev Solution Architect Paul Pindell whiteboards his way through the new VMware Horizon View Optimized Solution. Paul gets into the technical details about a how typical Horizon View deployment looks and how the new solution provides an economical, secure, and high performing VDI environment. A cost effective, simple, quick, and highly secure VDI deployment.

 

ps

Related

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]



In 5 Minutes or Less - PCoIP Proxy for VMware Horizon View

In this special Contestant Edition of In 5 Minutes or Less, I welcome Paul Pindell, F5 Solution Architect, to be the first contestant to see if he can beat the clock. Paul shows how to configure BIG-IP APM to natively support VMware's PCoIP for the Horizon View Client.

BIG-IP APM offers full proxy support for PC-over-IP (PCoIP) protocol. F5 is the first to provide this functionality which allows organizations to simplify their VMware Horizon View architectures. Combining PCoIP proxy with the power of the BIG-IP platform delivers hardened security and increased scalability for end-user computing. In addition to PCoIP, F5 supports a number of other VDI solutions, giving customers flexibility in designing and deploying their network infrastructure.

 

ps

Related:

Connect with Peter: Connect with F5:
o_linkedin[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]



Inside Look - PCoIP Proxy for VMware Horizon View

I sit down with F5 Solution Architect Paul Pindell to get an inside look at BIG-IP's native support for VMware's PCoIP protocol.  He reviews the architecture, business value and gives a great demo on how to configure BIG-IP.

BIG-IP APM offers full proxy support for PC-over-IP (PCoIP), a leading virtual desktop infrastructure (VDI) protocol.  F5 is the first to provide this functionality which allows organizations to simplify their VMware Horizon View architectures.  Combining PCoIP proxy with the power of the BIG-IP platform delivers hardened security and increased scalability for end-user computing.  In addition to PCoIP, F5 supports a number of other VDI solutions, giving customers flexibility in designing and deploying their network infrastructure.

 

ps

Related:

Connect with Peter: Connect with F5:
o_linkedin[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]



F5 Tech Talk - Streamline, Secure and Optimize XA and XD Deployments

Posted in security, f5, big-ip, application security, silva, application delivery, control, vdi, citrix by psilva on April 30th, 2013

In my 199th F5 video, Kevin Stewart and I share how BIG-IP APM can optimize, secure and streamline Citrix XenApp and XenDesktop deployments.  Make Citrix better with F5.

ps

Related:

Connect with Peter: Connect with F5:
o_linkedin[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]



Pulse2012 - Interview with Virtual Bridges

Posted in f5, big-ip, virtualization, silva, application delivery, vdi by psilva on March 7th, 2012

I meet with Virtual Bridges' CTO Leo Reiter to learn more about their Verde VDI solution and the value of BIG-IP as part of a VDI infrastructure.

Pulse2010 - Interview with Virtual Bridges

ps

Resources:

Technorati Tags: F5, video, Pete Silva, security, business, two-factor authentication, mobile, pulse, ibm, phonefactor, Maximo

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_facebook[1] o_twitter[1] o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]



Pulse2012 - Verde VDI Remote Access

Posted in f5, big-ip, application security, silva, video, application delivery, authentication, vdi, context by psilva on March 7th, 2012

I grab F5 Systems Engineer Brian Tully to go through the F5 remote access solution for Verde VDI.  We discuss availability, optimization and security along with Virtual Bridge's Verde VDI offering.

ps

Resources:

Technorati Tags: F5, video, Pete Silva, security, business, virtual bridges, verde, pulse, ibm, tivoli, Maximo

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_facebook[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]




« Older episodes ·