Microsoft VECD: Diagrams


Microsoft VECD (Virtual Enterprise Centralised Desktops) is their required licensing offering for companies looking to run Virtual Desktop Infrastructure (VDI) setups. For more general info on VDI, see my posts here and here and my VECD post is here.

VECD licensing can be quite confusing to get right for the various different scenarios that might pop up, so Microsoft have made a handy pdf to show how it works for a variety of different possible situations.

Scenario 1:

image

Scenario 2:

image

You’ll notice in scenario 2 that although there are 150 VM’s (Virtual Machines) being accessed, you only need to licence the number of machines, in this case 100. You can have an unlimited number of instances (of the OS) stored on the server and each machine can access up to 4 running instances at a time.

Scenario 3:

image

This is an interesting scenario and I in fact answered a question about this on Twitter just today :-) VECD is a device based licence BUT it gives Work at Home (WAH) rights to a specific named user of that machine; this mixing of device/user, while perfectly sensible, does lead to some confusion. These WAH rights help make VECD and VDI nice and flexible.

There are more scenarios on the pdf (which is why my scenario 3 is their 4!) as well as a lot more great info, and you can download it from:

http://www.microsoft.com/windows/enterprise/solutions/virtualization/licensing.aspx

For me at least, I had to save the pdf and then open it; if I tried to open it from the site it gave me an error. It’s down near the bottom, the “VDI Licensing Brochure” mentioned 5 lines from the end :-)

Virtual Desktop Infrastructure (VDI)


Virtual Desktop Infrastructure (VDI) is a subject that is becoming more and more popular but it can be quite a tricky concept to newcomers, my aim here is to give some clarification and information on the topic!

What is VDI?

VDI is the younger, not as cool cousin of server virtualization and the bigger, better brother of Terminal Services (TS) :-)

Rather than running the desktop instances on local machines, they are held on servers in the datacenter and each user accesses them centrally. However, unlike Terminal Services “each user gets access to their personal desktop from any authorized device, thereby improving desktop flexibility”.

The VDI FAQ from Microsoft offers a good overview of VDI as a technology-download the PDF here.

What’s the point?

Storing desktop images on central servers can have many benefits:

Management: VDI gives you true central management of users desktops and true control over what is/isn’t installed on them and, as I’m sure you know, that can be a real issue in corporates today! You can manage a single instance of the OS no matter how many people are using it-vastly reducing management time & costs.

OS deployment: VDI can make the provisioning of new desktops much quicker than usual and can also enable organizations to test/adopt new Operating Systems in a much easier fashion. One big scenario where I see this being particularly useful:

     Testing multiple Operating Systems: Say you have a number of users that are testing various different desktop OS’s such as XP, Red Hat Linux and Windows 7. Currently you would need to either:

  • provide the users with multiple machines, all separately configured and offering their own security concerns.

or

  • have users multi-booting their machines-again presenting it’s own set of problems around hardware with people needing more RAM etc

Alternatively you could have one image of each OS in the Datacenter and users can access them as needed-with much less hassle :-)

You can also keep a “library” of images for different situations that can be deployed at the drop of a hat!

Security: Again, the central management aspect comes in to play allowing you to block external devices and prevent copying of data from the image to a local device-a great way of preventing data leakage.

Downsides:

Despite all the benefits above there are, as with everything, downsides and negatives too.

  • VDI really isn’t suitable for media intensive tasks
  • Doesn’t suit mobile working as it requires a constant connection to the corporate network.
  • Negative feedback from users

The last point is perhaps the most important for companies to consider-all the streamlined management processes and more flexible admin environments don’t really count for anything if the workforce is unhappy. Certainly I would hate to work in a VDI infrastructure (or Terminal Service/Citrix) as I install and use a LOT of applications that wouldn’t be part of a corporate standard such as Office 2010, CCleaner,TweetDeck, numerous Outlook addins, Groove, OneNote (and I don’t know how many more!); also I often run things that require admin rights on the  machine. In a VDI environment I would have to go through the hassle of getting these added to an image which would be just for me-so I might as well have a standard desktop. The alternative is that I couldn’t use the applications which would reduce my produtivity as well as my happiness as a worker-2 things that a company definitely doesnn’t want to be happening :-)

What VDI can do to some users!

What VDI can do to some users!

An actual comment from a user over at Tech Republic:

“the fact that I can take my work anywhere doesn’t matter to me if I can’t install what I need when I need it”

How is it licensed?

