Open Virtual Desktop 3.0 as an alternative to VDI
Nested
Ulteo was founded by Mandriva inventor Gael Duval in 2007, and its first product was an online version of OpenOffice. People seemed to take a liking to virtualized applications, because just one year later, version 1.0 of Open Virtual Desktop (OVD) [1], which was already capable of providing Linux desktops and applications in the browser, was released. Late last year, Ulteo released OVD version 3.0.3, which is mature enough for admins to consider as an alternative to a full-fledged virtual desktop infrastructure (VDI) solution.
As a "free desktop virtualization solution," the GPL-licensed software lets you deliver Linux and Windows applications or complete desktops from a server over the local network and render them in a Java-enabled browser. From a technology standpoint, OVD is more of a graphical terminal server that manages desktop sessions and delivers them to a variety of endpoints on the network, whereas a genuine VDI solution is based on virtualization technology and allocates virtual machines with an enterprise desktop operating system, generated from a blueprint (golden image), to the clients as required.
Compared with that approach, OVD belongs more in the server-based computing camp – a technology that actually dates back to the IT Stone Age. Ulteo, however, combines the advantages of server-based computing with a web application server and a state-of-the-art web client (available in a HTML5 version in the near future). OVD thus allows any registered user to access hosted desktops – along with the data stored there – from anywhere, or to use specific native applications in the browser. Thus, Ulteo's target is not primarily that of consolidating hardware but of providing an elegant approach to collaboration, for example, by letting multiple users access the same desktop. Ulteo's approach avoids many of the disadvantages of conventional desktop sharing. For example, OVD does not overstress the users' upload bandwidth.
OVD 3.0
The source code of Open Virtual Desktop version 3.0, released last September, is GPL licensed and freely available [2], as are the Android and iOS clients. Of course, Ulteo does want to make money with the finished product. The Commercial Offering page [3] provides more information about the available subscriptions. If you want to try out OVD, you can register to receive a Live demo DVD and a virtual demo appliance for KVM or VirtualBox/VMware/XenCenter (OVF/OVA).
Furthermore, Ulteo offers testing repositories for RHEL (5.5), SLES (11 SP1), and Ubuntu (Lucid) [4], together with extensive documentation. A native client offered by Ulteo as an option to the current Java web client or the future HTML5 web client [5] takes care of integrating Linux and Windows applications delivered by OVD to the local user desktops. Windows support is a new feature in OVD 3.0.
As of OVD Version 3.0, mobile platforms such as Android and iOS can also be used as clients. However, just before the deadline for this article, I was informed [6] that the iOS client had been removed from the App Store because of license issues related to the FreeRDP project. However, the Android HTML5 client [7] is still available from Google Play. The HTML5 web client is still in beta status and can be downloaded for testing on request.
Another new feature in version 3.0 of OVD is the ability to publish Linux and Windows applications as Remote Desktop Services (RDS). Additionally, version 3.0 or newer can integrate local drives and printers, and the developers have revised the core architecture in version 3.0 with the primary goal of facilitating development.
Architecture
At the heart of the architecture (Figure 1) is the session manager, which is responsible for loading and managing user sessions and also hosts the web-based administration console. In a manual approach, the session manager first needs to be installed; for the time being, it only runs as a binary package on a Linux server because it's based on Apache. After installation, the virtual host configuration for Apache is located below /etc/ulteo/sessionmanager, and the web interface for the session manager with all the components for the web client (including modules for authentication and session management) are dropped into the /usr/share/ulteo/sessionmanager folder. The associated logfiles can be found in /var/log/ulteo/sessionmanager.
You can install the session manager on a Windows machine, but you have to build the source code manually to do so. Because OVD is a solution for delivering desktops and desktop applications, one or more application servers are required; they are used to host the applications and provide a remote display solution. The application server or servers can run on Linux or Windows machines (OVD 3.0), depending on which application you want to host. By mixing Linux and Windows servers in an OVD server farm, you can make both desktop systems available to users in parallel.
The demo systems I referred to previously run the session manager and application server on the same Linux machine. The web client is used to start an Ulteo OVD session in the browser. The components of the web client can be found at /etc/ulteo/webclient (configuration) and /usr/share/ulteo/webclient (web application), including all Java applets and the Ajax Explorer.
Alternatively, a native client is available, and an OVD setup optionally provides for a central file server, which keeps the data consistent across all desktop sessions in collaborative work. The file server provides a network filesystem (Samba), which the application server can access in a desktop session. It can only be installed on a Linux system.
