Service Hotline:18681560651
Phone:186-8156-0651
Email:jiaojian_hp@126.com
Address:Room 2123, 21st Floor, Zhonghao Building, Bagua 4th Road, Futian District, Shenzhen
Introduction of Depp Lianhua Desktop Cloud Solution
2.1 One-stop solution overview
One of the most important features of Depp Lianhua's desktop cloud products is "one-stop". Depp Lianhua provides customers with server virtualization software (VMS), desktop cloud virtualization (VDC) and thin terminal (aDesk) in It can help users reduce investment and operation and maintenance costs, and realize the deployment of virtual desktops more quickly.
Thin terminal aDesk: small and exquisite appearance, using ARM architecture (A9 chip) and Android system, strong performance and fast processing speed. Compared with the thin terminal of X86 architecture, it has lower energy consumption, higher long-term running stability (no heat dissipation), and simplified operating system, which can achieve zero maintenance. At the same time, using peripheral redirection technology, it is compatible with various peripherals in desktop applications.
Virtual desktop controller VDC: It mainly implements user access authentication, fine-grained policy control, unified monitoring and management of virtual desktops and thin terminals, and delivers Windows desktops at a lower cost, safer, and more reliable. It supports hardware VDC and software VDC (deployed on a virtual machine) has two deployment modes.
Server Virtualization Software (VMS): The bare metal structure is directly installed on the physical server, providing a virtualized computing platform with strong performance and high reliability, enabling rapid deployment of virtual machines, resource management and monitoring, dynamic online migration, data backup and Recovery, etc., provides advanced capabilities for cloud desktop workloads, supports large-scale deployment and is easy to operate.
2.2 List of main functions
Name | Detailed Description |
End Device and Operating System Support | 1. Support PC, notebook, thin terminal, iPad, iPhone, Android mobile phone or smart terminal and other devices to access the virtual desktop; |
2. Support Windows 7 (32-bit and 64-bit), Windows XP (32-bit), Windows 8 (32-bit and 64-bit), Windows XPE, iOS, Android and other client operating systems. | |
Desktop Delivery Agreement | 1. Support SRAP high-efficiency transmission protocol, and improve transmission efficiency by more than 6 times through high-efficiency streaming compression algorithm, lossy compression, image cache matching, dynamic content recognition filtering, text and image recognition intelligent compression and other optimization technologies; |
2. Support multimedia redirection technology, adopt advanced encoding and streaming media technology, send compressed and encoded streaming media to the terminal on the server, realize local playback through software and hardware-based processing capabilities, improve multimedia playback performance, and can play 1080P smoothly HD video. | |
Peripheral support | 1. Supports USB bus mapping (including scanners, scanners, cameras, password keypads, second-generation ID card readers, handwriting pads, printer mapping, USB-key and other common bus office equipment), and maintains isolation between sessions; |
2. Support the virtual printing function, by selecting the Sangfor virtual printer on the server side, the file can be printed on the local printer on the client side, and the terminal server does not need to install the local printer driver; | |
3. Support audio mapping, can remotely input and output audio, support serial device bus mapping, disk mapping. | |
Virtual desktop type | 1. Shared desktop: Utilize the multi-user session sharing function of the server operating system to allow multiple users to remotely connect to the same operating system at the same time, and provide each user with a different desktop, users can have their own desktop configuration and personal data, and share The same complete desktop system; |
2. Remote Applications: Utilize the user session sharing and application multi-instance capabilities of the server operating system to allow multiple users to remotely connect to the same application at the same time, users can have their own application configuration and personal data, and share the same set of applications; | |
3. Exclusive desktop: Remotely accessible desktop based on server virtualization, that is, the server can automatically assign a virtual machine to each user according to the template (install Windows XP, Windows 7 and other desktop operating systems, and each exclusive desktop is isolated from each other) , users can remotely access their own virtual machines and have independent and complete desktop use and control rights。 | |
Exclusive desktop publishing mode | 1. Restore mode: In the exclusive desktop resource, the virtual machine used by the user is generated from the template. In this mode, except for some specified directories, the operations performed by the user will be restored after restarting. After the template is upgraded, the virtual machine reopened by the user contains the contents of the template upgrade; |
2. Dedicated mode: Under exclusive desktop resources, users use dedicated virtual machine instances that are automatically generated based on templates. In this mode, the results of operations performed by users, including installing software, creating and modifying files, and modifying configuration, are retained. Restarting and upgrading templates will not affect these modifications.。 | |
VDC Deployment Mode | 1. The virtual desktop controller VDC can be deployed in the form of physical devices or virtual machines. If the client accesses the internal network, after being authenticated by the VDC, the client can directly connect to the user desktop; if the client accesses the external network, after the VDC authentication, the client can The client still needs to go through the VDC agent to access the user desktop; |
2. VDC supports cluster deployment in the form of physical devices and virtual machines to improve availability; | |
3. The VDC supports asymmetric cluster deployment. Hardware devices configured at different levels can also be set based on weight parameters to form an asymmetric cluster. | |
security strategy | 1. Support local authentication, SMS authentication, dynamic token, digital certificate, third-party authentication, hardware feature code and other authentication methods, and can be freely combined to improve access security; |
2. Supports BS and CS-type remote applications and the single sign-on function of Windows virtual desktops, realizes multi-system integration, and avoids the tedious operation of repeatedly entering account or password; | |
3. Password management: support multiple password security policies, you can set the password not to include the user name, the new password can not be the same as the old password, the first login is forced to change the password, the mandatory time to change the password, password strength verification; support graphic check code, soft keyboard; Support account anti-brute force cracking; | |
4. Policy-based access control: Users, networks, services, devices, systems, etc. can be assigned appropriate access rights through associated policies; | |
5. Traffic encryption: support AES, DES, 3DES, MD5, SHA, DH, RSA and other algorithms, and support other encryption algorithms such as SCB2 (SM1) to ensure the security of communication; | |
6. Support client security check function, can specify user access control policy according to the system version, access IP, access time, installation and update of antivirus software, etc.; | |
7. Support setting application whitelist function to control users to actively or passively run illegal applications in shared desktops, remote applications or exclusive desktops; | |
8. Support server-side access control policies, which can control the network that users can access in remote applications, shared desktops or exclusive desktops based on policies; | |
9. Support personal disk encryption technology, which can encrypt disk files storing personal data to ensure personal stability and privacy.。 | |
Desktop session management | 1. Support snapshot management and session retention of multiple desktop sessions; support terminal migration function, switch between multiple terminals without affecting the original desktop operation behavior; |
2. Supports the remote diagnosis function of the desktop session connection, the administrator can perform remote assistance on the desktop session connection on the console to help users diagnose problems online; | |
3. It supports querying the basic information and performance information of a specific session, and can manage all current desktop sessions, such as disconnecting a session or accessing a session.; | |
