Providing Desktops to Users: Centralized Virtual Machines or Terminal Server Desktops?

There has been a lot of noise in the past few weeks from companies like IBM, Citrix, and VMware pushing the idea of providing desktops to users in the form of virtual machine-based remote Windows XP desktops instead of the "traditional" way of publishing a desktop session on a Terminal Server or Citrix Presentation Server.

There has been a lot of noise in the past few weeks from companies like IBM, Citrix, and VMware pushing the idea of providing desktops to users in the form of virtual machine-based remote Windows XP desktops instead of the "traditional" way of publishing a desktop session on a Terminal Server or Citrix Presentation Server. In this article, I'll take a brief look at the announcements from the past few weeks and then dig into the pros and cons of this architecture.
Last Week's Announcement (Not the first... Certainly not the last...)
Citrix, IBM, and VMware used the momentum around VMworld to announce their view of the virtualized desktop world, calling it "IBM Virtualized Hosted Client Infrastructure." If you didn't read the press release, here's the short version:
IBM Servers [Blades or xSeries] + VMware Workstation + Citrix Application Delivery = Virtual "desktops" for users that are cheaper than regular desktops
IBM's offering is:
(a) not actually available yet
(b) only available from IBM Global Services consultants
(c) something that other companies have been doing for years
(d) a good move for a huge vendor that suddenly doesn't have a PC business anymore
(e) all of the above
Of course the answer is E.
How will this affect you?
The short answer is that last week's announcement won't directly affect you. However, it raises some interesting questions that are worth considering. It's pretty safe to say that for the past several years, the de facto method of providing hosted desktops to users was to use Citrix or Microsoft Terminal Server to publish a desktop session on a terminal server that users access via ICA or RDP. You end up with huge terminal servers hosting dozens or hundreds of sessions each. The newer alternative is to use a product like VMware or Microsoft Virtual PC to break a server into multiple VMs each running Windows XP, and then to provide ICA or RDP remote access for users so that each user is connected 1:1 to a virtual machine.
Of course this idea is not all that new. I've written about this concept when HP launched their version of it a few years ago (I called it "bladed PCs"), and going back even further I did something like this ten years ago using Cubix hardware blades running Windows 95, PCAnywhere, and banks of modems.
What does this have to do with Citrix?
Ever since Citrix's surprise messaging change a few weeks ago (where they're suddenly calling Presentation Server "application virtualization"), it seems that every new press release that has the word "virtualization" in it also has "Citrix" in it. But where does Citrix fit into this picture? If you have VMware that cuts your server up into a bunch of Windows XP VMs, why don't you just access them via XP's built-in remote desktop capability and RDP?
There are actually several cool ways that Citrix can be involved here. First and foremost, one of the biggest features of Citrix's Presentation Server infrastructure is that they have this great application publishing capability that can securely deliver application access to end users in a variety of different ways. (Icons on a webpage, Start menu or desktop integration, a SharePoint web part, Program Neighborhood, etc.) By tossing Citrix into the virtualized desktop mix, Citrix could then provide access to a user's virtual desktop via these same channels. (It kind of fits into their whole "we provide access to everything" message.) In fact, they could even do cool things like tying this into the Citrix Access Gateway or their GoToMyPC products. This integration is something that Citrix is calling project "Bladerunner." Bladerunner (which was originally announced a iForum a few weeks ago) will also contain some dynamic provisioning capabilities that will help with the logistics of providing workstation VMs to users.
So why would anyone do this? Why give users their own virtual machines instead of a virtual desktop on a Presentation Server?
Advantages of Publishing Individual Virtual Machines

  • Better performance.
  • No application compatibility issues.
  • Better / easier security.
  • You can "suspend" individual VMs and then move them from server to server.
  • The clients run the "workstation" version of software.
  • Users have more control over their individual desktop.
  • Users can take their sessions with them when they go offline.
  • Easier backups.

Better performance. (In theory, anyway.) Any performance gains might depend on whether your backend is made up of blades or regular servers. Obviously if you only have one user (or a handful of users) on each blade, then your users could run bigger and more powerful applications without negatively affecting as many users as a terminal server environment. If you're using VM software to cut a huge server into dozens of Windows XP VMs, then you will have the ability to partition the resources for each VM in a different way than regular Citrix sessions.