Microsoft’s VDI licensing structure is comprised of 2 parts:

  • Vista/Virtual Enterprise Centralised Desktop (VECD)
  • Microsoft VDI Suite Standard/Premium

VECD allows you to licence virtual copies of Microsoft’s desktop OS’s in a VDI environment and offers the following:

  • Ability to run a copy of Windows in a datacenter
  • Rights to move virtual machines between servers for increased reliability
  • Unlimited backup of virtual machines
  • Ability to access up to 4 running VM instances per device.
  • Rights to access corporate desktops from home for a user that has already been licensed at work
  • Availability of volume licensing keys, such as KMS (Key Management Service) / MAK (Multiple Activation Keys)
  • How is VECD licensed?

    VECD is a monthly subscription per device licence which comes in 2 flavours:

    • VECD (for users without SA)
    • VECD for SA (for users with SA)

    They offer the same functionality, it’s just the VECD for SA is available at a reduced cost as a thank you to current SA customers :-) I’ve not got UK pricing to hand but the pricing on the MS website is:

  • VECD (for users without SA) = $110 per device per year
  • VECD for SA (for users with SA) = $23 per device per year
  • VECD is required for any VDI solution that will be running Windows Operating Systems, regardless of the the BDI technology provider (VMWare, Citrix etc).

    Microsoft VDI Suite:

    This is a new addition to the world of licensing, having been announced at the WorldWide Partner Conference (WPC) last week. While MS have had the technologies to provide a cohesive, efficient and secure VDI environmentfor quite some time now, it has been hard for customers to know what products they need and which things fit together. The VDI Suites are simply a collection of technologies at a reduced price, and they are:

  • Hyper-V Server
  • System Center Virtual Machine Manager (VMM)
  • System Center Configuration  Manager (SCCM)
  • System Center Operations Manager (SCOM)
  • Remote Desktop Services (RDS) CAL (formerly Terminal Service CAL)
  • Microsoft Desktop Optimization Pack (MDOP)
  • For a fuller more in depth look at the VDI Suites, including expected pricing, please see my other blog post here.

    A 100 device company looking to implement VDI would need the following:

    100 x VECD @ $110/£67 per device per year = £6700

    100 x VDI Suite @ $21/£13 per device per year = £1300

    So £8000* per year to run a Microsoft VDI infrastructure with what is fast becoming a truly top-notch hypervisor as well as leading class management software-sounds pretty good to me :-)

    *The £ prices above were attained by putting the $ prices through www.xe.com , but the final pricing may well be different!

    I hope that has gone some way to informing newcomers as to what VDI is as a concept and also helping people who know the technology make sense of the licensing. As always, I’m happy for feedback & comments :-)

    Microsoft Virtual Desktop Infrastructure (VDI) Licensing


    During this year’s Worldwide Partner Conference in New Orleans, Microsoft announced 2 new VDI licensing models. Although this is pretty big news if you’re in that space, VDI isn’t really a technology of the masses so this news hasn’t been hugely reported-but hopefully I can change that just a little bit :-)

    There are two new licences available:

    Microsoft Virtual Desktop Infrastructure Standard Suite

    Microsoft Virtual Desktop Infrastructure Premium Suite

    Microsoft’s aim is for these to

    “make it simple for customers to purchase the comprehensive Microsoft VDI technologies while providing excellent value compared with competing VDI offerings.”

    What do they include?

    Both version contain the essential products for setting up, configuring and managing an efficient and effective VDI environment:

    • Hyper-V Server
    • System Center Virtual Machine Manager (VMM)
    • System Center Configuration  Manager (SCCM)
    • System Center Operations Manager (SCOM)
    • Remote Desktop Services (RDS) CAL (formerly Terminal Service CAL)
    • Microsoft Desktop Optimization Pack (MDOP) <– Further clarification shows that MDOP is an optional extra.

    The Premium version will also include:

    • Additional use rights for RDS
    • App-V for RDS

    to

    “enable mixed environments with not only VM-based remote desktops, but also session-based desktops and applications.”

    The RDS CALs in the Standard bundle can only be used for VDI and not regular Terminal Server instances or “session based desktops” as they’re known now.

    Once you have one of these bundles, the only other thing  you need to correctly licence VDI is Virtual/Vista Enterprise Centralised Desktop (VECD)-for more info on that see my other post here.

    How is it licensed?

