74% Of Workers Plug Personal Devices Into Work Network

I’ve just read a story on techcentral.ie that discusses a Virgin Media (UK-based ISP) report.  It says that 74% of company employees are bringing personal devices into work and plugging them into the company network.  This is the sort of thing I was talking about in my previous millenials post.  It’s also the sort of thing that has impacted decision making by corporates: personal preferences for a better appliance or utility can improve the working experience, and the corporate decision making process.  We have to decide how we respond?

Do we try to block everything?  We can try.  Group Policy and utilities like DeviceLock can lock down what is plugged into PCs.  Network Access Protection (Windows)/Network Access Control (Cisco) can control what is allowed to connect to the network.  I’ve taken the device lock approach before.  But a valid business case always overrules global policy, and you might be surprised how many people come up with “valid” business cases.  Soon the policy resembles swiss cheese, only affecting the minority of users.  The result is that IT is disliked – it’s a blocking force once again.

The user-centric approach that we’re seeing with private cloud, App-V, and System Configuration Manager 2012 is an example of how we need to think.  My millenials post also suggests a way forward.  Maybe we need to allow personal appliances, but use those policy tools like Network Access Control to place the appliances into networks that are not central, kind of like the guest network that is often used.  Or maybe we need to change how we think about the PC altogether and treat the entire PC network as a guest network. 

The latter approach might work very well with the user-centric approach.  If end users are using their own PCs, tablets, and phones, then we cannot apply corporate policy to them.  Maybe we just provide user-centric self-service mechanisms and let them help themselves.  Or maybe things like VDI and/or RemoteApp are the way forward for LOB client delivery.  If everythign was cloud (public/provate) and web-client based then application delivery would be irrelevant.  Maybe it’s a little bit from column A and a little from column B?

It’s a big topic and would require a complete shift in thinking … and a complete re-deployment of the client network, including LOB application interfaces.

RemoteFX Deployment Guides

Microsoft has published guides for deploying RemoteFX.  RemoteFX is a new Windows Server 2008 R2 feature that is added with Service Pack 1 (currently a pre-RTM RC release).  It allows a Windows Server 2008 R2 server to virtualise a graphics card (GPU).  That means that Remote Desktop Services (VDI and Session Hosts aka Terminal Servers) can use a host server’s GPU to process high quality graphics, and stream them down to a “dumb” terminal.  Citrix is also including support for this in their Dazzle.

MS Partner Event: Server Licensing in a Virtual Environment

I’m at a MS partner briefing day in Dublin.  The focus is on licensing in a virtualised environment.  I’ve spent most of the last 3 years in a hosting environment with SPLA licensing.  This will give me an opportunity to start getting back in touch with volume licensing.

  • Good News: we got key shaped 8GB USB sticks with the Hyper-V logo Smile
  • Bad News: Sales and marketing are coming in to talk to us Sad smile  I guess we have to take the bad with the good Winking smile

Ideal Process

  1. Technical expert assesses the infrastructure.
  2. Technical expert designs the virtualisation solution.
  3. Licensing specialist prices the requirements and chooses the best licensing.


  • Virtual Machine: encapsulated operating environment
  • Instance of software: Installed software, ready to execute.  On a physical hard disk or VHD.  On a server or copied to a SAN.
  • Processor: Socket, physical processor
  • Core: logical processor contained within a physical processor.  For example, 4 cores in a quad core processor.
  • OSE: Operating System Environment.
  • POSE: Physical operating system environment, installed on a physical server.
  • VOSE: Virtual operating system environment.


  • You only have to license running instances.  Powered down VMs do not need to be licensed.
  • This guy is saying that OEM licensing with Software Assurance is not tied to the hardware.  I guess I’ll have to take his word for that …. but I’d be sure to verify with a LAR beforehand!
  • Live migration: you can move a VM between hosts as long as the host is adequately licensed.  Exception: application mobility on server farms.  >90 days movement of licenses. (no details given).
  • CALs need to be bought for VOSEs.  Usually don’t need CALs for the POSE unless the POSE is providing direct services to users, e.g. you are silly and make your Hyper-V host into a file server.

Licensing Applications Per CPU

In the standard editions, you license the CPU’s of the OSE.  For example, in a VOSE you count the vCPUs.  In a POSE, you count the pCPUs.

