News
5/1/2008
10:45 AM
Connect Directly
Twitter
RSS
E-Mail

How Merrill Lynch Plans To Virtualize Half Its Desktops

It's a big bet on emerging technology that's driven by IT management cost savings.



"Once the world figures this stuff out, this is going to be a huge change to the corporate landscape," Merrill Lynch chief architect Jeff Birnbaum predicts.

The stuff Birnbaum's talking about is "stateless" desktop virtualization, which promises cost savings from delivering the software that PCs need over a network using one-off virtual machines spun up in the data center. That should make it much cheaper to manage, since IT departments can change, say, a setting on the Windows operating system once, and all employees get the change as soon as they access their virtual desktops, rather than IT having to push the change to tens of thousands of PCs.


Birnbaum wants out of desktop PC management

Birnbaum wants out of desktop PC management

Desktop virtualization is emerging technology where the practical options for large-scale adoption are just starting to take shape, so most IT leadership teams aren't sure how big a part it will play in their IT strategies. Merrill Lynch is way past wait-and-see. It plans to virtualize 10% of its 63,000 employees' desktops by year's end, and as many as half within five years, including those of many mobile workers. That's a huge bet that desktop virtualization is ready for massive scale and Wall Street's demanding performance standards.

Merrill Lynch is making this IT strategy bet in a brutal business environment, with the company having written down about $30 billion during the mortgage meltdown and posting operating losses the past three quarters. To Birnbaum, this economy makes stateless desktop virtualization more appealing because of the potential for "radically" lower operating expenses, saving about 50% on the total cost of owning and managing PCs and servers. "The big win is to get out of desktop management across the board," he says.

InformationWeek Reports

There's big risk, too. The biggest is a greatly increased reliance on data center uptime. Birnbaum notes Merrill Lynch will be living the 1980s Sun Microsystems adage that the network is the computer. "If the data center goes down, you can't run your desktop," he says. But it's not like the network is optional today, given the lifelines that are e-mail and electronic trading.

DIG DEEPER
VIRTUALIZATION MEETS SECURITY
Companies must pay more attention to the unique risks of virtual environments.
Another risk is that software as a service will provide a cheaper way to go virtual, without the huge data center investment. Clear Channel, for example, decided against desktop virtualization because so many of its key applications are now Web-based. "We don't have that big of a deal with desktops out in the field," says Curt Smith, a solutions architect for the media company.

It's a big investment. Desktop virtualization can run more than $900 per employee in up-front costs for new servers, storage, network bandwidth, virtualization and Windows licenses, and thin-client hardware, estimates Forrester Research analyst Natalie Lambert. "It might take a couple of years to recoup that investment," Lambert says. "There are a lot of moving pieces."



ARE YOU FAT OR STATELESS?
Merrill Lynch sees two broad strategies for desktop virtualization: the "fat-images" approach it uses today, and the stateless strategy where it's headed.

The fat-images approach, essentially a thin-client variation, isn't all that new. The operating system and applications are combined into an image that's stored on a data center server and shown to a dumbed-down computer via the Remote Desktop Protocol or Citrix's more robust ICA protocol. Merrill Lynch will use this approach through year's end to virtualize a few thousand desktops, mostly in call centers and for employees who mainly do word processing and Web browsing. Advantages include centralized data storage and better physical security, says Lambert, adding that this is the virtualization she's asked about most.

In the next few months, though, Merrill Lynch will begin adopting the stateless approach, a more flexible combination of operating system and app virtualization that it will first apply to thin clients, then to high-powered PCs, including those used by its mobile workforce. It's only by adopting this stateless virtualization approach that Merrill expects breakthrough cost savings.

Stateless means that every time an employee boots up, the data center creates an impermanent virtual machine from a small set of master operating system images and application icons and sends it to the PC. The applications are served up separately, as the icons are clicked. That means employees get only the software they need based on who they are, what privileges they have, and what they're trying to do.

Virtual Vendors
Microsoft
Application Virtualization for app streaming, Windows Server manages user profiles
VMware
ESX hypervisor hosts client OS in data center
Linux
Red Hat on non-VMware servers, free Linux with KVM hypervisor for client operating system on PCs
Desktone
Connection broker assigns and manages virtual machines
Qumranet
Additional connection broker functions, Spice protocol for application and OS streaming
The problem with fat images is that applications are installed with an operating system in the data center, and if they screw up the registry or require patches, someone has to fix it. That patching is more efficient because it's done in the data center instead of a PC, but every VM still has to be patched and managed just as normal desktops and laptops would. "When you go to the stateless model, that totally vanishes," Birnbaum says. "There's no more of this registry corruption stuff because you're not installing apps on a per-instance basis, and there's not 50 instances to manage. Patching gets much easier because I patch at the central place and then everybody who runs the apps gets the patched versions."

