HK1179066A - Automated desktop services provisioning - Google Patents
Automated desktop services provisioning Download PDFInfo
- Publication number
- HK1179066A HK1179066A HK13105820.0A HK13105820A HK1179066A HK 1179066 A HK1179066 A HK 1179066A HK 13105820 A HK13105820 A HK 13105820A HK 1179066 A HK1179066 A HK 1179066A
- Authority
- HK
- Hong Kong
- Prior art keywords
- user
- remote desktop
- desktop
- computing
- configuration
- Prior art date
Links
Description
Technical Field
The invention relates to the creation and deployment of networks of virtual computers having a common desktop image.
Background
In a typical corporate computer system setup, an administrator may determine that a company should have a project desktop with a given set of applications (e.g., Outlook, Word, Visio, AutoCad, etc.) and a financial desktop with a slightly different set of applications (e.g., Outlook, Word, Excel, etc.). The administrator may then determine how many end users are to be provisioned with a given desktop (i.e., each of the engineering departments obtains a desktop image based on the engineering desktop, and each of the financial departments obtains a desktop image based on the financial desktop). The administrator may then determine that the back-end server needs to support such end-users and applications. For example, the administrator will determine how many servers are needed to support an email server, how many servers are needed to support a document repository, and so on. The server hardware then needs to be built in the company and the various applications installed on the server, desktop or notebook computer will need to be purchased and provisioned with the various desktop images, and so on.
Disclosure of Invention
When virtual computing resources are used to provide computing infrastructure to one or more end users, most of the backend configuration and management tasks involved in building IT infrastructure may be reduced or eliminated. Disclosed herein are methods and systems for replacing a company infrastructure provisioning process in the real world at least in part with an automated cloud-based service that provides a virtual company infrastructure in the cloud. It is an aspect of the present invention to provide a cloud-based infrastructure provisioning tool that removes the need for most manual processes by replicating and virtualizing aspects of the infrastructure in the cloud. To this end, the automated process allows an administrator to define the infrastructure as a cloud service, thereby reducing the need to determine the hardware and software infrastructure required within a company. For example, a web interface for subscribing to cloud computing services may be provided to an administrator. Through the web interface, an administrator is able to define an initial typical user desktop that includes an Operating System (OS) and a set of applications and associated settings. The administrator may also select the number of role instances to be provided. The cloud computing environment automatically deploys the requested environment in a load balanced and scalable manner. The deployed environment is accessible via the internet using a URL or IP address. The underlying provisioning of the infrastructure in a cloud computing environment is transparent to the administrator.
In other embodiments, a mechanism is provided for scalably creating and deploying a network of virtual computers having a common desktop image in a cloud computing environment. A user is provided with an interface for defining a user computing environment and applications for placement on a virtual desktop. The user may also enter the number of characters or remote users. Based on this information, the system creates a golden image or master template of the character and propagates the image in the cloud platform. The underlying provisioning of virtual machines in the cloud is transparent to the administrator. The same automated mechanism used to create the golden image is also used to update the golden image whenever there is an update to the OS or any application and settings. The system automatically propagates the new image in the cloud platform.
Drawings
The systems, methods, and computer-readable media for scalably deploying virtualized computing infrastructure in accordance with the specification are further described with reference to the accompanying drawings in which:
FIG. 1 depicts an example computing environment in which aspects of the invention may be implemented.
FIG. 2 depicts an example computing environment in which aspects of the invention may be implemented.
FIG. 3 depicts an example computing environment including a data center.
FIG. 4 depicts an operating environment of a data center.
FIG. 5 depicts an operational environment for practicing aspects of the present disclosure.
FIG. 6 illustrates an example architecture for implementing certain methods disclosed herein.
FIG. 7 illustrates an example block diagram depicting some methods disclosed herein.
FIG. 8 illustrates an example block diagram depicting computing components of a cloud data service.
FIG. 9 illustrates an example block diagram depicting storage components of a cloud data service.
FIG. 10 illustrates an example block diagram depicting fabric controller components of a cloud data service.
FIG. 11 shows an example block diagram depicting CDN components of a cloud data service.
Fig. 12 illustrates an example block diagram depicting a connection component of a cloud data service.
FIG. 13 illustrates an example embodiment of the method disclosed herein.
FIG. 14 illustrates an example embodiment of the method disclosed herein.
FIG. 15 illustrates an example of an operational procedure for practicing aspects of the present disclosure.
FIG. 16 illustrates an example system for implementing aspects of the present invention.
