Building OpenStack

VDI and DaaS

A Blueprint for Cloud

Hosted Desktops
leostream.com Building OpenStack VDI and DaaS

Contents

3 About the Authors

4 Introduction – Getting a Lay of the Land
5 OpenStack, a Solid Foundation for your VDI and
DaaS Environment
8 Nailing Down the Project Plan
9 Designing your OpenStack Infrastructure
10 Form Follows Function
12 Getting your Hands on the Right Tools
14 Pillars of Success
16 Conclusion

Page 2
leostream.com Building OpenStack VDI and DaaS

About the Authors

Karen joined Leostream from The MathWorks, Inc., a technical software

company where she was a developer for the Control System Toolbox
before specializing in usability. Her technical background includes roles
as a software developer, GUI designer, technical writer, and usabili-
ty specialist. Karen holds bachelor and master of science degrees in
aeronautical/astronautical engineering from the Massachusetts Institute of
Technology.

Karen Gondoly
COO

Dana joined Leostream from WSA, a firm specializing in data center

design, where she coordinated proposals for award winning projects
like eBay’s data center in Salt Lake City, Utah. Dana writes widely on the
topics of cloud technology. Her work has been featured in Data Cen-
ter Journal, Network World, Software Information Industry Association
News, and HITECH Answers. Dana holds a BBA from UMass Amherst.
You can connect with Dana on LinkedIn.

Dana Tee
Marketing Manager

Page 3
leostream.com Building OpenStack VDI and DaaS

Introduction – Getting a Lay of the Land

When people think of OpenStack® clouds, they usually conjure up thoughts of

controlling large pools of compute, storage, and networking resources — the
hallmarks of deploying a large-scale cloud. So, why not use the open source
powerhouse to deploy virtual desktops? As OpenStack continues to take hold
and the ecosystems around it matures, OpenStack could turn VDI on its head.

However, understanding the value of OpenStack for hosted desktops and actu-
ally making it a reality are two different things. In this blueprint, we’ll talk about
both.

The cloud operating system offers a feasible alternative to running desktops on

dedicated hardware in the data center. By leveraging an open source solution,
you avoid the costly licensing fees associated with other virtualization stacks.

So how can you take advantage of OpenStack for deploying cloud hosted
desktops?

The answer: All you need is an independent connection broker and a display
protocol, and OpenStack becomes a solution that allows organizations and
MSPs to host virtual desktops with ease.

As with any new IT endeavor, in order to make the process run smoothly, it’s im-
portant to take the entire scope of the project into account which is why we’ve
created this blueprint. It will serve as your guide, helping to answer questions
like: why is OpenStack well suited to handle VDI and DaaS workloads? What
are the keys to deployment? And, where do I start?

So without further ado, let’s jump right in!

Page 4
leostream.com Building OpenStack VDI and DaaS

OpenStack, a Solid Foundation for your VDI

and DaaS Environment

As part of its mission, OpenStack has granted developers the ability to build simple-to-imple-
ment and massively scalable public and private clouds. The OpenStack project creates an
environment for innovation and helps organizations compete in the evolving IT landscape.
Mobility, BYOD and the consumerization of IT are now cornerstones to productivity in the cor-
porate world, presenting new challenges for system administrators and IT staff. These growing
trends put desktops in the center of the action.

The flexibility and scalability of an open source platform, like OpenStack, helps to address
these modern IT challenges, creating a solid underpinning for desktop virtualization.

What Makes OpenStack a strong

Using Your Operating System of Choice
foundation for VDI and DaaS?
Do keep in mind that different OpenStack
OpenStack delivers on several key “must- distributions have verified different operat-
haves” for deploying cloud-hosted desk- ing systems, and you always have to keep
Microsoft licensing in mind. You can use a
tops, from on-demand availability and
Windows Client OS in a privately-hosted
multi-tenancy, to networking, and cost
VDI environment, but that may not always
control. Let’s dive deeper into these topics
be the case for DaaS. Try using OpenStack
and cover how they work in OpenStack.
host aggregates to provide Windows 7 DaaS
while staying Microsoft license compliant, or
1 On-Demand Availability switch to a Windows Server OS. To treat a
Windows Server OS as a desktop, do a one-
A key aspect of “turning a data center into to-one mapping of user to instance.
a cloud” is the fact that end users can re-
quest and quickly receive access to new,
hosted resources. Using OpenStack, you get on-demand availability for desktops.

