Blog
The views expressed in the posts and comments of this blog do not necessarily reflect those of Sigma Solutions. They should be understood as the personal opinions of the author. No information on this blog will be understood as official.
-
Tweet As written by Sigma’s Elias Khnaser for Virtualization Review
The last few months I have seen an uptick in interest in mobile device management solutions in the enterprise. It seems like every other customer I am in front of is asking about this technology and in almost every case the customer needs help identifying the criteria by which to evaluate the different solutions out there. It makes a great topic for this week, so here is the criteria I’d use:
What type of platform is it?
The objective here is to understand what type of platform the vendor being considered offers. Is the platform one that can manage the phone natively or is it one which deploys a virtual container on the phone? I have found that some enterprises like the idea of managing the phone natively, but others prefer a complete separation of personal and work. The latter is obviously a clearer, more well-defined delimiter. Meanwhile, the native phone management provides for some technical challenges in that you have to be able to clearly distinguish between personal data and enterprise data.In both cases, however, you want to avoid managing the device itself — in the age of BYOD and consumerization, we don’t want to take a step back and go back to the complexities of managing a device. Managing a personal device is the user’s responsibility; instead, we simply want to manage the enterprise resources we deliver to these devices.
What types of operating systems does the platform support?
Identify how many types of mobile phone device operating systems the vendor supports. Of course we want support for every mobile operating system out there, but sometimes not all vendors build in support for all OSes. If you find a vendor that you like and a solution which meets your needs from a feature standpoint, ask about a roadmap for supporting the other OSes. Keep in mind, however, that you are deploying this solution to manage consumer devices, so be very cautious in selecting a vendor with the widest range of support for at least Apple IOS and Android, with a roadmap for the other OSes like Microsoft Mobile.Is the product offered as SaaS or premise-based?
Understand how the solution is deployed. Some vendors offer strictly a SaaS service, while others offer premise-based software installs. Few offer both solutions. It is important to to investigate both types of solutions, understand the differences from a feature as well as a management and training standpoint, and of course, from a cost and time-to-production standpoint.Is it able to enforce baseline security policies?
The product should be capable of checking for required security products, prompt for acceptance of company usage policy and enforce password policies such as password length and complexity. The solution should be able to offer encrypted backups, detection of jail breaking or blacklisted applications. In addition, the solution should be capable of enforcing folder-level encryption, full disk encryption or both.What about location awareness and remote wiping?
The ability to track the device for recovery purposes is a key factor. You should investigate the products for their GPS and location awareness capabilities which will aid administrators in possibly recovering the asset or remotely wiping it should the need arise. You should also evaluate the products’ ability to wipe/destroy selective data and the ability to wipe out business data while keeping personal data intact.Application manageability?
You should investigate the product’s capability to manage installed applications on mobile devices, such as the ability to remotely update an application or even remote uninstall . If this feature is not possible on certain mobile operating systems, what alternatives does the solution offer?Is the product capable of disabling certain features of the device?
Some enterprises find it important to be able to disable certain features of the device, such as the camera. Depending on which area of the campus or building you are in, understanding the capabilities of the solution will open the doors for you to find good uses for it.What about monitoring and reporting capabilities?
Monitoring and reporting capabilities are important to any organization. You should investigate the different products for these capabilities. Furthermore, you should also be looking to understand how much out-of-the-box reporting capabilities the product offers as opposed to highly customizable, difficult-to-export data that may increase the operational cost of deploying the product.Does it have out-of-the-box integration capabilities with incident management system?
I highly recommend that you understand and thoroughly evaluate the products’ ability and ease of integration with the existing enterprise incident management system/process, as this will be important for you to support the solution without needing to have separate systems to track support calls.As you can see, the list of things to look for when evaluating MDM is not terribly long but it is definitely involved. Carefully define the business objectives, don’t try to enforce things that are out of your control. For example, don’t try and fight consumerization by saying, “We will only support Apple devices or Android device or Windows devices.” Instead, keep an open mind and accept the fact that you have to choose a solution that caters to almost everything or a solution that has a roadmap that caters, supports and most importantly keeps up with the different devices, OSes and trends in consumerization and mobility.
-
From Enterprise Data Center to Private Cloud, Part 2 - 2012.02.17
Tweet Written by Sigma’s Elias Khnaser
Last week, I talked about what it takes to transform an enterprise data center to a private cloud. This time, let’s focus a bit on the essential first step of preparing for a private cloud.
In order to reach a true private cloud, an organization has got to overcome the barriers of server virtualization and tackle the most challenging of physical servers yet to be virtualized. A good private cloud strategy would be to start with a cloud readiness or fit assessment. This assessment, while broad and detailed, will also include the level at which you are virtualized — and you’ll want to be at 100 percent, if possible.
To achieve 100 percent readiness, let’s start with virtualizing tier-1 applications. It is important that we tackle tier-1 apps and this requires advanced understanding of how server virtualization works and the inherent best practices to squeeze every little ounce of performance out of it. There should be no reason to not be able to virtualize Exchange, SQL, SharePoint or other applications of the same caliber. Here’s some guidance here as to what to look for from a technical perspective in order to boost performance of these applications:
- Make sure you are using the best combination of virtual hardware for your VMs. For instance, with vSphere, you’ll always use the VMXNET3 virtual NIC, and understand the IO requirements of your application. Also, research when to use the VMware PVSCSI adapter as opposed to the default.
- If you are using Hyper-V or XenServer, understand the limitations of the parent partition or the control domain (DOM0) and when to add more resources to it, as all network and storage IO traffic in Hyper-V and XenServer pass through the parent partition or Dom0.
- You should be very familiar with the fact that adding a second virtual SCSI controller and attaching that to a dedicated virtual disk will increase performance and throughput.
- Understand when to use a Raw Device Mapping and in what format.
This is just a sample of things to look at; your service provider or system integrator performing your cloud fit assessment should be able to look at these and more and determine what is preventing you from virtualizing these servers.
Once you’ve virtualized tier-1 applications, you can then move on to building a meaningful service catalog for users. What I mean by meaningful is having the ability to deliver a service that meets their performance expectations and puts you in a position to charge them for it. Mastering the performance of these applications is a critical cornerstone to a service catalog, which is essential for private clouds.