FIG. 17 illustrates an example embodiment of a user data loading scenario.
Detailed Description
Certain specific details are set forth in the following description and figures to provide a thorough understanding of various embodiments of the disclosure. Certain well-known details often associated with computing and software technology are not set forth in the following disclosure to avoid unnecessarily obscuring the various embodiments of the disclosure. Furthermore, those of ordinary skill in the relevant art will understand that they can practice other embodiments of the disclosure without one or more of the details described below. Finally, although the various methods are described in the following disclosure with reference to steps and sequences, the description as such is for providing a clear implementation of the embodiments of the disclosure, and the steps and sequences of steps should not be taken as required to practice this disclosure.
It should be understood that the various techniques described herein may be implemented in connection with hardware or software or, where appropriate, with a combination of both. Thus, the methods and apparatus of the present disclosure, or certain aspects or portions thereof, may take the form of program code (i.e., instructions) embodied in tangible media, such as floppy diskettes, CD-ROMs, hard drives, or any other machine-readable storage medium, wherein, when the program code is loaded into and executed by a machine, such as a computer, the machine becomes an apparatus for practicing the disclosure. In the case of program code execution on programmable computers, the computing device will generally include a processor, a storage medium readable by the processor (including volatile and non-volatile memory and/or storage elements), at least one input device, and at least one output device. One or more programs that may implement or utilize the processes described in connection with the present invention, e.g., through the use of an Application Programming Interface (API), reusable controls, or the like. Such programs are preferably implemented in a high level procedural or object oriented programming language to communicate with a computer system. However, the program(s) can be implemented in assembly or machine language, if desired. In any case, the language may be a compiled or interpreted language, and combined with hardware implementations.
A remote desktop system is a computer system that maintains applications that are remotely executable by a client computer system. The input is input at the client computer system and communicated over a network (e.g., using a protocol based on the International Telecommunications Union (ITU) t.120 family of protocols, such as the Remote Desktop Protocol (RDP)) to an application on a terminal server. The application processes the input as if it were entered at the terminal server. The application generates output in response to the received input and transmits the output to the client over the network.
Embodiments may execute on one or more computer systems. FIG. 1 and the following discussion are intended to provide a brief general description of a suitable computing environment in which the disclosed subject matter may be implemented. Those skilled in the art will appreciate that the computer systems 200, 300 may have some or all of the components described with respect to the computer 100 of FIG. 1.
In an example embodiment where components may be implemented in circuitry comprising a combination of hardware and software, an implementer may write source code embodying logic that is subsequently compiled into machine readable code that can be executed by a logical processor. The term circuitry used throughout this disclosure may include hardware components such as hardware interrupt controllers, hard drives, network adapters, graphics processors, hardware-based video/audio codecs, and the firmware/software used to operate such hardware. The term circuitry may also include a microprocessor, or one or more logical processors, e.g., one or more cores of a multi-core general processing unit, configured to perform functions in a particular manner, either through firmware or through a set of switches. The logical processor in this example may be configured by software instructions embodying logic operable to perform functions loaded from memory, e.g., RAM, ROM, firmware, and/or virtual memory. Because those skilled in the art will appreciate that the prior art has evolved to the point where hardware, software, or a combination of hardware/software could be interchanged, the selection of hardware versus software to implement a function may be a design choice. Thus, since one skilled in the art can appreciate that a software process can be transformed into an equivalent hardware structure, and a hardware structure itself can be transformed into an equivalent software process, the choice of a hardware implementation or a software implementation is trivial and left to the implementer.
FIG. 1 depicts an example of a computing system configured with aspects of the present disclosure. The computing system may include, among other things, a computer 20, a system memory 22, and a system bus 23 that couples various system components including the system memory to the processing unit 21. The system bus 23 may be any of several types of bus structures including a memory bus or memory controller, a peripheral bus, and a local bus using any of a variety of bus architectures. The system memory includes Read Only Memory (ROM)24 and Random Access Memory (RAM) 25. A basic input/output system 26 (BIOS), containing the basic routines that help to transfer information between elements within the computer 20, such as during start-up, is stored in ROM 24. The computer 20 may also include a hard disk drive 27 for reading from and writing to a hard disk (not shown), a magnetic disk drive 28 for reading from or writing to a removable magnetic disk 29, and an optical disk drive 30 for reading from or writing to a removable optical disk 31 such as a CD ROM or other optical media. In some example embodiments, computer executable instructions implementing aspects of the present disclosure may be stored in ROM 24, a hard disk (not shown), RAM25, a removable magnetic disk 29, an optical disk 31, and/or a cache of processing unit 21. The hard disk drive 27, magnetic disk drive 28, and optical disk drive 30 are connected to the system bus 23 by a hard disk drive interface 32, a magnetic disk drive interface 33, and an optical drive interface 34, respectively. The drives and their associated computer-readable media provide nonvolatile storage of computer readable instructions, data structures, program modules and other data for the computer 20. Although the environment described herein employs a hard disk, a removable magnetic disk 29, and a removable optical disk 31, it should be appreciated by those skilled in the art that other types of computer readable media which can store data that is accessible by a computer, such as magnetic cassettes, flash memory cards, digital video disks, Bernoulli cartridges, Random Access Memories (RAMs), Read Only Memories (ROMs), and the like, may also be used in the operating environment.
