Distribution Management Inc. bought F5's Big-IP Gateway to handle WAN optimization, but it turns out the platform solved a string of problems that cropped up when the company deployed VMware virtual desktop infrastructure, too.
With offices in about 15 metro areas in North America, the company needed optimization to make the most of its WAN connections, but during its bake-off among Cisco, F5 and Riverbed WAN optimization gear, it realized the right device could address other concerns, says Dan Shipley, IT architect for the computer and office equipment wholesaler, which is headquartered outside St. Louis, Mo.
It wound up trialing F5's Big-IP Gateway for a month or so, then buying, configuring and putting it into test mode for the first few months of last year.
SECURITY: The mobile security aspects of VDI
During that time Shipley and his team discovered the device could address some of the problems it had been having with its VMware VDI since it was deployed mid-2010 for 300 virtual desktops. Those problems included how to boost performance of the company's Mitel IP softphones within the virtual desktop, how to get the presence of attached USB devices to show up on the hosted desktops and how to achieve single sign-on.
The company is depending on VDI being accessible from anywhere as part of its ROI calculations, so these impediments to use had to be overcome, Shipley says. The company hires highly specialized workers who are sometimes difficult to find locally, so setting them up with VDI that works well remotely on whatever device the worker has is key. "We try to make the virtual desktop have the experience of a PC with an Internet connection," he says.
The virtual desktop gear includes a cluster of VMware View VDI servers fronted by a pair of View Connection Brokers and an F5 Big-IP. It also includes a Microsoft Terminal Services server with Office applications and servers containing in-house business apps. Cisco ASA firewalls protect the Internet connection.
When Distribution Management turned on VDI, it had problems with VoIP support for the virtual desktops; audio quality would fail. Similarly, if users called up applications or videos over the Internet, they had trouble with the quality of connections via the virtual desktop.
The F5 box helps by setting aside bandwidth for certain applications, such as 64Kbps minimum for VoIP calls or 256Kbps for remote desktop protocol (RDP) traffic, for example.
The company supports a small number of devices that have to have updated antivirus installed, and that often resulted in help desk calls.
The device performs a form of network access control (NAC). End devices owned by users might not have antivirus software on them and the company had no way to find out one way or the other. There was no way to push antivirus to the device, even if the owner gave permission. If the device was company-owned, the company could enforce it.
For devices not company-owned, the F5 box limits protocols and ports they are connecting from based on rules written by customers. It can check for whether antivirus is installed and updated, what operating system is used and what browser is used.
F5 can distinguish the network used to access the virtual desktop -- public Wi-Fi, home Wi-Fi, cell modem, etc. -- and maintain connections between the end-user device and the VDI servers. So if someone working at home on a laptop closes it and tosses it in a bag and goes to work, F5 will recognize the device and restore its last connection.
Read more about data center in Network World's Data Center section.