Sun and Oracle Channel Sun How to Buy Log In United States [Change] English

BigAdmin System Administration Portal
Feature Article
Print-friendly VersionPrint-friendly Version

Building a Virtual Desktop Infrastructure Demo With Sun Virtual Desktop Connector 1.0

Dirk Grobler, November 2007 (Updated March 2008)

Abstract

This is a cookbook for building a demo using Sun's new desktop broker, the Sun Virtual Desktop Connector 1.0. This cookbook explains how to compose a self-contained demo based on Sun Virtual Desktop Infrastructure (VDI) Software [1]. This document is not meant to replace the Installation and Administration Guide for the Sun Virtual Desktop Connector [2], but to act as supplemental material.

Contents

This article covers the following topics:

Introduction

Desktop virtualization is getting more and more popular, and the tools for managing a Virtual Desktop Infrastructure (VDI) are becoming more sophisticated at the same time. The central management tool for a VDI is commonly referred to as a connection broker or a desktop broker. Early in 2007, Sun released a developer preview of its connection broker, Sun Virtual Desktop Access Kit for VMware, Version 1.0. The successor, the Sun Virtual Desktop Connector 1.0, has been released in March 2008 [1].

Besides providing a fully supported component as part of the Sun VDI Software offering, the goal of the Sun Virtual Desktop Connector is to significantly simplify the installation and configuration of the VDI stack. Since the release of the beta, a few improvements have been included in the product:

  • Support of VMware VirtualCenter 2.5 and VMware ESX 3.5
  • Support of Microsoft Windows Vista for static assignments
  • MSI installer for all Microsoft Windows components

Please note that this updated cookbook focuses on the VMware VirtualCenter platform in response to customer requests and reflects the fact that VMware ESX-only support has been dropped. Please also note that dynamic provisioning of Windows Vista desktops is possible, but it requires a workaround that is documented in the troubleshooting section of the Sun Virtual Desktop Connector manual.

Now, you may ask, why do I still need a cookbook in addition to the product's installation and administration guide? That is a fair question. The architecture is still multitiered and requires various skills for setup. That hasn't changed. A guide that provides a concise overview of the available functionality and a straightforward method for creating a demo can be a valuable addition.

This cookbook focuses on providing quick, concise step-by-step instructions on how to build a first demo of the Sun VDI stack. It is still recommended that you look at the referenced documentation when questions arise during the setup process or when you progress from the demo to a proof-of-concept or production deployment.

Architecture

Prior to installing the demo, it is important to have a rough understanding of the underlying product. Sun VDI Software is a layered product that provides the means to access a data-center-hosted desktop from a remote client such as a PC, a notebook, or a Sun Ray Ultra-Thin Client. The following figure provides an overview of how this is accomplished.

Figure 1

Figure 1: Architecture Overview

On the left side you find the virtualization hosts that serve the desktop to the user. This is typically the Microsoft Windows XP desktop. Currently, VMware Virtual Infrastructure 3 is the supported platform, more specifically VirtualCenter 2.x. An alternative platform such as Sun xVM is planned for a follow-up release.

Sun VDI Software is placed in the middle between the virtualization hosts and the remote clients. Sun VDI Software consists of three parts that all can reside on a single system. The Virtual Desktop Connector (and more specifically, its service component) is responsible for allocating virtual desktops to the user from the virtualization platform. This is done through a Sun Virtual Desktop Connector agent installed on the virtualization layer.

The lookup process is initiated through the Virtual Desktop Connector client, invoked through a Sun Ray Server Software (SRSS) or Sun Secure Global Desktop (SSGD) session. Once the virtual desktop is located and up and running, a remote connection (Microsoft RDP) is established and routed through the access tier (Sun Ray Server Software or Sun Secure Global Desktop) to the client device and its user.

Besides the allocation and routing of virtual desktops, the Sun Virtual Desktop Connector provides features that control the whole desktop lifecycle from creation up to deletion of the virtual desktops. Some of these features are illustrated later in the description of the core configuration tasks.

Note: For setting up Sun VDI Software, the Solaris 10 08/07 Operating System for x86 platforms is the recommended OS.

