Multi-Tenant VDI, the Key to Real Desktops-as-a-Service

When it comes to providing a real Desktops-as-a-Service solution, the importance of Multi-Tenancy can not be overstated.  For this reason, Cirrus Dynamics has built its cloud-hosted virtual desktop solution using the VMware Horizon DaaS platform formerly known as Desktone Virtual-D platform. Consequently, Cirrus Dynamics is uniquely positioned to offer a service that addresses all of the requirements for multi-tenant VDI.

It’s important to note that Service Provider VDI (or, desktops-as-a-service, DaaS) is not traditional VDI. Unlike traditional VDI a real DaaS solutlon should cover the requirements of multi-tenant VDI.

The unique requirements of multi-tenant VDI include:

  • Multi-tenant management
  • Multi-tenant network segmentation
  • Multi-tenant storage
  • Multi-tenant provisioning...

Multi-Tenant Management

Multi-tenant management is the ability for a cloud tenant to have omnipotence over the instances, data, and networks in their cloud-hosted solution.  In terms of a Service Provider VDI solution this means the vDesktops, the master images, the application distribution mechanism (if applicable), patching, user data, vDesktop networks, access policies, pool size, et cetera.

Multi-Tenant Network Segmentation

Multi-tenant network segmentation is the ability for each tenant to have an independent network topology irrelevant of other tenants in the desktop cloud that includes:

  • The ability to manage access control policies both inbound and outbound to the tenant’s desktop cloud
  • Network isolation and separation
  • The ability to use their desired IP scheme
  • The ability to provide DHCP leases to the desktops
  • The ability to manage DNS within their desktop cloud
  • The ability to explicitly connect to other cloud-based resources
  • The ability to segment groups of desktops into separate security enclaves....

Multi-Tenant Storage

Multi-tenant storage is about design considerations that need to be made to provide a multi-tenant storage solution for the broker environment to use.  A virtual desktop is typically a virtual machine configuration file (e.g. vmx file), virtual disk(s) (e.g. vhd file), and other virtual machine specific files (e.g. BIOS, swap file, …).

The two main concepts that need to be understood are:

  • Storage Isolation Models
  • Storage

To understand the underlying storage solution, it’s important to first identify the varying levels of storage isolation.  The levels of isolation can be unique to each tenant, unique to each classification of tenant, or unique to each cloud....

As it concerns storage, it may be easier for most organizations to grasp how multi-tenancy works with NFS as opposed to iSCSI or Fiber Channel; organizations will most likely find it easier to manage an NFS environment.

Multi-Tenant Provisioning

....Full clone virtual machines are virtual machines that do not employ any snapshotting solution from the hypervisor’s perspective and are simply 1:1 copies of a template or pre-existing virtual machine.  For those familiar with VMware View, this will be the full clone deployment mechanism.  The benefits of full clones are:

  • Completely independent virtual machines with no underlying snapshot dependencies
  • A tenant can have their own gold vDesktop repository that they provision full clones from
  • A less complicated storage design since all vDesktops are provisioned on storage and there are no high-read snapshot volumes to read from
  • A (likely) easier environment to manage from a virtual infrastructure perspective 

Since the virtual machines have no dependency on an underlying parent virtual machine or snapshot chain, they can live on any datastore, join any domain, and are completely self independent virtual machines.

In any successful true multi-tenant VDI solution, the use of full clones is employed.  For true virtual machine independence, full virtual machines are the easiest way to go...


For further reading see the article "A Market Void: Multi-Tenant VDI Solutions" by Jason Langone


Article is closed for comments.