Phil Spitze, Senior System Administrator at Le Moyne College New York, talks about how they used AppsAnywhere to solve their two major VDI application delivery challenges; Gold Image Bloat and VDI Pool Sprawl.



Solving VDI Challenges with AppsAnywhere - Video Transcription

Hello and welcome. This is the recorded version that I gave to the SIGGUCCS conference in 2015 in St. Petersburg, Florida. The presentation was titled, “Solving 2 VDI Challenges with Application Jukebox,” and featured the vendor AppsAnywhere.

My name is Phil Spitze. I was the presenter and am a photographer and photographer instructor primarily. To support those activities, I have to have a day job, and that is as a Senior System Administrator at Le Moyne College in Syracuse, New York. Over 15 years of experience in IT and the past 7 or so years as a System Administrator and Senior System Administrator, with a focus on system design, product selection, and implementation.

What I’d like to do is tell you a story about VDI and the story arc of this particular story is around two different problems that we encountered with our VDI implementation at Le Moyne college. We’ll talk about Le Moyne’s computer environment, to get started; a little bit about their commitments and being all in on VDI; the first problem we encountered, Gold Image Bloat; the second problem that we encountered, VDI Pool Sprawl; and then how we went about finding Application Jukebox, which we also call AJ; a little bit about Scense, AJ, AppsAnywhere, the vendor; give you a brief of what Application Jukebox actually is; and then highlight what AJ enabled us to accomplish.

Le Moyne College is a Private Jesuit College in Syracuse, New York. Roughly 3,400 FTE students, about 500 FTE employees. We run Cisco UCS gear, which includes 18 bladed, 3 chassis. And we have a combination of Dell Equallogic and Nexsan SAN Storage, all connected over iSCSI. How about a partridge in a pear tree? Nope. We’re dolphins.

Total investment costs for all of that Cisco and SAN gear was about $1.5 million over 5 years. We were also faced with VMWare licensing at approximately $225,000 over the same 5-year period. You add all of that up together, you have enough money to buy just over 3,000 HP Desktops. Keep that in the back of your mind as we go through this. There is an investment lesson here.

So what do we run on all of that gear? We are 100% virtualized, so we have about 100 Win 2008R2 and Linux servers all running as VMs. We have capacity for up to 700 VDI desktops, a number also to keep in mind as we go through this, because that is a number much higher than it needs to be. We also have a physical fleet of 350 VDI Thick Clients, which are simply standard desktops that have the shell set to the VMWare view client login. And those are provision in all of the public spaces, labs, and the library, and such. And about 600 regular, standard desktops, and a standard configuration for faculty, staff, administrators, guests, etc. So the original plan at Le Moyne was to go all in on VDI. And I think a lot of colleges in the U.S. were sold on this idea that VDI would or could replace all physical desktops. We would be using floating, non-persistent pools for our student labs and classrooms. We would have dedicated persistent pools for employees, which is a slightly different implementation where it is a one-to-one relationship. Each employee is assigned a specific VDI desktop that they can customize to their liking. The floating pools, as I said, are non-persistent and they reset back to their original state after each use, which helps keep them clean, and lean, and hopefully running fast. We would be moving away from traditional desktop to slightly cheaper Thin client hardware. That proved to be disastrous. The client that we look at, purchased, and rolled out, were made out of some of the absolute bottom-of-the-barrel, garbage components you can imagine. And we had something like a 35% failure rate. Combine that with the fact that the new desktop hardware had come down quite a bit in price, we found that it was actually cheaper in the long run to just purchase the traditional HP desktop hardware.

A quick look at VDI technology, for those of you uninitiated, we start with a traditional virtual machine that we call a Gold Image. It is defined by the virtual hardware, the amount of ram, the number of nicks and CPU cores that you might need. You install your operating system and traditionally you would install your anti-virus, anti-malware solution, and any local apps that you want to run natively on that image. From there, you create your pool of Linked Clones, which are all identical clones based on the Gold Image, and you thirdly will assign VMWare’s software virtualization solution, your ThinApps. These are pieces of software that have been virtualized and are laid on top. The idea being that they run from a separate server and should be faster, should be easier to maintain, and help keep your Gold Image kind of lean and less bloated without all of that extra software being installed. So following this plan of all in on VDI, year one looked like this: we had a single Gold Image, we had about 100 installed apps on that Gold Image, we had an additional 100 pieces of software that we were able to ThinApp, and we had one pool of 300 VDI desktops to match the 300 or so lab seats that we had across campus, just in the event that every single seat would be in use at the same time.

Year 2, having received feedback that year one was a success and we wanted to continue our rollout, year 2 looked like this. We had now 2 Gold Images, the same 100 installed apps, we doubled the amount of ThinApps, and we increased our VDI desktops to now 400. The reason that we did this is we had 4 pools. We had 2 for students and 2 for employees; on campus use and off campus use. We split it that way mostly because of software licensing. In the U.S. particularly, there are every strict restrictions around whether or not software can be used on effectively college-owned equipment versus off campus, which is non-college-owned equipment. So here is where we start to run into some of the VDI sprawl, where we’re having to create additional pools and additional sets of VDI desktop to account for different scenarios.