Service catalogs will consist of building multiple VMs that are considered a service. For instance, if a users wants application X and we have determined that application X is made up of a Web server, a SQL server and a file server, we don’t build three servers and give it to the requestor. Instead, that user can log c to our self-service portal and request “Service X,” which consists of the necessary requirements. We get away from building VMs to building a collection of VMs that constitute a service and are managed as a single entity.
I want to hear from you on applications you are having a hard time virtualizing and what are the steps you have taken to overcome these issues. Let’s try to share some experiences here.
In the next few weeks, I’ll tackle cloud infrastructure, automation and orchestration, chargeback and showback, in addition to SLAs and SLEs.
-
Tweet As written by Sigma’s Dave Harmon
Overview
As the Virtual Desktop revolution is swinging into high gear, there is a glaring issue of what to do with your existing PC’s that still have some value. The View VDI solution is agnostic to end user devices allowing connections from Windows, Linux, and Mac OS’s along with smartphone plug-ins (Wyse Pocket Cloud and VMware app coming soon). Sooo the big question is what to do with your existing PCs and notebooks that still have investment value.
Solutions
There are several options out there to repurpose existing computers, but there several concerns around continued OS maintenance, updates and power consumption with using existing computers. Thin clients are a valid option for PC refresh cycles, since Thin Clients draw around 12 KW/h vs. traditional desktops that draw around 80-100 KW/h. However, the cost of thin clients that support advanced protocols like PC-over-IP cost about $300-400 per device, which is about the cost of a new PC these days, so the power consumption is the “green” tipping point for decision makers. Actually, the power money savings alone for 500-1000 desktops can more than justify a Thin Client for PC replacements. I have one customer in production estimating $50K saving from 8 months last year for 400 desktops replaced with thin clientsJ Thin Clients in general will be discussed in a later blog post, so I will not delve into that area right now.
I want to focus on two (2) solutions that I find work really well for re-purposing existing compute infrastructure. My recommendations are always based on MSRP (Manageable, Scalable, Reproducible and Predictable) architectures, like View vs. Citrix. You know my stance on that.
The first solution is a windows based application call ThinLaunch (www.thinlaunch.com) that will completely lock down the windows OS and only launch the View client to connect to the View broker(s). This is a great cost effective solution that is a “Trojan” type approach to lock down the desktop; multiple OS support (XP/7 and even 2000) and no need to apply any updates to the existing OS. It has a very small footprint and overhead and personally has been a big hit with my customers so far. You can purchase this directly or through my company (I will provide training and support) and can be purchased in small quantities. Please refer to ThinLaunch website for technical details or email me through this blog for more information.
The second solution that a really like is a new product from Wyse called Wyse PC Extender (http://www.wyse.com/products/software/pcextender/index.asp). This is a SUSE Linux based solution that utilizes the Wyse Device Manager control for a “Vonage VDI” type solution. By using DHCP tags and FTP server(s), the end devices can be auto configured and updated with little or no hands on after setup. All devices are controlled by Wyse “ini” files and customization is very easy after setup. Some of the issues at this point are the lack of end device support and minimum quantities the end user must purchase in blocks of 1000. Below is the current list of supported end user devices, but I have this working on some older HP laptops, but had to install the network drivers to get working for SUSE Linux:
- Dell Optiplex GX170
- Dell Optiplex GX 270
- Dell Optiplex GX280
- HP 7900
- HP D530
- HP 7900
- HP DC5100
- HP 5150
Like I stated earlier, there are several other options out there, home-grown and commercial, but I always look at the MSRP value of sundry solutions because at the end of the day MSRP=”Cost Effective”:)
For more information, please research the technology websites listed or send me an email and we can discuss further.
-
Tweet As written by Sigma’s AJ Cruz
If you’ve been in IT very long you’ve probably come across numerous systems implementation methodologies. Models with acronyms like PIO (Plan, Implement, Operate) or APDIO (Assess, Plan, Design, Implement, Operate) or Cisco’s PPDIOO (Prepare, Plan, Design, Implement, Operate, Optimize). Regardless of the number of letters in the acronym, they all have three basic parts: A planning phase, an implementation phase, and a closing phase. They all serve the same purpose: reducing implementation risk and ultimately producing successful results (projects delivered on time, on budget, and according to specs).
I’d like to share with you my first experience in pinewood derby racing (as a parent) and explore how implementation methodologies are recipes for success in any life endeavor.
A while back my eight-year-old, Jacob, brought home his first pinewood derby kit from cub scouts. This was it. The event I had been dreading for eight long years had finally arrived. That’s right; the day he was born I pondered the grand responsibility of one day producing a derby car so completely awesome so as not to shame my boy’s name and make dads everywhere shrink with envy. OK so maybe I didn’t set the bar for us quite that high. In fact, I was just hoping we wouldn’t get last place. At any rate, I knew our success on the pinewood circuit depended on 1. A solid plan, 2. Proper implementation of that plan, and 3. Careful observation during the event to catch any important lessons for future races.
1. THE PLAN
Our first order of business was a strategy session. Jacob and I sat down together and I initiated the session with a few thought-provoking questions. “How does the car move down the track, is it gas-powered or electrical?”
“No, they hold it at the top of the track and gravity makes it go.”
I hold a baseball and a sheet of paper above my head and ask the next question, “If I drop a baseball and a sheet of paper, which one will fall faster?”
“The baseball.”
I drop the objects and Jacob’s prediction is correct so I ask him “Why did the baseball fall faster?”
“Because it’s heavier.”
So now I point out to him that we’ve established the first important rule of pinewood derby cars: They’re propelled by gravity and the heavier it is the faster it will move.
Next I ask what would make the car run slower, and to lead the question a little I add “do you think it would go faster if the track was ice or dirt?”
“Ice.”
“Why?”
“Because it’s more slippery.”
