Delivering Secure and Scalable Desktop as a Service


By Dwayne Lessner
| min

Security and flexibility don’t often end up in the same sentence, especially when it comes to delivering IT as a service. But VMware Horizon Air and Nutanix hyperconverged infrastructure together are able to deliver the same value proposition with our validated reference architecture for applications and desktop as a service (DaaS).

Together, VMware and Nutanix provide what is arguably one of the best solutions for secure multi-tenant desktops for service providers and the enterprise.

VMware bought Desktone because it was the market leader for DaaS and the architecture was ideal for creating a scalable model for multiple tenants. However, to make the most of what was later renamed VMware Horizon Air, service providers and enterprises had to reimagine their compute and storage strategies for secure multi-tenant deployments.

As a function of our web-scale architecture, Nutanix hyperconverged infrastructure provides several different options for secure deployment of VMware Horizon Air. As a service provider, you can have one large cluster and carve out different hosts and volumes for your tenants. Each tenant can reserve the amount of storage in the cluster needed to provide desktops. Data locality can ensure that noisy tenants don’t impact the performance of their neighbors.

Over the past few weeks, we have been working together to create validated designs for VMware Horizon Air 6.1 running on vSphere 5.5 with Nutanix hyperconverged infrastructure. The following graph shows a LoginVSI run of 300 Windows 7 (64-bit) knowledge worker desktops (2vCPU) with Nutanix elastic deduplication turned on (in-line and post-process). The 300 desktops are on 3 out of 4 nodes running Login VSI 4.1, using its own datastore (Nutanix container) called ‘Tenant A’.

We ran a variety of virtual machines, including four IOanalyzer VMs, two “Max IOPS” workloads, and two running “Max Write” IOPS on the fourth node to simulate a noisy neighbor scenario. The 4-node had over 18,000 IOPS generated on its datastore called Tenant B. Both Tenant A and B were both serviced by the same Nutanix cluster.

The 300 virtual desktops ran without any disruption or impact from noisy storage-intensive VMs running on the fourth node and did not reach their VSI Max. This validation exercise highlights how multiple tenants can be supported on the same Nutanix cluster without worrying about performance impacts or security challenges.

If you want to provide physical separation between two clients, multiple individual small clusters can be used for your tenants and managed with Nutanix Prism Central. Prism Central offers a single framework/UI for service providers to manage multiple clusters. This approach can reduce the failure domain to one tenant and provide the purist form of security in the way of physical segregation.

VMware Horizon Air supports full clone desktops and can take advantage of native storage integration offered by VMware vCenter. Nutanix is a fully supported and the only certified hyperconverged appliance vendor to support the vStorage APIs for Array Integration (VAAI) today. This is very important for speed and reducing the amount of overall storage needed.

Security and flexibility challenges can be easily addressed with Nutanix and VMware, while providing a consistent user experience across all users.

We will be publishing a detailed reference architecture covering the best practices of our jointly validated designs in the coming weeks. To get a sneak peak or to learn more about our joint solution for delivering Desktop as a Service, drop us a note at or follow-up through Twitter @Nutanix.