In the Enterprise/Datacenter installations, you should license the host pCPUs.  There are benefits that cover more than one VOSE.  Enterprise usually covers 4 VOSEs (SQL), and DataCenter (if all pCPU’s are licensed with a minimum of 2) covers all VOSEs.

Simple VS Flexibility

We want simple licensing.  MS is claiming the the dynamic nature of virtualisation requires flexibility and this is an opposing force to simplicity.


  • Standard: lest flexible
  • Enterprise: flexible but limited
  • Datacenter: flexible and unlimited

SQL Licensing

God only knows!  The MS folks in the room cannot agree.  Ask your LAR and your local MS office licensing specialists.  The topic of 2008 rights (Enterprise covered all VOSEs) vs 2008 R3 rights (Enterprise covers 4 VOSEs) is debated.  One side says that 2008 rights have ended as of the release of 2008 R2.  The other side says they remain as long as you licensed SQL 2008 prior to the 2008 R2 release with per processor licensing or you bought instances with maintained Software Assurance.  There’s no firm answer so we break for lunch.

OK, there is a discount process.  You can license per processor based on virtual CPU, or physical CPU.  For example, if you have 1 vCPU in a VM on a host with quad core processors then you can buy 1 vCPU license.  If you have 4 vCPUs in a VM on a host with quad core processors then –> that VM runs on 1 pCPU so you can buy 1 per processor license for the pCPU.  If you have 2 * VM’s with 4 * vCPUs on a host with a single quad core processor then you buy 2 per processor licenses –> each VM runs on a single pCPU and you must license each installtion (1 pCPU * 2 VMs = 2 per processor licenses).

If licensing per POSE (host) then you must license each possible host that may license your SQL VM’s.  So, you could use Failover Clustering’s preferred hosts option for your SQL VM’s and set up a few preferred hosts in a cluster, and license those hosts.  And remember to take advantage of the CPU discount process.


You can freely reassign a license within a server farm.  Microsoft has a time zone definition of a server farm, e.g. 3 hours for North America, and 5.5 hours for Europe and the Middle East.

I’m not doing the std, ent, datacenter stuff because it’s done to death.

Most Common Mistakes

  • Virtualising more than 4 VM’s when using Enterprise Server edition
  • Under licensing when using Live Migration or VMotion
  • Under licensing of server application versions, e.g. SQL Standard instead of SQL Enterprise, for hosts when using Live Migration or VMotion
  • Selling OEM/FPP to customers who want live migration …. they either need volume licensing (with/without Software Assurance) or they should have OEM licensing with Software Assurance.

This is where the speaker warns us to never trust someone who claims to fully understand MS licensing rules.  Always qualify the answer by saying that you need to verify it.


If you have non-SA, legacy or thin clients, then you can use the VDA license for VDI.  If you have SA then your Enterprise licensing entitles you to 4 VM’s per licensed desktop machine and place those VM’s on a virtualisation host.

The VDI standard suite includes a bunch of management systems (SCVMM, SCOM, SCCM, and MDOP) and an RDS license for delivering user access to the VMs.  The VDI enterprise suite extends this by offering unrestricted RDS licensing to allow the user to access both VDI and terminal servers.  You also get App-V for RDS.


If you are running things like SQL, then you may need to consider live migration or VMotion.  There was a real-world example based on VMware.  24 possible hosts (4 CPUs each), 295 VMs and 36 of those running SQL.  How do you license?  For Server, the best scenario is to buy 96 * Datecenter edition.  For SQL, the actual solution (MS, customer, lawyers, etc involved) was to create a cluster of 4 hosts.  The SQL cluster of 4 hosts was licensed with SQL Datacenter edition.  That limited costs and maximised compliance.


That was an informative session.  The presenter did a good job.  He was accepting of being challenged and seemed to enjoy the 2-way conversation that we had going on.  If you are a partner and get an invite for this type of session, register and go in.  I think you’ll learn something.  For me, the day flew by, and that’s always a good sign.  I can’t say I understood everything and will retain it all.  I think that’s just the nature of this EU treaty-like complexity.