4. Support automatic reconnection of desktop session after network interruption, temporary network interruption will not affect the original desktop operation behavior; support automatic logout of current session connection。 | |
Session isolation control | 1. Shared desktop supports session-level isolation of server disk space and storage paths; |
2. Shared desktop supports session-level isolation of client peripheral mapping and bus mapping; | |
3. Virtual printers support session level isolation。 | |
Session resource management | 1. Allows or prevents users from redirecting the USB device of the access terminal to the virtual desktop, allows or prevents the user from redirecting the files on the access terminal to the virtual desktop, and can also set a one-way transfer policy (for example, only allow the access terminal to go from the virtual desktop to the virtual desktop). desktop copy data); |
2. Support management and policy control of session resources based on users or user groups, such as whether to allow users to use printers, whether to allow users to use U disk, etc.。 | |
VMS configuration management | 1. Support adding, deleting, editing VMS server virtualization platform, and testing the connection status; |
2. Support to view the details of VMS running status, including CPU, memory, storage, template, running host, running virtual machine, etc.。 | |
Virtual Desktop Resource Management | 1. Supports the use of virtual machine templates to automatically generate virtual desktop instances, and can specify naming rules for virtual machines to better distinguish each user's virtual desktops; |
2. When creating a new virtual desktop resource, you can specify the virtual machine running location, storage location, virtual switch, and the number of virtual machines, etc., and support setting the power-on/off plan of virtual machines for users; | |
3. Supports assigning or not assigning personal data disks to user virtual desktops, and supports specifying the size of disk capacity; | |
4. When deleting a user, you can choose whether to delete the associated virtual desktop resource, but if you choose to delete the virtual desktop resource, the associated virtual machine instance will be automatically deleted.; | |
5. Supports viewing the details of virtual machines associated with resources in the console, including running status, resource utilization, and reasons for creation or startup failures, etc.。 | |
Virtual Machine Instance Management | 1. Supports power level operations such as booting, shutting down, suspending, and restarting user virtual machines in the console; |
2. Support administrators to search for related virtual machines on the instance management page according to the combination of virtual machine name, virtualization platform, resources, IP, and related user items (the search is a fuzzy search); | |
3. Supports viewing the details of the CPU, memory, and disk of the user virtual machine in the console, and the CPU and memory support forward and reverse sorting, and the disk supports forward and reverse sorting according to the size of the ratio。 | |
Platform operation and maintenance management | 1. Support hierarchical management rights, including the upper-level administrators have the right to operate the configuration behavior of lower-level administrators, but not on the contrary; support upper-level administrators to authorize virtual desktop resources to lower-level administrators; |
2. Support automatic backup of configuration files to FTP server; | |
3. Supports sending email alerts and recording failure logs when a VDC fails to connect to the VMS server virtualization platform or when a user fails to access a virtual machine; | |
4. Supports connection with third-party monitoring systems based on SNMP protocol; | |
5. Supports docking with third-party monitoring systems based on syslog logs。 | |
Client management function | 1. Support the monitoring and configuration of thin clients directly on the VDC console, without the need for an independent manager; |
2. Support configuring thin client ROM, including uploading and downloading ROM, whether to enable automatic update, and displaying the current ROM and software version information of the device; | |
3. Supports displaying the reported information on the VDC console, and searching for thin client information; | |
4. Support the client to shut down, restart the machine, pin the screen, log off the user and other operations in the virtual desktop; | |
5. Configurable whether the thin client can switch to the desktop and whether software can be installed; | |
6. Supports entering maintenance mode when the thin client has problems connecting to virtual desktop resources. The user can perform simple maintenance on the remote computer in the maintenance mode, such as pressing F8 to enter the safe mode of the virtual computer. | |
Virtual Machine Management Features | 1. Support multiple users to share the same set of virtual machine templates, user data is stored in personal data disk, administrators can update and maintain software, and automatically update to personal user virtual machines, without affecting personal data; |
2. Supports the use of server memory or cache card for repeated data IO acceleration, which can eliminate repeated IO when desktops of the same OS type are started at the same time, so as to improve the startup speed of virtual desktops; | |
3. Supports memory page merging technology, which can eliminate repeated read-only data in memory pages, such as OS execution code, to save memory usage; | |
4. It supports to form a cluster system of multiple servers hosting user virtual machines, and uses VMS HA mechanism and hot migration technology to ensure the high availability of servers in the cluster. |
2.3Multiple desktop delivery types
u Exclusive desktop: Based on server virtualization technology, an independent virtual machine (installation of Windows XP, Windows 7 and other desktop operating systems) is allocated to each user on the server, and each user's desktop has independent and complete desktop use and control rights. Users can remotely access their own virtual machines (desktops)。
Applicable scenarios: For users who are allowed to install software independently and have relatively complex application environments (such as R&D, sales, marketing, leadership, etc.), the exclusive desktop can provide a personalized Windows desktop experience. Meet daily personalized office needs。
u Shared desktop: Multiple user sessions share the Windows Server desktop environment running on the server. Each user's desktop is locked and standardized, and can access a pre-installed set of core applications, but cannot install software or change the desktop independently configure。
Applicable scenarios: For users who need to use desktops and do not allow self-installation of software (such as counter business, data entry, process operations, production lines, etc.), shared desktops can provide standardized desks to meet standard office needs。
u Virtualization application: user session sharing and application multi-instance functions based on server operating systems (such as Windows Server 2003, Windows Server 2008, Windows Server 2012), allowing multiple users to connect to the same application remotely at the same time, users can have Individual application data and shared use of the same set of isolated applications。
Applicable scenarios: For users who do not need to use desktops and have a small number of applications (for example: public inquiry machines, etc.), virtual application technology can directly deliver the required applications to users, and access them through various devices to meet task-oriented office needs。
2.4Summary of program value
1. Operation and maintenance costs are greatly reduced
The application of the desktop cloud will greatly reduce the later operation and maintenance costs. After adopting the templated deployment method, a new desktop user can be delivered and used in about 10 minutes, and the troubleshooting and repair time of faults is greatly reduced. , IT administrators who can only manage 100 terminals can now easily manage thousands of virtual desktops. Conservative estimates, including the cost of equipment replacement and operation and maintenance, the total IT cost of 5 years can be saved by more than 40%。
2. Energy saving and noise reduction, green office
The power consumption of a traditional PC is about 190W per hour, while the power consumption of a thin terminal is only 10W. Taking the deployment scale of 1,000 units as an example, it is calculated at the industrial and commercial electricity price of 0.75 yuan per kilowatt-hour of power on for 10 hours a day, 240 working days per year, and even if the electricity cost of the new servers in the data center is included, 1,000 units Replacing a PC with a thin terminal can save at least 250,000 yuan in electricity bills every year.