A number of program modules may be stored on the hard disk, magnetic disk 29, optical disk 31, ROM 24 or RAM25, including an operating system 35, one or more application programs 36, other program modules 37, and program data 38. A user may enter commands and information into the computer 20 through input devices such as a keyboard 40 and pointing device 42. Other input devices (not shown) may include a microphone, joystick, game pad, satellite dish, scanner, or the like. These and other input devices are often connected to the processing unit 21 through a serial port interface 46 that is coupled to the system bus, but may be connected by other interfaces, such as a parallel port, game port, Universal Serial Bus (USB). A display 47 or other type of display device is also connected to the system bus 23 via an interface, such as a video adapter 48. In addition to the display 47, computers typically include other peripheral output devices (not shown), such as speakers and printers. The system of FIG. 1 also includes a host adapter 55, Small Computer System Interface (SCSI) bus 56, and an external storage device 62 connected to the SCSI bus 56.
The computer 20 may operate in a networked environment using logical connections to one or more remote computers, such as a remote computer 49. The remote computer 49 may be another computer, a server, a router, a network PC, a peer device or other common network node, a virtual machine, and typically includes many or all of the elements described above relative to the computer 20, although only a memory storage device 50 has been illustrated in FIG. 1. The logical connections depicted in FIG. 1 can include a Local Area Network (LAN)51 and a Wide Area Network (WAN) 52. Such networking environments are commonplace in offices, enterprise-wide computer networks, intranets and the Internet.
When used in a LAN networking environment, the computer 20 can be connected to the LAN 51 through a network interface or adapter 53. When used in a WAN networking environment, the computer 20 typically includes a modem 54 or other means for establishing communications over the wide area network 52, such as the Internet. The modem 54, which may be internal or external, may be connected to the system bus 23 via the serial port interface 46. In a networked environment, program modules depicted relative to the computer 20, or portions thereof, may be stored in the remote memory storage device. It will be appreciated that the network connections shown are examples and other means of establishing a communications link between the computers may be used. Moreover, while it is contemplated that many embodiments of the present invention are particularly well-suited for use with a computer system, the present disclosure is not intended to be limited to such embodiments.
Referring now to FIG. 2, depicted is a high-level block diagram of a computer system configured to implement virtual machines. As shown, computer system 100 may include the elements described in FIGS. 1 and 2, as well as components that may be used to implement a virtual machine. One such component is a hypervisor (hypervisor) 202, which may also be referred to in the art as a virtual machine monitor. Hypervisor 202 in the depicted embodiment can be configured to control and arbitrate access to the hardware of computer system 100. Broadly, hypervisor 202 can generate execution environments called partitions, such as child partition 1 through child partition N (where N is an integer greater than or equal to 1). In various embodiments, child partitions may be considered a basic unit of isolation supported by hypervisor 202, i.e., each child partition may be mapped to a set of hardware resources, e.g., memory, devices, logical processor cycles, etc., under control of hypervisor 202 and/or a parent partition, and hypervisor 202 may isolate one partition from accessing the resources of another partition. In various embodiments, hypervisor 202 can be a stand-alone software product, a part of an operating system, embedded within firmware of a motherboard, a specialized integrated circuit, or a combination thereof.