Installation Overview

This paper attempts to keep the hardware required for installation to a minimum. The core of the demo installation is a "Galaxy" server, such as a Sun Fire x4100, x4200, or x4600 server. A Sun Fire x4100 server with two CPUs, 4-GB RAM, and two hard disks should be sufficient. On this server, VMware ESX 3.0.2 (or above) software needs to be installed. All other required services, such as VMware VirtualCenter, Sun Ray Server or Sun Secure Global Desktop Server, are installed as Virtual Machines (VMs) inside VMware ESX, in addition to the managed virtual desktops, of course.

Figure 2

Figure 2: Installation Overview

The VMware ESX server hosts all software services delivered on two virtual networks. One of them is connected to a physical network and is shared with the display clients (Sun Ray clients and a notebook). This is the public network and can be set up easily with a physical switch. Instead of using a physical switch, you can connect the entities through a shared network.

The Sun VDI server is connected through a virtual switch to the public network. The public network is responsible for the device communication with the desktop access tier. It can also be used to manage the VMware ESX server. You also have the option of connecting the VMware VirtualCenter with the public network, simply for administration purposes.

The second virtual network is private to the VMware ESX server and is not connected to a physical network. It connects the Sun VDI Software with all the virtual desktops. The Sun VDI Software, or more specifically, the Sun Ray Server component, is configured as the Dynamic Host Configuration Protocol (DHCP) server for this private network. The VMware VirtualCenter is also connected to this private network. This network handles the virtual desktop lookup process on behalf of the user and the Remote Desktop Protocol (RDP) communication between the Sun VDI server and the virtual desktops.

The following sections walk you through the installation of the various components. There are two main steps:

  • Preparing the VMware Virtual Infrastructure, which includes setting up the Microsoft Windows XP guest OS. It is assumed that you have the fundamental knowledge required for the setup procedure. Therefore, only a few installation steps are highlighted.
  • Setting up the Sun VDI software, which includes installation and configuration.

Preparing the Virtual Infrastructure

Setting Up VMware ESX 3.5

The installation can be simply invoked through the Integrated Lights Out Manager (ILOM) of a "Galaxy" server (such as a Sun Fire x4100 server). VMware ESX is a Linux-based appliance. During installation, you can safely rely on most of the suggested default settings. After installation, make sure that you can access the VMware ESX server through the VMware Virtual Infrastructure Client and that the license is set properly.

Configuring a Private Network

The only variation from the default is the setup of a private network that is not connected to a network interface adapter for the RDP communication, as outlined in the Installation Overview section.

  1. Launch the Virtual Infrastructure Client and connect to the VMware ESX server.
  2. Under the Configuration tab, invoke the Networking link.
  3. Click Add Networking.
  4. Select Virtual Machine as a connection type.
  5. Create a new virtual switch (vSwitch) that is not connected to a network adapter (vmnic).
  6. Provide a new label (such as "Private Network") and a unique ID (1), and confirm.

The new private network is created. Because the switch is not connected to an adapter, no communication will be routed into a physical network.

Configuring VMware VirtualCenter 2.5

VMware VirtualCenter is simply installed as a VM inside your VMware ESX server. The guest OS can be Microsoft Windows XP. An 8-GB hard disk and 1GB of RAM are sufficient. The VM should be connected into the public and private network. Once VMware VirtualCenter is installed, complete the following configuration steps:

  1. Add the VMware ESX server as managed host.
  2. Install the Windows System Preparation Tools for Windows XP. They can be downloaded from Microsoft [3]. The SysPrep tools need to be located at C:\Documents and Settings\All Users\VMWare\VMWare VirtualCenter\sysprep\xp.
  3. Create a Customization Specification for Windows XP.
  4. Install the Virtual Desktop Connector Agent. You can find the agent inside the Virtual Desktop Connector package. It is called vda-agent.msi. Simply double-click the msi package. The installation procedure is straightforward.

Thereafter, the VirtualCenter is ready to communicate with the Virtual Desktop Connector.