Energy consumption/unit | Deployment scale | Start time/day | working days/year | Total energy consumption/year | Electricity/kWh | Total electricity bill/year | |
TraditionPC | 190W | 1,000tower | 10Hour | 240days | 456,000kWh | 0.75¥* | 342,000¥ |
thin terminal | 10W | 1,000tower | 10Hour | 240days | 24,000kWh | 0.75¥* | 18,000¥ |
Electricity cost for new servers in the data center (carrying capacity of 1000 thin terminals) | 70,000¥ | ||||||
Annual savings on electricity bills | 254,000¥ |
*The average cost of electricity for industrial and commercial use in China is calculated at 0.75 ¥/kWh.
3.Protect the security of information assets
The desktop cloud centrally stores all data in the data center, and front-end devices such as notebooks and thin terminals only receive images, and the data does not fall during the entire business process, ensuring security. The centralized deployment method is also more conducive to the unified management of information assets by the IT department. Not only that, the desktop cloud can easily establish multiple logically isolated networks within the organization to meet the needs of different types of business.
4. Desktop portable office mode
Adapting to the trend of mobile informatization construction, users can access their personal desktops at any time, at any place, and through any terminal, with the permission of the policy, so that the desktop can really go anywhere, and desktop operations on any terminal can be performed on another. Continue to work in one terminal, and work will not be interrupted due to changes in the place, thereby improving the work efficiency of employees。
2.5Introduction of program advantages
þ A complete series of cloud solutions: covering the three major links of thin terminal, virtual desktop controller VDC, and virtual machine management software VMS, the industry's most comprehensive solution, the best compatibility, the most cost-effective, provides a more streamlined and secure solution for IT. methods to manage users and provide on-demand access to agile desktop services.
þ Excellent user experience: Performance tuning is performed for various application scenarios, and the efficient transmission protocol SRAP increases the speed by more than 6 times, reduces the access bandwidth to a minimum, and achieves the same access experience as traditional PCs. And the use of the built-in high-definition video protocol processor of the thin terminal ARM architecture can smoothly play 1080P high-definition video.
þ More comprehensive security protection mechanism: up to 8 kinds of identity authentication methods can be freely combined to ensure user access security, comprehensive encryption algorithms to ensure transmission security, flexible access control for centralized authentication, data storage encryption to ensure personal data security, and ultimately to achieve end-to-end security. End-to-end desktop cloud security protection.
þ Centralized WEB management mode: Only two components (VDC and VMS) are required for the construction of the entire solution. Compared with other manufacturers in the industry, it has the fewest deployment components, and can provide a centralized and single remote operation and maintenance mode, which improves the deployment efficiency of virtual desktops. Ease of use and maintainability.
þ Professional localization service model: The only domestic manufacturer with independent research and development of a complete virtualization product system, with a large-scale development team in China, which can quickly respond to user needs; more than 40 offices nationwide provide localized technical support and after-sales service The system is perfect.
Chapter 3 Overall Architecture Design of Desktop Cloud
3.1 The overall architecture of Depp Lianhua Desktop Cloud
Multiple desktop servers (X86 servers) are deployed on the server side, and advanced features such as testing tiger to HA and migration need to use independent disk arrays to store virtual machines and data (supports iSCSI, FC, NAS), and one or more additional Virtual desktop controller VDC (supports asymmetric cluster deployment). Of course, the VDC also supports software deployment. Create a virtual machine on the desktop server for deployment (import the software VDC image and use it), and deploy the VDC on the switch in one-arm mode. in (as shown). At the same time, in the infrastructure, AD domain controller and DHCP server are also required (if there is an existing domain controller DC/DNS/DHCP, the existing server can be used). AD domain controller is mainly used for linkage authentication, and can also be used Local authentication (adding the user name and password directly on the VDC), and the DHCP server mainly automatically assigns IP addresses to thin terminals and virtual desktops.
3.2Components and Modules Introduction
3.2.1AD/DHCP server
The Active Directory (AD) server provides standard LDAP directory services. The VDC supports linkage with AD and is responsible for user authentication and automatic permission import.
DHCP is the abbreviation of Dynamic Host Configuration Protocol (Dynamic Host Configuration Protocol), its role is to automatically assign IP addresses to thin terminal and virtual desktop users.
