T2 TECH GROUP

VDI Deployment Strategy for Healthcare

A step-by-step VDI implementation strategy
for improved user workflows

Communicate

VDI Prerequisite
Requirements
VDI Document
Repeat

Deployment
Strategy
d
an

3
t
ec
R e fl Build
5 4

Remove Deploy

VDI Deployment Strategy for Healthcare © February 2018 T2 Tech Group

Contents
VDI Deployment Strategy for Healthcare.............................................................................. 3
VDI Prerequisite Requirements............................................................................................. 4
Assess, Design and Plan................................................................................................... 4
Build.................................................................................................................................... 5
End-to-End Testing............................................................................................................. 8
VDI Deployment Strategy Steps............................................................................................ 9
Step 1: Communicate........................................................................................................ 9
Step 2: Document Department Specific Needs.............................................................10
Step 3: Build Department Specific Requirements.........................................................10
Step 4: Deploy Endpoints and Go-Live...........................................................................11
Step 5: Remove Old Workflow Equipment......................................................................12
Reflect and Repeat..............................................................................................................12
Authors and Contributors....................................................................................................13
Kevin Torf, Author.............................................................................................................13
Leigh Sleeman, Author....................................................................................................13
Kyle Torf, Author...............................................................................................................13
Hector Garcia, Contributor..............................................................................................13
Matt Lindsay, Contributor................................................................................................13

VDI Deployment Strategy for Healthcare Page 2

VDI Deployment Strategy for Healthcare
Overview
A full-platform strategy to maximize the utilization of a Figure 1 represents the balance of requirements needed to
virtualized desktop infrastructure (VDI) in a hospital can present successfully implement VDI.
significant benefits for physicians and nurses to improve their
workflow. Regardless of the benefits, an improperly managed
VDI deployment can create significant disruption and introduce
unforeseen problems which will overshadow the value of this
technology. Technology residing within a centralized data
center, although easier to maintain and support, increases
the potential risk of disruption in the event of a failure. For
this reason, and many others, a well-planned VDI strategy will
capitalize on the benefits this technology can provide while
ensuring minimal disruption to clinicians caring for patients.

T2 Tech Group’s (T2 Tech) experience has enabled the Figure 1: VDI Requirements
development of a strategy to minimize risk and disruption
while simultaneously improving user experiences and ensuring
T2 Tech Group’s recommended five-step VDI deployment
a smooth implementation. A structured VDI deployment will
strategy outlines a step-by-step process to rollout secure and
include a thorough assessment of the environment prior to
versatile VDI endpoints to connect to the virtual desktops
any design initiatives. Once the design is complete and built
hosted from a central data center.
out, a comprehensive set of tests are needed to validate the
functionality and resilience of the VDI platform. Only after a Before completing the five steps for each department, there are
complete set of tests have been successfully executed should three prerequisite requirements to be completed:
an attempt be made to pilot a small group of clinicians to 1. Assess, Design and Plan
thoroughly vet the deployment approach. After all involved 2. Build
stakeholders agree to move forward with the rollout, a 3. End-to-End Testing
structured department-by-department approach will provide
The following five steps are listed to ensure a successful
the least risk and best clinical experience as they become
VDI deployment:
accustomed to the new workflows that will be required.
1. Communicate and Train
VDI deployments can encompass several components. Within 2. Document Department Specific Requirements
the full-platform virtualized environment, implementing Single 3. Build Department Specific Requirements
Sign On (SSO) and secure printing solutions is recommended to 4. Deploy Endpoints and Go-Live
improve efficiency and optimize clinical performance. Bundling 5. Remove Old Workflow Equipment
the implementation of VDI, SSO and secure printing can be
more efficient than implementing them piece-by-piece later and
can ensure a streamlined workflow for caregivers.