Setting Up the Microsoft Windows Guest

There needs to be at least one instance of Microsoft Windows XP installed as Virtual Machine (VM) to seed the desktop population. In addition to the highlighted settings it is recommended to read through the VMware Windows XP Deployment Guide for further XP optimizations [4]. It is assumed that the process of creating such a VM is largely known. So only a few important settings are highlighted.

Setting Up the OS Image

Follow these guidelines:

  • Use Microsoft Windows XP SP2 as the baseline. The license must be a volume license.
  • Define one disk. It should be as small as possible, for example, 4 GB is a good size. The size impacts system performance and overall storage consumption.
  • RAM also should be as small as possible (384 MB is recommended).
  • A single CPU should be enough.
  • One network interface in the Private Network is needed. It should be configured for DHCP.
  • Edit the VM settings Options/VMware Tools: Make sure that scripts for suspend and resume events are executed. They are mainly responsible for releasing and renewing IP addresses.
  • Edit the VM settings Options/Power Management: Make sure that the VM suspends when a Standby by the guest OS is initiated. This action will fully suspend the machine and not keep it somewhat awake.
Configuring Power Management

The Power Options for Microsoft Windows XP have quite an important role. They control the suspend behavior of the VM. The idea is that a currently unused virtual desktop gets suspended automatically to release all its CPU and memory consumption. So unused virtual desktops are treated like a notebook that is unplugged to save power.

Besides freeing resources for other virtual desktops, it is also possible to define policies to reset machines and hand them over to other users or to delete them and create fresh machines instead. More detail can be found in the Installation and Administration Guide [2].

Power Options can be found in the Control Panel of Microsoft Windows XP. You have to define the StandBy Time to the best suitable value.

Note: The StandBy Time is a machine setting and can be set only by the administrator of the machine. Controlling this setting for each individual box could be quite tedious and error prone. Using Group Policy in a deployment dependent on Microsoft Active Directory (AD) would be great, but there are no such Group Policy Objects (GPOs) for Power Options for Microsoft Windows XP. A couple of vendors have addressed this as an addition to the Microsoft Windows default Group Policy. A free Terro Novum tool called EZ GPO allows you to control the Power Options using GPO [5]. Setting the StandBy Time as a local or central GPO through AD gives the most reliable results.

Installing the Sun Virtual Desktop Connector Tools

The Sun Virtual Desktop Connector tools are intended to ensure that a virtual desktop switching into standby or suspend mode disconnects the RDP connection. This is, unfortunately, not the default behavior we have observed in Microsoft Windows XP. The Sun Virtual Desktop Connector Tools will recognize the StandBy event of the system and will actively close a remote connection. The install procedure is simple.

The Sun Virtual Desktop Connector Tools are located in the Windows folder of the download package: vda-tools.msi. Install the tools by double-clicking the msi file.

Enabling Remote Access

RDP is the main access method to the Microsoft Windows XP desktop. By default, this access method is disabled and rejected through the firewall. Before you try to connect to a virtual desktop remotely, do the following:

  1. Make sure that the firewall does not block remote access.
  2. Make sure that your users have been granted remote access rights.
Defining the Microsoft Windows Guest as Template

This is the final guest preparation step. Once this is done, the template can automatically be cloned by the Virtual Desktop Connector.

Setting Up Sun VDI Software

The Sun VDI stack is installed onto a single virtual machine. The Solaris 10 08/07 Operating System for x86 platforms is the recommended OS. It should perform much better than previous versions. Just follow the standard installation procedure.

Setting Up the Solaris Guest

Follow these guidelines:

  • The disk image should be large enough to host Sun Ray Server Software, Sun Secure Global Desktop, and the Sun Virtual Desktop Connector (at least 8 GB).
  • RAM should be around 1 GB.
  • A single CPU should be sufficient.
  • Two network interfaces (public and private) are configured.
  • Only the public interface needs to be configured during the installation of the Solaris OS. A static IP address is recommended. The private interface will be configured as part of the Sun Ray Server software installation process.
  • Install the VMware tools. For the best network performance, make sure the vmxnet network driver is installed.