In the above example, computer system 100 includes parent partition 204, which may also be considered domain 0 in the open source community. The parent partition 204 may be configured to provide resources to guest operating systems executing in the child partitions 1-N by using virtualization services. Each child partition may include one or more virtual processors, such as virtual processors 230-232 on which guest operating systems 220-222 may manage and schedule threads to execute. Generally, the virtual processors 230 through 232 are executable instructions and associated state information that provide a representation of a physical processor with a particular architecture. For example, one virtual machine may have a virtual processor with characteristics of an Intel x86 processor, while another virtual processor may have the characteristics of a PowerPC processor. The virtual processors in this example may be mapped to logical processors of the computer system such that instructions implementing the virtual processors will be supported by the logical processors. As such, in these example embodiments, multiple virtual processors may be executing simultaneously while, for example, another logical processor is executing hypervisor instructions. In general, and as shown, the combination of virtual processors and memory in a partition may be considered a virtual machine, such as virtual machine 240 or 242.
In general, guest operating systems 220 through 222 can include data structures such as, for example, fromOpen source community, etc. The guest operating system may include a user/kernel mode of operation and may have a kernel that includes a scheduler, a memory manager, and the like. Kernel mode may include an execution mode in a logical processor that grants access to at least privileged processor instructions. Each guest operating system 220 through 222 may have an associated file system on which applications such as terminal servers, e-commerce servers, e-mail servers, etc., as well as the guest operating systems themselves, are stored. Guest operating systems 220 and 222 can schedule threads to execute on virtual processors 230 and 232 and can implement instances of such applications.
FIG. 3 and the following discussion are intended to provide a brief, general description of an example computing environment in which embodiments described herein can be implemented. In particular, FIG. 3 depicts an illustrative operating environment 300 that includes a data center 308 for providing computing resources. The data center 308 may provide computing resources for executing applications and provide data services on a continuous or on-demand basis. The computing resources provided by the data center 308 may include various types of resources, such as data processing resources, data storage resources, data communication resources, and so forth. Each type of computing resource may be generic or may be available in a number of specific configurations. For example, data processing resources are available for use as virtual machine instances. The virtual machine instances may be configured to execute applications, including Web servers, application servers, media servers, database servers, and the like. The data storage resources may include file storage devices, block storage devices, and the like. The data center includes not only virtual machine computing resources, but also a plurality of physical computing devices that can be configured to run one or more virtual machines that can be migrated across the physical resources for load balancing.
The computing resources provided by data center 308 may be enabled by one or more separate data centers. Data center 308 is an architecture for housing and operating computer systems and associated components. The data center 308 typically includes redundant and backup power, communication, cooling, and security systems. Data centers 302 may also be located in geographically different locations. One illustrative configuration of a data center 308 that implements the concepts and technologies disclosed herein to scalable deploy a virtualized computing infrastructure will be described below with reference to FIG. 3.
Customers and other users of data center 308 may access computing resources provided by data center 302 via network 306. It should be appreciated that a local area network ("LAN"), the internet, or any other networking topology known in the art that connects the data center 308 to a remote user may be used. It should also be understood that combinations of such networks may also be used.
The user computers 304 may be computers used by customers or other users of the data center 308. For example, the user computer 304 may be a server computer, a desktop or laptop personal computer, a thin client, a tablet computer, a wireless telephone, a personal digital assistant ("PDA"), an e-reader, a game console, a set-top box, or any other computing device capable of accessing the data center 308.
The user computers 304 are used to configure aspects of the computing resources provided by the data center 308. In this regard, the data center 308 may provide a Web interface, aspects of the operation of which may be configured using a Web browser application executing on the client computing system 304. Alternatively, a standalone application executing on the client computing system 304 may access an application programming interface ("API") exposed by the data center 308 to perform configuration operations. Other mechanisms for configuring the operation of data center 308 may also be used, including deploying updates to applications.
FIG. 4 depicts a computing system diagram illustrating one configuration of a data center 308, including the concepts and technologies disclosed herein for scalable deployment of virtualized computing infrastructure. Fig. 2 includes a server computer 402 for providing computing resources for executing applications. The server computer 402 may be a standard server computer suitably configured to provide the computing resources described above. For example, in one implementation, server computer 402 is configured to provide process 406.
In an embodiment, process 406 may be a virtual machine instance. A virtual machine instance may be a software-implemented instance of a machine (i.e., a computer) that executes programs much like a physical machine executes programs. In the example of a virtual machine instance, each server 402 can be configured to execute an instance manager capable of executing the instance. The instance manager may be a hypervisor, or another type of program configured to enable execution of multiple processes 406, for example, on a single server 402.
It should be understood that although certain embodiments disclosed herein are discussed in the context of virtual machine instances, other types of instances can also be used with the concepts and technologies disclosed herein. For example, the techniques disclosed herein may be used for instances of storage resources, processing resources, data communication resources, and for instances of other types of resources. Embodiments disclosed herein may also be used in computing systems that do not utilize virtual machine instances, i.e., computing systems that use a combination of physical and virtual machines.