Merrill Lynch will use software from Microsoft, Red Hat, VMware, and two startups, Desktone and Qumranet, to execute its virtualization strategy. Citrix Systems, whose XenApp Merrill Lynch also will test, is the other big player in desktop virtualization, with probably the broadest suite of tools.

Not all the software is up to the quality that Birnbaum would like, especially in VM management. For now, software called a connection broker (which Desktone and Qumranet provide) can do basic monitoring of CPU and memory to figure out where new VMs should be allocated in the data center, but they can't dynamically place VMs based on workloads, or predict workloads. Vendors are working on it, but Birnbaum calls what he's seen so far "weak."

On Merrill Lynch's thin clients, a connection broker assigns clients to available servers in the data center and figures out which application and system customizations to use based on a user profile. To manage configurations, it uses Windows Server and custom scripts, but it's looking at AppSense or Citrix because "what we have today doesn't work well," Birnbaum says. The resulting VM runs on top of VMware ESX or Linux KVM hypervisors, providing the operating system image and icons that show up in the start menu or desktop. Microsoft Application Virtualization streams the application to the virtual operating system image on the server.

Merrill Lynch isn't embarking on its stateless virtualization strategy yet because it's waiting for Microsoft's next version of Application Virtualization, since it can better handle Excel plug-ins.

The next big opportunity Merrill Lynch sees after stateless thin clients is virtualizing high-powered PCs.



VIRTUAL APPS, LOCAL PROCESSING
In this approach, most of the actual computing work will continue to be done on the desktop, not on data center servers. Pieces of the operating system and applications--only those needed to perform a function--are streamed from the data center over the network to the PC, but they'll be cached and processed locally, much like Web browser cache works. "If I'm an investment banker, and I do heavy-duty computing, ... I would almost never want to be on the data center server because if I'm in the data center, I'm sharing a server with all of the other users that are on that server," Birnbaum says.

That performance will be further enhanced by Merrill Lynch's use of a proprietary protocol, Spice from Qumranet, instead of the more common Remote Desktop Protocol, because it considers it better at transmitting latency-sensitive information such as voice-over-IP calls, Flash animations, and videoconferencing.

This should also work for mobile employees, who will be able to work offline by getting the entire operating system and apps cached on the local machine. Merrill Lynch is still working out the details; it's possible employees may have the OS fully installed locally but have apps streamed. Though the processing power is local, the cost advantage is that, since that PC checks for changes in the data center each time an employee connects, IT management remains centralized and automated.

This will be the new math of desktop virtualization, figuring out what computation happens on desktops versus the server, since it becomes so easy to move that work. For investment bankers doing complex financial modeling, a server doing all the work could only handle five to eight virtual desktops, versus as many as 35 for people using the Web and Word. "If I think about a $400 dumb terminal versus a $700 desktop, I tend to believe the desktop will prevail because that $700 is cheaper than a terminal plus a piece of the data center," Birnbaum says.

Why's all this happening now at Merrill Lynch? The company says it has the bandwidth to handle the increased network traffic, and PCs and servers have the computing power to offset bandwidth hiccups. Also, the software has matured to a point where the company can put together the pieces it needs to virtualize.

Virtualized desktops aren't supposed to change what Merrill Lynch employees see and do. But the company is ironing out some details. In this era of tech-savvy workers, what about applications people download and use that aren't centrally supported by IT? Stateless virtualization doesn't have an easy answer beyond saying no; since the local cache is temporary, there's no permanent location to save apps locally.

Birnbaum, for one, isn't unhappy about that, because those applications often interfere with other apps, cause performance problems, or open security holes. But he knows they have their place, so the likely answer will be a more streamlined process for approving new apps. Or there might be a way to create VMs just to give unauthorized apps an isolated, secure sandbox.

Birnbaum believes stateless desktop virtualization will make Merrill Lynch more agile in terms of growth, contraction, disaster recovery, and mobility. This year, the company is doing a big software upgrade for branch offices handling private clients, and it's a one-computer-at-a-time effort. In its virtual vision, that upgrade to provide new capabilities would happen once.

Merrill Lynch is ahead of most companies in desktop virtualization. Forrester's Lambert says she's just starting to hear companies consider such widespread deployments. But with this emerging technology, a wait-and-see approach could turn into a missed-the-boat outcome sooner than some expect.

Continue to the story:
Desktop Virtualization Drives Security, Not Just Dollar Savings

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Email This  | 
Print  | 
RSS
More Insights
Copyright © 2019 UBM Electronics, A UBM company, All rights reserved. Privacy Policy | Terms of Service