Virtualization Headlines
Who Needs Microsoft: How to Deliver DaaS Today
A Contributed Article by Danny Allan, Chief Technology Officer, Desktone

Introduction

There has been a cacophony of noise recently about the difficulty or impossibility of offering Desktops as a Service (DaaS) to the market in a technically viable and cost-effective way given the challenges imposed by Microsoft.  Fortunately, these sentiments and perceived ideas are wrong.  Not only is it possible to offer DaaS successfully, but both Service Providers are moving on this opportunity and organizations are consuming it.  In order to delve into this issue and understand it more fully we must first understand what a desktop is, how cloud hosted services are being offered, and the licensing requirements for various operating systems.

What is a Desktop?

It is important to first understand what is incorporated in a desktop or what this term refers to.  This is a religious debate which does not merit a single answer.  Is the desktop the operating system?  Is it the applications and the data?  Is it the workspace where the user performs their activities?  The very term desktop is a metaphor used to depict an environment in which a user operates and interacts with folders and files.  The traditional Microsoft Windows operating system has often been associated with the term desktop because it is here that the user interacts with applications and data.  However, it is important to note that the operating system itself is of little perceived value.  It is essential for the interaction, but the operating system itself is simply a means for the user to perform their required duties.

Knowing that the operating system is essential in this interaction, it is important to choose one that is applicable for the use case.  Without question, the most common operating system is the current Microsoft Windows client operating system - Windows 7.  If the organization has not migrated to this, it is simply a matter of time - being forced by Microsoft with the impending end of extended support for Windows XP support on April 14, 2014.  Are there use cases for Macs or Linux based distributions?  Absolutely!  There are niche areas of support for Linux with use cases like development and application kiosk type environments, but they have failed to significantly crack a dent into the mainstream desktop.  While the Mac use case continues to expand and gain huge traction with the consumer (driven significantly by the iPod and iPad usage), and also to a lesser extent in the enterprise, it falls down in one key area: application support.

Most existing corporate applications have been built for the Windows environment.  Not only have they been built for the Windows environment - but for the Windows client environment.  This sometimes explicitly will exclude support for session based desktops that run on Windows servers.  While application development is being driven towards Web based and mobile environments, the reality remains that the desktop of choice for most organizations is Microsoft Windows 7.

Desktop Challenges

The historical challenge of the desktop is that it the operating system and software are intrinsically tied to a physical device.  This means that the total cost of ownership (TCO) not only included the management of the operating system, applications and data; but also of the hardware assets.  The coupling of the physical hardware with the software caused huge challenges with broken devices and lost or stolen hardware.  

Additionally, the decentralized nature of the desktop meant that there was not always control of the desktop environment and the activity that happened within it.  The application of Data Loss Prevention (DLP) software, patch management systems and anti-virus management was only as effective to the extent that they could be consistently and predictably applied.

These critical administration systems became even more critical as users were granted the rights to install their own software and browser plugins.  The end user became familiar with the Windows 7 environment and enjoyed the administrative rights required to both perform their needed corporate functions and also to quickly address the computing exceptions that fell outside the default policies.

The promise of virtualized desktops using Virtual Desktop Infrastructure (VDI) was supposed to solve these problems by bringing everything into the data center and to enable consistent and comprehensive controls, but it introduced new challenges with capital expenditures, complexity and it flew in the face of the industry movement towards elastic, on-demand cloud utilization.

Cloud architectures

The National Institute of Standards and Technology (NIST) definition of cloud computing incorporates five essential characteristics: on-demand self-service, broad network access, resource pooling, rapid elasticity and measured service.  Each of these characteristics brings a large benefit to the consumer.  It has pushed more and more organizations to look to the cloud for software or infrastructure needs.  It has also given rise to an entire industry directly responsible for pooling resources and offering cloud services.

However, it is important to note that the tangible assets of cloud computing are no different than the traditional data center.  There is still compute.  There is still storage.  And there is still networking.  The benefit to the end consumer is that these complexities have been abstracted away into a cloud service.  The Service Provider then takes on the task of orchestrating the underlying assets and licensing requirements and simply exposing them in a self-service format  - either as a Software as a Service (SaaS), Platform as a Service (PaaS) or as Infrastructure as a Service (IaaS).  This requires the Service Provider to be able to orchestrate a secure multi-tenant compute/storage/networking environment that scales to market demand.  Emerging cloud orchestration platforms are very much focused on accomplishing just this - either on the backend physical asset orchestration, or on the front end customer facing portal interaction.

It would make sense to apply these same concepts to Desktops as a Service (DaaS).  Desktops operating systems logically require compute, storage and networking and very much are an extension of other bundled cloud services such as storage, back-up or messaging.  However, in understanding the DaaS cloud offering, it is important to understand the licensing requirements.

Virtual Desktop Licensing

Given that Microsoft Windows in the dominant operating system for desktops, it is important to understand how cloud providers can meet compliance with their DaaS offering.  There are two ways that a Cloud Service Provider can offer DaaS: the customer can obtain Volume Licensing under VDA (virtual desktop access) for full Windows 7 desktops, or the Service Provider can host a desktop-like functionality under the Service Provider License Agreement (SPLA) using a Windows Server. 

