Considerations for higher education institutions rolling out virtual desktops
Education Published on •4 mins Last updated
This blog explains how load balancers enhance virtual desktop solutions in higher education.
Virtual desktops in higher education
There are a number of reasons why universities, school districts, and colleges continue to opt for virtual desktops:
- An increasing number of students working off-campus - even before covid, higher education institutions were increasingly adopting online and remote learning options to appeal to a wider number of students. This poses significant IT challenges, with students needing to be able to access a wide range of applications in order to complete their assignments on their own (often basic or insufficient) personal devices. The appeal of virtual desktops is therefore the ability to deliver a comprehensive suite of high-performing applications from the cloud directly to the student's own device.
- Licensing challenges - It is often not feasible to download specialized applications directly onto every personal student device and, with space at a premium, the computer labs of old do not provide a scalable solution.
- The need for resource flexibility - Conversely, school districts, colleges, and universities have fluctuating student numbers and service demands. This might result in the underutilization of expensive on-premise infrastructure and hardware on numerous occasions throughout the year - or worse - IT teams having to suddenly invest in additional infrastructure to meet temporary demand.
- Overcoming compatibility issues - Because the endpoint doesn't matter with virtual desktops, there are fewer compatibility issues for the students and faculty, resulting in fewer calls to the IT helpdesk. So there is more consistent service provision, regardless of the make or operating system of individual personal devices.
- Cheaper and easier management of IT services - Finally, not only is service delivery through the cloud potentially cheaper (with no need to maintain and regularly replace hardware at multiple sites), but it is also easier for IT teams to manage.
Security is also worth mentioning here, although the story is less black and white. Because students and staff have access to the full suite of desktop applications but the data never leaves the data center, virtual desktops can be more secure. It should be noted however that if not used properly, virtual desktops can actually increase security risks. So it's a mixed bag, although the net result is usually more secure than a physical PC.
What are virtual desktops?
This term simply means to package specified desktop operating systems, applications and data inside a 'virtual machine', installed either on-premise, in the cloud, or on physical hardware.
There are a number of different types of virtual desktops. These two rely on virtualization software:
- Virtual Desktop Infrastructure (VDI) - This allows higher education institutions to run desktop operating systems on virtual machines on their on-premise servers.
- Desktop as a Service (DaaS) - This allows higher education institutions to run desktop operating systems on virtual servers in the cloud.
This one does not rely on virtualization software and works in a slightly different way:
- Remote Desktop Services (RDS) - This virtualization platform facilitates the efficient, flexible and secure deployment of a Windows desktop environment and/or Windows applications, to users both locally and remotely. Instead, the operating system is installed onto a shared desktop on the Windows server, which then hosts desktop and application sessions and points them to the remote endpoint device.
What are the benefits of load balancing VDI?
Despite the numerous promises of VDI, some drawbacks still exist. The most common challenge is that VDI solutions still struggle to deliver adequate application performance and reliability. But how can such challenges be overcome without installing these applications locally? And how can high availability be achieved?
Load balancing VDIs overcomes these challenges by providing application delivery controllers (ADC) that ensure high availability and optimized performance.
Here's an example of how this works in practice....
Use case: Load balancing VMware Horizon
VMware Horizon is a VDI solution that simplifies desktop management and provides users with access to these desktops when needed, from virtually any device, whatever their location.
When a VMware Horizon client user connects to a Horizon environment, several different protocols are used. The first connection is always the primary XML-API protocol over HTTPS. Following successful authentication, one or more secondary protocols are also made.
The load balancers can be configured in various ways to support internal and external clients. Virtual desktop uses both TCP and UDP protocols, which are fully supported with our layer 4 methods of load balancing. Layer 7 can be utilized for the web gateway as we can perform some clever content redirects at layer 7!
Full details of how our load balancers can be deployed to support this solution can be found in this detailed VMware Horizon deployment guide, but a summary of how it works can be found below:
- Connection Servers broker client connections, authenticate users, and direct incoming requests to the correct endpoint. Although the Connection Server helps form the connection, it typically does not act as part of the data path after the connection is established.
- Security Servers are installed in the DMZ and add an additional layer of security between the Internet and the internal network for external users. Each Security Server must be paired with a Connection Server and forwards all traffic to that instance. This pairing requires the Connection Server to be in tunnel mode, which means it is not suitable for internal client connections, so two sets of Connection Servers are needed – one to handle connections from the paired Security Servers, the other to handle internal clients.
- Access Point is a hardened SUSE Linux-based appliance introduced in v6.2 as an alternatively to Security Server. Access Point was renamed Unified Access Gateway (UAG) in Horizon v7.0. UAG is now the preferred option over Security Server. Access Point / UAG is not paired, so only one set of Connection Servers is needed for both external and internal clients.
- For high availability and scalability, VMware recommends that multiple Connection Servers and multiple Unified Access Gateways are deployed in a load-balanced cluster.
Load balancing solutions
In summary, load balancing delivers high availability and optimized performance in the following ways:
- High availability - A clustered pair of load balancers avoids a single point of failure, ensuring high availability, even when a server is taken offline or unexpected fails. This keeps everything up and running, avoiding any pain to the end user.
- Optimized performance - The layer 4 methodology used, also offers superior performance, with the intelligent management of user traffic.