It seems to me that MS licensing for virtualised environments conflicts directly with the concepts of a dynamic data centre or private cloud computing.  For example, SCVMM 2012 gives us elasticity.  SCVMM SSP 2.0 gives us complete self-service.  System Center makes it possible to automatically deploy VMs based on user demand.  IT lose control of licensing that’s deployed in the private cloud because we’re handing over a lot of that control to the business.  What’s to stop the owner of a dozen VMs from deploying SQL, BizTalk, and so on, especially if we are doing cross charging which assumes they have an IT budget to spend?

Microsoft licensing rules assume complete control and oversight.  We don’t have that!  That was tough in the physical world; it’s impossible in the virtual world.  We might deploy VMs onto the “non-SQL” Hyper-V or vSphere cluster but the owners of those VMs can easily go and install SQL or something else on there that requires per-host licensing (for cost savings).  This pushes you back to per-VM licensing and you lose those cost savings.

I think MS licensing needs to think long and hard about this.  The private cloud is about to take off.  We need things to be simplified, which they are not.  On the contrary, I think virtualised licensing (on any of the hypervisors) is more complicated than ever, considering the dynamic nature of the data centre which is made possible by the great tools made by the likes of Microsoft, VMware, and Citrix.

On the positive side, if you understand this stuff, and put it to work, you can really save a lot of money in a virtualised environment.  The challenge is that you have to maintain some very tight controls.  It’s made me reconsider how I would look at designing Hyper-V/vSphere clusters.

TechEd Europe 2010 Keynote – Big Shock: It’s All About The Cloud

I’m not at the poor cousin of the TechEd family this week.  Last year’s experience put me off.  However, I’m tuned into the keynote to see what’s happening.  The very good news is that Stephen Elop (the speaker at last year’s keynote where half of the room walked out) has left for Nokia and that Brad Anderson (Microsoft Corporate Vice President, Management & Security Division) is taking over the duty.

While I’m waiting … I would expect lots of System Center v.Next/2011 content to be on show this year.  Those products tend to make big headlines at MMS and almost all of the family has some big release next year .. OpsMgr, VMM, ConfigMgr.  Oh … here we go …

Brad starts off my pitching “the cloud”.  It’s not a surprise.  And the message is …. .everyone else in cloud is wrong; Platform-as-a-Service is the way to go.  The huge investment in Azure did not affect that ;-)  Dagnammit – I don’t have enough drink in the house for the “MS keynote – cloud drinking game”.

Windows Phone is next up.  It’s only launching today in the USA.  The first pitch is “choice”.  Obviously aiming at where MS feels Apple is weak, i.e. lack of handset variety.  Some would say that makes Apple is strong because the control the hardware/OS integration completely.  The see-it-all-at-once and social media integration in WP7 is very good on the face of it (I actually have an iPhone rather than WP7).  WP7 should also be controllable using System Center.  Not much reaction at all to a “do you want a demo of it?” question by Anderson.  Problem: geeks are at the show and they’ve already seen the demo.  It’s a demo of the apps really – aimed squarely at the developers in the audience.  Nice looking apps from Tesco and Ebay.  Eek, the developer demo is canned.  Looks pretty similar to what I saw in the PDC keynote. Dev stuff – I’m taking a quick power nap.  Brad is back with the news that since the European launch 3 weeks ago, 600 European apps are published.

We need to deliver apps to users in a predictable and secure way.  There is tension between users and IT – gimme gimme gimme versus control.  I smell ConfigMgr v.Next.  It’s all about IT delivery being focused on the user, e.g. user pulling down apps and the apps following the user around to different PCs if they are the “owner” PC.  User centric client computing is the brand that MS is using.  Ahh … SP1 first.  Ah … Windows 7 marketing first.

88% of worldwide businesses (what size is not mentioned) say they will move to Windows 7 in the next 2 years.

SP1 for Windows 7 and Windows Server 2008 R2 new virtualisation features:

  • RemoteFX (previously blogged): big for VDI graphics in the LAN
  • Dynamic Memory (previously blogged).  Claiming a 40% density improvement in VDI.  Anderson claiming that will give Hyper-V the best density in VDI in the market.