In the example data center shown in fig. 4, a LAN 401 is used to interconnect with a server computer 402. The LAN 401 may also be connected to the WAN 306 shown in fig. 3. It should be appreciated that the network topologies shown in fig. 3 and 4 have been greatly simplified, and that many more networks and networking devices may be utilized to interconnect the various computing systems disclosed herein. Suitable load balancing devices or software modules may also be used to load balance between data centers, between each server computer 402 in each data center, and between instances 406 purchased by each customer of a data center. These network topologies and devices should be apparent to those skilled in the art.
Cloud computing generally refers to a computing environment for enabling on-demand network access to a shared pool of computing resources (e.g., applications, servers, and storage) such as those described above. Such computing environments may be provisioned and released quickly with minimal administrative effort or service provider interaction. Cloud computing services typically do not require end users to know the physical location and configuration of the system delivering the service. Services may be consumption based and delivered via the internet. Many cloud computing services involve virtualized resources such as those described above, and may take the form of web-based tools or applications that a user can access and use through a web browser as if they were programs installed locally on the user's own computer.
Cloud computing services are typically built on some type of platform. For certain applications, such as running inside an organization's data center, such platforms may include an operating system and a data storage service configured to store data. Applications running in the cloud may use a similar foundation.
FIG. 5 provides further details of the example environment shown in FIG. 3. An administrator at user computer 304 may establish desktop configuration 501, including identifying operating systems, applications, policies, and storage settings. Such preferences may be changed by an administrator, and the provider of the service may charge the administrator for providing the requested configuration.
In an embodiment and as further described in fig. 6, the cloud service may implement an architecture comprising a four layer stack as follows:
cloud computing platform 601 configured to provide resources to support cloud services
A desktop provisioning and management layer 602 to create and manage cloud computing assets that enable application providers to provide applications, enterprise desktop providers and desktop retailers to create and manage desktops, users to connect to their desktops, and the like. This layer may translate the logical view of the application and desktop into physical assets of the cloud computing platform.
Application provider/enterprise desktop provider/desktop retailer/user experience layer 603, providing a unique end-to-end experience for each of the four types of entities described above.
Vertical layer 604, providing a set of customized experiences offered by the desktop retailer for a particular group of users.
In an embodiment of a cloud computing platform, an isolation unit can be implemented and defined using an indicia, for example, to isolate one entity from another within a cloud environment by way of a security boundary, and the indicia can be configured to define a remote desktop deployment in accordance with an aspect of the present invention. A remote desktop controller component may be provided that maintains customer artifacts and credentials, manages load across stamps, and supplies and resizes stamps. The remote desktop controller may also create and manage applications and desktops. The particular endpoint provides a virtual equivalent of the user's desktop, and the stamp(s) provide a virtual equivalent of the company's computing infrastructure.
The layers described above may involve multiple components. Such components may include the following components described further below.
Compute component (e.g., FIG. 8), running applications in the cloud.
Storage component (e.g., FIG. 9) that stores binary and structured data in a cloud
Fabric controller component (e.g., FIG. 10), deploy, manage, and monitor applications. The fabric controller also handles updates to the system software across the platform
A Content Delivery Network (CDN) component (e.g., fig. 11) that increases the global access speed of data in cloud storage by maintaining cached copies of the data worldwide.
A connection component (e.g., FIG. 12) that allows an IP layer connection to be created between the local computer and the cloud application.
Referring to fig. 8, which depicts a computing component 810, applications can be implemented as one or more roles 800801802 as described above. The cloud service can run multiple instances of each role by propagating requests across roles using load balancing.
A portal may be provided to developers to submit applications to cloud services. The portal may be configured to receive configuration information that informs the cloud platform of how many instances each role is to run. The fabric controller component can create a Virtual Machine (VM) for each instance and run code in the VM for the appropriate role. Requests from users of applications may be made using protocols such as HTTP, HTTPs, and TCP. Requests can be load balanced across all instances of a role.
Referring to fig. 9, which depicts a storage component 910, a cloud platform can provide data storage using a plurality of data structures and formats. For example, the data store may be provided as an unstructured blob of binary data. The metadata may be used to provide information about the content. To allow applications to operate on data in a more structured manner, a cloud storage service may provide storage as a set of entities associated with attributes. The application may also be provided with means to query the data, such as, for example, an API that includes search parameters. Additionally, cloud storage can provide a way for web role instances to communicate asynchronously with worker role instances. For example, a user may submit a request to perform some compute-intensive task via a web interface implemented by a web role. The web role instance receiving this request can write a message to the queue 902 describing the work to be completed. Worker role instances waiting on this queue can then read the message and perform the specified task. Results may be returned via another queue.