    The licensing could have become quite complicated as the components can be licensed in various ways but, quite possibly in reaction to general feedback on licensing, have made this nice and simple:

    “As with VECD, the number of VDI Suite licenses equals the total number of client devices that accesses the VDI environment.”

    Also, as it’s a subscription you’ll always be up to date with new releases.

    What does it cost?

    The licences are set to be made available in Q4 2009 so from October onwards. The only pricing I’ve seen is in dollars (and not a definite final figure) but that is $21 per year per device for Standard and $53 for premium…that is some awesome pricing! Even if the usual “swap the $ for a £” happens, that’s still much cheaper than licensing them separately and it seems much cheaper than competitors (i.e. VMWare).

    Summary:

    This is a great move on Microsoft’s part and will really help drive VDI adoption-particularly in the mid-market sector as it’s not only more cost effective but much easier to manage than buying the components separately.

    The Technet blog article can be found here and thanks to Brian Madden too.

    Windows 7 Features Announced


    A number of Windows 7 features have been announced today (28/10/08) at the Microsoft PDC 2008. The vast majority of the features we saw today were for the consumer but fear not, Microsoft promise there are numerous Enterprise related additions too! These include:

    • Federated Search: Deliver a consistent experience finding file across PCs, networks, and Microsoft Office SharePoint Server systems.
    • DirectAccess: To link users to corporate resources from the road without a virtual private network.
    • BranchCache: To make it faster to open files and Web pages from a branch office.
    • Bitlocker ToGo: Data protection for removable devices.
    • Refined Universal Access Control: To give fewer prompts for users and more flexibility for IT.
    • PowerShell and group policy management.
    • Client virtualization: With virtual desktop infrastructure enhancements, to improve memory utilization and user experience.
    • Device Center: To provide a single place to access all connected and wireless devices with Device Stage, to see status and run common tasks from a single window.
    • HomeGroup: To make it easier to share media, documents, and printers across multiple PCs in offices without a domain.

    Direct Access:

    “DirectAccess in Windows 7 and Windows Server 2008 R2 enhances the productivity of mobile workers by connecting them seamlessly and more securely to their corporate network any time they have Internet access—without the need to VPN.”

    Anything that means we don’t need to use VPN’s is brilliant! I find they rarely work as well as end users need them to and they can make a System Admin’s life difficult, so removing VPN’s could be enough to make the detractors forget all about Vista!

    “With DirectAccess, IT administrators can manage mobile computers by updating Group Policy settings and distributing software updates any time the mobile computer has Internet connectivity, even if the user is not logged on.”

    “To keep data safer as it travels public networks, DirectAccess uses IPv6-over-IPsec to encrypt communications transmitted across the Internet. DirectAccess can use split-tunnel routing, which reduces unnecessary traffic on the corporate network by sending only traffic destined for the corporate network through the DirectAccess server (running Windows Server 2008 R2)…”

    Bitlocker To Go:

    With all the lost data flying around these days, BitLocker To Go extends the proven BitLocker technology to removable USB devices, securing them with a passphrase. “In addition to having control over passphrase length and complexity, IT administrators can require users to apply BitLocker protection to removable drives before being able to write to them”.

    Administrators can still allow unsecured USB devices to be used in a Read-Only mode and policies are also available to require appropriate passwords, smart card, or domain user credentials to utilize a protected removable storage device.

    A related addition is AppLocker which is “a flexible, easy-to-use mechanism that enables IT professionals to specify exactly what is allowed to run on user desktops.” It uses “publisher rules” that are based on digital signatures so, with correctly structured rules, you can deploy updates etc without having to create new rules.

    Virtualization Enhancements

    Virtual Desktop Infrastructire (VDI) in Windows 7 is closer to the experience of a local PC now with support for Aero, video viewing in Media Player 11 and multiple monitor configurations. New microphone support enables remote desktops running WIndows 7 Enterprise to provide VOIP & speech recognition functionality. Last, but by no means least, is Easy Print which allows users to print to local printers without installing drivers on the server.

    You can see more info on the Microsoft site here.

    The guys over at ActiveWin have got a great, in-depth review of the Windows 7, M3 Preview which contains any number of screenshots and a whole host of info. Some of the bits that caught my eye were:

    Location Aware Printing:

    In Windows 7, you no longer need to select the printer to match your location. When you change network locations, such as taking your work laptop home for the evening, the default printer setting can change to reflect the best printer for that new location. When you print at work, Windows 7 will print to your work printer. When you print at home, Windows 7 will automatically select and use your home printer.