Ports
Ulteo OVD uses various ports – mainly HTTP(S) (80, 443), RDP (3389), and optionally VNC (5910) for transferring the screen content. To avoid problems for mobile users in firewalled environments, you can use different public IP addresses for each server. With the help of a gateway, all the OVD connections can be routed through an HTTPS tunnel, so users can launch an OVD session at any time, even on the move.
The Apache web server uses ports 1112 and 1113 (TCP) to communicate with the session manager. The Samba file server may also require you to keep TCP port 139 open for NetBIOS. Additionally, port 445 must be open for all configured application servers. XRDP is bound to port 3350 on the loopback interface but need not be publicly accessible. Finally, an active CUPS printing service means opening up TCP port 631, and the MySQL database must be accessible on port 3306 for the session manager and web client. In an OVD setup, port 1111 (LM Social Server) also must be open because the application server uses it for status updates.
OVD Subsystem
The easiest way, apart from the demo systems, to create a working OVD setup for test purposes is to install the preconfigured Ulteo subsystem consisting of an application server, file server, and some typical desktop applications (Linux) set up by Ulteo. The subsystem is available for all supported distributions and can be set up on Ubuntu, for example, with a few simple steps. Ulteo provides the required packages in a separate Ubuntu repository [8] (for Ubuntu 10.04 only); you will need to add this to your own package sources in /etc/apt/sources.list first.
Unfortunately, the repository is only tested for Lucid. The GPG error after an update of the package sources is normal – you just need to import the Ulteo keyring into /etc/apt/sources.list. After a further update of the package source list (apt-get update), you can initially install the ulteo-ovd-debconf-database package, which greatly simplifies the configuration on Ubuntu.
The two commands must be executed one after the other, by the way; calling them in a single command line results in several error messages. Optionally, you can use a graphical package tool that shows you the available Ulteo packages at a glance.
On Ubuntu, you then need to install the ulteo-ovd-easy-install package, which prompts the installation of the ulteo-ovd-session-manager, ulteo-ovd-subsystem, ulteo-ovd-web-client, and ulteo-ovd-applets packages. Resolving the other dependencies installs Apache2, MySQL, PHP, and other required components. Debconf handles the basic configuration on Ubuntu. The default account and password for the session manager are both admin.
A word of warning: Debconf installs the ulteo-ovd-subsystem package, which in turn downloads the full Ulteo OVD subsystem from the Ulteo website. Because the file is about 600MB, the process can take quite a while. Once that's done, you need to start the service manually with etc/init.d/ulteo-ovd-subsystem start.
Manual Installation on RHEL
A manual installation of OVD under Red Hat Enterprise Linux or SUSE Linux Enterprise Server involves a bit more effort, but it also gives you more flexibility. In all RHEL-based distributions, you must first disable SELinux in the /etc/selinux/config file or switch to permissive mode and then reboot the system.
Next, create a Yum repository /etc/yum.repos.d/ovd.repo with the content from Listing 1. Then, you can continue to install MySQL
Listing 1: ovd.repo
01 [ovd-3.0.3] 02 name=Ulteo OVD 3.0.3 03 baseurl=http://archive.ulteo.com/ovd/3.0.3/rhel/6.0/ 04 enabled=1 05 gpgcheck=1 06 gpgkey=http://archive.ulteo.com/ovd/keyring
yum install mysql mysql-server
and prepare the MySQL server to launch at system startup by typing chkconfig mysqld on. You can enable the MySQL server by typing service mysqld start and manually set the MySQL root password with:
mysqladmin -u root password <Password>
Now, you can log in to MySQL and create the ovd database.
mysql -u root -p -e 'create database ovd'
The next step is to run
yum install ulteo-ovd-session-manager
to install the session manager package. The installation (not required with the easy install variant) uses sm-config.
After you enter the default password (admin), the tool offers to install the whole package from the Ulteo download server in a chroot environment below var/cache/ulteo/sessionmanager (press Enter twice to keep the default path for the chrooted session). Again, you need to consider the time you will wait while the download of base.tar-gz completes, as in the Ubuntu example above. Once that's done, you just need to start the Apache web server.
To set up the application or file server, or both, you must install the ulteo-ovd-subsystem package and then call the CLI configuration tool ovd-subsystem-config. After you chroot to /opt/ulteo, the tool independently takes care of setting up the application server. Finally, you can type
service ulteo-ovd-subsystem start
to launch the subsystem.
Web Client
Even the web client must be installed manually outside of the easy install process. In older versions of Ulteo (before 3.0), it was not installed automatically with Session Manager. It is possible, but not mandatory, to install the web client on the same machine as the session manager. The packages required are: ulteo-ovd-web-client and ulteo-ovd-web-client-ajaxplorer.