3.2.2Desktop Servers and Disk Arrays (VMS)
Install server virtualization software (VMS) on each desktop server. VMS is a bare metal structure, no host operating system is required, and the wizard-style installation process is simple and easy to operate. It can build a powerful, highly reliable, and highly scalable virtual machine operation and management platform for cloud desktop solutions to achieve dynamic allocation of physical resources, rapid deployment of virtual machines, monitoring and management. Since the backend is deployed with independent storage devices, virtual machines and user data are stored on the disk array, and the high availability of the server can be guaranteed through HA and migration technology.
3.2.3Virtual Desktop Control VDC
The hardware VDC (such as VDC-2500) is deployed in the network in one-arm mode, or the software VDC (image import virtual machine) is deployed on the VMS virtual machine platform. It mainly provides functions such as user creation and authentication, resource access control, and desktop monitoring and management. VDC simplifies the management, provisioning, and deployment of cloud desktops. Users can access cloud desktops safely and conveniently through VDCs, and IT administrators can effectively manage data. Hundreds or even thousands of desktops, saving time and resources.
3.2.4Terminal Equipment
Support PCs, notebooks, thin terminals, iPads, iPhones, Android phones or smart terminals to access virtual desktops;
Support Windows 7 (32-bit and 64-bit), Windows XP (32-bit), Windows 8 (32-bit and 64-bit), Windows XPE, iOS, Android and other client operating systems.
Thin Terminal aDesk Technical Specifications | |
processor | ARM A9 Dual-Core 1.6GHz |
Memory | 1G RAM |
operating system | Android |
display mode | The highest resolution is 1980*1200, support 1080P HD video |
network | Standard Ethernet card Built-in wireless network card (supported by aDesk-AIR models only) |
I/O support | 6 USB ports 1 HDMI 1 VGA 1 serial port 2 audio ports |
Specification | 200mm (length) 135mm (width) 37mm (height) |
power supply | Input: AC 100-240V, 50/60Hz, 0.8A |
Output: DC 12V, 3A Power adapter: 26W | |
Power consumption | Maximum 20W Average 6W |
3.3Server Cluster Design Ideas
As shown in the figure above, by installing server virtualization software (VMS) on each X86 server, the VMS software can provide the highest availability for the cloud desktop platform. Not only is the configuration method simple, but also third-party cluster software is not required, so the cost is lower. . The HA configuration of VMS adopts the one-click mode. After the HA function is quickly turned on in the console interface, all or some servers can be formed into a high-availability architecture. Whether it is an unplanned downtime or a server failure, this architecture can provide the highest level of service availability.
The VMS HA mechanism guarantees service availability in the following ways:
ü Continuously monitor the running status of virtual machines and servers without installing other software in the virtual machines;
ü After a failure is detected, restart the virtual machine on other normal hosts in the cluster to prevent server failure;
ü Incorporates automatic scheduling of VMS resources to prevent failures and provide load balancing among hosts within a cluster.
Of course, if a physical server needs maintenance, the virtual machines on the server can be dynamically migrated to other servers without interrupting the service, and administrators can quickly and completely perform transparent operation and maintenance.
3.4 Detailed explanation of DAPU SRAP protocol technology
Dapu Lianhua launched the SRAP efficient delivery protocol designed for the aDesk desktop cloud solution to quickly provide users with a "high-definition desktop experience". The technical protocol framework can improve the transmission efficiency by more than 6 times compared with the traditional RDP protocol. SRAP adopts adaptive adjustment, efficient algorithm, intelligent optimization and other technical means, which can dynamically optimize the end-to-end delivery performance in real time to adapt to various application scenarios, whether it is ordinary office applications or multimedia applications such as voice and video. Self-developed innovative technologies can comprehensively improve user experience.
As a brand-new virtual delivery protocol, SRAP essentially adds a SRAP module to the server to implement a protocol proxy, and the SRAP client and its delivery process are optimized in terms of speed and experience. The DP-Link SRAP protocol is oriented to a variety of virtual desktops and application types. It provides a user experience comparable to or even better than traditional PC software through data forwarding control, data compression, caching and filtering. Depending on the unique situation of the usage scenario, the best optimization method can be adopted to adapt to environmental changes and further improve the user experience.
Efficient and intelligent optimization methods
The SRAP virtual protocol technical framework mainly works together through four optimization methods: efficient stream compression, intelligent cache optimization, dynamic image filtering, and multimedia redirection. Manually and automatically adapt to various user scenarios to provide the best desktop experience, and support smooth playback of 1080P high-definition video.
Comparison of ordinary office effects
For ordinary office environments such as business halls, intranet offices, dispatched branches, and production workshops, users need to access various OA, ERP and other applications through the desktop cloud, and open PDF, Office and other documents.
Through actual tests in different office environments (local area network and Internet), we found that when optimization methods are not used, the operation of PPT switching on the virtual desktop will have problems such as slow display speed and incomplete images.
(PPT switching effect comparison chart)
After the SRAP protocol optimization function is enabled, in the case of high network delay and serious packet loss, a smooth desktop operation experience can still be guaranteed. Users can work efficiently in both the LAN environment and the Internet environment.
(SRAP Optimized Data Analysis)
network latency | packet loss | responding speed |
LAN environment | Very smooth, close to native experience | |
50ms | 2% | Relatively smooth, basically no stuttering phenomenon |
200ms | 5% | Generally smooth and acceptable to the user |
total data | SRAPoptimization | Compression factor |
1733909952 | 18022910 | 96.2 |
Note: 1. Traffic unit Byte; 2. Compression factor = total amount of data / amount of data after SRAP optimization.
HD video playback effect comparison
In addition to common office scenarios, for call centers, multimedia training rooms/classrooms, Internet browsing and other application scenarios, users also need the desktop cloud to provide a smooth voice and high-definition video experience.
