Dizzion has been delivering virtualized Digital Workspaces for over a decade, and we've seen first-hand that adoption rates for Digital Workspaces continue to rise, especially post pandemic. When we think about the drivers behind this, we can't help but think it has A LOT to do with the ever-increasing ability of the technology to meet the performance needs of a wider range of workloads. A few years ago, Digital Workspaces were widely considered only well suited to a few simple use cases, but today, there are numerous organizations using Digital Workspaces to serve their entire workforce, from CEO on down. There's a lot that contributes to the increase in Digital Workspace performance over the years - some of it has to do with software manufacturers improving protocols, platforms and adding features. But there is still a lot to be said for the way in which the underlying components are configured by a Digital Workspace service provider (or an IT department). Huge performance gains can be seen by ensuring that you're paying attention to some basic best practices that impact performance, four of which we've detailed in this blog post. If you're not doing these four things, your Digital Workspace environment(s) definitely aren't performing as well as they could be.
We're all aware that security is a moving target and we can't simply “set it and forget it” or simply handle all security needs by a single method. A simple example of this is the over use of GPOs or Group Policy Objects. GPOs can be used for everything from the ability for a remote user to use a local printer to blocking website access through a specific browser and more. In fact, this is one of those cases where a tool really is a swiss army knife. Ok for a lot of things but not the best solution for many of them and with the added benefit that it may take a whole lot longer and maybe even cut yourself in the process vs using the right tool for the job.
GPOs can be much like the old firewall rules of the past. Just keep building one rule on top of the other until the firewall becomes the bottle neck as it tries to sift through every rule before advancing a packet through or out of the network. In essence GPOs are the same.
Although GPOs can be applied relatively easily, the applied impact isn't always apparent and even less often is that impact compared as an additive to the existing GPOs until applied and there's an issue. Since GPOs standard application is to apply all applicable GPOs at the time of login, the GPO process can contribute to lost productivity, context switching, and lack of confidence in provided technology by end users. At Dizzion we've been able to validate many use cases by reducing login and session re-establishment times. Much of which has been gained by analyzing what the business requirements are and how to best apply those using the proper tools including GPO's but certainly not exclusively. It's a great experience to see an end user start a session with a desktop or application expecting to leave their desk or go do something else for a while and instead see the desktop appear within seconds of requesting it. The amazement on their face is enough to show that you've impacted their work environment and attitude and that repeats every time they log in.
The impact that an underlying storage system has on Digital Workspace performance is HUGE. Yeah, we know we said Security was huge, and it is…. but, this one is huge too. We use the acronym IOPS (Input/Output Operations Per Second) to quantify the performance of a storage system, or specifically, a disk. It's a measure of how fast reads and writes can be made to that disk. As a general rule, you can expect a hard drive in a PC is capable of about 75-100 IOPS (for a typical 7200 RPM SATA HDD). Contrast that with the IOPS capability of an SSD which is measured in the tens of thousands. The time it takes Windows to boot up, the time it takes an application to start, the time it takes to install a new program, apply a patch, these are all affected by IOPS, and the more we give to our desktop, the better it will perform. Yes, we know that desktop performance won't scale linearly with an increase in IOPS… while SSDs can be a thousand times faster than spinning disk, we're not necessarily going to see our PC run a thousand times faster. What we will see for certain is a significant performance increase, as anyone who has swapped a spinning disk for SSD will attest to.
In a Digital Workspace environment, where we're leveraging shared storage platforms across multiple virtual desktops as well as the supporting Digital Workspace component infrastructure, our total available IOPS are going to be split across all the VMs. There are a few things that we can do to ensure great performance, the first of which is to create a dedicated set of disks for the virtual desktops. In other words, carve out some number of physical disks in your disk array to dedicate to your virtual desktop VMs, and dedicate other physical disks for the supporting component infrastructure and all other workloads. This will ensure that your virtual desktops won't ever have to contend with a connection broker or a security server, or any other component for its share of IOPS. The second thing we can do is obvious… always use SSDs! Guidance from VMware to ensure a usable virtual desktop calls for providing 26+ IOPS per user for users that they categorize as “Power Users Plus,” using five or more computer intensive applications at a time. Can you imagine using a desktop with only 26 IOPS? That's about 1/3 the speed of a dedicated SATA drive! Can you imagine your computer running 66% slower? That's just not a good experience.
While this may provide adequate performance, Dizzion has found that we can further improve the performance of our virtual desktops by providing hundreds of IOPS per user, even for task-workers who don't engage in intense computing tasks. Just like moving from spinning disk to SSD in your laptop will make you a happier user, moving from 26 IOPS to hundreds will make Digital Workspace users ecstatic. We know this because Dizzion regularly provides our customers with desktops that exceed VMware's baseline recommendations, and the performance is unlike anything most of our customers have experienced with Digital Workspaces in the past. We're able to achieve this due to our decision to use SSDs exclusively, and the use of storage segmentation to ensure that our desktop workloads have assigned storage resources.