I explain that ice is more slippery because there’s less friction, friction works against gravity to slow the car down (second important rule of pinewood derby cars). We continue brainstorming and several more questions later we develop the following strategy-
GRAVITY
- Make the car as heavy as possible (5oz per the cub scout rules)
FRICTION
- Reduce air friction by selecting a sleek, aerodynamic body design
- Reduce wheel/axle friction by lubricating the axels
- Reduce wheel/axle friction by straightening and smoothing the axles
- Reduce track friction by cambering the tires
- Reduce track friction by raising one wheel
2. THE BUILD
Jacob and I started out on the computer looking up pictures of body styles. Jacob was really interested in a muscle car-looking body. Wanting him to be the one to design the car and thinking at our slow speeds aerodynamics wouldn’t play that huge of a role, I agreed.
I cut and sanded the wood.
Next, I tackled the axels. I placed an axel into my cordless drill, pointy side in and ran the drill at low speed. Using a hammer I tapped the axel gently until the axel lost its wobble while the drill was running.
Next, I used a file and with the axel still in the drill, running at high speed filed down the burs under the cap of the axels. I finished off with a steel wire buffing followed by a cotton polish (used a cotton rod from a gun cleaning kit).
I tapped each wheel into place. I then took a small punch tool and lightly tapped the axel on the front-right wheel until it was slightly raised. Just barely though, we don’t want it bouncing around too much. At this point we have a car with only 3 wheels touching the track, but if left straight the entire pad of the wheel touches the track. So next I took the punch tool and lightly tapped the inside (pointy) end of the axel which caused the wheel to angle in slightly. Repeat x3 and we now have our car riding on the outside edges of the wheels. To check, place the car on the edge of a flat surface (table) and make sure you can see a tiny crack of light under the wheels near the inside.
Next was weight. We had a food scale we borrowed from mom.
I put the body, wheels, and axels on the scale to get a rough idea of how much weight we needed to add. I then got out my tackle box and started adding fishing weights to the scale till we got to 5oz or just over. In our case it took 3 fishing weights (I can’t remember what size I used).
Now is a good time to mention weight placement. My physics isn’t strong enough to calculate whether front placement would be better than rear placement, so I took a guess and went with front placement. It feels like the better choice, my thought being it would pull the car down the track and the back end wouldn’t want to swap places with the front end.
We drilled the holes, placed the weights, puttied. Jacob painted and we weighed in at just under 5oz.
The day of the race we lubricated each axle with powder graphite and we were ready to race.
3. THE RACE
I’m pleased to say that Jacob’s car placed 2nd. Not too shabby for our first derby experience. I attribute our success to proper planning & execution, but we weren’t done yet. With any work project it’s important to continually optimize processes and to identify lessons learned so that future projects can build on past experience. I knew it was the same for our racing experience. During the race I noticed a pattern with the successful cars and asked Jacob what he thought all the fast cars had in common.
We both agreed the faster cars “looked fast” or in other words, were aerodynamically streamlined. I think we’ll pay more attention to that variable next year.
-
Desktop Virtualization’s Role in Desktop Management - 2012.01.25
Tweet Written by Sigma’ Elias Khnaser
Mobility is defined mainly by who you ask to define it. For instance, ask Citrix and mobility is all about apps, desktops and data on any device. Ask Cisco and mobility might be about wireless. If you ask other folks in the industry, you will learn that mobility is about mobile device management. Ask me and I say mobility is about all three of them combined and not separated as they fulfill a complimentary role to one another.
Desktop virtualization is definitely a building block when it comes to mobility. The influx of mobile devices from smartphones to tablets has invaded enterprises and users have demanded their applications, desktops and data to be accessible on these devices. Desktop virtualization directly addresses these concerns and enables the user access to applications, desktops and data on any device. Still, that is not the sole definition of mobility. How do we control these devices? How do we separate personal data from business data and how do we secure it, encrypt it, remotely wipe it? All these questions and more lead me into Mobile Device Management, aka MDM.
While desktop virtualization is very important in an enterprise’ mobile device strategy, you will quickly find that every user probably does not need access to apps, desktops and data, but every user most definitely has one or more mobile devices at any given time. In retrospect, these devices are now going to be connected to the enterprise network and could pose a potential security and regulatory risk. So how do we control them? There are two popular approaches. There is the traditional premise-based approach of installing software and using it to manage these devices. There are also now plenty of choices in the cloud, in the form of SaaS, which allow you to bring order to this chaotic spread of consumerization.
The [premise-based approach is a traditional model where software like Microsoft’s upcoming System Center 2012 can be deployed in the enterprise to manage these mobile devices of different makes and models. This approach of course comes at a premium — you have to invest in acquisition costs for software and hardware, invest in training and on-going management costs and of course upgrades and upkeep of the environment. The solution, however, is quite impressive and very feature rich. I have a detailed article coming up in the print version o f Virtualization Review specifically about Microsoft SCCM 2012, so make sure you pick up a copy.
And then you have the cloud! SaaS offerings in the MDM space have become very popular and very feature rich. Companies like MobileIron, OpenPeak, Airwatch and others are offering alternatives that don’t require a CapEx investment and make for a very compelling OpEx play, all the while shortening the learning curve and time to deployment. But even in the SaaS approach you have choices. After all, it is in the cloud, so the sky is the limit. When selecting a cloud-based SaaS for MDM, it is important to know what type of platform the vendor is offering. There are two approaches:
- Native management of the device–This approach manages the device natively, which means it does not isolate the enterprise data in any container. Instead, it manages the device and the applications installed on it and also secures the entire device.
- Secure Container–Type-2 hypervisors is exactly what the name implies. Vendors deploy a secure container which holds the corporate data and aplpications and manage that container on the phone, rather than the entire phone.
Now, in the second approach I am talking in general here — there are vendors who will offer one or two features here and there that go a bit beyond the definition, but in general the idea is to manage the container. VMware’s project Horizon Mobile for instance does just that: It deploys a virtual phone, complete with applications and enterprise security policies and allows you to control and manage that portion of the phone, leaving the user’s traditional device completely intact. It is worth mentioning here that Project Horizon is strictly a smartphone solution. As a result, you cannot use it on other devices yet and support for operating systems other than Android do not exist just yet.