Now we’re going to start to encounter Gold Image bloat, as well as VDI sprawl in a very severe manner. People on campus were liking what they had seen through the first two years, so now they wanted to further their adoption and further their adoption and further the commitment of all in on VDI. So the requests started to come in. We had a professor who liked Maple. Well, Maple, as everyone knows or is going to know, is very resource intensive, so we needed to create 2 vCPUs. However, hardware is assigned at the Gold Image level, so we needed a new Gold Image to allow for those extra CPU cores, and then, of course, that means another VDI pool. We had another professor who wanted to teach Microsoft Project. Well, that was a limited license software. There was no hope of successfully making it a ThinApp where we could layer it on an existing pool, so we needed, yet again to create another Gold Image and another VDI pool.

And this trend continues. We had an adjunct professor in the communications department who wanted the entire Adobe suite. We’re pretty sure they never used it, but they wanted it. So our only approach here was to do a local install. Again, not a prayer in getting that thing ThinApp’d. And with Adobe’s software, it injects all kinds of stuff into the local user profile, so now we are starting to increase our login times, the worst being about an average of 1 minute and 25 seconds. And another request where a professor wants to teach SPSS to outside clients, but instead of disabling guest accounts or individual accounts each time a new group would come in, he just wanted to use a single guest account. Well, in VMWare’s VDI world, allowing a single account multiple logins in a lab is another VDI pool; it’s a pool setting.

So in summary, we’re entering into year 3 now and we have 9 Gold Images. We now have 150 installed apps, most of them being Adobe, we have the same 200 ThinApps, and we have 650 VDI desktops, and that’s across 11 different pools. So all of a sudden we have this administration nightmare. We have pools for students, we have pools for employees, we have pools for both that are on campus and both that are off campus, we have pools for specific classes, for specific labs, and to enable multiple logins from a single lab. Here’s the interesting part: when we pulled data from our database with VMWare, we found that our high watermark was only ever 200 concurrent users. We were over-provisioned both on the hardware side and on the VMWare license side by a factor of 3, and that just does not make good sense.

So we sat around and thought to ourselves, “There just has to be a better way.” So I started doing research and we started doing some white boarding to figure out what to is we actually wanted. We came up with this diagram where we figured out we wanted all of our computing environment to kind of orbit the user. We wanted the computer settings to be user-specific, we wanted the applications to be user-specific, and we wanted a way to be able to enable BYOD.

In words, what we were chasing was this idea of a “computing bubble,” a way to provision software around each user intelligently and on demand. We desperately needed a way to properly size our VDI environment and get our VDI licensing costs in line with our actual needs. And we felt like it was important to empower users to customize the look and feel of their desktop, whether they were on a traditional machine or in VDI.

So the first thing we tried to solve was the user profile bloat problem and slow login times. When we were running traditional machines in our lab, pre-VDI, in the XP days, we had very fast login times, 35 or 45 seconds. That had doubled, people started to notice and complain, and we felt like that was the more critical problem to solve, especially from a view of IT’s ability. In my research, I came acorss a white paper from an independent firm called PQR and it was the UEM Smackdown Whitepaper, User Environment Management. That led me to Scense Workspace Management and AppsAnywhere, who is the global distributor of Scense, also Application Jukebox and Nexthink.

AppsAnywhere arranged to do some demos for us with Scense and we did a proof of concept to get us started to finish off our XP to Window 7 migration that was still lingering out there on our physical fleet. If you insert a standard British accent here, AppsAnywhere finished the last demo with a question, “By the way, can we show you Application Jukebox?” They did and that certainly did turn our heads.

Even though we were originally looking at a UEM solution, Application Jukebox was so good, and we felt solved so much of our problem, that we fully funded it almost immediately. Scense, the UEM solution that AppsAnywhere sells, is scheduled to be fully funded for the 2016 year.

So what is Application Jukebox? Application Jukebox is a technology—software virtualization versus hardware virtualization. It separates the application layer from the operating system. It can handle drivers, services, the registry, the file system, and also give you the ability to isolate from the operating system or allows you to integrate with the operating system. A classic example of this is those software titles that require an older version of Java. What Application Jukebox allows you to do is bundle that older version of Java specifically with that only the application can see that version Java. The operating system never does and therefore doesn’t complain about out of date versions and security warnings. It also allows for both versions of Java, the newest, most patched, and the older one, to run side by side without conflict. And as you may see on the AppsAnywhere website, Application Jukebox can, and is compatible, with virtualizing 100% of Windows applications and we have found that to be true so far.