Lack of Monitoring Tools
We have heard some people refer to Digital Workspaces as a “black box” when it comes to troubleshooting. The analogy paints Digital Workspaces as a mystery object into which we have no visibility. If we can't see inside it, we can't tell how it works; if it breaks, we don't know why. For years, that has been a pretty accurate way to describe it. It can be a complicated technology, and some people have just come to expect a poor, frustrating user experience. Without the proper tools to monitor performance and guide us towards issue resolution when issues arise, all we can do is shrug our shoulders and say, “let's just reboot it and hope that fixes it.”
Digital Workspaces no longer have to be a black box. Several software manufacturers in the Digital Workspace space have come to market in the last few years with very robust monitoring tools for Digital Workspace environments. The most significant attribute of many of these tools is the focus on end user experience. Sure, it's nice to know when a connection broker is having a disk issue, or when a service has failed (hopefully you've built redundancy into your Digital Workspace solution so this doesn't cause an outage), but what largely drives the success of a Digital Workspace environment is the end user experience. If our users' virtual desktops don't perform at the same level or better than a physical PC, you risk poor adoption, frustrated users, an increase in help desk tickets and, perhaps even worse, a compromised reputation.
The Dizzion Control Center is included with all our desktop deployments, eliminating the extra cost and effort traditionally involved with accessing this vital monitoring data. The Control Center constantly evaluates thousands of different metrics which lets us understand the end users' desktop experience. Our tools provide real-time as well as historic insight into CPU load, memory usage, active applications, network latency and more. I'm not going to pretend that Digital Workspace environments never suffer from performance issues, of course they can, just like physical desktops do. But in a virtual environment, Dizzion provides our customers with actionable insights into what is causing issues, which can guide you to a resolution! See which apps on the desktop are causing CPU spikes or what processes are memory hungry and guide the user as to how to improve performance. With the insights provided by the Control Center, you can identify network latency issues and bandwidth constraints, and so many more things that could negatively affect performance. And because it's monitoring the user experience in real time, performance issues are often identified proactively, before an end user ever calls the help desk.
Ensuring optimal experience for your end users is key to a successful Digital Workspace deployment. Take advantage of the advances in Digital Workspace monitoring software and ensure that you have insight into desktop performance.
In much the same way that disk segmentation (dedicating a group of physical disks to virtual desktop workloads) provides performance benefits, dedicating network segments to Digital Workspace workloads does too. This is pretty basic stuff if you've been in the virtualization space for a while, but it's worth mentioning again because Digital Workspace performance can really be affected by a lack of proper network segmentation.
The network is constantly active in any virtualized environment, acting as the backbone on which VMs are migrated between hosts, providing connection to management, monitoring and administrative tools, responsible for communication to network attached storage, providing a secure connection to the user's endpoint, and ensuring a fast, reliable connection to the internet. These activities all take up “space” on the network, and we need to ensure that a management task, like a VM migration or log shipping, doesn't negatively affect user experience. We can do this by ensuring that, at the very least, our management traffic, our storage traffic, and our VM traffic (traffic from the virtual desktop to the internet) are all on separate network segments.
Could you do this with VLANs? Yes, if your switches/routers support rate limiting and you configure it to ensure that one VLAN can't take another VLAN's bandwidth. But really, I'm talking about dedicated physical networks. VLANs by themselves (without rate-limiting) won't stop a network heavy management task from taking bandwidth away from our virtual desktops. But placing our desktops on a different physical network than the one on which our management tasks are happening certainly will.
It's a good idea to also understand the characteristics of your network prior to implementing segmentation (i.e. how much total bandwidth is available, how much is being used, are there spikes that occur due to scheduled tasks like backups, etc…). Knowing these types of things can help you understand what impact Digital Workspaces will have on your network and what limits and thresholds to put in place when segmenting networks.
More content created byBrady Ranum
© 2024 Dizzion, Inc. All rights reserved. Frame, the Frame logo and all Dizzio product, feature and service names mentioned herein are registered trademarks of Dizzion, Inc. in the United States and other countries. All other brand names mentioned herein are for identification purposes only and may be the trademarks of their respective holder(s). This post may contain links to external websites that are not part of Dizzion. Dizzion does not control these sites and disclaims all responsibility for the content or accuracy of any external site. Our decision to link to an external site should not be considered an endorsement of any content on such a site. Certain information contained in this post may relate to or be based on studies, publications, surveys and other data obtained from third-party sources and our own internal estimates and research. While we believe these third-party studies, publications, surveys and other data are reliable as of the date of this post, they have not independently verified, and we make no representation as to the adequacy, fairness, accuracy, or completeness of any information obtained from third-party sources.