Now in closing, I want to leave you with wireless. Many organization forget the effect of consumerization on the organization’s wireless infrastructure. As you craft your mobility strategy, it is imperative that you assess your current wireless infrastructure, understand the current and expected load and then design it accordingly, especially if you will be deploying desktop virtualization and extending that to mobile devices. Remember, if your infrastructure is not solid, everything else you build atop it will also not be solid.
I would love to hear your comments on how you are going about dealing with mobility in your enterprise, what are some of your challenges and how you are proposing to address them.
-
Tweet As written by Sigma’s Elias Khnaser for Virtualization Review
It’s an exciting time to be in technology. As IT professionals, we get to say we are the generation that witnessed how Big Data transformed the world. we saw how virtualization revolutionized IT and gave birth to the cloud. But more importantly, we get to say that we are the generation that witnessed how technology helped us feed the world quicker, warm the world quicker, cure the world and maybe even heal the world.
You see, everything we do on a daily basis as IT professionals means something if we can put it in context. They say every action generates a reaction, an event could lead to a sequence of events or could have a trickle effect, but there is so much data out there, so much information and our brain can only process small nuggets, can only address information from a very narrow perspective.
Bottom line is, we are slow, and most research takes years. It takes years because it is necessary to correlate data and make sense of it. So, what if there was a way to correlate data and all sorts of information in real time? If that were possible, would you not be able to make better decisions for your business? Would that not enable you to find cures for disease faster? Or maybe even avert epidemics altogether? Maybe even avert wars? Stop terrorist attacks? The possibilities are limitless. They say society is knowledge, and knowledge is power. Well, Big Data promises to deliver information of all sorts, correlate it and analyze it so that you can make a better, more informed decision in real time.
Enough philosophy — let’s look at an example. What if the shortage in certain types of food, which is high in certain vitamins was responsible for people getting sick? Getting the flu? This type of data research and analysis would take years to gather, to understand and to conclude. The data would be so old and after-the-fact that it would only be useful in university studies and research papers. So, what if that information was available in real time? What can government do with it? How about they alert the communities mostly affected, suggest certain vitamin intakes or perhaps the consumption of other foods high in that vitamin. What about pharmaceutical companies? They could use that data to develop a cure to a flu variation that has not spread yet. But you will say that is all for large enterprise. I say Big Data is for all sizes of enterprise. If you owned a pharmacy, would this information help you? Absolutely it would. Based on Big Data analysis, you might stock more of a certain type of medicine
That’s just one example of many on how Big Data can impact and better our lives, but processing that large amount of data requires a platform capable of handling that amount of data, computing it fast enough and is capable of scaling as fast as we generate data. Today, there are many platforms capable of doing that. Hadoop is one such platform, capable of ingesting structured and unstructured data, Hadoop is quickly becoming the platform of choice and has garnered support from the three largest database developers: Microsoft, Oracle and IBM.
The power of Hadoop is that you can deploy it on standard x86 computers and you can scale it by adding more nodes, a true implementation of grid computing. As a result, Big Data can be leveraged by large and small enterprises. As the data grows and your ability to manage it becomes more challenging, there is always the cloud, ready and able to address these concerns, able to scale, absorbing large quantities of data and unlimited computational resources.
Make no mistake, Big Data is here and enterprises that appreciate it, leverage it, will reap the benefits and grow substantially. Big Data for me is the first time I can literally appreciate the technology beyond the geeky aspect of engineering or putting it all together, and being able to know that our efforts make a difference in the world we live in.
-
PC Applications in The Post-PC Era - 2011.10.06
Tweet I subscribe to the school of thought that we’re already in the post-PC era, simply based on the number of mobile devices we support. That point may be arguable, but one thing is not up for debate: PC-based applications, specifically those that run on Windows, are going to be around for a very, very long time, especially in large enterprises. Yes, we hear a lot about SaaS and Web-based alternatives, but who among us doesn’t have some legacy software that we have to keep running?
Most IT teams have struggled to marry new devices, mostly tablets and smartphones with small displays and touch-screen keyboards, with Windows operating systems and the applications that love them. The main sticking point is that Windows is a point-and-click interface. Some smartphones, such as the Motorola Atrix, allow users to dock a phone in a laptop shell, thereby giving access to a full laptop screen and keyboard. Celio offers a Redfly mobile shell and dock. That is, however, another piece of equipment users have to carry. Newer phones also have some sort of video output, like HDMI, that would allow the projection of the phone’s screen onto a larger display, provided such a display is available.
The form-factor problem is another issue. I don’t believe anyone enjoys working on a Windows desktop from a smartphone screen, so people will still carry multiple devices when they move around — a smartphone, a tablet for meetings or on a plane, maybe a laptop PC or Mac just in case.
This problem isn’t going to go away anytime soon, especially because vendors like Citrix and Microsoft are releasing software that works or will soon work on any device, from Android to iOS and Windows Mobile Phone, all the way to BlackBerry and HTML5; users will be able to connect to PC-era applications leveraging VDI and other technologies. Your users may like seeing a Windows desktop or application on their favorite mobile devices, but this is just perpetuating the problem.
In response, many enterprises that have deployed desktop virtualization offer Bluetooth keyboards and mice for their tablet users to maximize the experience, but is that really the solution? There has to be a better way of addressing a PC-era computing architecture with the post-PC-era mobility frenzy.
We expect more vendors to start playing in this space, and we’d like to offer a suggestion: Figure out a way to zoom and project the keyboard and screen onto a larger surface, like a holographic display, that can be resized and that allows users to control the brightness and contrast. The technology exists. Now all of a sudden, that smartphone and VDI just became the ultimate computing device for PC-era and post-PC-era applications. We can use the full-size keyboard and holographic display when using point-and-click applications like Word or PowerPoint. The phone is always connected with Wi-Fi and 4G connectivity, so all social media and SaaS applications are available. What else would a road warrior need?
VDI has solved the problem of running Windows apps on smartphones. Now we just need those few missing pieces. We’ll be watching to see what innovations arise.