Setting Up Sun Ray Server Software (SRSS) 4

Both the Sun Ray Server Software in version 4 and the matching Sun Ray Windows Connector in version 2 need to be installed. It is important that the Kiosk mode is configured as the remote web administration during the configuration process.

After the final installation step, there remains only the setup of the network configuration. Here are two recommended configuration steps:

  1. Set up the private interconnect to serve the private network with DHCP:

    utadm -a <2nd interface>

  2. Set up Sun Ray Server Software for LAN access with utadm -L on. This allows you to switch from any Sun Ray client in your shared network to the Sun Ray Server on your VMware ESX server.

Setting Up Sun Secure Global Desktop (SSGD) 4.4

The setup of Sun Secure Global Desktop is straightforward. It requires you to run the package installation and to start the Sun Secure Global Desktop service (/opt/tarantella/bin/tarantella start).

Setting Up Sun Virtual Desktop Connector 1.0

The Sun Virtual Desktop Connector is installed in the following steps. The first step unpacks all installation packages and the second step configures how the Sun Virtual Desktop Connector integrates with the other Sun VDI components, such as the Sun Ray Server Software and the Sun Secure Global Desktop. Here is a brief overview:

  1. Invoke the command vda-install, which is in the root directory of the installation package. After you accept the license agreement, all required bits are installed on the system.

  2. Invoke the command /opt/SUNvda/sbin/vda-config. This script drives you through a couple of additional steps:

    • Specifying the location of the Java Runtime Environment (JRE) on the system. The default should just work.

    • Defining the data store that keeps the VDI-relevant configuration. For the demo, select option 3, the file-based back end. For a production environment, though, you should select either Sun Ray Server Software or Sun Secure Global Desktop as the data store of choice. This ensures that the configuration data is synchronized among a group of servers called failover group for Sun Ray Server Software or array for Sun Secure Global Desktop.

  3. Answer yes to the question about whether a My Desktop object should be created. This object allows users to access their virtual desktops through the URL http://<server>/sgd/mydesktop. This is the quickest way to launch the virtual desktop.

  4. Finally, you need to configure the web-based administration interface. You should point to the Apache Tomcat installation (5.5 or higher) that you are already using for the Sun Ray Server Administration. Configure the HTTP and HTTPS communication ports and allow the administrator to access the administration interface from a remote host.

At this point, Sun Secure Global Desktop has been fully set up for users to access their virtual desktops. For the Sun Ray Server Software, there are a few more setup steps to perform in order to access virtual desktops on the Sun Ray device:

  1. Log in to the Sun Ray Administration UI at http://<server>:1660.

  2. Go to the Advanced Settings/Kiosk Mode.

  3. Edit the kiosk mode and set the Sun Virtual Desktop Access as session type, and confirm.

  4. Next, switch to System Policy and enable Kiosk Mode for Card Users.

  5. Finally, restart the Sun Ray server.

Now, both access methods (thin-client and browser-based) are configured. The last remaining step is to create and assign virtual desktops to users, which is explained in the next section.

Completing the Demo

This section elaborates on the remaining configuration steps for completing a first demo. The goal is that the system creates new virtual desktops automatically and assigns them to users when they log in. This process is captured using the concept of pools within the Sun Virtual Desktop Connector. A pool typically consists of a number of settings that allow the connector to create virtual desktops automatically based on a virtual machine template. Next you will find the sequence of tasks that are needed to create a pool configured for automatic provisioning.

Creating a Pool

Now it is time to launch the Sun Virtual Desktop Connector administration tool. This tool allows you to manage the connection to the virtualization hosts, the assignment of virtual machines to users, and the configuration of pools:

  1. Launch the administration UI using the URL http://<server>:1800.

  2. Log in as root.

  3. The first step is to establish the relationship between the Sun Virtual Desktop Connector and the VMware VirtualCenter. From the Welcome page, invoke the Add Host wizard. This wizard requires the name or the IP address of your VirtualCenter and the administrator's (root) credentials. With this information, the wizard contacts the VirtualCenter server and the VDC agent and establishes the connection.