Michael Kleef comes on stage.  He big-ups the Citrix relationship.  Citrix are embracing RemoteFX and it’ll feature in XenDesktop.  Now we see IE8 running in a XenDesktop VM via ICA.  A flash video in full fidelity and audio is playing.  HP BL460 blades are in the background and a perfmon view shows the CPU utilisation is minimal – because the work is being done by the GPU.  A Silverlight application in IE9 is run with lots of graphics, moving bits, and BI reporting.  Hmm, the Citrix WAN scaling tools can allegedly stretch RemoteFX over the WAN … interesting!

Back to the cloud with SaaS.  Office365 is a next generation replacement for BPOS.  Intune (very basic desktop management) is on deck.  Demo of Office365.  We’re in yawn-ville at the moment.  This keynote needs a shot of adrenaline.  InTune is being sold as “management”.  It’s very, very light compared to ConfigMgr.  Nice idea – but I’d rather see a cloud based child-site for ConfigMgr.  Anderson promises that InTune will become as rich as ConfigMgr.

A RC of ForeFront EndPoint Protection is available today.  It is based on the same architecture as ConfigMgr.  That means you can have one integrated infrastructure to manage desktops and servers configuration and security.  And that’s all there is about that.  I guess the ForeFront teams got more pop today than they did last year 🙂

Now it’s cloud (IaaS), cloud (PaaS) and private cloud for the rest of the day.

Infrastructure as a Service.  Private Cloud computing from MS is Hyper-V and System Center.  What momentum does Hyper-V have?  Hyper-V has grown 12.6 points and VMware has grown over 4 points in the market over the last 2 years. 


  • Hyper-V Cloud: This is the partnership program that I’ve just blogged about.  It’s a bundle of software and hardware.  MS has a set of funds called Accelerate.
  • Lots of guides, etc: previously blogged.

HP Hyper-V partnership: HP Cloud Foundation for Hyper-V is an integration between HP Blade System Matrix and MS System Center.  HP is announcing HP CloudStart based on rapidly deploying private clouds based on Hyper-V.

What’s coming in the next version of System Center?  Greg Jenson has the answers.  3 key features:

  • Elastic
  • Shared infrastructure in the data centre
  • Deployed by an application owner by self-service

This is made possible by the next version of VMM.  We get the demo shown at TechEd NA 2010 in the Spring.  This features Server App-V.  VMM vNext is almost identical to what you get in Azure VM Role and that also has Server App-V.  Modelling of an n-tier app architecture is shown, highlighting elasticity.  That’s great for techies …. we want self service so that’s what’s up next!  We see some delegation of the service template to a potential app owner.  It’s similar to 2008 R2 but with a service template which describes an architecture rather than deploy a VM.  That’s understanding the business app owners and their needs.  Deploying a new service = deploy the template.  Things like IIS and SQL will be deployed as virtualised applications that are abstracted from their VM’s.  That allows zero downtime patching of VM’s from the template.

Azure Virtual Network allows a cross-premises domain between your site and Azure.  Azure VM Role allows you to run Windows Server 2008 R2 VMs.  I blogged about that announcement from PDC.

Power nap while Azure dev stuff is talked about.  Next we see OpsMgr using the RC (but supported) management pack for Azure to monitor an Azure based application.  It can respond to spikes in demand by spawning Azure instances.  Careful now; don’t want a nasty credit card bill at the end of the month because of elastic growth that incorrectly interprets slow response times.

Anderson wrapping up by saying that we will likely use a mix of cloud technologies.  We have different solutions to choose from and integrate to suit the needs of our businesses.

Over 70% of MS research/development resources are focused on the cloud.

Deploying Microsoft RemoteFX for Personal Virtual Desktops Step-by-Step Guide

“This step-by-step guide walks you through the process of setting up a working personal virtual desktop that uses RemoteFX in a test environment. Upon completion of this step-by-step guide, you will have a personal virtual desktop with RemoteFX assigned to a user account that can connect by using RD Web Access. You can then test and verify this functionality by connecting to the personal virtual desktop from RD Web Access as a standard user”

Thoughts on Hyper-V VDI Hosts

Lots of out-loud thinking here ….

If you put a gun to my head right now and asked me to pick a hardware virtualization solution for VDI then I honestly wouldn’t pick Hyper-V.  I probably would go with VMware.  Don’t get me wrong; I still prefer Hyper-V/System Center for server virtual machines.  So why VMware for VDI?