As written by Sigma’s Technology Officer, Elias Khnaser, for Information Week
-
Tweet One of the biggest hurdles for desktop virtualization adoption is price. Through all my interactions with customers, I am always hearing: “I heard it was more expensive, I heard there are no cost savings,” etc. So, let’s compare a desktop virtualization rollout versus a traditional physical desktop rollout and see if it truly is more expensive.
That being said, keep in mind that from a CapEx expenditure stand point, you will not see much savings. But you will see significant OpEx savings. Usually when I say this, customers will say, “My CFO does not care about OpEx, we can quantify OpEx, we can’t touch it.” I say, have a little more faith. I will accept that argument and respond to you as follows: While it is not easy for every organization to quantify or justify OpEx, the next time your manager needs a project completed in a week and you have no cycles or your current employees have no cycle, the only option is to hire more help or use consultants.
The next time your CFO’s laptop breaks down and it takes two days (being generous) to replace it and bring him back to productivity, the next time your CFO or CIO flames you for not providing adequate technical support or timely technical support to the user community which is generating money for the business, at that point you can reply to them by saying, “We have no cycles, we have been supporting our dispersed and remote user community for years using dated methods; we need a change.” At that point, the OpEx will all of a sudden look very lucrative.
Let’s proceed with the following scenario: Gordon Gekko Enterprises has 1,000 physical desktops that are 7 years old running Windows XP and are up against a hardware cycle refresh and an operating system upgrade to Windows 7. Let’s also assume the company has done its homework and knows the benefits of desktop virtualization. The company is interested in a ball park price comparison between physical and virtualized desktops. To accomplish this, I am choosing the VDI type of virtualizing desktops. While there are other types that can be used to lower the cost, I’m going to assume worst-case scenario.
The company ran all the proper assessments and identified 15 IOPS per user as an acceptable number. (We’ll keep it simple and not go into the different profiles etc…) The company has also identified that it wishes to give each VM running Windows 7 2 GB of memory and 1 vCPU. Again, we are going to ignore application delivery and assume they have that figured out. The company has also identified that they wish to use shared storage in the form of a SAN and have taken the proper steps to avert bootup and login storms as well as anti-virus storms, etc…
Gekko wants to use blade technology to support this environment and its calculations and risk factors accept 60 VMs per host. The math would be as follows:
1000 VMs / 60 VMs per host = 16 hosts
Considering 2GM memory per VM, this would translate into 120GB (128 of course is the right configuration) memory per host. The following tables show the TCO.
Table 1. Desktop Virtualization TCO Table 2. Physical Desktop Rollout TCO When reading these numbers, you can of course draw your own conclusions. Still, I want to discuss a few here and invite comment from you.
Now keep in mind I have put a lot of thought into this, so read the numbers carefully. I have also been very generous with these numbers.
For example, you can get more and better special pricing on servers from manufacturers than you can on desktops. Also note that I listed the cost of acquiring 1,000 new thin clients as optional, simply because you can turn your existing 7-year-old machines into thin clients and use them until they break, and so on.
I did want to list the cost of acquiring 1,000 new thin clients because I was always criticized about ignoring that number. So, for new companies that are just being formed that want to deploy desktop virtualization and have no equipment I have taken that into consideration as well.
I have provided these numbers to ruffle some feathers and stir up some healthy conversation and invite comment to get everyone’s perspective, I really would love to take the pulse of our readers as it pertains to desktop virtualization cost.
Written by Sigma’s Technology Officer Elias Khnaser for Virtualization Review
Posted in: Virtualization -
Citrix and The Atrix - 2011.09.09
Tweet For the past 18 months, I have been speaking publicly about desktop virtualization, and at every conference I keep stressing the inevitability of the smartphone making a significant impact on desktop virtualization.
If we break down the components of a smartphone today, we end up with a mini-computer. If I have that much power in the palm of my hand, why can’t I use it to power other devices? Why can’t I use it as a thin client? Except, the smartphone has an advantage over traditional thin clients, it has a 3G or 4G signal which means it has built-in internet access. Now if I have Internet access anywhere I go, I can access my DVI (Desktop Virtualization Infrastructure) desktop from anywhere, anytime. Now that is cool. However, let’s take it one step further, instead of the concept of Bring Your Own PC (BYOP), let’s keep the same acronyms but say Bring Your Own Phone. Now organizations can spend money to purchase these smartphones and have docking stations at desks that extend them to monitors and keyboards. Connect them to Wi-Fi at work. Do we really need to be wired to the desktop? No, that saves on switching infrastructure and cabling and much more while investing more in wireless access points.
The Motorola Atrix 4G is a huge step in the right direction for DVI enthusiasts and the fact that Citrix supports the device with the Citrix Receiver reinforces its advanced position in this market. Organizations are on the verge of a Windows 7 upgrade and a hardware refresh on desktops as well. Some are even on the verge of a mobile phone upgrade for users. A pretty large undertaking. What if they change their way of thinking a bit and instead of refreshing everything, refresh the phones with the Atrix or the likes of Atrix? The peripherals like keyboard, mouse and monitor should be pre-existent – all you have to do is build an infrastructure that can support DVI and the question of off-line access has solved itself.
Instead of finding a way to enable users to work offline, we found a way to keep users online with fewer devices and no complex setups. Sure, one can argue that on a plane, we still don’t have signal, but one can also argue that more and more planes have Wi-Fi nd it is just a matter of time before it becomes standard. Let’s face it: we live in a connected world, let’s change our way of thought and move forward, being off-line is not an option anymore. While that may have been the case 10 years ago, it is not today. Today, if you are not connected, you are not productive.
The Atrix is just the beginning, the next step will be to create shells for the phone, for example, why should I buy an iPad? Why can’t I just buy a shell that looks like the iPad and slide my iPhone in it to light up all the features of an iPad? Why can’t I get into my car, slide my phone in and that lights up my navigation and everything else I get from my in-car entertainment system today?
Tablets are not the future, you know what is? Smartphones.