Call the ovd-webclient-config configuration tool, then say yes when asked Do you want to link the web client to a specific session manager? and confirm the session manager address shown. Depending on where you installed the web client, you need to start/restart the web server. Once done, you can log on using the URL https://Session-Manager/ovd/admin and the admin/admin account and password.
On first login, the system recognizes it is not yet fully configured, and you are immediately redirected to a basic setup page, where you can check or change, for example, the MySQL configuration. Once you have confirmed these settings, you are redirected to the regular web interface page.
After completing the application server install, it should appear in the web interface on Servers as an Unregistered server; you can then press Register to register the server (Figure 2).
If the application server and Session Manager are installed on the same machine, the server name is initially 127.0.0.1. You can also set up a redirection. The "redirection name" is used to load individual sessions; you need to redirect to the application server as the target host. This step is required in any case if the application server is running on a private IP address and is accessed from somewhere on the Internet.
Application Diversity
If you run several application servers – including Windows machines – they should show up here given a correct IP configuration. The applications hosted on the application servers appear in the admin area of the web interface below Applications (Figure 3). However, they are not published automatically.
You also can add applications to application groups. Useful wizards exist to help you do this and to help you publish applications. To define who can use the published applications, go to the user management section of the web interface. Groups (by default, all_users) are used to assign a specific set of applications to each user. Advanced configuration settings, for session management or authentication types, are located in the Configuration section. In addition to standard username/password-based authentication, OVD supports CAS, RemoteUser, or token-based authentication (Figure 4).
Redirecting Printers and Drives
The most important settings for each user session define what the user can do in the web client, redirect client drives and printers, and set up shared drives. They are located in Configuration | Session Settings. Among other things, you can set the color depth for RDP (default: 16 bpp). The ability to integrate local drives and printers is a new feature of version 3.0.
Incidentally, the web client supports a portal mode besides desktop mode and will offer an HTML5 mode in the future. You can define which mode the user sees in a client session in Remote Desktop settings on the Configuration | Session Settings page (Figure 5), where remote applications can be enabled or disabled, as well.
Additionally, in the server settings below Configuration, you can define whether and how new application servers are added to the setup, whether to use automatic registration, and specify the FQDN, or IP address range, of authorized servers.
Below Configuration | System Settings, admins will find a number of interesting options, including an extensive set of policies for delegating administrative tasks. Furthermore, the use of software modules can be enabled or disabled as required. The first page (Index) in the admin interface acts as a dashboard and shows the main operating states at a glance. Here, you can toggle between Production Mode and Maintenance Mode, in which no user sessions are delivered, among other things.
The Ulteo Web Client
The web client with Ulteo desktop mode or, alternatively, portal mode is available at https://Session-Manager/ovd after installation of the web client. With the current web client, you need the Java plugin for your specific browser, but that will no longer be the case with the HTML5 version.
Once these conditions are met, users can log on to the web client. Pressing Advanced opens up further login options, including client mode (mode) for desktop mode (Figure 6), portal mode or HTML5, localizations, and choice of keyboard layout or full-screen mode. The Ulteo Desktop can also access all available shares or network drives on the local client.
Working in desktop mode is a smooth experience on the local network, thanks to RDP and Java. Usability over the Internet depends on many factors, but RDP is unlikely to keep pace with a real VDI solution based on Spice or VMware.
Conclusions
Ulteo Open Virtual Desktop has evolved in the past five years from a virtual OpenOffice to a full-fledged desktop. Without much ado, OVD has become a workable alternative to classic server-based computing that combines modern web applications with the advantages of the thin-client approach, thus eliminating workload on the client side. A recent browser with a Java Plugin is all you need.
Strictly speaking, this solution has nothing to do with desktop virtualization, but users are typically uninterested in whether their desktops are served up by a traditional terminal server as virtual machines, or as Open Virtual Desktops. From the viewpoints of consolidation, cost, performance, security, and manageability, there are significant differences, of course.
Ulteo's approach is useful for most small businesses. Every application server that publishes applications must be installed and maintained. They can theoretically be virtual machines, which you would need to manage in the scope of a virtualization management platform anyway; in that case, you might just as well consider a genuine VDI solution.
Ulteo's approach is always interesting, offering a generous feature scope, sufficient performance, and even benefits compared with genuine desktop virtualization, particularly in terms of collaboration. Whether a solution based on physical servers has a future is questionable, however, and a genuine alternative to expensive desktop virtualization would involve server virtualization with Ulteo's approach.