Prepping the network for VDI
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.
From the cloud to the new wireless edge, conversations in the IT department are revolving around what the network will do next. One technology that has managed to escape much of the spotlight -- while still transforming IT --- is Virtual Desktop Infrastructure (VDI).
Although virtualization may have started out as a technology driven by server consolidation, today's evolving network takes virtualization well beyond servers to a means of centralizing IT itself. The evolution starts with desktop PCs and the new class of wireless computing devices proliferating throughout the enterprise, including smartphones and tablet PCs.
2012 OUTLOOK: Virtual desktops are all the rage
VDI is disruptive in that it has the potential to become the new computing norm, and is cropping up in progressive IT departments at colleges, law firms and retail establishments. The business and technical efficiencies involved with VDI are relatively simple and straightforward in exchange for the significant improvements VDI can deliver to network manageability, security and energy efficiency.
According to a June 2011 study from ABI Research, the worldwide market for hosted virtual desktops is expected to grow to nearly $5 billion in 2016. Large enterprises are drawn to VDI because of its ability to reduce desktop support and management costs, as well as the lower overall energy requirements of virtual desktops. VDI also offers business continuity and disaster recovery benefits as well as a means to secure data in the data center, which is paramount when meeting compliance and security regulations.
Before an enterprise undertakes the transformation to VDI, data center managers must understand the impact it may have on the network from a performance standpoint, while maintaining key criteria such as cost savings, delivery of multiple converged services, and power efficiency.
While VDI is partially driven by using lighter-weight devices such as smartphones and tablet devices (rather than bulky desktops), the network plays a key role in further reducing energy consumption through the centralization of resources and by bringing much higher speeds at the port level. So, instead of deploying multiple tiers and distributed Gigabit Ethernet LANs, suddenly the horsepower is consolidated into a single core layer providing the bandwidth necessary for all VDI connections. This allows much higher-density 10 Gigabit Ethernet port modules on chassis type switches to easily collapse all traffic into just a few network switches. In the end, VDI is highly efficient, more powerful and easier for IT to manage.
Once considerations for bandwidth and system centralization have been addressed, the issue of carrying converged media (mixed voice, video and data) comes to the fore.
The network not only has to be equipped with 10 Gigabit and Gigabit to the edge, it also needs the intelligence, quality of service (QoS) and ultra-low latency switching to seamlessly deliver voice and video traffic to users based on predetermined priorities. Just like traditional networks, the VDI network backbone still must handle convergence flawlessly so all users have a consistent, predictable experience. Critical activities such as IP phone calls and collaboration, e-learning activities using IP video, customer call centers, to name but a few, all depend on the network for a seamless, quality experience.
How does the network support security of VDI deployments?
With the VDI network, traditional operating systems are eliminated, yet user log on, secure policies, visibility and monitoring are required more than ever. Security for yesterday's network meant complex "application layer" elements of sign-on security such as LDAP directories, strong authentication, and single sign-on (SSO) systems. But with the emergence of VDI, today's security, namely network identity, is more simplified, centralized and driven by the network rather than the PC OS.
Policy and identity management are important network security considerations since users can connect to the data center from any location using a variety of devices. The access management and lack of identity features with old networks won't be up to par.
More and more secure government facilities are using advanced identity management over VDI, setting the table for similar deployments in the private sector with large mobile workforces. To this end, today's businesses looking to deploy VDI securely require a new model called identity-aware networking. Enterprise Strategy Group defines this as: "A policy-based network architecture that understands and acts upon the identity and location of users and devices."
Identity-aware networking is an integration effort where the network gathers information from multiple existing sources then enables IT managers to use this data to build and enforce access policies. The best of breed network has the intelligence to dynamically collect and update information about users, devices, and location as the users connect to the VDI infrastructure and just as importantly, enforce policies once they are on the network. The business, regulatory compliance, and security ROI benefits available with the identity-aware network become the new norm, carrying the burden away from those that had to maintain application-layer security.
Network-based identity for VDI is associated with things like IP and MAC addresses, VLAN tags and subnets which play a role in device authentication, VPNs and IPSEC. With VDI, network layer security takes over. It is based on a number of inputs, including the user-id and role of the user, specific device characteristics and capabilities, and user/device location. Identity-aware networking wants to know if the user is logging on from a trusted or untrusted network, or whether a user is accessing the network from a wired port or over Wi-Fi. Furthermore, network access policies may need to change from one location within a facility to the next.
With most deployments, the IT department will strive to meet the needs of varying mobile users and disparate devices. At the network level, more granular network access policies based upon user roles, device types, and physical locations are required. The network then has to scale bandwidth, handle converged communications appropriately and bring network layer security policy that is not tied to any single device or application.
Ultimately, the requirements of VDI demand an identity approach and a more aware network. Only when data center managers closely examine the network's role in meeting key criteria such as cost savings, power efficiency, user and device identity, and ease-of-use can VDI truly progress towards becoming a new norm in computing.
Read more about data center in Network World's Data Center section.