The cloud storage service may replicate data in order to provide fault tolerance. In addition, data may be backed up and replicated in another data center located in a different physical location for redundancy and enhanced availability.
Referring to FIG. 10, fabric controller component 1000 can be a distributed application that is replicated across a set of machines. The fabric controller component may be configured to own all the resources in its environment, such as computers, switches, and load balancers. The fabric controller component 1000 can also monitor running applications, determine where new applications should run, and select physical servers to optimize hardware utilization. The fabric controller component may also be configured to start, monitor, and terminate virtual machines.
In an embodiment and referring to fig. 11, the cloud service may store a copy of the data at a site closer to the client 1000 using the data. For example, the first time a user accesses a particular piece of data, the content delivery network component may store (i.e., cache) a copy of that data at a location that is geographically close to the user. The next time the data is accessed, the content may be delivered from the cache rather than from a more remote source.
In an embodiment and referring to FIG. 11, to support applications and data used within an organization, a local environment may be connected with a cloud service. In an embodiment, such a combination may be implemented by providing IP layer connectivity between cloud applications and machines running outside the cloud. The endpoint proxy 1201 may be installed on each local computer 1202 connected to the cloud application. The cloud application may also be configured to work with the cloud connection component 1200. The agent may use a protocol such as IPsec to interact with a particular role in the application. By using such a proxy, the potential complexity of configuring a protocol such as IPsec protocol 1203 may be transparent to a user while providing a simpler connection than methods such as Virtual Private Networks (VPNs). Once the connection is established, the roles in the cloud application may appear to be on the same IP network as on the local machine.
By establishing such a connection, the cloud application may directly access the local database. The cloud application may also be domain-joined (domain-join) into the local environment, allowing a single login of the local user to the cloud application, and using existing active directory accounts and groups for access control.
In embodiments, a remote desktop computing experience may be provided in which a desktop provider may provide a flexible pool of desktops from which an administrator may easily provision and manage multiple user desktops in much the same manner as provisioning and managing a single user desktop. The remote desktop user may thus be provided with a desktop experience that is always available, does not require administrative procedures, and is billed based on consumption. For application providers, such services may enable the application provider to provide traditional desktop applications to users in the form of web applications with minimal effort.
As businesses began to employ remote or virtual desktops as a means of centralizing management of secure and compatible employee desktops, IT would be advantageous for IT administrators to be able to provide a homogeneous desktop environment in order to control and minimize costs. Thus, a platform that can provide multiple remote or virtual desktops can provide a scalable and homogeneous computing environment at low cost. By building hosted desktop solutions on a cloud platform in a manner similar to a homogeneous computing model, IT administrators can be provided with an environment that can greatly reduce costs compared to the traditional "desktop as a service" alternative.
The cloud computing platform may be configured to operate with and provide benefits to a plurality of users and providers. For example, for an application provider that provides applications to an enterprise desktop provider or desktop retailer, a cloud computing platform may be configured to provision and sell traditional desktop applications in a scalable cloud model. The application provider may be enabled to create an application provider account with payout account information, upload an application package, test the uploaded application on a selected operating system, publish the application on an application marketplace on the cloud, monitor application usage, and set user charges for each user.
For enterprise desktop providers that create and/or manage desktops, the cloud platform may be configured to provision desktops, which may include application bundles, to groups of users with similar requirements. For example, the user groups may all be employees of the same business customer. The desktop provider may be enabled to create an enterprise desktop provider account and provide credit information, for example, via a credit card or other credit facility. The desktop provider may further be enabled to create the desktop by, for example, selecting an OS version and compatible applications from the cloud marketplace, uploading additional applications on demand, and selecting a delivery mode, i.e., full desktop experience or remote application delivery. The desktop provider may also be enabled to provide credentials to enable access to the customer's local activity directory from the desktop, add users to enable access to the desktop, set policies to control user access to applications on the desktop, set up URLs for web pages for desktop users, and access connectivity activities and disable/enable access.