    Media Player 12 will ship with Windows 7 and according to ActiveWin: “this new version features radical changes to its menu structure, with some menus positioned on the left and right sides of the interface…and features two thick toolbars of controls, the second one focusing on traditional features such as Organization, Sharing, Playlist and Search…Common media formats supported include WMV, WMA, MPEG-4, AAC and AVC/H.264.”

    Ultra Wideband (UWB) and Wireless USB (WUSB):

    UWB and WUSB are new technologies that provide wireless alternatives to USB cables. Support for UWB and WUSB in Windows 7 lets you take advantage of new wireless devices and wireless USB hubs.

    Libraries also seem like a really cool multimedia feature. I’m forever duplicating files as I can’t find where I saved them, creating numerous folders in different places all with the same names and finally just keeping stuff on my desktop so I don’t lose it. None of this leads to a brilliant user experience at home or at work and this is where Windows 7 libraries come in.

    With Libraries, you can not only organize, but view and manage files that that are stored in more than once place. This reduces the need to view files even when they are stored in different folders. Libraries are so powerful that they even span different disk drives and/or PCs on your home network. There are a range of options for organizing and browsing, by type, date taken or genre depending on the file type.”

    On top of this, there is the already well known addition of touch and multi touch capabilities to Windows 7. If you’ve got a touchscreen monitor, or more likely a Tablet PC, you can open things from the Start Menu etc by pressing them. MultiTouch will let you zoom in and out on images by moving 2 fingers together/apart as needed and more..

    Another new feature of Windows 7 will be the ability to re-order applications on the taskbar…I think this is awesome! This is one of those little things that has annoyed me for years and will finally be gone. I have a certain order that I like my applications to be in and I always have Outlook as the first program. However at the minute if I have to re-start Outlook it ends up buried on my Taskbar between to IE windows or something..and then it takes me a little while each time I need to go back Outlook.

    I’ve asked around the office and this addition is met with unanimous approval!

    Something else I’ve just seen on pcworld.com is that you can schedule desktop background changes with WIndows 7, I think that’s quite a neat touch!

    Over at ZDNet, Ed Bott has got a great gallery of Windows 7 Screenshots which you can find here. Below is a shot of the desktop which shows another new feature, that gadgets are no longer confined to that bar on the right hand side..now they can reside anywhere on the desktop :-)

    Windows 7 Desktop

    Windows 7 Desktop

     

    Microsoft Windows Vista Enterprise Centralized Desktops (VECD)


    Microsoft Windows Vista Enterprise Centralized Desktops (VECD) is a unique way to licence Windows OS on virtual machines (VM’s) as part of Virtual Desktop Infrastructure (VDI).

    The desktop OS (Operating System) images are held on a server and users access them via PC or Thin Clients*. You can have an unlimited number of OS instances on the server, these can be Vista or downgraded to XP, it is licensed by Device and you can have 4 virtual instances per access device at a time.

    VECD is priced on a per device per month basis (so 100 users = 1200 units x price) for a minimum of 1 year.

    A link to the Microsoft page which includes various datasheets can be found here.

    Running Virtual Instances on the desktop is becoming more and more common and, of course, poses it’s own problems when it comes to licensing. You must have a separate OS licence for each VM as well as the OS licence for the physical machine.

    If VECD isn’t an option for whatever reason, you can run OEM (Original Equipment Manufacturer)/FPP (Full Packaged Product) inside the VM to give you the OS licences. However if your corporate standard is still XP (as it is with many companies) it gets a bit trickier! You won’t find an OEM or FPP copy of XP now so you will have to start with Vista and downgrade to XP:

    1) Buy a volume licence for Vista= NO. The Desktop OS volume licence is UPGRADE ONLY and as a VM is a clean machine, yo’re not eligible to install an upgrade.

    2) Buy an OEM Vista licence= NO. Although OEM licences of Vista Business/Ultimate give downgrade rights, you’re not eligible for OEM licensing as they’re not being installed on a “new” physical machine.

    3) Buy an FPP copy of Vista and enrol it in to Software Assurance (SA)= YES. Enrolling an FPP licence into SA** grants you Downgrade Rights, so you can take Vista down to XP and it’s a full copy so you can install it in a new clean VM.

    * PC’s MUST be covered with Software Assurance (SA) to be eligible for VECD.

    **You have a time limit to enrol the FPP copies into SA. 90 days for Open Licensing, 30 days for Open Value/Select/Enterprise Agreements.