  • I can manage it using Virtual Machine Manager.
  • It does have advanced memory management features.

The latter is important because I feel that:

  • Memory is a big expense for host servers and there’s a big difference between PC memory cost and data centre memory cost.
  • Memory is usually the bottleneck on low end virtualisation.

Windows Server 2008 R2 Service Pack 1 will change my mind when it RTM’s thanks to Dynamic Memory.  What will be my decision making process then, because we do have options.  You can always switch to Hyper-V then if you have to push out VMware (free ESXi) hosts now.

Will I want to make the VDI virtual machines highly available?

Some organizations will want to keep their desktop environment up and running, despite any scheduled or emergency maintenance.  This will obviously cost more money because it requires some form of shared storage.  Thin provisioning and deduplication will help reduce the costs here.  But maybe a software solution like that from DataCore is an option?

Clustering will also be able to balance workloads thanks to OpsMgr and VMM.

Standalone hosts will use cheaper internal disk and won’t require redundant hosts.

Will I have a dedicated VDI Cluster?

My thinking is that VDI should be isolated from server virtualisation.  This will increase hardware costs slightly.  But maybe I can reduce this by using more economic hardware.  Let’s face it, VDI virtual machines won’t have the same requirements as SQL VM’s.

What sort of disk will my VDI machines be placed on?

OK, let me start an argument here.  Let’s start with RAID:  I’m going RAID5.  My VDI machines will experience next to no change.  Data storage will be on file servers using file shares and redirected folders.  RAID5 is probably 40% cheaper than RAID10.

However, if I am dynamically deploying new VM’s very frequently (for business reasons) then RAID10 is probably required.  It’ll probably make new VM deployment up to 75% faster.

What type of disk?  I think SATA will do the trick.  It’s big and cheap.  I’m not so sure that I really would need 15K disk speeds.  Remember, the data is being stored on a file server.  I’m willing to change my mind on this one, though.

The host operating system & edition?

OK: if the Hyper-V host servers are part of the server virtual machine cluster then I go with Windows Server 2008 R2 Datacenter Edition, purely because I have to (for server VM Live Migration).

However, I prefer having a dedicated VDI cluster.  Here’s the tricky bit.  I don’t like Server Core (no GUI) because it’s a nightmare for hardware management and troubleshooting.  If I had to push a clustered host out now for VDI then I would use Windows Server 2008 Enterprise Edition.  That will give me a GUI, Failover Clustering, and Live Migration.

If I had time, then I would prepare an environment where I could deploy Hyper-V Server 2008 R2 from something like WDS or MDT.  That would allow me to treat a clustered host as a commodity.  If the OS breaks, then 5 minutes of troubleshooting, followed by a rebuild with no questions asked (use VMM maintenance mode to flush VM’s off if necessary).

Standalone hosts are trickier.  You cannot turn them into a commodity because of all the VM’s on them.  There’s a big time investment there.  They lose points for this.  This might force me into troubleshooting an OS (parent partition) issue if it happens (to be honest, I cannot think of one that I’ve had in 2 years of running Hyper-V).  That means a GUI.  If my host has 32GB or less of RAM then I choose W2008 R2 Standard Edition.  Otherwise I go with W2008 R2 Enterprise Edition.

I warned you that I was thinking out loud.  It’s not all that structured but this might help you ask some questions if thinking about what to do for VDI hosts.

It Seems The Big Buzz Right Now Is …

I was talking to a few consultants last week and lots of the CIO’s they are meeting are talking about one thing right now: Virtual Desktop Infrastructure or VDI.  They’ve been hearing this term from many sources.  VMware has made a bit of a push on it, Citrix have made a huge push on it seeing their Presentation Server (or whatever the hell it’s called this week) getting squeezed out by MS, and MS has released Remote Desktop Services in Windows Server 2008 R2.  It seems these CIO’s want to talk about nothing else right now.

I can understand the thinking about VDI.  It can solve branch office issue by placing the desktop beside the data and server applications in the data centre.  Unlike Terminal Services a helpdesk engineer can mage changes to a VDI machine without change control.  Instead of PC’s you can use terminals that should be cheaper and should have no OS to manage.  It all sounds like costs should be cheaper and all that “nasty” PC management should disappear.  Right?