Written by Sigma’s own Elias Khnaser. Contributor to Forbes
-
The History of Wireless – Part 1 - 2011.07.07
Tweet The very first 802.11 wireless networking standard was ratified in 1997. These first wireless networks were very slow, and barely usable. Early 802.11 used FHSS modulation and could only achieve speeds of 1 and 2Mb. It wasn’t until 1999 when 802.11b was ratified that wireless networking began to really catch on and speed up. Around the same time, 802.11a access points were available and could support wireless speeds of up to 54Mbps, but 802.11a didn’t catch on with enterprise customers or home users since it was more expensive, and there weren’t nearly as many client devices that supported the 802.11a (5GHz) frequencies. This pattern of wireless adoption leaning towards 2.4GHz continued on for many years.
In 1999 you could only hope for 2.4GHz wireless speeds of a theoretical 11Mb, but more like 5.5 actual throughput due to the half-duplex nature of wireless technology. The DSSS data rates supported speeds of 1Mb, 2Mb, 5.5Mb and 11Mb. When OFDM for 2.4GHz was released in 2003 the additional data rates of 6, 9, 12, 18, 24, 36, 48, 54 became available in the 2.4GHz frequency. Four years earlier 802.11a had been able to support the same speeds, but there were simply more 802.11b/g client devices available.
With the ratification of 802.11n finally happening in 2009, the 2.4GH frequencies are now capable of the additional speeds when using 20Mhz wide channels of 7.2, 14.4, 21.7, 28.9, 43.3, 57.8, 65 and 72.2. The real speed increases of 802.11n can be realized when two channels are bonded together into a 40Mhz wide channel to double the theoretical throughput to speeds such as 15, 30, 45, 60, 90, 120, 135 and 150. Of course, there are still only three non-overlapping 2.4Ghz channels (1, 6, and 11) so bonding channels together in the 2.4GHz spectrum quickly leaves you with little room for a non-overlapping channel plan. Utilizing the 5GHz spectrum for 40Mhz channel bonding is the obvious choice. The 5GHz spectrum allows for at least 12 non-overlapping channels (depending on the country codes in use).
Early 1 & 2Mb wireless networks usually did not incorporate antenna diversity into the design, but even as early as 1999 access points were designed with antenna diversity capabilities. Antenna diversity is used to increase the odds that you receive a better signal on either of the antennas. This only becomes more important as you can see in 802.11n access points. MIMO (Multiple Input, Multiple Output) antennas are integral to achieving 802.11n wireless speeds.
Higher throughput via 802.11n is possible with multiple antennas as well as access points that are capable of sending multiple data streams. The number of spatial streams an access point is capable of supporting is represented by a X b : c. (a) represents the number of transmit antennas (b) is the number of receive antennas, and (c) is the maximum number of spatial streams the access point/radio can support. An access point identified as 3×3:2 has three antennas for transmitting, three for receiving and is capable of sending two concurrent spatial streams. It is possible to achieve data rates up to 600 Mbit/s with four spatial streams using a 40 MHz-wide channel. Of course this also now means you need to use a gigabit switch to connect your access points to the LAN or you’re creating a potential network bottleneck at the switch port.
Posted in: Wireless -
Tweet The Wireless Control System Configuration Guide goes over how to manage RF Calibration Models, but it does not however describe how long the process takes, or what exactly it entails. I will endeavor to describe the process according to how I’ve calibrated RF models. I do not know if how I’m doing this is correct, this has been a matter of trial and error. You don’t get the opportunity to calibrate RF deployments too often, and the number one reason for that is most likely how long it takes to complete the calibration.
I haven’t had much luck using the linear calibration model, so I use the point calibration model instead. I configure my wireless card to operate as an 802.11a client for one set of point calibrations throughout the facility, then I configure it to operate as an 802.11b/g client (only) for the second pass at the calibration process.
I don’t stop calibrating the floor area until I have covered the floor area with data points from one corner of the floor to the other. I don’t know if this is necessary given the paragraph above, but the data collected across the floor area appears as “complete” to a customer reviewing the RF calibration.
Recently I did a full calibration of a 34,000 square foot facility. The deployment consisted of 11 3500i series CleanAir access points. The time to calibrate from beginning to end was approximately 4 hours. Two hours to calibrate for the 5GHz frequency, and two hours to make a second pass to calibrate for the 2.4GHz frequency. Each point calibration location sampling took at least two minutes to complete.
Neither of the design/configuration guides tells you exactly what you’re supposed to do with the laptop when you’re using the point collection model, unless you’re really supposed to pirouette while holding the laptop. I tried to follow this example for the first calibration I did – it just ended up making me dizzy. Now I stand in one place and change the laptop orientation while changing the direction I’m facing. I’ve found that if I hold the laptop in the same orientation the data point collection fails quite often.
There are several important bits of information spread throughout the WCS 7.0 Configuration Guide and the Wi-Fi Location-Based Services 4.1 Design Guide. I will list them below.
The Wi-Fi Location-Based Services 4.1 Design Guide states:
“Due to an open caveat1 concerning the use of dual-band calibration clients and performing a location calibration data collection on both bands simultaneously, it is recommended that calibration data collection be performed for each band individually at this time. When using a dual-band client, use either of the following alternatives:
- Perform the calibration data collection using a single laptop equipped with a Cisco Aironet 802.11a/b/g Wireless CardBus Adapter (AIR-CB21AG) on each band individually. For example, proceed to disable the 5 GHz band and complete the data collection using the 2.4 GHz band only. Then, disable the 2.4 GHz band and enable the 5 GHz band, and proceed to repeat the data collection using the 5 GHz band only.
- Perform the calibration using two people and two laptops. Each laptop should have a Cisco AIR-CB21AG and be associated to the infrastructure using a different band. The two calibration operators may operate independently; there is no need for them to visit each data point together. In this way, a complete calibration data collection can be performed across both bands in half the amount of time as option #1 above.”
and
“Temporarily disable Dynamic Transmit Power Control (DTPC) prior to conducting calibration data collection. DTPC must be disabled separately for each band using either the controller GUI, the controller CLI or WCS for each controller whose registered access points are expected to participate in calibration data collection. After calibration data collection has been performed, DTPC should be re-enabled for normal production operation.
