XenApp 7.14

We’ve also recently been busy recently deploying a new Citrix Xenapp 7.14 farm for a customer. This is to replace a legacy Metaframe environment, providing secure virtual apps and desktops to users across multiple sites.

XenApp is still a great option for some use cases; the consolidation ratio is often better than with VDI, and Citrix published application delivery has always been pretty slick. In this instance, we deployed the XenApp servers on top of a VMware vSphere infrastructure, thus leveraging the best features from multiple vendors to achieve the customer’s objectives.

VMware Horizon 7.2

We’ve recently been busy upgrading VMware Horizon View from version 6.x to 7.2. This has included multiple connection servers and security servers.

As part of this upgrade, we’ve also had to address VMware UEM and App Volumes upgrades in order to maintain compatibility. Additionally, a minor upgrade to vCenter was also needed.

The process has gone smoothly, with a production VDI estate being successfully upgraded in a single evening. The customer in question can now take advantage of Horizon 7 features, including instant clones and the new blast extreme protocol.

Repurposing laptops as VDI clients.

We've recently built a custom Linux desktop image for use as a VDI client with legacy laptop hardware. This means that our customer is re-imaging laptops with a free and open-source CentOS Linux Operating System, running the VMware Horizon client software.

This is a great option for this customer, as they are able to extend the life of laptop hardware and protect their investment, whilst avoiding any unnecessary Microsoft licensing and management costs.

It also has support benefits; any possible user confusion around accessing a Windows VDI desktop from a Windows laptop is avoided as the local Linux laptop UI is completely different from the day-to-day Windows VDI environment. The "kiosk" nature of the image also means that the user is led straight to their VDI login without any unnecessary diversions or options.

We've also found that hardware compatibility is good; a single CentOS Linux image has been successfully deployed to laptops from more than one vendor (Dell and HP in this case).

 

News Updates and WannaCry

It’s been a while since this section was updated, but as always, it’s because we’ve been busy! However, we now aim to start providing more regular updates again.

One issue that was consuming our time a little while back was helping customers who had been affected by the WannaCry ransomware attack. Although it’s easy to criticise those who were hit for not having applied the relevant patch prior to the outbreak, we recognise that in some circumstances it is not always easy to apply patches immediately.

If you are unlucky enough to be infected by encrypting ransomware, there are only two courses of action open to you; either pay the ransom (not advisable) or restore systems and data from a time point prior to infection and accept loss of data that was created/changed after that time point. This is where a backup strategy that allows for frequent backups is invaluable. An example is NetApp snapshots; many of our customers create snapshot copies of their user data on an hourly basis or more frequently with no impact on performance. These snapshots can be used for data restore, and would allow for fast recovery of encrypted data from a very recent point in time.

Fortunately, most of our customers took sensible precautions as the attack unfolded and we helped many of them take steps to avoid infection. In the few cases where we did see infections occur (in customers where we had not provided infrastructure services), illumit was on hand to help remediate and/or work around the issues. This included assistance in rebuilding affected systems and restoring data (including sizeable databases) using older, tape-based backup solutions. This really did reinforce the value of a modern snapshot-based approach to data protection; systems could have been back online much faster than was possible with tape restores!

Clustered Data ONTAP

We've also recently re-deployed a NetApp FAS2240 as a switchless, 2-node storage cluster. This entailed implementation of the required 10GbE connectivity and replacing the 7-mode O/S with Clustered Data ONTAP 8.3. 

The process is disruptive, as the system is effectively wiped, so data had to be moved off for the upgrade. However, the nature of Clustered Data ONTAP means that this should not be necessary in the future; with NetApp storage clusters, data can be immortal.

The change to Clustered Data ONTAP from 7-mode is inevitable, and worthwhile. It feels very much like when the industry first adopted server virtualisation; with Clustered Data ONTAP, storage is virtualised, de-coupled from hardware and mobilised. The learning curve is similar, but so are the gains.

EqualLogic Flash array with Force10 switches.

We've recently deployed a Dell EqualLogic PS6210 SAN with an all-SSD configuration. This was connected to Dell Force10 MXL 10GbE switches to provide iSCSI storage to Dell PowerEdge blade servers.

The implementation was interesting, as the Force 10 switches had to connect back to an existing HP ProCurve network at the data centre core, and present iSCSI LUNs back to hosts on both Force10 and ProCurve ports.

The implementation was completed to schedule, including some unanticipated network design and configuration implementation, with no interruption to production services. The new iSCSI SAN was tested at over 125,000 read IOPS at 1ms response time - not bad!

Windows 2012, WDS and Sophos Safeguard.

We've recently upgraded a private sector client to Windows 2012 R2 Active Directory, migrating legacy servers from Windows 2003, including upgrading Symantec Backup Exec 2012 to 2014 on Windows 2008 R2 and decommissioning all off 2003.

Our SME work has also recently included roll out of new PCs for a number of clients, creating new images for Windows 7 HP Folio laptops and Dell Optiplex PCs with WDS for 2012 R2 and 2008 R2.

We've also recently implemented Sophos Safeguard server to encrypt laptops for GPs.

Fusion-IO and Flash Accel

We've recently been helping a client with Flash Accel. This is a product from NetApp that uses flash in the host servers to accelerate storage I/O.

We've deployed it using Fusion-IO cards in the host servers to accelerate virtualised SQL server workloads, and we're seeing SSD-performance read IOPS with a FAS2240 as the back-end storage system.

