IBM Software

Tivoli

Thought Leadership White Paper

Optimizing virtual desktopinfrastructuresHow Tivoli Endpoint Manager improves the performanceand security of VDIs

2 Optimizing virtual desktop infrastructures

Contents

2 Introduction

2 Better management for virtualized environments

3 Performance challenges for virtualized desktops

3 Addressing the needs of desktop virtualization

4 Management challenges in a virtualized environment

6 Gaining real control over virtualized environments

6 For more information

IntroductionVirtualizing the data center offers well-established benefits, with capabilities for hardware optimization, flexible endpointdeployment, reduced management complexity and lower totalcost of ownership. Virtualizing desktop environments using vir-tual desktop infrastructure (VDI), however, presents a very dif-ferent business case and some unique challenges. Organizationsundertaking desktop virtualization typically are seeking benefitsthat include easy end-user access to applications and informationfrom a variety of devices, enhanced security, rapid provisioningand simplified software deployment. However, virtualization of any kind is not without its technology and IT managementchallenges. And desktop virtualization, with its potentially hugenumbers of devices and users, combined with high demands thatit can place on network throughput and bandwidth, can createissues that can affect business operations.

Consider this example: a company deploys virtualized desktopsand application streaming across the organization to simplify themanagement of end-user client devices. The business benefitsfrom this strategy are significant, but the burden that runningvirtualized desktops places on the network and server infrastruc-ture are so great, and IT has so little visibility into and controlover the virtual desktops, that quality of service dwindles to thepoint where critical business applications become unusable. Ontoday’s smarter planet, no one can afford that kind of bottleneck.

IBM® Tivoli® Endpoint Manager provides a single, multifunc-tion, low overhead agent that can be placed inside of virtualdesktop instances, on user host devices, on virtualized serversand on the servers delivering virtualization services. This pro-vides IT with real-time visibility, with command and control forall dimensions involved in delivering virtualization technologiesin the same place and in the same way as nonvirtualized devices.Tivoli Endpoint Manager supports up to 250,000 endpoints(including virtual machines) with a single management server,single console and endpoint agents. Agents average less than 2 percent CPU capacity and less than 10 MB RAM, deliveringhigh levels of endpoint management and enabling high guest-to-host ratios.

IBM Tivoli Endpoint Manager also delivers an efficient, cost-effective answer to reducing the impact of the large infrastructure footprints that come with desktop and applicationvirtualization solutions. Utilizing streaming mode when band-width is ample but also enabling an automated off line mode to preserve bandwidth when usage is high, Tivoli EndpointManager enables organizations to implement its technologieswithout massive upgrades to the network infrastructure.

Better management for virtualizedenvironmentsAs desktop virtualization grows, organizations typically find theyneed new and better ways to manage their infrastructures. Oncevirtualization is in place, setting up additional virtual machines isquick and easy, resulting in a sprawl of hard-to-locate and hard-to-manage virtual machines. In an environment where virtualmachines may be moved from server to server dynamically basedon policy, how do IT administrators quickly and easily accessvirtual machines for patch, configuration and vulnerability management? What’s more, even in a virtualized environment,physical devices remain—creating the need for tools that canmanage virtual and physical machines together, from a singleunified view.

3IBM Software

Tivoli Endpoint Manager provides a graphical view of virtual desktops,

physical endpoints and host servers through a single, unified console.

Tivoli Endpoint Manager is designed to seamlessly bridge thegap between physical and virtual device management, and toprovide insight and control for devices of both kinds. While itssmall footprint helps preserve device performance, its single,unified management console reaches physical and virtual end-points regardless of their location, connection type or status.The solution’s ability to control and protect devices, applicationsand information can help ensure greater success with virtualiza-tion, with higher levels of manageability and reliability.

Performance challenges for virtualizeddesktopsIn creating a virtual desktop environment, organizations typicallyencounter three principal performance challenges:● Latency and bandwidth: Controlling and enhancing

throughput are a constant struggle. But the issue is more thanmanaging the pipes—it’s also knowing what’s connected tothem. IT first has to know where all its virtual and physicalassets reside. Many organizations, even fairly small ones, areunable to locate all their devices.

● Scalability limits: The conventional client-server model thatuses “push” technology to patch and manage endpoints typi-cally has a limit of 10,000 to 20,000 nodes per server. TivoliEndpoint Manager is specifically designed for large enterpriseenvironments, with scalability to easily support hundreds ofthousands of physical devices and/or virtual instances withonly one or two servers.