VDI Deployment Strategy for Healthcare Page 3

VDI Prerequisite Requirements
Assess, Design and Plan
A high-level review of the hospital’s requirements will need • Use of generic logins for desktop access
to be undertaken. This does not need to be detailed at this - Significant change to workflow will be required in any
time; it is more to understand the number of endpoints, users, department that uses generic logins for desktop access.
applications and printers per department that will be needed. • Special use case workstations
Within the assessment and design stage, it is necessary to - Special equipment is often used for imaging or monitoring
address the volume of users and endpoints required. These workstations. VDI is not an all-or-nothing initiative
numbers are also needed when it comes to procurement as and certain workstations will be excluded to
they will dictate the hardware and licensing counts. Lastly, it maintain functionality.
will also be important to identify potential issues with respect to • Storing of local files on PCs
printing and work flow processes. - All files stored locally on PCs that are needed by staff
need to be migrated to a network drive or a documentation
Identify Key Requirements:
repository like SharePoint prior to the start of the rollout.
• Applications needed
Training may need to include how staff will access these
• Number of endpoints
documents post go-live.
• Number of users
• Printing solutions After an analysis of the existing hardware has been completed,
a design of the VDI environment needs to be created. The list
Understanding the total number of endpoints will allow you to
below includes items to consider when designing out the
calculate the expected compute, storage, network and other
VDI platform:
resources needed to provide the necessary environment to
VDI Environment
host a VDI platform. An analysis of your current infrastructure
• Host utilization (CPU, RAM)
will need to be completed to determine if the hospital has the
• Storage
necessary capacity and redundancy to host the VDI platform.
• Images/Application delivery
Beyond the high-level requirements gathering, it is
• Policies (AD, VMWare/Citrix, Deployment)
recommended that a detailed review of clinical workflows be
• Remote connectivity/Remote access
created to document the risks and challenges associated with
• Wi-Fi coverage/IDF capacity
deploying VDI. In this assessment, the following should be
• Endpoint requirements
considered:
• Failover and fault tolerance/Redundancy
• Applications (enterprise and departmental) • Endpoint naming convention and future naming convention
- Some applications are not compatible with VDI and
will need special attention to accommodate. Common A detailed review of the current infrastructure with respect
challenging applications include vital sign monitoring, to the level of redundancy and fault tolerance needs to be
pre-natal monitoring and image viewing. conducted. This needs to include the network, compute,
• Printing workflows storage and anything that could impact the ability to deliver the
- It is important to look at all application printing workflows necessary services to the VDI endpoints in the event of a failure.
and not just windows printing. Many healthcare A gap analysis of the current environment needs to be created
applications use complicated printing workflows based to identify and quantify the risks, design documentation,
off triggered events or have printers mapped within the policies and budgetary estimates for a successful VDI
application themselves. deployment. Once any open issues have been identified and
• Staffing and float teams used in each department resolved, a high-level plan and timeline factoring both the
- By understanding the teams that float through the business and operational needs of each department should
department you can better sequence and group go-lives. be created.
Any groups that float will need to receive training up front
before the start of the rollouts. To ensure a smooth deployment and transition, T2 Tech
- It is often helpful to use a department that does see a lot of recommends each department be allocated a minimum of one
float staff as a pilot department to limit the impact and to two weeks for deployment depending on the current state
effort needed to train. environment. This timeframe can be expedited with the right
risk remediation in place.

VDI Deployment Strategy for Healthcare Page 4

It is recommended to identify and document a proposed • Adjustment of Wi-Fi access points
department sequence for the rollout. This should take into • Migration from department specific applications that are
account any of the following that may apply: not compatible
• Highest need for workflow improvement • Departments that have a high amount of floating staff
• Migration from older hardware or end of life • Other planned department level changes
operating systems
• Increase in IDF capacity (if needed)

Build
The VDI build phase will require coordinating with engineers to
assign tasks, understand availability and document each
build component.

Figure 2 is a sample of the architecture for a VDI build.