*Ahem* Not quite.

  • Branch Offices: Yes this is true.  By placing the VM, the user’s execution environment, in the data centre you speeds up access to data and services for remote users.  Let me ask a question here.  How much does sit cost to buy a PC?  Around €400 or thereabouts will do for a decent office PC.  It even comes with an OEM license for Windows.  How much does it cost for 2GB RAM in a server?  Around €200, not to mention the cost of the server chassis, the rack space, the power and the cooling.  How about storage?  A PC comes with a SATA disk.  A €250 GB SATA drive for a server is around €250.  It seems to me that we’ve already exceeded the up fronts.  I have done detailed breakdowns on this stuff at work to compare VDI with Terminal Services.  With VDI there is no memory or storage usage optimisation.  You get this with Terminal Services.  My opinion has changed over time.  Now I say if you want to do end user computing in the data centre then Terminal Services is probably the way to go.
  • Change Control: On a very basic VDI system, yes a helpdesk engineer an fix a problem for a end user without change control.  Terminal Services does absolutely require change control because a change to software on the server affects everyone.  However, if you are using pooled VDI or trash’n’burn VDI (VM invoked when a user logs in and destroyed when the log out) then there’s a good chance the problem returns when the user logs in again, thus requiring second or third level engineering.
  • Terminal Cheaper than PC’s: Hah!  I went out of my way at a recent Citrix VDI event here in Dublin to talk to one of the sponsors about terminals and their costs.  Their terminals were about the same cost as a PC or laptop depending on the form factor.
  • Terminals have less management than PC’s: Uh, wrong again.  There is still an operating system to manage on these machines and it’s one that has less elegant management solutions.  It still needs to be populated and controlled.  I’ve also been unable to get an answer from anyone on whether EasyPrint support is added into any of the terminals out there.  Without EasyPrint you either have awful cross-WAN printing experience or pay up for expensive 3rd party printing solutions.
  • Terminals cheaper part 2: The user still needs a copy of Vista or Windows 7 for their virtual machine where does that come from? You need to know that you cannot go out and use just any old Windows license in a VDI environment.  It has to be a special one called Virtual Enterprise Centralised Desktop (VECD).  This can only be purchased if you have software assurance on your desktop … uh … but we’re running terminals without a Windows Vista/7 license.  Yeah, ask your LAR about that one!  And we know SA adds around 33% to your costs every 2 to 3 years.  That PC with an OEM install of Windows 7 Professional or Ultimate is sounding pretty sweet right about now.
  • VDI is easier to manage: How do you manage a PC?  You have to put AV on it, you have to patch it, you have to deploy software to it, you have to report on license usage, you have to use group policy, etc.  That’s everything you also have to do with VDI using the exact same techniques and systems.  I see nothing so far about hardware management.  Let’s look at that.  You have to have 2 power sockets, a network socket and cabling, and every now and then one breaks and has to be replaced/repaired.  That sounds like everything you have to do with a terminal.  OK; the operating system on the machine?  I grant you that one.  A terminal has a built in OS.  A PC has to be installed but you can easily use MDT (network or media) to build PC’s with almost no effort and it’s free.  You also have ConfigMgr and WDS as alternative approaches.  WDS even allows people to build their own PC’s from an access controlled image.

For me, VDI is just too expensive to be an option right now.  Why do you think Microsoft hasn’t been singing from the heavens about Remote Desktop Services.  Sure, it’s a messy looking architecture but they know that the PC is here to stay for a long time yet.  The PC is relatively cheap to buy an own.  TCO?  Citrix have screamed about that one since the days of WinFrame and they haven’t managed to convert the world.  Sure, Citrix/Terminal Services is in most organisations but it’s more of an application deployment solution for remote users than a PC replacement solution.

And let’s not forget that the PC paradigm is changing.  It’s expected that the ownership of the business PC will change from the business to the end user.  In fact it’s already happening.  The business can still retain some sort of control and protect itself using things like NAP and port access control.

Feel free to post a comment on what you think about what’s going to happen.

Technorati Tags: ,