Ensure that the WLAN to which your calibration client will associate is configured to support Aironet Information Elements (Aironet IE). Doing so will enable the use of unicast radio resource measurement requests during calibration data collection for more efficient operation.”
According to the WCS Configuration guide: “Only Intel and Cisco adapters have been tested. Make sure the Enable Cisco Compatible Extensions and Enable Radio Management Support are enabled in the Cisco Compatible Extension Options.”
Also of note from the WCS Configuration guide: “The calibration status bar indicates data collection for the calibration as done, after roughly 50 distinct locations and 150 measurements have been gathered. For every location point saved in the calibration process, more than one data point is gathered. The progress of the calibration process is indicated by two status bars above the legend, one for 802.11b/g/n and one for 802.11a/n.”
Posted in: Cisco -
Day One – Wireless Tech Field Day - 2011.03.17
Tweet The morning started off with a great Chanalyzer Pro demonstration by the great people atMetaGeek, Ryan Woodings, & Trent Cutler were awesome at explaining the ins and outs of all aspects of the MetaGeek company origins and how to customize the Chanalyzer Pro application. I had previous experience using the ChanalyzerPro application since Ryan was kind enough to send me a Wi-Spy dBx and I tested it out and compared it against AirMagnet’s Spectrum XT and Cisco’s Spectrum Expert tool.
I was not aware that there were home sound systems that could be installed in light fixtures, and hadn’t thought of using a Wi-Spy to identify an absconding shooter by find security cameras in the vicinity of a convenience store crime scene.
There have been a lot of advances to the Chanalyzer application since my demo license expired, but we were all gifted a cool lunchbox with all the MetaGeek tools inside, so I’ll be back to using their ChanalyzerPro application asap!
Cisco started off with David Stiff presenting the Cisco CleanAir solution. I’ve heard this presentation many times, and I’ve presented it several times as well. Based on some of the questions that were asked by other delegates – they were not as familiar with the CleanAir/WCS/Client Troubleshooting tool as I was. I was glad that the information wasn’t a repeat for everyone present.
Funny facts – the Cisco WNBU development team has code names for internal & external antennas: internal antennas are named after soaps, and external antennas trees. The AP I spotted with the code word written on it was called Larch. Naturally I thought of the Monty Python Sketch ‘How to Recognize Different Types of Trees From Quite a Long Way Away’
I’ll be adding to this post with information about the MobileAccessVE Multi-Tier architecture and whatever great information Jameson Blandford (Cisco YouTube Star) will divulge to the Tech Field Day delegates.
…stay tuned
Posted in: Tech Field Day, Wireless -
Gestalt Tech Field Day - 2011.03.05
Tweet n a matter of just a few days, the first ever wireless focused Gestalt IT Tech Field Day will be kicking off in San Jose. The event is scheduled for March 17th & 18th, and all the last minute details are being finalized!
I’ve been making a list of questions about why things don’t work a certain way, or will this ever be possible based on the questions I’ve been asked at customer sties. I’m hoping that the questions I can’t answer (and defy googling) will be answered by one of the sharp minds attending or presenting at the Wireless Tech Field Day.
I know for a fact that all of the delegates reached out to their industry connections to explain why they should sponsor this event. Many emails were sent, many phone calls were made. I know I’ve called/emailed/tweeted every contact I’ve ever had at all of the wireless vendor companies I’ve ever worked with. Some were hard to track down, but I wasn’t going to give up until they’d said ‘No’ at least twice! I’ve been helping Stephen Foskett make this event happen because I’m so excited that an event like this can even be organized, and actually happen! However, Claire Chaplais is the person that really ties everything together behind the scenes, and makes this event come off without a hitch or a hiccup in the overall flow! Claire and Stephen are a great team, and there isn’t another event quite like a Tech Field Day. I’m very glad to have helped put Stephen and Claire in touch with the connections I have to make a Wireless Tech Field Day happen.
When was the last time you heard of competing wireless companies coming together to put their best Subject Matter Experts in front a group of wireless engineering professionals that have an aggregate of over 62 years of wireless experience! It is refreshing to see companies stand by their technology solutions and open themselves up to potentially difficult technical questions from the Wireless Tech Field Day delegates. Everyone wins.
All the information about the event, the sponsors, the delegates can be found on the Gestalt IT Wireless Tech Field Day page.
The event will also be streamed live from TechFieldDay.com so don’t forget to tune in!
Posted in: Tech Field Day -
HP E-Series Mobility Portfolio - 2011.03.03
Tweet HP has launched a new series of access points through a combined development effort with the HP/Colubris development teams. The new access point model numbers are the E-MSM460, E-MSM466 and the E-MSM430.
HP’s goal is to bring a ‘single pane of glass’ management capability to the wireless and wired networks through integrating the HP Mobility Manager 3.10 into the existing IMC solution. Mobility Manager can be a plugin to an existing PCM+ installation.
The biggest news to me was the AP MSM466, which is capable of concurrent radio operation in the 5GHz band. This allows the access point to increase the channel capacity to double the supported client count in high density deployments. This published statistics for this access point indicates a maximum performance of 450Mbps per radio. Using two 5GHz radios in an access point is interesting, but there are still a lot of 2.4GHz clients in use on most every WLAN. Having all your clients in a specific area being only 802.lla devices may be a reality for some enterprise deployments, but I’d bet that most have a wireless client mix that can’t be controlled or influenced by the IT department.
The HP mobility line can support different modes of operation – AP, Mesh and Monitor (packet capture) modes. The new features of the HP mobility hardware producte line are standards based beamforming (explicit) and band steering. There was no mention of the ability to do spectrum analysis with any of the HP access point offerings. The lack of spectrum analysis as part of their product offering does not allow the HP mobility portfolio to identify sources of interference. The HP mobility product line can only adjust the power and channel of the access point in reaction to sources of interference.
I thought the slide showing the comparison of the HPMSM410 and HPEMSM460 to the CiscoAIR-LAP1142N-A-K9 access point was a little misleading.
Mostly since the TxR:S numbers for each of the access points are not clearly stated on this slide. The Cisco 1142N access point is a 2×3:2, and the HP MSM410 is a 3×3:2 access point.