Load Balancer
Print Print
Server Server

Apps Connection Connection Virtualization Virtualization Connection Connection Apps

Broker Broker Mgmt Mgmt Broker Broker
DNS DNS

Database Update Provisioning Update Database Provisioning

DHCP Server Manager Services Manager Server Services DHCP

Shares Shares
Profile AV AV
Mgmt Appliance Appliance
AP/GPO AP/GPO

Master Master
Images Images
Desktops Desktops

Storage Storage
Figure 2: Sample VDI Architecture

VDI Deployment Strategy for Healthcare Page 5

The following needs to be completed during the and VMware’s AppVolumes instead of locally installing the
Build prerequisite: applications on the image. This will ensure a faster boot time for
• Rack, cable, and power hardware the desktop and will minimize lag and slowness from the end-
• Build VDI server environment user perspective.
- Create VDI Infrastructure servers, database servers and Figure 3 shows the Core VDI Image as the foundation. The other
external gateways. four elements surrounding the desktop are all department
• Build VDI parent image specific considerations to add.
- The image should be well thought out and planned
• Build application delivery tools (if needed) – XenApp, The other objectives for the image are to maximize functionality,
AppVolumes, etc. usability, security, reliability and continuity. The following are
• Build VDI policies and end-user profiles items to consider when building a parent image to meet
• Build SSO system and application profiles these objectives:
• Build printing system and queues • Have the correct applications for each department
• Build endpoint management system and configuration - By utilizing tools like AppVolumes and XenApp you can
- Create strong endpoint security to minimize risks of local customize the delivery of applications to the users who
operating systems or other unexpected changes to need them without bloating the image
the endpoint • Install printer USB drivers needed to maintain functionality of
- Create endpoint downtime configuration to ensure access any USB peripherals and any printer that may be used
to most critical applications in case of VDI backend failure • Disable services that will not be needed to improve
image speed
AD Group - Including windows search, hibernate settings, power saving
Policies features, and all animations and sounds
• Disable windows updates and automatic application updates
- These should only be performed on the parent image and
then pushed out via provisioning services
VDI Core Image • Disable all default scheduled tasks and run once
• OS applications are on the parent image
Dept.- Home
specific • Agents Drive - This will prevent desktops from running scheduled tasks
Apps • Drivers Mapping
at the same time and create slowness throughout
• Core Apps
the environment
• Remove the recovery partition
- This is not needed in a VDI environment and can create
boot issues
• Use an agentless anti-virus instead of installing an agent in
Profile
Management the image
- Anti-virus at the hypervisor level uses guest introspection
Figure 3: Core VDI Image
through the virtual tools
- Verify an agentless anti-virus is operational by using a test
The parent image build requires careful planning and virus, such as EICAR
special consideration as this represents VDI’s core end-user • Remove all access to customization features within
experience. The usability and functionality of the parent image the image
is a crucial success factor in any VDI deployment. This goes - These items should not be stored via profile management
beyond just having applications functioning as designed, but as this will bloat the image and download each time a user
should also include creating a consistent look and feel while logs in
ensuring optimal performance. • Disable memory dump creation
- This creates an extra process for the failed virtual machine
A core objective for any VDI image should be to keep the (VM) and limits the user’s ability to access the VM
image itself and as light weight as possible while ensuring all • Disable background disk defragmentation
necessary functionality is met. To do this, it is recommended to - This would be performed on the parent image before
minimize the number of agents and drivers that are installed provisioning and will help increase the overall speed of
and to utilize application delivery tools like Citrix’s XenApp the VM

VDI Deployment Strategy for Healthcare Page 6

• Turn on the windows firewall to prevent machine-to-machine Since desktops in a floating desktop environment are recycled
communication in the event of a virus or malware attack and refreshed daily, it is recommended to deliver a consistent
• Disable access to the shutdown button user experience that gives the user the illusion that they are
- You do not want users to have the ability to shutdown using the same desktop each day. This in turn gives the user
virtual desktops as this could create a shortage of more confidence that they will have what they need to complete
available desktops their daily tasks. To achieve this, it is recommended to using the
• Disable access to task manager following tools:
- The task manager creates another access point for an • A locked down default user profile
attacker to gain access to the system - Some items to consider locking down include: desktop
Once the parent image has been created it is recommended background, administrator accounts, changing themes,
to use a floating desktop configuration instead of persistent java and adobe, network settings, access to shut down and
desktops. This will provide a user with a new desktop on a hiding the C drive
scheduled basis instead of letting them connect to the same • Profile management
virtual desktop each day. - Consider using a profile management tool which allows
users to keep the following: browser favorites, desktop
• Older computers slow down. Refreshing desktops nightly
icons, task bar items, and start menu items
provides a new and optimized desktop to each user at the
beginning of their shift T2 Tech also recommends making sure that the image and its
• Creating an inactivity timer will insure that the VMs components all look new and modern so users see the new
automatically get refreshed and recycled on a regular basis system as an upgrade. To achieve this, consider creating a new
• A monitoring solution should be put in place so you can desktop background using the hospital logo, use Aero themes
monitor any anomalies within the virtual instead of classic and add cobranding wherever applicable.
desktop environment
• Default user profiles can be used to provide a sense of
consistency in an enterprise level environment