  4. After adding the VirtualCenter, go to the Pools tab and create your first pool. Click New and proceed to the pool creation page. Provide the following settings:

    • Specify the name of the new pool.
    • Select the template that should be cloned. This is the previously prepared image.
    • Point to the customization specification file that you've previously created.
    • Select the "Delete after usage" policy. This policy automatically deletes a VM that has been used and is either shut down or suspended, which ensures that each user always gets a fresh Microsoft Windows instance.

Now you can confirm these settings. The system will shortly thereafter start to clone the first new Microsoft Windows instances. In the pools overview page, you can see the current status, which indicates how many VMs are available (ready for usage), used (currently being used), or in preparation (currently being created).

Verifying the Demo

After a few VMs have been created and are marked available, you can verify your demo using either of these methods:

  • Insert a smart card into a Sun Ray client that is connected to the demo setup. It should display a Microsoft Windows login screen after a short while. Then your first Microsoft Windows virtual desktop is ready to use.

  • Connect to Sun Secure Global Desktop through the web browser of a notebook that is connected to your demo setup. Make sure the notebook is able to resolve the DNS name of your Sun Secure Global Desktop server and type in the URL http://<server>/sgd/mydesktop. Sun Secure Global Desktop asks for your credentials and then brings up a fresh Microsoft Windows instance full screen.

That's it. Setup is done. Congratulations! The next section elaborates on a few additional configuration options for fine-tuning your demo.

Enhancing Your Demo

Refer to the Installation and Administration Guide for the Virtual Desktop Connector ([2]) for a complete overview of features. Here are the highlights of a few configuration options.

Enabling Session Pickup Between Sun Ray Desktop Unit and Sun Secure Global Desktop

The ability to pick up a session from a thin client, a notebook, or a PC using a Java technology enabled browser is one of the most powerful features that Sun VDI Software provides. It only requires that users are properly associated with the smart cards they are using. This action is typically part of the user provisioning.

Sun Ray software provides a mechanism to register a smart card with the token. Therefore, you simply need the token ID of the smart card, which can be grabbed easily from a running session or read from a Sun Ray client that is configured as token reader. The registration then associates any so-called owner (typically, the user's identifier) and the smart card's token ID. Just open the Sun Ray administration interface and look at the token section.

After the registration is complete, you can access a Microsoft Windows desktop two ways:

  • Through a smart card on the Sun Ray client
  • Through Sun Secure Global Desktop using a web browser, as long as the user ID is associated with the smart card and the user ID for the Sun Secure Global Desktop login is identical to the user ID associated with the smart card

Assigning a Virtual Machine to a User

The most common situation in a desktop deployment is actually that users own their desktops instead of just being granted temporarily access. So a permanent relationship between user and virtual desktop is desirable. This relationship can be established easily through the Virtual Desktop Connector administration tool:

  1. After logging in, select the virtual machine tab.

  2. Select the virtual machine of your choice. This can also be one that is part of a pool.

  3. Open the assignment combo box and select Assign to owner.

  4. Finally, provide the user ID of the targeted user and confirm. Now this user owns the desktop and will always be redirected to this virtual machine after logging in with this user ID.

Summary

Once you have set up this initial demo, you can expand by making your demo more complex. You can define different types of templates, define different types of pools, add more ESX hosts to the Virtual Center, and much more stuff. If you run into problems, please consult the manual, which provides more in-depth information about the product and also a comprehensive troubleshooting section.

References

1. Sun VDI Software

2. Sun Virtual Desktop Connector Installation and Administration Guide

3. Download for Microsoft System Preparation Tool

4. VMware Windows XP Deployment Guide (pdf)

5. Free Terra Novum EZ GPO tool for power management

For More Information

Here are additional resources:

Comments (latest comments first)

Discuss and comment on this resource in the BigAdmin Wiki

Unless otherwise licensed, code in all technical manuals herein (including articles, FAQs, samples) is provided under this License.


BigAdmin
  
»  Search the HCL
 
BigAdmin Wiki
Discuss and comment on this resource in the wiki.
 
BigAdmin Subscriptions
BigAdmin Areas
BigAdmin Sun Center
BigAdmin Topics