No application compatibility issues. Since each VM is a standalone workstation, you don't have to worry about applications that don't like to have multiple copies running at the same time, and you won't have to deal with Citrix AIEs.

Better / easier security. Since each user would have their own standalone Windows XP VM, you wouldn't have to worry as much about locking down each user's session. If a user screws something up, they won't affect other users.

You can "suspend" individual VMs and then move them from server to server. This would be cool for doing maintenance. Imagine a scenario where you could hit a button in a management console to "move" a user to another server. Maybe the user would receive a popup box that said "Please wait a moment." Then the server would dump the memory contents of their VM to the SAN, a VM would be provisioned on another physical piece of hardware, and the VM would be brought back online. This whole process would probably take less than 30 seconds, and the user would pick up right where they left off. Another use of this technology would be that you could have an additional "timeout" setting. For example, maybe after 20 minutes of no activity, a user's session would be disconnected (where it is still running on the server, but disconnected from the workstation). If the user still doesn't connect back to it after an hour, the system could "suspend" the session by dumping the memory contents to disk, and then free up the hardware for someone else. Whenever the user decided to connect back in, the session would be re-hydrated and the user would pick up right where they left off--regardless of how long it has been.

The clients run the "workstation" version of software. Since these VMs would be based on Windows XP instead of Windows Server sessions, any software or applications would see the sessions as real workstations. You could use workstation versions of all your software.

Users have more control over their individual desktop. Again, since each user would get a full Windows XP workstation VM, they can customize it however they want (or as much as you let them). But as the administrator, you can be more flexible about what you let your users do since you don't have to worry about them screwing up other users.

Users can take their sessions with them when they go offline. Remember that VMware provides a generic view of the hardware to users no matter what the physical hardware looks like. So in an environment where all users' desktops are provided to them as VMs, they could use centralized backend servers when they are in the office, and then use laptops running VMware when they hit the road and need to run offline. There could be a one button "take offline" option that suspends the user's session and then copies down the disk image and memory space to the laptop where it could be resumed. You could even have generic laptops that users could "check out" when traveling. Imagine VMware ACE with the flexibility of running remotely or locally, and easily switching back and forth.

Easier backups. All you would have to do is to backup the disk image files for all the user's workstations (and these are probably already on a SAN). Then if a user lost something, it would be simple to "roll back" their laptop to whenever they wanted. You could even take this a step further and provide an automatic snap-shotting service that did this once an hour.
Disadvantages of Publishing Individual Virtual Machines

  • More server hardware is required.
  • More software is required.
  • Management tools are needed for the desktop VM.

Of course with all of these great advantages, there are several downsides to providing desktop sessions via Windows XP VMs to your users.

More server hardware is required. Giving each user a full workstation VM will require more computing resources than simply giving them a session on a terminal server. A dual processor server with 4GB of RAM can probably run 100 desktop sessions as a terminal server. With VMware, you're probably only looking at maybe 20 Windows XP VMs. If you're using blades, you might only be able to fit a handful of users on each blade.

More software is required. In addition to your OS and application software, you'll also need the VM software (from VMware or Microsoft) and you'll need some software to manage the provisioning of VMs for users (Citrix Bladerunner, etc.). Of course this will also cost more money.

Management tools are needed for the desktop VM. Since this model is more like "traditional" desktops in that each user has their own Windows XP VM, you'll need tools to manage patching, antivirus, spyware, software installations, and configuration management.

Integrating published workstation VMs into your environment

Like I said when I wrote about Bladed PCs, this solution doesn't really compete with Citrix published applications, it competes with traditionally-deployed desktops. You could certainly access a Citrix published application from within your remote Windows XP VM session. (This would use Citrix's ICA passthrough technology which works very well.) In fact, you could still use technologies like Softricity or Citrix's Project Tarpon for desktop application streaming--it's just that in this case, the application would be streamed to the Windows XP VM instead of a physical desktop, but the same design questions would still apply.

With all this discussion, there's still one major point that we haven't touched on that I'd like to go back to:
What do you run the backend on--blades or huge servers?

At first you might think that you can skip the whole VM thing and just use blades on your backend to provide a 1:1 blade to user ratio. While that's certainly possible, it not ideal in today's world. If you use blades, you should still use VM software to virtualize the desktop sessions running on each blade. Why? Two reasons:
Depending on your applications, you can probably put more than one VM on each blade. (Not a lot more, but maybe three or four.)