VDI Deployment Strategy for Healthcare Page 7

End-to-End Testing
The testing process needs to be structured to vet each aspect peripheral and printing workflow
of the newly implemented system. Testing functionality and - Third-party tools may be needed to facilitate load testing
redundancy of the new virtualized environment will identify and boot storm testing to test the sizing of the environment
possible issues within the initial architecture. High volumes of • Create an endpoint lab environment and test scenarios
user traffic, often seen during shift changes, can create a bottle • Document login and roaming times
neck effect and needs to be tested to validate if the platform • Troubleshoot and implement identified resolutions
can withstand the necessary load.
For end-to-end testing to be successful, it is important to
The following needs to be completed during the End-to-End understand and document the different system processes
Testing prerequisite: from start to finish. This will give your team better insight when
• Create and document test scenarios for all end troubleshooting issues identified during testing. Figure 4 is an
user workflows example of a VDI logon flow diagram that is used to understand
- This should include individual testing of each application, all the components in play when logging onto a desktop.

VDI Logon Flow Diagram

TC, ZC SSO Active Load DFS Connection Hypervisor vDT

or Laptop* Server Directory Balancer Broker

1 Badge Tap 1
2 <User Authentication> 2
Credentials &
3 connection server 3
Client launch by SSO software with credentials
4 and connection server being automatically entered 4
5 <User Authentication> 5
Directed to VDI Pod
6 6
7 User Authentication 7
8 Request a vDT 8
Assign a vDT
9 9
Sets up connection between
10 vDT and Client 10
11 Connection 11
Request GPOs
12 12
13 {GPO RELATED}
Folder redirect for Documents 13
14 Reads Profile Configuration 14
Downloads and Applies Profile Settings
15 15
User logged on
*with badge reader, SSO software, and client

Figure 4: VDI Logon Flow Diagram

VDI Deployment Strategy for Healthcare Page 8

VDI Deployment Strategy Steps
The repeated steps below, are led by an agile approach which Figure 5 is a sample project plan for the prerequisite
incorporates the principles of vertical slicing, fully completing requirements of a VDI deployment.
each departmental rollout before moving to the next.

