When it comes to providing a real Desktops-as-a-Service solution, the importance of Multi-Tenancy can not be overstated. For this reason, cirrus Dynamics has built its cloud-hosted virtual desktop solution using the Desktone Virtual-D platform. Consequently, Cirrus Dynamics is uniquely positioned to offer a service that addresses all of the requirements for multi-tenant VDI.
Following are some snippets taken from a great article written by Jason Langone that really highlights the significance of Multi-Tenancy. (See full article here : A Market Void: Multi-Tenant VDI Solutions)
It’s important to note that Service Provider VDI (or, desktops-as-a-service, DaaS) is not traditional VDI. Unlike traditional VDI a real DaaS solutlon should cover the requirements of multi-tenant VDI.
The unique requirements of multi-tenant VDI include:
- Multi-tenant management
- Multi-tenant network segmentation
- Multi-tenant storage
- Multi-tenant provisioning...
Multi-tenant management is the ability for a cloud tenant to have omnipotence over the instances, data, and networks in their cloud-hosted solution. In terms of a Service Provider VDI solution this means the vDesktops, the master images, the application distribution mechanism (if applicable), patching, user data, vDesktop networks, access policies, pool size, et cetera.
Multi-Tenant Network Segmentation
Multi-tenant network segmentation is the ability for each tenant to have an independent network topology irrelevant of other tenants in the desktop cloud that includes:
- The ability to manage access control policies both inbound and outbound to the tenant’s desktop cloud
- Network isolation and separation
- The ability to use their desired IP scheme
- The ability to provide DHCP leases to the desktops
- The ability to manage DNS within their desktop cloud
- The ability to explicitly connect to other cloud-based resources
- The ability to segment groups of desktops into separate security enclaves....
Multi-tenant storage has less to do with the VDI solution from the broker perspective, and more about design considerations that need to be made to provide a multi-tenant storage solution for the broker environment to use. A virtual desktop is typically a virtual machine configuration file (e.g. vmx file), virtual disk(s) (e.g. vhd file), and other virtual machine specific files (e.g. BIOS, swap file, …).
As, in my opinion, there are no easy, out-of-the-box, multi-tenant storage solutions on the market for hypervisor hosts (I’m not talking content management here), I will only cover the concepts that need to be understood and not discuss custom solutions I’ve been involved with, to leave the reader to find his own way.
The two main concepts that need to be understood are:
- Storage Isolation Models
To understand the underlying storage solution, it’s important to first identify the varying levels of storage isolation. The levels of isolation can be unique to each tenant, unique to each classification of tenant, or unique to each cloud....
I personally think it’s easier for most organizations to grasp how multi-tenancy works with NFS as opposed to iSCSI or Fiber Channel; I also think it’s easier for most organizations to manage an NFS environment.
....Full clone virtual machines are virtual machines that do not employ any snapshotting solution from the hypervisor’s perspective and are simply 1:1 copies of a template or pre-existing virtual machine. For those familiar with VMware View, this will be the full clone deployment mechanism. The benefits of full clones are:
- Completely independent virtual machines with no underlying snapshot dependencies
- A tenant can have their own gold vDesktop repository that they provision full clones from
- A less complicated storage design since all vDesktops are provisioned on storage and there are no high-read snapshot volumes to read from
- A (likely) easier environment to manage from a virtual infrastructure perspective (not necessarily from a deployment of the actual vDesktop perspective
Since the virtual machines have no dependency on an underlying parent virtual machine or snapshot chain, they can live on any datastore, join any domain, and are completely self independent virtual machines.
In any successful true multi-tenant VDI solution I’ve seen to date, the use of full clones was employed. This is not to mean that storage array optimizations (such as cloning from the array perspective) have not been utilized, but for true virtual machine independence, full virtual machines are the easiest way to go...