By using a VM solution, you can still separate your OS image from your hardware. For example, you could have a SAN full of disk images--one for each user. You could then have a rack full of blades sitting right next to it. When a user logs on, the system grabs the next available blade and boots a VM on it with that user's disk image on the SAN. What's really cool about this is that the user's "personal" network shares (My Documents, etc.) could all be "local" within that disk image since that disk image is already on the SAN and highly available and backed up. This would allow you to realize the full list of advantages of this architecture previously listed.

Quite honestly, I don't really see the blades vs. traditional servers as all that important in this case. I think that if you choose to go with this Winodws XP virtualized desktop architecture then it really doesn't matter what you have on the backend. You'll be able to buy whichever makes most sense in your case.

I have to say that I like the idea of a virtualized Windows XP desktop more and more. In fact, I have a Citrix server in my environment that I use for applications, and I have a few huge VMware servers I use for lab testing and training classes. My laptop just broke over the weekend, so I think I'm going to build a remote VMware-based Windows XP desktop and try using that for awhile to see how this works. I'll try running it locally and remotely.

The bottom line is that I like this idea a lot. If I had to provide full desktops to users, I think this is something worth considering. Again, it's not the right solution for everyone, and it certainly will not replace Citrix and terminal server applications, but it's an interesting option that offers some unique advantages that are simply not possible with other architectures.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

With Citrix labelling their client/server Presentation Server offering as "application virtualisation", and the Constellation and 64-bit stuff in this arena, plus the "application streaming" for desktop apps, and now this announcement with IBM and VMWare - there's a lot to think about. Will Citrix allow streaming to Presentation Servers do you think?
Great article!
Thanks Brian for shading some light, but we still dont know what has Citrix done "Exactly" to develop this solution for hosting “Virtualized OS” in terms of System Architecture.
Besides virtualization, which by direct comparison between, presentation Server on VMWare platform, would still be two steps behind in overall central management and SBC scalability, too outline just a few….
However it seems to me, for now at least, that Citrix is once again gamboling with its market share by competing with its self.
They did it with Go-to-my-PC which was a sort cheaper solution for remote access to an existing infrastructure….
Now it makes me wonder if this is a part of that client code that will communicate to central Management server, except this time that server will be “in-house” oppose to Citrix headquarters, that has turned a lot of customers away!
Still with the overhead that an operating system takes, Any time I run vmware on a server, the performance factor kicks in. Once your session is stable and everything settles down, it is ok, but it always takes time to start a session.

I still think that this vmware stuff is not there for the desktop. It is ok for a server that is not being used envvironment or for testing, but it is a far cry from being even close to a citrix server. In addition, moving the session over to another server is not as smooth as people describe it.

This vm stuff on a desktop is ok for transition, but citrix presentation server solution is by far a more advance futuristic approach. The developers just have to get their bargain of the game. When Microsoft gets their multiuser stuff working properly so it is transparent, then all will switch to the citrix environment or the like.

Why spend the money now on old technology and waste it on cubes while you can spend it right the first time and go to a multi user futur environment today!!!>?>>>>???
BladePC..humm but wich device is used by user?
Thinclient? > what is the interrest to deploy thin wich end user environnement already locked and access a ICA or RDP app or Desktop?? and more why access a Blade PC...just deploye PC...
PC? > why deploy PC to access virtualize XP? don't undertand the benefits...
So talk about the device please..

Maybe we need to tell to Citrix to re launch
Hi Brian,
what would be your opinion on "(Virtual) OS Streaming" solutions like Ardence, Neoware ?
I kind of have the feeling that besides the VMWare ACE story, a lot is starting to move in the market with the aim of provided a managed OS imgage - virtualized or streamed.
This looks like the perfect companion to application "virtualization" (whether it is hosted on CTX or streamed with Softgrid).. but looks to me as being not mature...
Check out what Provision Networks is doing in this arena with a project called Titan!

Also good article at Enterprise systems with more info on IBM's announcement

Jim Kenzig
Maybe I missed it, because I skimmed over some of the comments, but one thing that was lift out was the number of XP Pro licenses you'll need, i.e. one per VM, which last time I checked costs 40% more than a Terminal Server CAL.

