Desktops and applications virtualization
A long time ago we began with dozens of project offices all over the country, each of which engaged a separate project – introducing its own information system. Every system had its own administrator and there weren’t many users, so everybody was given enough attention. Meanwhile, the number of users kept increasing. Eventually we realized that teams of administrators, tech support and project offices should be connected with each other for an effective management. But even with the joint efforts of the united team we had problems with support of thousands of client PCs: each of them needed client software, unique for every system. And don’t forget about regular updates. And changing the client software settings from time to time. In several dozens of offices where users are located.
Remote access to PC and Windows policies were helpful, of course, but still it was a very hard work. And so we focused on application virtualization based on terminal solutions: collected information systems within the data center, installed client software on the terminal servers. And providing support to our customers became much easier: now we had a unified set of versions of the client software, and fewer instances of service, and the ability to install updates without affecting the user experience.
At the same time, we used the add-on terminal access - Citrix XenApp solutions. This has improved the applications visualization. It also allowed us to significantly reduce the bandwidth requirements of communication channels with remote branches: transferring only changes of the picture significantly reduced traffic.
Using Citrix XenApp allows you to enable or disable the ability to use the clipboard between the terminal server and the client PC for specific groups of users and connect local drives into the terminal session.
The number of users kept gradually growing, the number of the applications has increased. And now, there were a few thousand applications, and more than ten thousand members. Citrix XenApp has an ability to centrally manage user access to applications - with so many users and applications it would be very difficult without this feature.
User only needs to install Citrix client software on his PC for work, not caring about installing application system client software. Probably the biggest drawback in the distributed user experience, which was solved by switching to terminal access, is the one associated with communication failure. With the traditional work organization, when the client software is running on PC, an application often crashed when connection was lost. As for the client software running on a Terminal server, the loss of communication between the PC and the terminal server will do no harm. User can log out, than log in again and return to his previous job.
Of course, to make everything work perfectly, we had to work hard. Not everything worked "out of the box", but we managed to add many useful things to the standard solution.
Eventually, much became dependent on information systems. Therefore, we could not allow anything to knock out our system and terminal platform. But crashes happen and even the most reserved data center can still be cut off from the outside world and people as a consequence of disaster. So we had a lot to reflect on, in order not to depend on the loss of one (in fact, even a few) data center. We have worked on automated application transfer from one data center to another. And so we made our installation of terminal solution Citrix XenApp distributed across multiple data centers. We can now safely disconnect the core terminal platform in one or more data centers in case of a failure or just for maintenance - in the second case user can wait for the end of the work of an installed session, and a data center is free.
A lot of good ideas we have gathered in the book "Scalable Internet Architecture" and the like. A good practical idea: to be sure that an alarm circuit works in case of failure, it must always be running satisfactorily. That's why, users are taken randomly at any of the available data centers. After that the user session is redirected to the data center, where the terminal server application is located. And the terminal server is located as "close" as possible to the application servers. User can work with multiple applications simultaneously and they can be located in different data centers. Our "little" modification allows us to redirect different sessions of a user to different Gateways - «close» to the terminal server. This allowed us to reduce network delay, improve application response and reduce inter-data-center traffic.
We made a lot of effort to develop a terminal platform monitoring. The Centralized Monitoring System, developed by us, allows you to integrate monitoring of different components of an information system: applications, databases, servers; monitor their key parameters; build relationships between components, and determine the exact component that caused the malfunction of an application. When a malfunction happens, the screen shows the failed component and the part of the information system that does not work, right up to the "malfunctioned" component. The remainder of the application, which is running as planned, is not shown on the screen in order not to worsen the perception. This has allowed our twenty-four-hour service to quickly identify and resolve the cause of disturbance.
We began neutralizing the failures quickly. Users quickly got used to it. But even this was not enough: with the thousands of users of the terminal platform, with hundreds and thousands of users of the application, a few dozens of people were able to notice even the very quickly fixed malfunction. And got very upset about it. We asked ourselves, how can we improve the user experience? One of the common causes of user dissatisfaction was the freeze of service on a terminal server. Terminal platform considered, that such a server was the most free and sent all the new user sessions to it, where they were lost like in a black hole. We have upgraded our monitoring: learned to find such servers, to withdraw them from application structure. And thus began a happy and calm life for duty specialists, and users were satisfied.
When users can work from anywhere, it is important to protect their accounts from being compromised. We have upgraded our terminal platform and have installed a second factor of authentication into it, in the form of one-time passwords.
Our terminal platform installation grew so big that it's upgrade became a non-trivial task: it was impossible to upgrade all of the servers at the same time. We upgraded a part of the terminal platform, modified the list of user applications, so that this list could watch both platforms. And people were not even aware that their applications were slowly migrating into a new version of terminal platform.
During the long years of support of solutions based on Citrix XenApp, we have accumulated a unique experience in terminal access software management.
Terminal access solves a very big problem - the organization of unified user access to specific applications through virtualization of separate applications. However, it does not solve the problem of organization of unified PCs which can be controlled by the company. For this purpose the desktop virtualization solutions are used.
Unlike the terminal access solutions, where multiple simultaneous user sessions of a single application are running on one server, here each user is given a full virtual machine hosted on the virtual platform in the data center.
A group of users get access to resources for collaboration: file and portal resources, printers. Virtual desktop isn't so much different from the physical one in the context of administering. Therefore, to unify the user access to the applications you also need to use the same application virtualization: Citrix XenApp, MS App-v, Vmware Thinapp and others.
It is enough to install only the software for accessing virtual desktop on the user client equipment. No other software is required for fully-featured work. The client devices don't have to be very primitive though: "convenient screen, ergonomic keyboard, mouse and network" will be helpful.
The use of virtual desktops allows the company to quickly organize the work of the new unit: create multiple virtual desktops, a space for collaboration and equip workers with client equipment. The company however has full control over user access to information: the information does not leave the data center (except for the ability to send mail, print out and take pictures of the screen :)), access to PC and data can be quickly locked for every user, no matter where the user is. It is also possible to stop the remote access of a user to his PC, if it is necessary, but it requires more effort. So it is very convenient to organize controlled work places for contractors using virtual desktops.
Virtual desktops can also bring additional comfort to the users: they can continue their work from the moment they disconnected from desktop, simply reconnecting to it. The user gets the similar access, no matter where from he tries to get connected, or with whatever device. In the case of virtual desktop "failure" you can just re-create or restore it from backup. And in case of client equipment malfunction, it can be quickly replaced by any other, and then you can reconnect to your virtual desktop and continue working.
We are happy to assist you in organization of user access to applications and desktop virtualization.