The first option offers the most end user friendly scenario.  The end user can use a fully featured Windows 7 desktop with the same level of application support that they are familiar with and used to in the traditional desktop model.  Additionally, the IT administrator can continue to use their existing corporate assets such as Group Policy Objects (GPOs), patch management software, AV and security software, and other desktop management solutions on these desktops.  The incremental adoption model is minimal and users can continue to interact with the desktop in a familiar way.

However, there are two implications to be aware of: the corporation must be the owner of the VDA license and pay $100 per year for each access device, and they must also ensure that the Service Provider uses dedicated hardware for the desktops.  Unfortunately, the first requirement means that the Service Provider cannot include the cost of the desktop operating system in the monthly service fee.  While they can sell this license to the customer, the end customer is the owner of this license.  (It is important to note that many enterprises already have this benefit through Software Assurance on their end points and not further licenses are required for these end points.)  One of the benefits of the VDA license is that the primary owner of the end user access device is entitled to Extended Roaming Rights. This allows them access to the virtual desktop from any personally owned devices which are not on the corporate network.  The second requirement is more complicated and is one of the reasons why Windows 7 desktops are not often offered through cloud providers.  The hardware which actually runs Microsoft software must be dedicated to a single tenant.  This means that the cloud orchestration software must be aware of each tenant quota, and needs to ensure that no two clients are running Windows 7 desktops on the same server at the same time.  Most cloud orchestration platforms today do not natively carry this capability and instead simply allocate resources out of a single large pool of capacity.  This is why most cloud providers do not offer a Windows 7 desktop as a compute model in their Infrastructure as a Service offering.

The second option for virtual desktop licensing is to use a dedicated Windows Server 2008 R2 operating system and to assign this in a 1:1 model for each user.  With the latest releases of the Server platform comes the ability to enable the Desktop Experience which makes the Server OS look and behave as the client desktop.  The benefit of this model is that the Service Provider can take full responsibility for licensing and is able to share a large pool of compute across multiple tenants.  Additionally, unlike Remote Desktop Services (formally Terminal Services), the end user can be an admin with full administrative rights to install software and browser plug-ins.  This model works very well for the SMB market where the minimum of 20 desktops cannot be met and where servers cannot be effectively utilized.  It is also the only option for SaaS providers who want to offer their software suites to end customers as a service, but where they have no control of the licensing of the end points.

The downside to this second DaaS model is that these are not Windows client desktops.  This means that application support is unknown unless the IT team is able to fully test the required software and to validate that they are fully supported in a server OS.  It also means that existing GPOs, patch management software and other management solutions may need to be re-visited and re-validated for this model.  In short, it is not what either the IT management team of the end users would choose as their first option.  However, it is the only option for some licensing scenarios.

Successfully Offering Desktops as a Service

The argument has been made repeatedly that there is no way to successfully launch and maintain a DaaS offering given the restrictions of Microsoft licensing.  This is simply not true.  There are some very critical requirements for a Service Provider to enable a true and comprehensive DaaS offering:

1.       The platform must offer a multi-tenant orchestration ability for management, provisioning, storage and networking within a data center.

2.       It must support the ability to dedicate hardware for tenants that choose to run full Windows 7 desktops.

3.       It must optionally support the ability to provision Windows Server with the Desktop Experience enabled for the licensing use cases when this is optimal.

4.       It must also support the ability to run utility servers in the same network segment as the desktops.

5.       It should also enable to ability to move Windows 7 workloads around, based on tenant size to take advantage of the best-fit server hardware model so that large, medium and small sized servers are fully utilized.

6.       The platform must scale from 1 to 100,000 desktops to meet the demands of the organization as it grows.

7.       As NIST indicates in their cloud requirements, it must meet the requirement for self-service in both provisioning pools of desktops, and brokering connections for users to these desktops.

8.       The platform must support the unique configuration and domain joining of each model of desktop so that these are fully functioning members of the tenant domain.

9.       The platform must incorporate a security model that not only separates each tenant onto their own network segment, but allows them to securely integrate with their existing corporate assets or third-party cloud services.

10.   The platform must ensure separation between the Service Provider and the tenant such that the Service Provider is unable to access the customer desktops without explicit permissions.

Achieving all of these critical requirements is simply not possible with the cloud orchestration platforms that exist in the market for orchestrating server workloads and IaaS.  Likewise, meeting these essential DaaS requirements is not possible with the traditional on-premise VDI solutions.

Experience has proven that bringing a successful cost-effective DaaS offering to market requires a purpose built infrastructure that can orchestrate the delivery of multiple models of virtual desktops, while maintaining compliance with the appropriate desktop licensing model.  Is this possible?  Absolutely!

###

About the Author

As Chief Technology Officer, Danny Allan is responsible for developing Desktone's technical and service delivery strategy. Allan educates IT organizations and solution providers on how to design and deploy hosted virtual desktops and is responsible for the service delivery operations. He joins Desktone from IBM where, as Director of Security Research and a member of the Security Architecture Board, he co-authored the IBM Secure Engineering Framework and helped define the software security strategy. Earlier, Allan held several senior customer facing and technical strategy positions with Watchfire. With 10+ years of technology and security experience, Allan has published several whitepapers and articles, participates in industry working groups, and has spoken at more than 60 industry conferences. He holds a Bachelor of Commerce degree from Carleton University.
Published Monday, February 25, 2013 6:16 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<February 2013>
SuMoTuWeThFrSa
272829303112
3456789
10111213141516
17181920212223
242526272812
3456789
Archives