Recently we've also integrated SnapManager for SQL into the solution, so that we can create application-consistent SQL database backups using instantaneous snapshots whilst still achieving fantastic performance with a modest storage array.

EqualLogic Performance.

We've recently implemented SQL 2012 With Database Availability Groups on VMWare and with Dell Equalogic PS series SAN utilising SSD/SAS auto tiering. The objective was to provide high availability and high performance SQL hosting for a clinical system

As part of the project, we helped our client undertake some performance baselines to determine read and write performance of the implementation. The EqualLogic PS proved to be very fast, achieving 42,000 IOPS for sequential write operations using MS SQLIO.

Microsoft Licensing.

A customer was recently approached by Microsoft to perform a Software Asset Management review.

We worked with the customer to deploy a software tool across all of their PC and server estate to fully audit their machines and gather the live inventory information centrally.

This provided the customer with a complete picture of all the Microsoft software in use to ensure full licensing compliance, without stress or complication.

Microsoft Exchange Services.

We've recently decommissioned another Microsoft Exchange 2003 environment for an enterprise client. As part of the final tranche of work, we've also completed their Exchange 2010 deployment, with Database Availability Groups (DAG) to provide high availability for mail and collaboration services. DAG failover has been tested, and as usual, works extremely well.

We've also been busy with one of our SME clients, where we've migrated mailboxes from Exchange 2007 to Office 365, thus moving them from on-premise mail to cloud services. We had to use PSTs as the transport mechanism as RDP over HTTPS wasn’t possible due to an invalid internal domain name that had been used historically. Migration was achieved over a weekend for 70 mailboxes including shared, room and user mailboxes, and the client is very pleased with the result.

SnapProtect.

One of the historical challenges with a larger NetApp infrastructure has been centralised data protection management. Whilst NetApp has SnapManager tools, native Snapshots, SnapMirror, SnapVault, and OnCommand Unified Manager, they do not offer a unified view into what's happening across the NetApp estate in terms of backup.

We've always had a good word for CommVault, and NetApp has now re-badged a subset of the Simpana Suite as NetApp SnapProtect.

Having just deployed this for a client, we're pleased to see that it does indeed offer a single pane of glass into data protection; SnapShots, SnapVaults and SnapMirrors are all being driven from the SnapProtect console, and the CommServe will also be driving application-consistent backups for SQL and other apps in due course. It's also possible to back data off to tape, all from one console and backed by CommVault's proven and well-regarded technology.

Atlantis ILIO.

We're doing a lot with VDI at the moment, especially VMware View.

One of the main challenges with VDI is the well known "boot storm" problem. This is a bit of a misnomer, as the issue is related to any simultaneous activity within many virtual desktops that causes lots of disk I/O - boot and log-in are two examples, but traditional anti-virus updates, log off and other activities can also generate problematic loads.

The solution here is faster storage. However, managing this with traditional storage arrays is not always the best way forward as it can become expensive. Also array-based flash acceleration solutions usually only accelerate reads and not writes, and VDI traffic is notoriously write-heavy.

What we therefore need is either an all-flash array or tiered storage including flash (many exist) and some fast interconnects, or some host-based flash. All-flash arrays or tiered storage are great where budget allows, but we often see clients looking to manage virtual desktop performance at best cost without re-inventing their back-end storage.

We've therefore considered several host-side solutions for clients, and we very much like Atlantis ILIO. This is because it uses RAM rather than flash as the underlying storage, which has better performance and long-term durability characteristics.

We're currently deploying ILIO for production, non-persistent VDI workloads in several client environments, as well as pilot setups for others, and it lives up to it's promise - it is fast.


Cisco MDS Switches

In our FlexPod on Fabric MetroCluster project, we selected Cisco MDS switches for the back-end MetroCluster fibre-channel connectivity.

These switches have been supported by NetApp since Data ONTAP 8.1.1, and it made much more sense to us than the traditional Brocade models in this instance, as it means that in the FlexPod there is now a single, common switch O/S in the form of Cisco NX-OS.

We've found the MDS switches absolutely great to use in this role, and have even made a small contribution to the NetApp MDS switch configuration guide!

FlexPod with MetroCluster

One of our larger projects at the moment has seen us design and deploy FlexPod with NetApp Fabric MetroCluster.

We have Cisco UCS in two datacenters, with Nexus 5000 series switches managing the front-end connectivity to the NetApp controller in each data center.

One of the main challenges was managing unified connect across a distance between datacenters that mandated single-mode fibre, using Nexus 5000 series switches. To achieve this, we have had to derive a connectivity design using FabricPath and VPC+ technologies.

The result is a truly resilient and high-performance architecture, with all the benefits of FlexPod, including collaborative vendor support and pre-validated design. 

illumit has brought great value to the project by completing implementation and configuration in just 16 weeks. This is from racking hardware to production; virtual servers have already been migrated to the platform. This rapid deployment encompassed configuration of infrastructure, hypervisor, management and backup software as well as other elements; more posts will follow!

AD Upgrades.

We've recently updated a 1000 user Active Directory domain for a client, this time including the removal of 2 Enterprise Certificate Authority and Sub-ordinate Enterprise Issuing CA's, then restoration of both CA’s onto new 2008 member servers.

Now the Domain Controllers have all been replaced with new 2008 DCs as well as PKI infrastructure being placed on a newer, supported platform - all  with no disruption.