How it works: Simply spin up a base instance using your operating system of choice, in-
stall the applications that your end users need, and then create an image from that instance.
When on-boarding new employees, you can simply spin up a pre-configured desktop from
one of your images. By creating an image for each use case (or each customer if you’re a
service provider), you get new users up and running in minutes.

This scenario also enables you to host legacy and other one-time-use applications. For exam-
ple, you can spin up a new desktop with the required application and tear that instance back
down when the user is done. This concept of a pool of preconfigured, one-time-use desktops
allows you to provide the user with the resource they need, without using up compute and
storage resources.
Page 5
leostream.com Building OpenStack VDI and DaaS

2 Multi-Tenancy

Nine times out of ten, the first thing we hear from an MSP who wants to sell desktops-as-a-ser-
vice is, “Is your solution multi-tenant”? In terms of multi-tenancy, OpenStack has you covered.

It goes without saying that if you are managing desktops for independent organizations,
you need to keep those desktops isolated. If you’re an IT administrator looking to manage a
private cloud for your own organization, maybe multi-tenancy isn’t as important, but you could
think of the different departments in your organizations as being different tenants.

The key of multi-tenancy is to be able to isolate management and the tracking of resources.

How it works: To support multi-tenant management in OpenStack, you can leverage their
concept of projects, or tenants. If you separate your instances and images by projects, you
can easily track resource consumption for individual customers. Projects also allow you to set
quotas to ensure that particular customers don’t overstep their allocated resource usage, or
negatively impact other customers.

Again, the goal (particularly if you’re an MSP) is to track resource usage per customer, so you
can bill them appropriately, and using OpenStack projects to separate your customers is the
answer.

3 Networking

Ideally, you want your desktops to act as if they are actually located in different data centers
so that customer data stays isolated. Thankfully, the OpenStack networking tools can do that.

How it works: In OpenStack, you can define private networks for each tenant, including IP
address ranges, subnets, and routers (all the things you’d have in a physical network), and
then you provision customer desktops into the appropriate virtual private cloud (VPC).

Only instances within a given internal network, or those on subnets connected through interfac-
es, can access other instances in that network.

So, how do end users connect to their desktop? You can do a couple things. One, if your
VPC has access to the external network, you could assign a floating IP address to the in-
stance, and use that to connect to the desktop. Alternatively, you can look at VPN solutions,
including VPN-as-a-Service.

A last thing to keep in mind is security groups. Security groups allow you to define firewall
rules that block or unblock ports, port ranges or traffic types, which is particularly important if
you have an instance that is available on the internet!

Page 6
leostream.com Building OpenStack VDI and DaaS

4 Less Expensive

Finally, let’s talk about money. Classical VDI has been stymied because of the cost and com-
plexity surrounding building that solution. Implementing OpenStack may not solve the complex-
ity issue, but it sure can address some of the cost.

How it works: Considering it is open source, you avoid the commercial licensing fees asso-
ciated with other VDI stacks or DaaS solutions. Also, because cloud management software
helps you maximize your data center usage, you may be able to scale down on hardware
requirements.

What’s the bottom-line? With OpenStack as the foundation, you can potentially reduce the
cost of deploying Windows desktops at scale, while gaining flexibility and benefits like desk-
top accessibility on any device.

Page 7
leostream.com Building OpenStack VDI and DaaS

Nailing Down the Project Plan

Now that we’ve outlined the reasons behind choosing OpenStack for your hosted desktops,
the next topic is how can it be done? That’s where the project plan comes into play. In the
graphic below, we outline the basics of making OpenStack VDI/DaaS a reality.