Figure 5: Sample VDI Deployment Project Plan

Step 1: Communicate and Train The training curriculum will be dependent on the specifics of the
environment and whether SSO and secure printing are included.
A clear communication plan needs to be created Generally, the following are included at a minimum and can
to help alleviate any stress and anxiety users take up to ten minutes per user:
may have regarding the technological transition
• Enrollment of badge in SSO solution
within the department. T2 Tech recommends
- Self-service password reset is included in the deployment
including the following items in the proposed
of the SSO solution followed by security question enrollment
communication plan:
• What will look different (workstations, badge readers, desktop)
• House-wide communication in newsletters • Workflow changes
• An Intranet site to provide information about the project, • Common questions
benefits, ROIs, training material and high-level timeline • Secure printing workflow (if applicable)
• Department level one-on-one meetings to walk department
leadership through the rollout plan and necessary changes Training for VDI can be handled in several ways depending on
• Attending morning standup meetings with each department the needs and timeline of the rollout.
prior to rollout to ensure staff concerns are addressed If an expedited rollout is needed then an enrollment and
• Signage in departments identifying whether a department is training fair can be periodically held through the transition.
live with VDI or whether it is planned to go live in the These fairs are centralized training events where staff are asked
next week to come to a designated location where 10 - 20 workstations
T2 Tech also recommends a promotion campaign as a part of have been set up to facilitate enrollment and training. To get the
the communication strategy to gain user acceptance for the needed attendance, sign in sheets and incentives such as raffle
large workflow change that accompanies a VDI rollout. This prizes should be used. Training materials are important in this
would include attending meetings with different user groups to scenario to account for the minimum 20% of staff who will not
demo and explain the new endpoints and highlight the expected attend or may be out on leave.
changes to workflows. If time and resources are not a constraint, then the alternative
The communications are recommended to address the state of is to bring training to the staff. This involves setting up
transition that will take place as the rollout is occurring. During a workstation or workstation on wheels (WOW) in each
the rollout, some staff, mainly providers, will have to move department each week prior to the scheduled rollout. Staff
between departments that are live with VDI and those that are would then be trained in small groups or one at a time at the
not. This may disrupt their workflow and should be addressed designated workstation. This method is more convenient for
upfront to set the correct expectations. staff and usually has a higher training completion rate but
requires more time per each department rollout as well as a
End-user training should include the creation of the dedicated training resource. It is important to coordinate times
following components: of training to account for all nursing shifts. Separate trainings
• Training curriculum and script would need to be conducted for float nurses and centralized
• Comprehensive training handout resource teams (i.e. hospitals and physical occupational and
• Training video or tutorial respiratory therapists).

VDI Deployment Strategy for Healthcare Page 9

Step 2: Document Department Specific Needs
Before deploying to each department, a detailed • Future endpoint name with naming convention adjusted to
current state assessment and future state refer to a VDI endpoint
plan needs to be documented. This goes into • Applications loaded on each workstation
considerably more detail than the assessments • Peripherals used on each workstation
mentioned in the Assess and Design • Mapped printers for each workstation
prerequisite phase. • Network ports used by each workstation

It is recommended to document the following information per Figure 6 is a sample VDI Deployment canvass to help keep track
department prior to each deployment: of department specific needs for each workstation
• Current endpoint names and endpoint type (desktop, laptop,
WOW, PACS viewing machine, etc.)
• Location of each endpoint

Figure 6: Sample VDI Deployment Canvass

Step 3: Build Department Specific Requirements

The items identified during Step 2 will serve as • Build department specific printers or secure printing
a blueprint for each department. Depending on devices (if applicable)
the components identified in the assessment of • Build name and configure department specific endpoints
departmental needs, the following will
Figure 7 shows a sample build task list that can be used for
be completed:
step 3. Also shown is the time needed from each resource
• Provision user accounts and deploy SSO profiles and each corresponding step which can be multiplied out by
• Configure and map department specific applications number of users and workstations.

VDI Deployment Strategy for Healthcare Page 10

Figure 7: Sample Build Task List

Step 4: Deploy Endpoints and Go-Live

A small to medium sized department should • Reflect and validate deployment strategy
be chosen to pilot the new solution in their - This should include a review of the training material with
respective workflow. staff and requesting feedback on the method and timing of
the rollout
When deploying to the pilot department, be
sure to have a regression plan in case any issues come up that It is recommended that each department deploy their required
cannot be resolved in a timely manner. set of endpoints before the start of a new shift so staff can
come in and start their work on the new workflow instead of
This pilot program should run for a minimum of two weeks,
transitioning mid-day. Once deployed, the endpoints will be
issue free before moving onto the next department. This
live, and end users should have dedicated support for the
should give the support staff time to identify and resolve any
following 48 hours. This new environment is still vulnerable
unplanned issues. Anticipate the following efforts needed:
and depending on space availability consider keeping a couple
• Select a good use-case department
desktops available in the department in the event of an issue
• Enrollment and training of users
or failure.
• One week of dedicated support following go-live
• Monitor for another week Secure printing hardware (if included in the deployment) can
• Identify issues and resolve be installed well ahead of time as it can be configured to not
• Observe and improve workflow impact workflow until the rest of the system is live.
• (Recommended) Two weeks issue free

VDI Deployment Strategy for Healthcare Page 11

Step 5: Remove Old Workflow Equipment
After the virtualized environment is live and issue Figure 8 is a sample dashboard used to keep on task and for
free for at least two weeks, it can be determined ease of departmental rollouts. Green indicates the task is
which desktops can be removed from complete, yellow is in progress, red signifies a delay and grey
the network. means not applicable.