(Comparison of video playback effects)
The traditional playback method using server-side decoding is as shown in the picture above before optimization. There will be problems such as blurred video, missing video frames, out-of-sync audio and video, and high bandwidth usage, and it is basically impossible to watch videos normally. Dapu Lianhua innovatively proposes multimedia redirection technology, adopts advanced encoding and streaming media technology, sends the compressed and encoded streaming media to the terminal on the server, realizes local playback through software and hardware-based processing capabilities, and improves multimedia Playback performance, can play 1080P high-definition video smoothly.
In general, the SRAP framework independently designed by Depp Lianhua continues to provide users with a high-definition desktop experience in an intelligent and adaptive mode. The high-definition desktop operation experience meets the access requirements of end users, and promotes the actual implementation of desktop cloud technology solutions among enterprise-level users.
Chapter 4. Software and hardware requirements of desktop cloud solutions
4.1 Selection basis of server storage
The selection of desktop cloud hardware mainly considers four factors: CPU, memory, hard disk capacity, and IOPS (the number of read and write operations per second). Therefore, we must first determine the resource consumption of a single-user virtual machine (such as a CPU with a frequency of 1.5GHz). , 4G memory, 50G hard disk space, 25 IOPS), and then superimpose the resource occupation of all virtual machines to match one or more physical servers.
In order to obtain a better reading and writing experience, it is recommended to follow the design principles of small capacity and large number when selecting hard disks. Multiple hard disks can improve IOPS; if the scale of concurrent users is large, it is recommended to use independent storage devices. On the one hand, the guarantee is high. Availability, on the other hand, independent storage devices can accommodate more hard drives and have better overall performance. In addition, multiple hard disks in the server generally need to be configured with RAID mode. RAID10 is recommended, which has the best IOPS performance and high data reliability.
The first step of selection: clear application scenarios
load model | Typical scene |
Ultra light load | Business hall, office hall, library public inquiry machine |
light load | Intranet office scene (using office suite, internal office system, OA system, notes application, email sending and receiving, no Internet access requirement), production line office |
medium load | Internet access is required (Note: Do not download a large number of attachments at the same time, not many people download BT at the same time, and do not download multi-threaded software at the same time) |
Only play flash video (such as Youku), do not play fast broadcast, pplive, etc. | |
Video teaching software (electronic classroom software, display teacher screen), office environment with anti-virus software | |
Electronic reading room, general teaching environment, training center, multimedia classroom | |
overload | R&D environment (JAVA/c/c++) |
Teaching environment (involving teaching scenarios such as software compilation) | |
Use video editing software, PS and other simple graphics processing software (not involving 3D rendering and drawing) | |
Multiple people use winRAR, zip and other compression software at the same time | |
Bulk download of local files |
Analysis: Due to the high configuration of the computer, there is no need to distinguish between different application scenarios, and basically all of them can meet the needs. However, the purpose of building virtual desktops is to make full use of resources and save investment costs. Therefore, when selecting models, as long as they are "enough", it is necessary to distinguish different application scenarios. The performance consumption of ordinary office scenarios and R&D center scenarios is absolutely Different. For some task-based workplaces, such as service halls and public inquiry machines, the light-load model is sufficient. However, if it is a typical office scenario and the Internet is required, the medium-load model needs to be selected. Of course, if it is a development-related scenario, That must use the overloaded model.
The second step of selection: distinguish the resource allocation principles of different load models
parameter | Ultra light load | light load | medium load | overload |
CPU | 500~600MHZ | 600MHZ~800MHZ | 800MHZ~1200MHZ | 1200~1500MHZ |
Memory | 1G | 2GB | 2GB | 4GB |
storage throughput(IOPS) | 5个 | 10个 | 15~20个 | 25个 |
storage(GB) | 50GB per user recommended | |||
(Because user virtual machines are derived from templates, users who share the same virtual machine template only occupy one storage space, so the 50G capacity here is all personal data disks) |
Analysis: Virtual machines with different load models occupy different resources. The data in the table above are the recommended parameters of a single virtual machine in each load model. For example, in a typical office scenario, it is recommended to choose a medium load model, and the corresponding single virtual machine parameter is 1200MHz. Main frequency CPU, 2G memory, 15 IOPS and 50G storage space. Of course, user scenarios may have both medium-load models and light-load models, so these parameters can be superimposed, for example, 20 medium-load virtual machines and 30 light-load virtual machines. The superimposed results are as follows:
CPU: 20*1200MHz+30*800MHz=48000MHz (48GHz), if one 8-core CPU (clocked at 3.0GHz), at least two CPUs (3.0Ghz*8=24GHz) are required
Memory: 20*2G+30*2G=100G, if 1 memory is 16G, at least 7 memory is required (16G*7=112, Note: The memory must be an even number, that is, 8 memory is required here)
IOPS: 20*15IOPS+30*10IOPS=600IOPS, if the IOPS of one hard disk is 80, at least 8 hard disks are required. Of course, we recommend 10 hard disks to maintain redundancy, because concurrent operations of users consume a lot of IOPS, by increasing The number of hard disks can improve the user's reading and writing experience
(Note: Calculated based on the IOPS capability of raid10, when the read and write ratios account for 50% each, 3/4 of the total IOPS is the actual value. For example, the IOPS of 10 hard disks is 800, then the actual total IOPS is calculated as 600. In addition, the raid card must have a cache, at least 1G is recommended, no cache is fatal to IO performance consumption.)
Storage capacity: 20*50G+30*50G=2500G, the server hard disk has better quality, higher performance and higher price than the computer hard disk. Therefore, it is recommended not to allocate 300G or 500G hard disk to each user according to the computer parameters, so the overall construction cost will be reduced. It is relatively high, and it actually meets the storage of daily office files, 50G is enough.