How to Build OpenStack VDI in Four Steps:

First, determine the architecture for your OpenStack cloud. There are a number of very
1 good OpenStack experts who can help you with this, if you’re not already one of those
experts.

Then, as you onboard customers, make sure to place each in their own OpenStack
2 project, which means defining the project and the network!

Tip: Make sure to work with your IT team, or if you’re an MSP chat with your customers
in order to enumerate as many use cases or user groups as possible.

Next, build a master desktop and image that can be used to provision desktops for
3
those users. After that, it’s time to investigate display protocols.

4 The last step is to configure your connection broker to manage the day-to-day.

In the following sections we’ll elaborate on all of these steps! Let’s continue.

Page 8
leostream.com Building OpenStack VDI and DaaS

Designing Your OpenStack Infrastructure

The OpenStack software consists of over 10 different projects, each with a focus on a partic-
ular aspect of the datacenter. The oldest (and some would argue, most production ready) proj-
ects are the items required for DaaS and VDI, and they’re what you see in the figure below.

http://www.openstack.org/software/

Nova handles compute. It is the project

that ultimately runs your desktops - or serv- Building an OpenStack Cloud vs. Leveraging
ers - if you want to think of them that way. a Public Cloud

Cinder and Swift both handle storage. Why would you want to build out an Open-
However, when you’re looking at desktop Stack cloud when you could leverage a public
workloads, Cinder’s block storage is the cloud? The question comes down to whether
way to go. Each desktop is a persistent you want to rent or own the datacenter. You
volume that can be attached to a running can simply rent compute from providers like
instance. (Persistent storage is important AWS. This might be a strong option if you
for desktops. Imagine if your laptop lost need to build out the environment quickly and
all your data every time you rebooted it!) if you don’t need all the bells and whistles. If
you want to go the public cloud route, make
The Glance project handles imaging. sure to check out Leostream’s DaaS offering.
These are the tools that allow you to However, if you want more control over the
create a master image of a customer’s compute you’ll likely want to build the data
desktop, and then quickly provision new center.
on-demand instances from that image.

Page 9
leostream.com Building OpenStack VDI and DaaS

Neutron is a network service for OpenStack. It provides tools that can build per-tenant private
networks, which is handy for multi-tenant environments, which we covered in a previous chapter.

Lastly, Horizon, which is the dashboard project. Horizon provides a UI on top of your Open-
Stack cloud, where you can create images, instances, networks, and more. Note, that you
will not use the Horizon UI to manage VDI or DaaS, you’ll need a connection broker for that.
More on connection brokers in the next chapter!

So how does everything come together? The picture below is taken from the HP Helion Open-
Stack documentation and shows just one example of how to architect the underlying compute
and storage nodes.

https://docs.hpcloud.com/content/documentation/media/topology_esx.png

Tip: Now, we didn’t mention “simplification” as a benefit for building OpenStack VDI and
DaaS. On that note, here’s where having a good OpenStack partner, such as Canonical,
SUSE or Mirantis, can help you to hammer out the nuts and bolts. There are a lot of consider-
ations to take into account, and hardware to potentially purchase. Distributions like HP Helion
OpenStack Community have proof-of-concept versions that can be installed on a single box,
giving you a test environment to just play around with. But, never use those for production!

Page 10
leostream.com Building OpenStack VDI and DaaS

Form Follows Function

Form follows function is an architectural term that means if an object has to perform a function,
its design must support that function to the fullest extent possible. The same principle is true for
your OpenStack VDI/DaaS project. Your hosted desktop environment will need to be robust,
highly resistant to failure, and flexible enough to meet individual user needs. There are a host
of questions that must be addressed in order to ensure a successful rollout. One thing is for
certain, in order to get anything off the ground, you’re going to need to get your hands on the
right tools.

Download Leostream’s Tip-Sheet to help you plan.

Top 5 Considerations to Address Before Deploying Large-Scale VDI.

Download Now

Page 11
leostream.com Building OpenStack VDI and DaaS

Getting Your Hands on the Right Tools

In addition to OpenStack, you will need a hypervisor, display protocol, and connection broker.

