Ten virtualization best practices not to be trusted

Best practices are supposed to stop admins from making major missteps, but these 10 oft-repeated tidbits are just bad advice.

DENVER -- There are best practices for installing, maintaining, monitoring and delivering just about everything in IT. But virtualization best practices change with the technology they apply to, and it's easy for something that was once a good idea to become a very bad one.

At BriForum 2015 here this week, Dan Allen, director at Bromium, an isolation technology provider, and Nick Rintalan, lead architect at Citrix, presented the 10 worst Citrix and VMware "best practices" of all time.

They also gave an honorable mention to the myth that VDI is inherently more secure than physical desktops. Most IT administrators know that's not true -- it's the woeful reason shops that support virtual desktops still have to deal with antivirus -- but the other myths Rintalan and Allen busted weren't so obvious.

Virtualization best practices to avoid

VMware's vSphere Performance tab cannot be trusted. The Performance tab isn't where admins should head first to monitor vSphere. It can actually hide usage spikes because it takes samples at 20 second intervals. Instead, admins should use the command-line tool ESXTOP to assess performance. It takes samples at two second intervals.

All versions of Citrix Receiver are not equal. Citrix Receiver for Web doesn’t scale nearly as well as native Receiver. In fact, the Web version has 30-35% worse StoreFront scalability than native Receiver does, according to Rintalan and Allen.

Citrix license server grace periods aren't automatic. When a XenApp or XenDesktop server loses connection to its license server or that license server fails, the product goes into a 30-day grace period. The grace period is supposed to give companies the chance to get the licensing problems figured out without interrupting users' ability to connect to their desktops and applications. But that 30-day grace period doesn’t always kick in. Citrix is working on a fix so the grace period works when it's supposed to, Rintalan said, but in the meantime IT can run two licensing servers on separate networks and load balance them like one server.

Callbacks aren't really optional. In Citrix StoreFront 2.6, callbacks are an optional feature, but if they're disabled, users can't authenticate to StoreFront. And when callbacks are off, the SmartAccess policies that let admins select resources won't work.

All codecs are not the same. Many admins don’t know that there are multiple codecs to choose from in XenApp and XenDesktop, and the default option is the wrong choice for most shops.

"Unless you [chose the wrong codec] and fall flat on your face, you wouldn't even know about this," Rintalan said.

Especially in shops that are moving to XenApp or XenDesktop 7.x and Windows 8 or Server 2012, the codec can make or break the deployment. Using the wrong encoder can take two to three times more bandwidth, and it creates a substandard user experience.

"If you're using [Remote Desktop Session Host], just disable H.264," Allen said.

Most shops should choose Legacy Mode instead of H.264, but H.264 is what Windows clients on Remote Desktop Services use by default. It's possible that the codec selection just gets glossed over, or it could be that admins see the word "legacy" and their knee-jerk reaction is to choose the other option, he said.

Kelly Miller, director of IT for a financial company said he's encountered long logon times and video lag in his XenDesktop and XenApp 7.6 deployment that he thought could be the result of folder redirection, but he never thought twice about the codec he was using.

"It's my own ignorance, but I didn't know anything about what he was saying about the codecs…The codecs are going to be the first thing I check when I get back to the office. I bet we’re running that default H.264," he said.

Not everyone needs to use WorxMail and Mobile Device Management. WorxMail is just one of three mail options in Citrix XenMobile. There's also XenMobile NetsScaler Connector and XenMobile Mail Manager, which are all just as viable. Allen and Rintalan also said mobile device management (MDM) doesn't fit every shop, especially those that support bring-your-own initiatives. It's possible to do a mobile application management only approach, or do a hybrid of both.

CPU over-commitment isn't that bad. The case for not over-committing CPU is pretty obvious -- there needs to be enough CPU to support the deployment. But in a Machiavellian turn, Rintalan said it's important to plan for what workers actually do, not what employers hope they do.

Not every employee works every second of the day, but in some companies, only about 40% of employees are actually working at any given time. He mentioned having seen utilization stats for a XenApp deployment where 60% of users were idle, some of which had done nothing for one minute, others were idle for four hours. So over-committing CPU might actually be a more accurate and cost-effective measure than planning for everyone to work at the same time.

Don't trust everything the experts say. Shawn Bass, Helge Klein and Aaron Parker present a session called, "I've got 99 problems and folder redirection is every one of them" at many industry conferences, but Rintalan and Allen said of their 99 problems, not one is folder redirection.

The "worst" practice of trusting these experts was suggested in good fun, but whether or not folder redirection is an issue really depends on which of two evils admins would rather deal with: latency or long logons.

With folder redirection in a XenApp and non-persistent desktop deployment, there's latency to deal with as files make their way from the file server to the endpoint. The alternative is to use roaming profiles or profile management to  make it so all users' application data gets delivered to them at logon, but then they're looking at longer logon times.

Flexcast Management Architecture (FMA) can span data centers. Citrix documentation says IT shops can't build multiple FMA sites, but that's not 100% true. It's possible to build multiple FMA sites across datacenters, but if they have more than 50 milliseconds of latency between them, Citrix won't officially support it.

Pod architecture isn't useless.

Even shops that only have one data center can build two XenApp sites with within it and load balance them with the pod architecture. It's possible to have an outage on one server that users would never even know about -- the other server steps in and takes over.

"If you have one XenDesktop site, you are going to have an outage," Allen said.

Margaret Jones is site editor for TechTarget's SearchEnterpriseDesktop. She can be reached at [email protected]

Dig Deeper on Virtual desktop management