● Agent overload: Multiple agents on virtual machines, particu-larly management agents such as those providing malware pro-tection, need to be coordinated so that they do not overwhelmthe server hardware on which they run. For example, antivirusscans are often scheduled to begin at the same time every day.Thousands or hundreds of thousands of virtual desktops, allscanning at the same time, can result in a performance night-mare. Tivoli Endpoint Manager for Core Protection’s malwarescanning capabilities are virtualization-aware, serializing scansso that virtual desktops do not all scan at the same time. Tivoli Endpoint Manager can also reduce the need for multiple management agents altogether.

Addressing the needs of desktopvirtualizationTo deal with these challenges, Tivoli Endpoint Managerenhances the performance of application virtualization solutionssuch as Microsoft App-V software with four key capabilities:● Real-time knowledge of local endpoint conditions: Tivoli

Endpoint Manager can enhance App-V client behavior andpackage selections. It can, for example, force App-V into anoff line mode that utilizes a local copy of the application whenbandwidth is low. The Tivoli Endpoint Manager agent is alsobandwidth-aware, performing tasks such as patch manage-ment, configuration management and software distributionwithout impacting network performance.

4 Optimizing virtual desktop infrastructures

IBM Tivoli Endpoint Managerand Microsoft App-V

ManageApp-Vclients

Manageclient

settings

Installrole-based

applications

Manageapplicationstate and

cache

If bandwidthto corporate

infrastructureis good

If bandwidthto corporate

infrastructureis poor

Tivoli Endpoint Manager enables management of the entire App-V deploy-

ment life cycle, with controls that help optimize App-V bandwidth utilization

to help ensure desktop and network performance.

● Reduced infrastructure cost and maintenance time: Withthe costs of installing, repairing, maintaining and updating systems far outstripping the initial cost or purchase, the ongoing expense of a large-footprint endpoint managementinfrastructure can increase IT expense considerably. Largefootprint solutions may require a server in each physical loca-tion. Tivoli Endpoint Manager requires only one dedicatedserver per 250,000 endpoints. It relies for scalability on distrib-uted, nondedicated “relays,” incurring much lower capital andoperational costs than other systems.

● Unified tools and processes for physical and virtualmachines: Technologies that require unique managementinfrastructures increase IT complexity. With Tivoli EndpointManager, deployment and management of applications on virtualized and nonvirtualized endpoints are completely trans-parent. From distribution to updates, each software package is managed the same way, from the same console.

● Unified server infrastructure: A large-footprint endpointmanagement application designed as a standalone solutionwith its own console, tools and requirements for distribution,configuration and maintenance generally also requires its own servers. Tivoli Endpoint Manager fits easily into existingenvironments without requiring an extensive hardware- andlabor-intensive deployment.

Management challenges in a virtualizedenvironmentTivoli Endpoint Manager directly addresses the core challengesinherent in managing a virtualized environment: visibility anddiscovery, security configuration and patching, licensing andcompliance, and management complexity. For each of thesechallenges, the solution provides features and functionality thatsupport the administrator in maintaining seamless control overassets in a single view.

Visibility and discoveryWith virtualized applications, traditional asset discovery methodsoften fail because applications reside within a virtualized con-tainer that makes it possible to easily and automatically movethem from one host to another. Thus, they can be “hidden”from detection by standard discovery tools. Even where detec-tion is possible, traditional discovery methods often do not pro-vide the ability to identify whether an application is physical orvirtualized.

Tivoli Endpoint Manager offers the same level of discovery andvisibility for virtual as for physical assets, ensuring that softwareinventories are up to date, accurate and complete. Its asset

5IBM Software

discovery capabilities can find new machines as they come up in real time, and can identify whether a machine is physical orvirtual. The solution provides agents for the hypervisor or hostoperating system, providing visibility into the base layer as wellas the items on top of it.

SecurityVirtualization increases the potential velocity of change, as vir-tual machines can be created and decommissioned in minutes.Organizations need to ensure that these activities have theappropriate level of change control and auditability—at both thehypervisor and individual virtual machine levels. The need tomanage, track and maintain online and off line virtual machinesand snapshots only increases this complexity. Virtualization alsoadds a new level of complexity to the patching process. “Gold”virtual machine images, upon which virtual desktops are based,can easily fall out of currency with security patch and configura-tion baselines.

Tivoli Endpoint Manager’s antimalware capabilities powered by Trend Micro not only protect physical and virtual endpoints,but are the first also to be VDI-aware. This means that TivoliEndpoint Manager can:

● Limit the number of virtualized endpoints performing a fullsystem scan or antimalware updates at the same time. This can reduce performance impact and optimize end-user productivity.

● Prescan and white list elements of the base image so that eachinstance of the virtual desktop is scanning only incrementaldifferences. This can result in fewer scans and much shorterscan times.

● Integrate with VDI management to retrieve information aboutthe status and location of secured virtual desktops. This helpsoptimize resource utilization across the entire virtual desktopenvironment.