HYPERVISOR
+ DISPLAY
PROTOCOL + CONNECTION
BROKER

Hypervisor
The good news is that OpenStack supports a wide range of hypervisors (remember that “flexi-
bility” benefit of being open source!). By and large, most current OpenStack deployments use
KVM, which makes sense: Open source hypervisor for an open source management stack.

KVM is noted in the OpenStack documentation as being the mostly highly tested and support-
ed hypervisor for OpenStack, with commercial hypervisors from the likes of VMware, Citrix,
and Microsoft coming in second.

But, when it comes to the features you need to successfully manage VDI or DaaS, the feature
sets provided by any of the hypervisors are adequate.

The key when choosing your hypervisor is just to think about what you may already have in-
house vs. what may come with the OpenStack distribution you decide to use.

Display Protocol
A display protocol provides end users with a graphical interface to view a desktop that re-
sides in the datacenter or cloud. Some of the popular options include Teradici PCoIP, HP RGS,
or Microsoft RDP. Choosing a protocol(s) is important and can make or break the end user
experience. Complex workloads often require complex visualization and rendering graphics.
More importantly, in industries such as semiconductor design or oil-and-gas, one misplaced
pixel can cost the enterprise millions of dollars. So, choose wisely! Research your options, but

Page 12
leostream.com Building OpenStack VDI and DaaS

try to use a high performance protocol only when it’s really needed, as they do bring licensing
costs into the picture. To get you started in the right direction, we’ve put together this handy
guide on choosing and using display protocols.

Download Leostream’s Guide to Display Protocols

Guide: Choosing and Using Display Protocols

Download Now

Connection Broker
It’s one thing to spin up desktops in your cloud, it’s another to get the user connected to that
desktop. That’s the job of a connection broker.

The key is to find a broker that handles all your use cases, whether those include Windows
or Linux desktops, a mixture of different display protocols, or different types of client devices.
Enumerating your brokering needs before you start to build your design will help you choose a
broker that future-proofs your deployment.

A connection broker focuses on desktop provisioning and connection management. It provides

the interface that your end users will use to log in.

The Leostream™ Connection Broker provides the centralized connection management layer
you need to deliver physical and virtual desktops to your end-users. It simplifies the manage-
ment of a unified desktop environment from even the most complex IT architectures.

When looking at our broker, or any broker, that manages OpenStack VDI, the key is to ensure
that it does so using tight integration with support for the OpenStack API.

That API allows you to inventory instances in OpenStack. These instances are your desktops.
It also makes it easy to provision new instances from existing images, and assigns correct IP
addresses to instances.

Download Leostream’s eBook on Connection Broker Technology

How a Connection Broker Simplifies Hosted Desktop Environments

Download Now

Page 13
leostream.com Building OpenStack VDI and DaaS

Pillars of Success

To get the most out of your design, there are several important usability factors to plan for
ahead of time. Keep in mind, the Leostream Connection Broker is used to manage VDI de-
ployments with upwards of 10,000 users, with typical deployments in the thousands. All that
to say, when it comes to managing VDI and DaaS, we know what we’re talking about! In
this chapter, we outline several important considerations, or what we call, pillars of success.
When properly addressed, you can ensure a streamlined experience for both administrators
and end users alike.

1 Manage Boot and Login Storms

First, boot and login storms. Consider a 9-5 office with 200 employees, all of whom are
logging in within minutes of each other. This is your login storm (and potentially boot storm,
depending on how your environment is configured.) When designing your VDI or DaaS
solution, make sure you schedule instances to be created and powered on before users arrive,
and you may want to schedule the instances to be terminated or powered down when the
users leave. The key is to find a desktop management tools that has the flexibility to schedule
events around your customer’s use patterns, so that users are never left waiting for their desktop
to boot. No one likes waiting for their desktop to power on!