Figure 8: Sample VDI Deployment Dashboard

Reflect and Repeat

Communicate
Lastly, take the time to reflect on successes and failures.
Be sure to document ways to improve for the next
1
department deployment and repeat the process for each
remaining department. VDI Prerequisite
Requirements
VDI Document
Repeat

Deployment
Strategy
d
an

c t
Re fl e
Build
5 4

Remove Deploy

VDI Deployment Strategy for Healthcare Page 12

Kevin Torf, Author
Managing Partner Kevin Torf is an information systems executive with a 30+
year career. In 2012, Kevin became a managing partner of T2 Tech Group after
merging the consulting division of Inventtrex into T2 Tech. He specializes in large-
scale IT project design, procurement and implementation. He offers experience in
executive-level technology consulting involving data centers, server farms, storage
and backup systems, security, video messaging and VoIP systems.

Leigh Sleeman, Author

Partner Leigh Sleeman has over 17 years’ experience as a program manager
in healthcare information technology. Since joining T2 Tech in 2012, he has
championed multiple projects, including large VDI, storage and network initiatives
for Kootenai Health and a datacenter migration effort for Sharp HealthCare. In his
most recent role before joining T2 Tech, Leigh was an IT PMO manager at UCLA
Health Systems. Prior to that, he acted as a programmanager during the build
of the 520-bed Ronald Reagan UCLA Medical Center. For this, he successfully
orchestrated all IT activities and administered a $60+ million IT budget.

Kyle Torf , Author

Kyle is a program manager and healthcare technology expert with experience
in project planning and management, enterprise-scale IT infrastructure
transformations, hardware/software evaluation and selection, and vendor ABOUT T2 TECH GROUP
management and negotiations. Over his career, he has worked with numerous T2 Tech Group specializes in tackling
healthcare systems to design and implement organization-wide VDI/SSO rollouts,
difficult technology challenges
big data strategies and population health solutions, and interactive patient care
and transforming IT liabilities into
technologies.
valuable assets for clients in a range
Hector Garcia, Contributor of industries. Since its founding in
Hector Garcia is an experienced healthcare IT leader with in-depth knowledge 2006, T2 Tech has built a reputation
on a wide variety of healthcare applications, software platforms, hardware for delivering high-quality technology
components and programming languages. He is adept at working with a wide consulting and management advisory
variety of end-users, forging excellent relationships with executive leaders services to executives and IT leaders
and delivering value through effective IT management. Over his career, he in a range of industries. Unlike many
has consistently delivered clients value by balancing business and technology consulting firms, T2 Tech has no
requirements and managing cross collaborative teams for large healthcare financial interest in vendor selection,
IT initiatives. freeing the company to focus
Matt Lindsay, Contributor completely on realizing customer
goals. At T2 Tech, we advocate for our
Matt has over eight years of engineering experience designing, creating and
maintaining virtual infrastructures. He is highly skilled in VMware and Citrix clients; approach each project with no
virtual environments and is adept at working with cutting edge infrastructure bias; and practice the highest levels
and designing solutions to meet compliance. At T2 Tech Group, his role includes of integrity, experience and expertise.
integrating virtual desktop infrastructure solutions with healthcare information For more information about T2 Tech
technology assets for a seamless end-user experience. Matt’s past roles include Group, visit t2techgroup.com and
acting as a Data Center Engineer for Ednetics, a VDI Architect for Kootenai Health, connect with us on
a Senior Systems Administrator for August Systems, and a Systems/Virtualization Twitter @T2TechGroup.
Engineer for Coeur d’com Communications.

VDI Deployment Strategy for Healthcare Page 13

 T2 TECH GROUP

21250 Hawthorne Boulevard, Suite 250 | Torrance, CA 90503

www.t2techgroup.com | 424.212.8900