Tivoli Endpoint Manager automates the process of detecting,enforcing and reporting security configuration policies. Newlyprovisioned or previously off line virtual desktops are automati-cally “topped off” with the latest security patch and configura-tion baselines within minutes of activation. Capabilities fordiscovering rogue devices and quarantining at-risk machinesuntil remediation can occur enable unparalleled visibility andcontrol over security and vulnerability exposure.

With Tivoli Endpoint Manager, administrators can patch and continuously enforce security configuration baselines onhundreds of thousands of physical and virtual workstations,servers and remote devices worldwide—all from a single point of control.

Licensing and complianceA virtualized application can be provisioned, come online and gooff line several times within the same day. From a licensing per-spective, administrators need to know when a virtual machine’sstatus changes, as well as whether an off line machine could beturned on. If the company is charging back for support, or thevirtual application is delivered as a service to a business unit, it isnecessary to know who is consuming which applications—andfor how long.

Tivoli Endpoint Manager enables organizations to improve efficiencies by creating reliable linkages between inventory infor-mation and purchasing and procurement tools and processes.For physical and virtual assets, it helps ensure that each asset has the software it is supposed to have and is not running unau-thorized applications. It helps identify underused software tomanage costs, and help identify overused licenses to stay on theright side of software license agreements, all while providingtimely and reliable information for regulatory and governancecompliance. It also can reduce software audit costs by rapidlyproviding license usage reports across both physical and virtualdesktops.

Please Recycle

Management complexityAs the use of virtualization grows, organizations need to managephysical and virtual environments seamlessly. However, whilepersistent virtual machines should be managed like assets, they are much more dynamic than their physical counterparts.Addressing the greater level of complexity they create requires a consolidated lifecycle approach to the provisioning and config-uration of physical and virtual assets.

Tivoli Endpoint Manager can perform full lifecycle manage-ment, from configuration to patching, on a virtual machine aseasily and effectively as on a physical machine. The solutiongives staff the power to see all computing devices, manage theirpower usage and minimize change control window requirementswith a single agent, infrastructure and console. Because TivoliEndpoint Manager treats virtual assets on par with physicalassets, it provides a convergent, unified management system for both—eliminating the need for multiple point solutions.

Gaining real control over virtualizedenvironmentsWith the ease of bringing up a new virtualized desktop, adminis-trators can quickly lose visibility into the total asset picture, leading to lack of control and ineffective management. TivoliEndpoint Manager enables the organization to enjoy up-to-the-minute visibility and control of the most granular propertiesand processes across tens of thousands, or even hundreds ofthousands, of physical and virtualized computing assets.

By managing the entire asset lifecycle, Tivoli Endpoint Managerbrings cost savings and operational excellence to key manage-ment functions, including asset discovery and inventory, softwarelicense management, power management, software distributionand patch management. Consolidating and streamlining themost common operational tasks, Tivoli Endpoint Manager deliv-ers the highest levels of automation combined with fine-grainedaccuracy, enabling IT departments to maintain service levels,focus on critical issues and ensure overall operating efficiency.

For more informationTo learn more about IBM Tivoli Endpoint Manager, contactyour IBM representative or IBM Business Partner, or visitibm.com/tivoli/endpoint

© Copyright IBM Corporation 2011

IBM Corporation Software GroupRoute 100Somers, NY 10589U.S.A.

Produced in the United States of AmericaJune 2011All Rights Reserved

IBM, the IBM logo, ibm.com and Tivoli are trademarks or registeredtrademarks of International Business Machines Corporation in the UnitedStates, other countries, or both. If these and other IBM trademarked termsare marked on their first occurrence in this information with a trademarksymbol (® or ™), these symbols indicate U.S. registered or common lawtrademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the web at“Copyright and trademark information” at ibm.com/legal/copytrade.shtml

BigFix is a registered trademark of BigFix, Inc., an IBM Company.

Microsoft is a trademark of Microsoft Corporation in the United States,other countries, or both.

Other company, product and service names may be trademarks or servicemarks of others.

References in this publication to IBM products and services do not implythat IBM intends to make them available in all countries in whichIBM operates.

Product data has been reviewed for accuracy as of the date of initialpublication. Product data is subject to change without notice.

The information provided in this document is distributed “as is” without anywarranty, either express or implied. IBM expressly disclaims any warranties of merchantability, fitness for a particular purpose or noninfringement.IBM products are warranted according to the terms and conditions of theagreements under which they are provided.

The customer is responsible for ensuring compliance with legalrequirements. It is the customer’s sole responsibility to obtain advice ofcompetent legal counsel as to the identification and interpretation of anyrelevant laws and regulatory requirements that may affect the customer’sbusiness and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance withany law or regulation.

TIW14079-USEN-00