To handle login storms, also make sure your connection management tool, AKA your connec-
tion broker, can handle the load. You do not want a brokering solution that is a single point-of-
failure, or that can’t scale to handle login storms. Some key things to look for are connection
brokers that can be easily clustered. Clustering ensures that the loss of one broker doesn’t
impact user log in. Also be sure to find a connection broker that does not lie in the path of
the user’s connection.

2 Provide Adequate Performance

Performance, performance, performance! If the user’s hosted desktop connection lags or the
compute chokes then the user can’t get their job done. To keep your users happy and pro-
ductive, inventory the different use cases you need to satisfy (from task workers, to knowledge
workers, to power users) and make sure you provide them with an instance that is sized ap-
propriately to their needs - without wasting compute by providing them too much.

Page 14
leostream.com Building OpenStack VDI and DaaS

In the connection broker that manages your deployment, create pools of instances for each
use case, and make sure your broker solution assigns the correct users to the appropriate
pool. Then, you simply need a display protocol that’s up to snuff.

Task workers may be fine accessing Excel over RDP. But, a knowledge or power worker may
need more oomph, such as from HP RGS or PCoIP.

3 Streamline User Connections to Desktops

Pools can contain persistent desktops or temporary desktops. After you have your pools, think
about how users connect to those desktops, and how long they are allowed to use it. For ex-
ample, perhaps you only want call center employees to access desktop applications between
the hours of 9:00am and 3:00pm. The rules that decide how long a user has access to the
desktop point back to the use cases.

Finally, after you have all your pools and have defined all the ways you want to control
access to those pools, you need to associate those pools with users. Ideally, you want control
over what pools you give the user access to, based not only on who they are, but also where
they log in from. Consider a healthcare worker who is logging in from the hospital versus from
home. You may want to offer them a different desktop with different levels of access to patient
data, and make sure you can lock down USB devices when they are home. A good connec-
tion broker gives you this kind of flexibility.

Page 15
leostream.com Building OpenStack VDI and DaaS

Conclusion

There you have it, the building blocks for delivering virtual desktops
with OpenStack. Before you leap into planning your deployment, let’s
review the key takeaways from this blueprint:

OpenStack clouds are viable solutions for hosting VDI and desk-
tops-as-a-service.

Any hypervisor is suitable for desktop workloads.

Key to delivering desktops is choosing an adequate display pro-

tocol and connection broker.

Last, but certainly not least, as you explore connection broker solutions,
be sure to request a free 30 day trial of Leostream’s software. If you
have any questions about this blueprint or if you wish to evaluate the
Leostream Connection Broker, please email us at info@leostream.com.

30 Day Free Trial

Leostream Connection Broker
• Centralize Desktop Management
• Integrate Existing Infrastructure
• Optimize Resource Utilization
• Minimize Power Consumption
• Enhance User Experience

Page 16
leostream.com Building OpenStack VDI and DaaS

About Leostream

Leostream, a vendor-independent software company, is a driver in the evolving virtualization

space and a leader in the management of end-user resources hosted in the data center. Our
Connection Broker product provides a comprehensive and scalable solution for organizations
to deliver and manage desktops, remote sessions, and hosted applications to end-users. With
the Leostream DaaS solution, we revolutionized the desktop delivery model, by providing
easy-to-use, risk-free, cloud-based Windows desktops.

Contact Leostream

To evaluate or purchase the Leostream software solutions please contact us:

1-781-890-2019
sales@leostream.com

© 2015 Leostream Corporation. The following are trademarks of Leostream Corporation: Leostream™, the Leost-
ream graphical logo™. The absence of a product name or logo from this list does not constitute a waiver of the
trademark or other intellectual property rights concerning that product, name, or logo by Leostream. Other brand
and product names are trademarks or registered trademarks of their respective holders. Leostream claims no right
to use of these marks.

The OpenStack Word Mark and OpenStack Logo are either registered trademarks/service marks or trade-
marks/service marks of the OpenStack Foundaiton, in the United States and other countries and are used with
the OpenStack Foundation’s permission. We are not affiliated with, endorsed or sponsored by the OpenStack
Foundation, or the OpenStack community.

Page 17