4.2 Capacity estimation and performance analysis
In terms of physical server selection, the desktop cloud platform construction project for 200 users of XXXX Company includes 50 shared desktop users (for production line office work) and 150 exclusive desktop users (for daily office work, no design software). A total of 5 servers are designed in this solution, 1 dual-channel 4-core, 32G memory, 4*1T hard disk, for deploying shared desktops; 4 dual-channel 8-core, 128G memory, 2*1T hard disk, for deploying independent Share desktops (each server supports 50 XP or W7 virtual desktops, one of which is used for redundancy). In addition, it is recommended to choose a low-profile server (single-socket 4-core, 16G memory) for the AD/DHCP server, which can also be directly deployed on the virtual machine of the VMS platform.
In terms of storage device selection, shared desktop users directly use the server's local hard disk, exclusive desktop users use external independent storage, and each user is allocated a 50G data disk, so at least one storage device (dual-controller, 4-port\control block, FC, 10K SAS 900GB*18, 4GB cache/control block, array raid10).
Bandwidth requirements: In a typical office scenario without video viewing, the traffic per user is about 200Kb; if high-definition video is played, it requires 1Mb~2Mb (depending on the bit rate). Therefore, if you access the cloud desktop on the intranet, you can use a 100M or Gigabit switch to connect the thin terminal to meet the traffic requirements. However, if you access the cloud desktop on the Internet, you need to superimpose the traffic according to the number of concurrent users to evaluate the final required bandwidth. Capacity, for example, in this project, 30 concurrent users access the cloud desktop from the Internet, and the recommended bandwidth is 6Mb.
4.3 Configuration Parameters of aDesk Desktop Cloud Solution
4.3.1capacity planning
virtual machine name | quantity | CPU | Memory | hard disk | IOPS | Remark |
AD/DHCP server | 1 | 2.5GHz | 16G | 600G | none | Deploy AD and DHCP services, which can be deployed on VMS virtual machines |
share desktop | 50 | 0.4GHz | 256M | 10G | 5 | Meet the production line office |
Windows 7 virtual machine | 150 | 1.2GHz | 2G | 50G | 20 | Meet the daily typical office |
Note: This value is a conservative estimate, and the standard parameters are output after evaluation by Depp Lianhua。
4.3.2Hardware and software list
serial number | Device name and model | describe | quantity | illustrate | Price estimate | ||
一、Hardware parts | |||||||
1 | physical server | Dual-channel 4-core, 32G memory, 3*1T hard disk | 1tower | Deploy a shared desktop | |||
2 | physical server | 2*E5-2650/128G memory/2*1T hard disk (RAID1)/4*1GB network card/1*HBA dual port card (brocade825) | 4tower | Deploy exclusive desktops, one of which is used for redundancy to ensure high availability | |||
3 | storage server | Dual controller, 4 ports\control block, FC, 10K SAS 900GB*18, 4GB cache/control block, array raid10 | 1tower | Exclusive desktop storage | |||
4 | Virtual Desktop Controller VDC | VDC-2500, at least 300 users can access concurrently | 1tower | Desktop cloud user access authentication and policy control | |||
5 | Ethernet switch | 24-port Ethernet switch | 10tower | Connect thin terminal and server | |||
6 | Thin Terminal aDesk | aDesk-STD-200 | 200 sets | ||||
A9 (1.6GHz), 1G memory, 4G flash memory, 6 USB ports | |||||||
7 | monitor | 200 units | |||||
8 | keyboard and mouse kit | 200 sets | |||||
二、software part | |||||||
1 | Depp Lianhua Desktop Cloud User Access Authorization | VDI user authorization | 200 | Calculated by concurrent users | |||
2 | Windows 2008 Enterprise Edition | Basic business | 2 | Deploy shared desktops and AD/DHCP services | |||
3 | Terminal Services Licensing | 1. Windows Client Access Authorization CAL | 50 | To deploy shared desktops, you need to purchase client access licenses and terminal services licenses, which are charged by concurrent users | |||
2. Terminal Services Client Access Authorization CAL | |||||||
4 | Windows7 operating system | Virtual Desktop Access Authorization VDA | 150 | ||||
三、total price | |||||||
hardware | software | estimate | |||||
Chapter 5, Analysis of Highlights of Products
5.1 Good user experience
5.1.1 HD Video Experience
Depp Lianhua's desktop cloud solution allows viewing or editing images and multimedia information in virtual desktops, and can support 1980*1200 resolution and 32-bit color desktop display. In addition, the traditional desktop virtualization solution mainly uses the server to decode and play high-definition video, and then transmit the changing image to the front-end display device frame by frame, but this method requires high server performance and takes up bandwidth resources. Ineffective. Depp Lianhua proposed audio and video redirection technology to encode and compress 1080P high-definition video streams on the server, and then directly transmit them to the front-end equipment, and use the high-definition video processor and local decoding technology to play high-definition video smoothly. Bring a great video viewing experience.
5.1.2 Efficient SRAP Protocol
Cloud desktops need to be delivered to front-end devices through the network, and the most important part is the desktop delivery protocol. Developed in 2011, the SANGFOR SRAP protocol is specifically designed for efficient delivery of virtual desktops or remote applications, meeting the needs of low-bandwidth transmissions with optimal peripheral compatibility. The SRAP protocol mainly improves transmission efficiency by more than 6 times through optimization technologies such as efficient streaming compression algorithms, lossy compression, image cache matching, dynamic content recognition filtering, and intelligent compression for text and image recognition. The minimum bandwidth requirement is only 20~30K/s, and it can still be used normally in a network environment with high packet loss and delay, ensuring the user's desktop experience to the greatest extent.
5.1.3 Single sign-on technology
Customers may use multiple virtual applications or Windows virtual desktops, and each application system or desktop system will have separate authentication measures. Generally, multiple authentications are required to work normally, which is very tedious and error-prone. , affecting work efficiency. In order to improve the satisfaction of end users, Dapu Lianhua introduced the single sign-on technology. After passing the strict VDC authentication, there is no need to re-authenticate virtual applications and virtual desktops. The "one-click" mode is used to open the operation interface of desktops and applications. . Currently, it supports BS and CS-type remote applications and the single sign-on function of Windows virtual desktops, realizing multi-system and multi-desktop integration, avoiding the tedious operation of repeatedly entering accounts or passwords, and improving employee work efficiency and operational satisfaction. At the same time, for virtual applications that have enabled single sign-on, the user can set the single sign-on account and password for these applications in the personal settings after successful login, and the set data will be transmitted in an encrypted way. It is invisible to administrators to ensure the security of user accounts.