A desktop re-retailer may be an entity that creates and/or manages desktops for sale as services to users. Desktop re-retailers may be enabled to perform similar capabilities as enterprise desktop providers, such as creating desktop re-retailer accounts, creating registration and connection scenarios for remote users, creating one or more desktops by selecting OS versions and compatible applications from a cloud marketplace, and uploading additional applications and selecting delivery modes. Desktop re-retailers may also be enabled to set policies to manage user access to applications on the desktop and to provide OS and application updates automatically or manually. The desktop re-retailer may also be enabled to view connectivity activities and disable/enable access, monitor desktop usage, and receive payment from the user.
A user may be an identifiable entity that accesses a desktop offered by an enterprise desktop provider or desktop re-retailer. A user may access the desktop from any location via the cloud platform, browse to a URL of the desktop service, and log in and access the provisioned service. In some embodiments, the user may be provided with a list of desktop environments that the user can log into.
Referring to fig. 13, an example block diagram depicting a process for providing remote desktop services in a cloud computing framework is shown. A user may access a web page via a browser that provides an access point to a remote desktop service that is accessible and configurable to the user according to the user's IT department requirements. The user may log into the system using credentials provided to the user. The credentials may be a persistent ID such as Windows Live ID or OpenID (open ID). The user will then be redirected to an authentication server, which may require entry of a username and password over a secure connection. Once authenticated, the user may be issued a password that is persistent to the user, which is provided to other services so that additional authorization is no longer required. In one embodiment, even if the desktop session ends, the password may be persistent for the user unless the user explicitly logs out of the session.
A mechanism may be provided for automatically logging into a cloud-based system in which a single user authentication and authorization process grants a user access to resources in the cloud-based system to which the user has access permission without entering a multiple password. Providing a single login allows a user to login once and access multiple applications without entering more passwords. Single sign-on is desirable for enterprises by increasing security and efficiency by reducing the number of passwords that must be maintained. For cloud service providers, single sign-on provides a better user experience by allowing users greater access without additional authentication effort.
The cloud-based service may not accept token login credentials generated by the single-sign-on service. For example, a web-ID provider or single-sign-on service may prompt a user with single-time credentials, and the service may generate tickets or tokens that may be used to connect to other services. Examples of such systems include Windows, Linux, and iOS. It is desirable to give users in the local enterprise domain a single sign-on, for example, to an application running in a cloud service.
In an embodiment, a one-time password may be automatically generated and maintained when a user logs into a cloud-based desktop and provides authentication credentials. The generated one-time password may be used to automatically log into other processes in the cloud-based system. In an embodiment, the generated one-time password may be held until the user explicitly logs out. Thus, the password may be maintained even in the event that the desktop session is accidentally terminated.
In another embodiment, a user may have an account for a service that provides an integrated online service, such as Windows Live or Yahoo. Such services may provide a set of services and software products such as email and multimedia services that can be accessed using a single user ID and password. In an embodiment, users of such integrated services may also be provided with the option of accessing cloud-based computing services as described above. Thus, when a user selects a cloud-based computing service as part of such an integrated service, once the user logs into the service, the user may be presented with the option of accessing the cloud-based computing service and requesting a remote desktop session. Because cloud-based services, such as remote desktops, may not accept credentials from integration services, the cloud-based services may generate accounts with one-time passwords that allow users to access desktop sessions. The details of the one-time password need not be provided to the user, as the password is only present during the session or until the user logs out. In an embodiment, the one-time password may be maintained so that the user may return to the desktop without having to restart the login process in the event the desktop is inadvertently disconnected.
In one embodiment shown in FIG. 14, the client 1404 may enter the URL of his company's cloud-based services home page 1400. Alternatively, the user may enter a URL for the integrated online service. The user may be directed to an online authentication service 1404 that prompts the user for authentication credentials. The online authentication service 1401 may be a service used by an administrator of the user, and credential information for the user may be provided by the administrator to the cloud service, thereby authorizing the service to create a user profile and allowing the user to launch and access a desktop. Alternatively, the online authentication service 1401 may be provided by an integrated online service. Once the user is authenticated, the user is directed to the home page 1402, which can access the cloud service 1410 using credentials provided by the online authentication service. The cloud service 1410 generates a one-time password 1405 and/or a temporary user account, and the user's one-time password is sent 140 to the endpoint 1407. As described above, endpoint 1407 may be a user desktop session.
The one-time password may be generated based on credentials received by the online authentication service. In an embodiment, the password may be stored in a local credential store in the virtual machine hosting the user session. Thus, the password is not maintained in the user profile with the user, allowing for enhanced security and avoiding the need for the cloud service to maintain a password for each user.