Don't get me wrong, I find this very interesting, but don't currently see it as more cost effective for replacing thin-clients. I do see application virtualization as the way to do things when deploying apps to fat clients, so they can take their apps with them, and don't need admin rights to run the install.

Cool stuff.

Patrick Rouse
Microsoft MVP - Terminal Server

At this moment I don't think the concept could work because of a small technical problem. We have a VMWare GSX server running a few Virtual Machines. We wanted to access the GSX server from home, using Citrix. So I published the VMWare Virtual Machine console to a user, but the screen handling is then completely messed up.

W2K3 VMs aren't too bad if you have the VMware Tools loaded and have the video accelleration set to high inside the VM.
I've had excellent luck publishing vmware tools through Citrix. Haven't had any problems. of course you have to expect a little slowness with screen refeshes if you remote into the vm. that hasn't presented an issue though because it was still quite smooth all things considered.
We have had great success using Wyse ThinOS (formally Blazer) connecting using RDP to a VM. The Wyse device is totally configured via DHCP, boots in less than 6 seconds and you have a VM of XP up in front of you in seconds! If your put Citrix in this scenerio (which other companies are doing) then you simply connect via ICA from the device the results are the same but you get added Citrix benefits!
Anyone heard of VMware Player? Another big announcement at VMworld....
I find one thing quite puzzling about this article Brian.
You list as an advantage a theoretical improvement in performance.  I don't see how, mainly for three reasons:
Running Virtual Machines requires that you have a whole new instance of the OS, consuming RAM, HDD & CPU, for each user that connects.  Instead of Windows kernel, we have 100, instead of 1 Windows directory we have 100... Even a well-tuned Windows XP needs at least 128Mb RAM to perform effectively with apps.  In addition, things that would be handled once for 100 users by a terminal server, now need to be performed once for each user.
You stated that to run this type of environment, we will need more servers - 100 users on a single TS against 20 users on an equally spec'd VM Server?  That's 5 times as much hardware, not just a little bit.  And this means that when we talk of performance, we're not comparing apples with apples.  I should EXPECT better performance form 500 servers than I should from 100.
You mention that the VM environment means that users will impact each other less than in a TS environment.  I would say that given 5 TS users on a single host or 5 VMs on a single host, chances are the overall experience for the 5 TS users will be far better.  In either situation, physical resources are being shared, so the impact of users on each other will be at least as much as it would in a TS environment, and possibly more - 1 Terminal Server OS will use less resources than 100 VM OSs AND the VMWare OS (small as it is in ESX) PLUS Citrix software allows for sharing of Virtual memory, further reducing the resources consumed
In addition to the second point, I've never tried running 20 VMs on a single host, so will take your word, but would be surprised if you could effectively run 20 VMs on a machine with 4Gb RAM.
Some of your other points are interesting, the idea of roaming with the environment sounds good, but has drawbacks - it's hard enough to get users to sync 'My Documents' let alone a 1.5Gb image of their Virtual Workstation, and facing facts - a notebook with 512 Mb RAM will only just run a single VM.  Why waste the resources? Why not just use the notebook the way it's meant and synchronise the data only.
In short, although I use both VMWare and Citrix Software every day, and love both, I disagree with your article,  specifically the performance benfits you've outlined.  The whole point of server-based computing in the Win32 space is to reduce the TCO whilst (ideally) maintaining much of the flexibilty of a PC-based environment.   Maintaining "Client OSs", "Server OSs" and "Client VM OSs" IMHO nullifies much of the benefit of SBC.  I think that you gloss-over this a little too quickly in your article (disadvantage 3).
Please don't take this as a flame or an anonymous rant - just trying to promote some healthy conversation!
Perhaps there's something I'm missing that you could explain further.
It may not be added server performance per say, but better user functionality ( ie user performance)  by allowing power users to have thier own images for example. Now "anything" that runs on their PC could run remotely/securely within the Citrix environment.
I have a question,  I have a classroom with 16 computers in it.  We teach multiple classes in software.
Would it be possible to have one vm image of each class and have 16 computers run the same image at the same time?  This would save us from having to re image all 16 system every time the classes change.
for only 1000$ per processor regardless the number of VM s and same performances than Terminal Server.
I did some testing.
Take a TS box and add Virtuozzo for Windows on top of it
if you had 15 cc users on the TS, you'll get 15 independent desktop (they call it VPS) with Virtuozzo and with no loss of performances.
Each VPS is accessible through RDP or ICA
Each VPS has its own ip address
Each VPS can run its own set of windows services
Each VPS has its own registry
Each VPS has its own private drives
Each VPS has CPU, Memory, Drive quotas.
Only one Windows 2003 server license, because all VPSes share the same binaries.
exit application compatibilities
DOH! Wrong thread.
hmm! why wrong thread?. aren't we talking here about "Providing Desktops to Users: Centralized Virtual Machines or Terminal Server Desktops?"