5.1.4 Automated Desktop Deployment
In the DHCP environment, users using thin terminals can quickly access the cloud desktop without guidance, realizing a plug-and-play terminal operation experience. In addition, compared with a series of tedious and complicated processes such as hardware procurement, system installation, desktop operation and maintenance, etc. before the traditional PC goes online, after the desktop cloud platform is deployed, administrators can quickly and automatically create new software through virtual machine templates. Users derive virtual desktops, and administrators can not only view the CPU, memory, and disk details of the user virtual machine on the console, but also perform power level operations such as power-on, shutdown, suspend, and restart of the user virtual machine. When a user's virtual machine fails, the administrator can quickly replace it with a new virtual machine template, or remotely access the user's virtual desktop on the console to assist in dealing with system failures.
5.2 Optimal flexibility
5.2.1 Extensive terminal support
Users can access their own personal virtual desktops through any terminal device, and can realize the terminal migration function, switch between multiple terminals, without affecting the original desktop operation behavior, and truly make the desktop portable. Currently supports PCs, notebooks, thin terminals, iPads, iPhones, Android phones or smart terminals to access virtual desktops; supports Windows 7 (32-bit and 64-bit), Windows XP (32-bit), Windows 8 (32-bit and 64-bit), Windows XPE, iOS, Android and other client operating systems.
5.2.2 Rich desktop types
Employees in different scenarios and positions need different types of desktops. DP Lianhua provides a variety of different types of virtual desktops through SRAP delivery technology to meet the diverse desktop needs of users, as follows:
Shared desktop: Utilize the multi-user session sharing function of the server operating system to allow multiple users to remotely connect to the same operating system at the same time, and provide each user with a different desktop, users can have their own desktop configuration and personal data, and share The same complete desktop system; a standardized desktop office environment, which can provide a set of core applications, suitable for task-oriented employees who do not need (not allow) personalized installation software or do not have independent desktop control rights, such as office halls, functional offices, Production lines, training centers, etc.
Remote application: Utilize the user session sharing and application multi-instance function of the server operating system to allow multiple users to remotely connect to the same application at the same time, users can have their own application configuration and personal data, and share the same set of applications; specific It is suitable for employees with a small number of applications, who only need to operate certain types of software during daily office work, or employees who need mobile office, such as business halls, production lines, sales departments, and management mobile office.
Exclusive desktop: Remotely accessible desktop based on server virtualization, that is, the server can automatically assign a virtual machine to each user according to the template (installation of Windows XP, Windows 7 and other desktop operating systems, and each exclusive desktop is isolated from each other) , users can remotely access their own virtual machines and have independent and complete desktop use and control rights. It is suitable for desktop users who have personalized system requirements and high performance requirements. Of course, deploying exclusive desktops requires relatively high server and storage resources.
No matter how diverse user application scenarios and user needs are in the enterprise, through SRAP delivery technology, a suitable technology can always be found to meet the needs of various scenarios and users. IT departments can deliver a wide variety of virtual desktops – each customized to meet the performance, security and flexibility requirements of each user.
5.2.3 Bus Mapping Technology of Peripherals
The Depp Lianhua desktop cloud solution allows peripherals to be connected to the terminal, peripheral drivers are installed on the server, and then various peripherals can be used like a local desktop, although the virtual desktop is running on the server. Through the bus mapping technology, a dedicated tunnel is constructed between the terminal connecting the peripheral interface such as USB or serial port and the virtual desktop on the server, which is used to transmit the control commands of various peripheral devices, which can support scanning guns, scanners, cameras, Password keypad, second-generation ID card reader, tablet, printer mapping, USB-key and other common bus office equipment, and maintain isolation between sessions. In addition, Depu Lianhua launched a proprietary virtual printing technology. By selecting the SANGFOR virtual printer on the server side, files can be printed on the local printer on the client side, and there is no need to install a local printer driver on the virtual machine on the server side.
5.2.4 Intelligent switch machine
The intelligent switch machine can truly realize the automatic control of the user's virtual desktop on and off. Even if the thin terminal is closed, the user may forget to close the virtual machine located on the server. At this time, the function of automatically closing the virtual machine can be realized, thereby saving the hardware resources of the server. At the same time, through the built-in timing boot function of the software, you can specify to start a personal virtual machine at any time, and the user virtual machine can be automatically scheduled to a server with sufficient resources when it is turned on. On the one hand, this technology can avoid IO storms and speed up the system. Logon time, on the other hand, simplifies the operation steps for users to access virtual desktops through automation technology, allowing users to experience simple and convenient desktop operations.
5.3 End-to-end security design
From the perspective of preventing illegal users and malicious system administrators, virtual desktops carry out all-round security protection to ensure high security of users and data accessing virtual desktops. The aDesk desktop cloud solution of Dapu Lianhua integrates rich VPN security features. The security measures adopted by each layer are as follows:
5.3.1 Terminal Security
The thin client is based on Android OS, and the thin client has no local storage. It can be said that data is always stored in the safest place. When users access virtual desktop resources, terminal security is ensured through legal authentication, USB flexible and controllable policies, application policy-based control, and restoration mode.