Some of the other huge benefits that comes with Application Jukebox, even from a troubleshooting standpoint, it gives you complete visibility into every that a software needs. When you are in the capture mode, you can see every file that’s written, every registry change that’s made or added, as well as services, start-up items, drivers. It really gives you some insight into what the software does and needs to be functional. You have the option to present all of your software as a software store, website-based, and very familiar to your end users, as they become more and more familiar with Apple and Android app stores. Users are just able to visit that website and what we refer to as self-install the software. Basically they’re just launching it. They’re going to run it as they would from iOS or Android. And our administrators can control the software availability just through AD security groups, which is really nice for those limited software licenses. You maintain a single group from Microsoft Project, everybody who is enrolled for that particular semester gets added and they can then see Microsoft Project. Everyone else cannot.

This is the physical poster that we created just to help deliver the message out to campus to let them know this is the direction we were going and AppsAnywhere can provide you with some templates to do something similar.

So what did things look like going into year 4 now that we had Application Jukebox? Well, first of all, we were able to reduce the number of our Gold Images and reduce the number of our installed apps, by moving those over to Application Jukebox. We still maintained our 200 titles of ThinApps because they were done and working—no need to change those. We had about 30 to 50 pieces of software in Application Jukebox, ready to be launched from the website, and we were able to reduce our desktop count for VDI down to 500 and 8 pools. Again, kind of the standard students, employees, on campus, off campus, different classes, labs, and multiple logins. The key here being the fewer VMWare licences helped fund the Application Jukebox licenses.

Our plans for year 5, which will be the fall semester of 2016 is a single Gold Image. I don’t know if we’re going to get there. We might come close. We’re looking at a total of 12 applications, we want to see 150 Application Jukebox apps, we want to eliminate all of our ThinApps and save some licensing costs there, and we feel like we can get down to just 300 VDI desktops, which will drastically decrease our costs on the VMWare license side. Hopefully we’ll be down to just 3 pools as well, where we have one for on campus, one for off campus, and one for multiple logins. And we’ll use Application Jukebox to kind of slice and dice the various software titles and assign those to the user that need them in an intelligent way.

Across campus, clearly we’ll be using a VDI. We’re going to roll it out to physical desktops, faculty staff offices, and such. We’d like to start piloting BYOD. We’d like to pilot Amazon Workspaces, which is Amazon AWS version of VDI, we’d like to work on pairing it with Scense, so that we can create on demand personalized desktops, which will get us to that ideal of computing bubbles around each user.

We’re taking on a layered approach and we’re focused on really just-in-time deliver, not just-in-case delivery for hardware and software. So from the bottom up, we’re going to be using VMWare and SCCM for the hardware layer. Again, VMWare and SCCM for the OS layer. For the user environment, we’re going to look to Scense and then for the applications we’re going to be using Application Jukebox, as we’ve already started to.

Some of the benefits that we’ve seen already is there is only one instance of each application to maintain and patch. And we can do that without ever having to touch the Gold Images, whether they are VDI or physical fleet images. We are able to eliminate service desk calls for admin credentials when a user wants to add a particular piece of software to their environment. It’s self-service: they log on to the website, they simply launch the application, and they’re off and running. We can maintain very plain, vanilla base images so that there is no problems with Windows, and patching, and possible conflicts between packages. And we are looking forward to enjoying easy hardware replacements, where we can send work study students out with a new piece of hardware, they can do a swap, the user will login, and everything will be back in place without having to do additional application installs, configurations, or data transfers.

So what about other products other than Application Jukebox? There are a number of them and they may look attractive. Some of the limitations that I found in my research is that some of those products are based on snapshot technology, where you are picking a starting point with a VM, recording what you do to that VM when you install the software, and then picking an end point. Which means included in that snapshot of your software is all of that noise and background info that Windows creates.

Other technologies are limited based on the number of applications that you can assign to a VDI desktop at any one point. So you really get into this Matrix struggle with users on one side, application titles on another, and trying to mix and match to stay under that limited number. There are far more expensive, costly technologies, and there are those that require huge amounts of backend infrastructure. PQR, the independent firm that I talked about earlier with their UEM Smackdown Whitepaper, came out late 2015 with another Whitepaper called the Application Virtualization Smackdown and they will give you all kinds of data about each of these products, and where they stand up and where they fall short. So I encourage everyone to go seek that out.

So if I boil it all down and I give it to you in a nutshell, for a small investment, Application Jukebox allowed us to finally enjoy many, if not all, of the benefits that were originally sold to us with the VDI solution. It has been a fantastic joy to work with AppsAnywhere. All of their staff are fantastic and we have found that it is a complete win for us and our VDI environment.

If you would like more information, I would invite you to schedule a demo with Application Jukebox. AppsAnywhere can show it to you live, answer your questions, and show you different components. You can find them at AppsAnywhereinc.com. And if you are a photography buff, such as myself, head over to my website, PhilSpitze.com, and take a look at what I have to offer. I would like to thank you for your time and if you have any additional questions, please reach out and we definitely will try to get your questions answered. And I wish you all luck with your virtualization and your VDI implementations. Thanks so much.