hmm! why wrong thread?. aren't we talking here about "Providing Desktops to Users: Centralized Virtual Machines or Terminal Server Desktops?"

Sorry, I meant I accidentally posted a response to the wrong thread but couldn't delete it so I just wiped out my comment.  Along the lines of this comment though what article was this in response to?  Brian killed the ASP code that provided a link back to the article that the comment was made on.

You say:
"Easier backups. All you would have to do is to backup the disk image files for all the user's workstations "
but with each user's disk image file being a few GB (or potentially tens of GB if you foolishly allow them to store an unlimited amount of data in it), this could be a major exercise!
Only by keeping a "template" copy of the vmdk file for each course centrally and by copying a copy down to each PC before each course starts. You cannot have multiple VMs accessing the same VMDK file concurrently.
The other reason why you can't do it is because each system would have the same Windows computer name, etc.  You could sysprep before taking your image and then let each system run Minisetup for the customization, but that's kind of a pain.  You may want to look into one of two technologies that would help a bit here:

1) VMWare ACE
2) Ardence


VMWare Player definitely has potential to make this a really cost effective solution.  You would not need to buy an additional $200 license for every workstation; just a few for your development machines.  That would rock for smaller houses, along with some Thin Client terminals (such as Wyse).
Conceptually speaking, you want to keep the user's image sizes relatively small - and have them store the majority of their data on the network somewhere.  That way you can maximize the number of VM's you can store (and potentially run) and minimize the effect of the backup.

You say:
"Easier backups. All you would have to do is to backup the disk image files for all the user's workstations "

but with each user's disk image file being a few GB (or potentially tens of GB if you foolishly allow them to store an unlimited amount of data in it), this could be a major exercise!

Applications like VMWare Server and MS Virtual Server have disk formats that have max sizes. You can issue a single 4gb max capable image (in dynamic growth format) and then you will be able to manage and estimate requirements. You can also compress the images (I get between 15% to 45%). So it in conjunction with getting most of the general data files offloaded to maybe a general, it should be well possible to have a simple and automated backup policy.
The benefit you will have is when you have very heterogenous environments that need to co-exist. I am talking running Linux, BSD, and Windows clients. Also Clients OS's that need to be a specific legacy version for purchased support or plain compatibility reasons. Clients that do development work and want to have a tiny copy of a one instance server app or stress a particular flaw of that OS.
If your clients need only a nit pick of sparse apps to run (only word,  excel, erp client ui or only access, query analyzer), then please oh please just use an app virtualization/container/streaming software package. If everyone is only running full Office and an app suite for there ERP system which needs exactly win xp sp2 and it should coexist with a dns and dhcp server or you want to run longhorn full and longhorn core, then look for the operating system virtualization. If you need to have desparate operating systems running at near native, look for hardware virtulization.
There are always going to be wins and losses in these three groups and so your enterprise has to evaluate how far up (towards app-virts) or down (towards hard-virts) it will need to go. Good day.
Yemi Bedu

If all your users worked from XP VMs, and you had to make a change to something like a GPO... then even if some of the VMs were powered down or disconnected - they would still get the update when they resumed.

But what about other changes? Lets say I want to add an ODBC connection for an application on a Presentation Server. I can always connect as an Admin (RDP, ICA or ILO Card) and make the change on the server. Everybody picks up the update. The same thing goes for registry settings, Desktop shortcuts and Start menu changes. Not everything works best through a GPO. Not everything can be solved by setting up the right NTUSER.DAT. I find a need to use the local USRLOGON.CMD as well as GPO based logon and startup scripts. This all seems like it would be a problem with VMs that may or may not be available when I have to get the modifications to my environment complete.,

I'm no expert on virtualization, but are the issues I am describing only solved in the VM scenario if the entire OS is virtualized? (or with PS or TS)