− Integrate identity authentication mechanisms such as local authentication, SMS authentication, dynamic token, digital certificate, and third-party authentication, and multiple identity authentication methods can be freely combined to ensure the uniqueness of the access user;
− Set USB port usage rights based on flexible policies, such as whether to allow the use of USB devices (including printers, scanners, etc.), and flexibly control the one-way usage rights of USB hard disks (for example, only allowing access to the terminal to copy data to the virtual desktop, not allow desktop-to-terminal data copy);
− Policy-based access control: Appropriate access rights can be assigned to users, networks, services, devices, systems, etc. through associated policies. Support the client security check function, which can specify the user's access control strategy according to the system version, access IP, access time, installation and update of anti-virus software, etc. of the client's access terminal;
− The desktop is restored to the original state when the desktop is logged out. In this mode, except for some specified directories, the operations performed by the user will be restored after restarting. After the template is upgraded, the virtual machine reopened by the user contains the contents of the template upgrade, which can reduce the risk of terminal poisoning.
5.3.2 Transmission Security
Through VLAN isolation, and built-in enterprise-level firewall module for stateful ACL access control, HTTPS encrypted transmission is used when administrators log in, and transmission encryption is used for users to access virtual desktops to ensure business operation and maintenance security.
− Only image changes and instruction information are transmitted between the terminal and the virtual desktop, and actual data is not directly transmitted.
− IP and service-based access control policies can be implemented for encrypted transmission channels to reduce abnormal traffic transmission, and support isolation control of different sessions on the same transmission channel, including storage sessions, virtual printing sessions, bus mapping sessions, etc., thus improving transmission flexibility of the channel;
− By encrypting the entire traffic from the terminal to the virtual desktop, man-in-the-middle attacks are avoided. Currently, it supports AES, DES, 3DES, MD5, SHA, DH, RSA and other algorithms, and supports the expansion of other encryption algorithms such as SCB2 (SM1). ensure the security of communications;
− An enterprise-level firewall module is built into the desktop cloud access platform, which provides stateful packet filtering and basic security protection for the entire platform through flexible ACL access control policies and DDoS settings.
5.3.3 Platform Security
The security of the virtualized infrastructure (VMS) is related to the stability and data security of the entire virtual desktop access. This solution first meets business stability requirements through high-availability design, and then implements virtual machine isolation, data disk encryption control, and management. Security mechanisms such as user authority refinement ensure the security of user data.
− In the case of exclusive desktops, each user has an exclusive virtual machine, and the isolation of CPU scheduling, memory, network access, disk IO, and storage space is realized through the underlying mechanism of VMS, and the failure and security problems of the user's virtual machine will not affect other users, to ensure isolation and security between virtual machines;
− Each user is allocated a personal data disk to store documents. When the user migrates to the virtual desktop usage mode, all data is centrally stored in the data center. Therefore, by encrypting and storing personal data disks, other users, including administrators, cannot access them, which can ensure the personal stability and security of users;
− Different administrator roles, grant appropriate jurisdiction, and save operation logs. Support hierarchical management rights, including the upper-level administrators have the right to operate the configuration behavior of lower-level administrators, but not on the contrary; support upper-level administrators to authorize virtual desktop resources to lower-level administrators.
Through the end-to-end and multi-faceted security mechanisms of terminal security, transmission security, and platform security, it is possible to improve the protection of user access security, data security, management security, virtualization security, infrastructure security and other construction links. Cope with the security threats and challenges faced during the construction of virtual desktops.
5.4 Lowest overall IT cost
5.4.1 Thin Terminals with High Efficiency and Low Energy Consumption
The Depp Lianhua aDesk thin terminal is an ideal desktop device. It is small in size, operates without noise, consumes only 10 watts of daily power, and is economical and environmentally friendly. aDesk allows connecting to the SANGFOR virtual desktop platform anytime, anywhere, not only to obtain the same access experience as a traditional PC, but also to provide reliable security; at the same time, central management and control through the virtual desktop controller VDC greatly simplifies the management of aDesk thin terminals.
Depp Lianhua aDesk thin terminal is suitable for a variety of office scenarios in the financial, operator, enterprise, government, education, medical and other industries. Troubleshooting, software installation and system upgrade are all completed on the server side, which improves security and management. Convenience, and save a lot of IT investment for enterprises.
5.4.2 Memory page merge technology
In the desktop cloud construction plan, the server investment accounts for a large proportion, and the saving of hardware resources can reduce the investment cost of the whole set of solutions and better promote the implementation of the cloud desktop application model. Therefore, Depp Lianhua innovatively proposed memory page merging technology, because we found that a server hosts dozens or even hundreds of user virtual machines, but these virtual machines have the same read-only memory pages, such as operation The system executes code, etc., for the same page, the memory page merging technology of Depu Lianhua realizes the sharing of memory areas, so as to maximize the efficiency of memory, save the physical memory space of the server, and improve the deployment density of user virtual machines. The actual test data shows that this technology can save at least 20% of server costs.
5.4.3 Mirror separation and IO acceleration
Under normal circumstances, each user's virtual desktop and personal data occupy an exclusive storage space. In fact, everyone may use the same set of Windows operating systems, and it is nothing more than different applications and personal data. Therefore, Depp Lianhua aDesk desktop cloud solution converts operating system images and personal data (including applications
As shown in the figure above, the virtual machine management software VMS is installed on each X86 server, and the VMS software can provide the highest availability for the virtual desktop platform. Not only is the configuration method simple, but also third-party cluster software is not required, so the cost is lower. The HA configuration of VMS adopts the one-click mode. After the HA function is quickly turned on in the console interface, all or some servers can be formed into a high-availability architecture. Whether it is an unplanned downtime or a server failure, this architecture can provide the highest level of service availability.
The VMS HA mechanism guarantees service availability in the following ways:
ü Continuously monitor the running status of virtual machines and servers without installing other software in the virtual machines;
ü After a failure is detected, restart the virtual machine on other normal hosts in the cluster to prevent server failure;
ü Incorporates automatic scheduling of VMS resources to prevent failures and provide load balancing among hosts within a cluster.
Of course, if a physical server needs maintenance, the virtual machines on the server can be dynamically migrated to other servers without interrupting the service, and administrators can quickly and completely perform transparent operation and maintenance.