I found it interesting that the MSM410 performed only slightly better than the 1142N even though the radio in the MSM410 has three transmit and three receive antennas. The comparison difference is marked between the E-MSM460 and the Cisco 1142N due to the fact that the E-MSM460 is a 3×3:3 access point. The metrics on this chart show the E-MSM460 providing 150Mbs of throughput at a distance of 230 feet from the access point. This works out to be one access point every 1400 feet. If this distance is to be used as the gauge for the cell edge, that’s a pretty dense access point deployment!
One thing I found of note was the ability of the access point to be changed into an autonomous access point just by changing the operating mode on the access point from the controller. You’re not required to change the code running on the access point in order to make the access point function independent of the controller.
The HP mobility solution does not use the CAPWAP standards-based protocol for their controller based solution. HP uses a proprietary wireless protocol that is based on IAPP and using OpenVPN with UDP tunnels in order to simplify network connectivity on LANs using NAT.
This mobility announcement from HP will be great news for existing HP mobility customers, but I am doubtful that customers with an already deployed WLAN infrastructure will find enough compelling features to make the switch to the new HP E-MSM product line. However, some customers may require the cost benefit of the next day replacement that is part of the HP lifetime warranty.
-
Verifying VTP Information - 2010.12.24
Tweet Taken from “Troubleshooting VLAN Trunk Protocol (VTP)” show vtp statistics
The general purpose of an MD5 value is to verify the integrity of a received packet and to detect any changes to the packet or corruption of the packet during transit. When a switch detects a new revision number that is different from the currently stored value, the switch sends a request message to the VTP server and requests the VTP subsets. A subset advertisement contains a list of VLAN information. The switch calculates the MD5 value for the subset advertisements and compares the value to the MD5 value of the VTP summary advertisement. If the two values are different, the switch increases the No of config digest errors counter.
A common reason for these digest errors is that the VTP password is not configured consistently on all VTP servers in the VTP domain. Troubleshoot these errors as a misconfiguration or data corruption issue.
When you troubleshoot this problem, ensure that the error counter is not historical. The statistics menu counts errors since the most recent device reset or the VTP statistics reset.
Catalyst Switches Do Not Exchange VTP Information
VTP allows switches to advertise VLAN information between other members of the same VTP domain. VTP allows a consistent view of the switched network across all switches. There are several reasons why the VLAN information can fail to be exchanged. Verify these items if switches that run VTP fail to exchange VLAN information:
- VTP information only passes through a trunk port. Make sure that all ports that interconnect switches are configured as trunks and are actually trunking. Make sure that if EtherChannels are created between two switches, only Layer 2 EtherChannels propagate VLAN information.
- Make sure that the VLANs are active in all the devices.
- One of the switches must be the VTP server in a VTP domain. All VLAN changes must be done on this switch in order to have them propagated to the VTP clients.
- The VTP domain name must match and it is case sensitive. CISCO and cisco are two different domain names.
- Make sure that no password is set between the server and client. If any password is set, make sure that the password is the same on both sides.
- Every switch in the VTP domain must use the same VTP version. VTP V1 and VTP V2 are not compatible on switches in the same VTP domain. Do not enable VTP V2 unless every switch in the VTP domain supports V2. Note: VTP V2 is disabled by default on VTP V2-capable switches. When you enable VTP V2 on a switch, every VTP V2-capable switch in the VTP domain enables V2. You can only configure the version on switches in VTP server or transparent mode.
- Switches that operate in transparent mode drop VTP advertisements if they are not in the same VTP domain.
- The extended-range VLANs are not propagated. Therefore, you must configure extended-range VLANs manually on each network device. Note: In the future, the Catalyst 6500 Cisco IOS Software switches support VTP Version 3. This version is able to transmit extended-range VLANs. So far, VTP Version 3 is only supported on CatOS. Refer to theUnderstanding How VTP Version 3 Works section of Configuring VTP for more information on VTP Version 3.
- The Security Association Identifier (SAID) values must be unique. SAID is a user-configurable, 4-byte VLAN identifier. The SAID identifies traffic that belongs to a particular VLAN. The SAID also determines to which VLAN each packet is switched. The SAID value is 100,000 plus the VLAN number. These are two examples:
- The SAID for VLAN 8 is 100008.
- The SAID for VLAN 4050 is 104050.
- The updates from a VTP server do not get updated on a client if the client already has a higher VTP revision number. Also, the client does not allow these updates to flow to its downstream VTP clients if the client has a higher revision number than that which the VTP server sends.
Posted in: VTP -
Tweet Last week I was performing a passive site survey of a currently deployed WLAN in several large hospital facilities in south Texas. During the course of a week and entering countless patient rooms I validated an opinion I’d had for some time.
Out of the dozens of patient rooms I entered, at least 12 or so people understood what it was that I was doing and told me they were using the guest WLAN provided by the hospital. This, in itself is unusual. The majority of the hospital staff seemed unaware that a WLAN had been deployed or was in use.
What really struck me was the number of hospital patients and guests that were using their ownpersonal wireless hot spots. One patient told me he wasn’t using the guest network because it didn’t allow him to login to his Facebook page, so he was using his MiFi device instead. Another visitor told me she was using her MiFi device because the guest network didn’t let her play her favorite online Tetris game. Whatever the reason, the presence of these personal wireless devices is detrimental to the overall reliability of the 2.4 GHz (802.11b/g) wireless infrastructure within the enterprise. Seemingly, any attempts to restrict usage of the guest wireless network will only lead to more and more people choosing to use their own personal wireless hot spot devices for internet connectivity.
In short, I think we’ve reached the point where the timeline for abandoning the 2.4 GHz wireless network for business uses in favor of moving mission-critical wireless connectivity over to the 5 GHz spectrum (802.11a) should be ramped up considerably. There are simply too many sources of interference in the 2.4 GHz frequencies on top of the rapidly expanding number of personal Wi-Fi devices all competing for the same small segment of unlicensed 2.4 GHz spectrum.
Posted in: Wireless
info@sigmasolinc.com | 800.567.5964