The user may be presented with multiple desktops that may be selected and logged in, such as a project desktop, a finance desktop, and so on. For example, each desktop may be customized for a particular function. The particular desktop may be presented to the user based on predefined authorization. Once a user selects a desktop, a new desktop instance may be instantiated for the user. If the previous desktop instance is selected, the session associated with the previous desktop instance may be resumed. The user's session, as well as other user's sessions, may be initiated as endpoints within a virtual machine hosting multiple such sessions. A saved profile may be associated with each endpoint that is created or resumed, the profile including user preferences and state information from previous sessions and other information needed to maintain the user's state so that the user's session may be maintained, suspended, and resumed. In general, a desktop can be made up of operating systems, applications, and settings. A desktop instance generally refers to a desktop plus a particular user profile. In some cases, the desktop instance and the desktop session may be used interchangeably.
In one embodiment, multiple sessions may be initiated for additional users. Referring to the example embodiment illustrated in FIG. 14, when an additional user logs into the system, multiple sessions corresponding to multiple endpoints may be instantiated. Further, the user may include multiple user types as defined by an administrator of the user group. For example, as shown, multiple users of type 1 and type 2 may log into the system and begin a session. For example, type 1 may be a financial type desktop and type 2 may be an engineering type desktop. Of course, other examples are possible. A virtual machine may be configured to host multiple sessions of one or more types. In an embodiment, the number of sessions may be independent of the underlying virtual machine configuration hosting the individual user sessions. Additional virtual machines can be started when additional user sessions are instantiated on the virtual machine. In an embodiment, a set of multiple remote desktop sessions may be configured to execute on a virtual machine. When more remote desktop sessions are needed, another virtual machine may be started. A flexible pool of virtual machines can be provided so that sessions can be dynamically added at any time without the end user or administrator having to understand the underlying details of the structure in which the service is provided.
Because a user may be assigned a Virtual Machine (VM) endpoint from a pool of available VM endpoints, the next time the user logs in, the user may connect to any one VM endpoint in the pool. To create a customized desktop experience for a user, user preference and state data may be saved. In an embodiment, user preference and status data may be saved to a dataset that may be associated with a user, such that any time a user logs in and is assigned a desktop, the user preference and status data may be obtained so that the user's previous desktop status may be restored. Thus, for example, if a user is associated with a session (i.e., endpoint) on a first virtual machine and later assigned to a different session on a different virtual machine, the user desktop state from the first virtual machine will generally not be available for the session on the second virtual machine. However, according to an aspect of the invention, user state is preserved independent of the session and the particular VM endpoint. Such a user data set may be referred to as a virtual profile, as described in the present invention. In embodiments, the virtual profile may be implemented and become a virtual hard drive or Virtual Hard Disk (VHD). Thus, when a user connects with a session on a different virtual machine, the previous user state may be migrated to the new session. This feature allows a single host desktop designed to provide a specific type to have a custom feel for each specific user. The result is that users of an otherwise universal conversation environment are perceived by the user as having a personal desktop look and feel.
As discussed above, during the course of a user session, a client may open and close remote access connections to a cloud service, and during any given connection, the client may change settings and preferences in the session. Described herein is a mechanism for provisioning remote desktops in a cloud-based infrastructure while maintaining user personalization. In a cloud-based system, a user may not be able to always reconnect to the same virtual desktop. In one embodiment, a virtual profile assigned to a user may be loaded to an endpoint assigned to the user. The virtual profile may include information such as user personal data and personalization information (e.g., settings, profiles, files, application data, etc.).
When the user disconnects from the remote desktop or logs out of the remote desktop, the virtual profile is unloaded from the endpoint and saved for subsequent user sessions. The virtual profile thus holds information about the user's state when the user disconnects and provides this information as needed for starting the next user session.
Because a user may be assigned desktops from a pool of available desktops, the next time the user logs in, the user may connect to any one desktop in the pool. To create a customized desktop experience for a user, the user's saved preference and state data can be used to provide the customized desktop experience regardless of the particular VM endpoint to which the user is connected.
Although the terms virtual profile and VHD are used to describe data structures used to hold user preference and state information, it should be understood that the present invention is not intended to be limited to any particular file or data format. In an embodiment, the virtual profile or VHD may be in a virtual hard disk file format configured to data typically found on a physical data disk drive.
Initially, a virtual profile or VHD can be populated with data that can be used to configure a user desktop according to a standard desktop configuration defined by, for example, a company IT administrator. Thus, a virtual profile or VHD can include data that defines a "golden image" of the desktop (i.e., a standard desktop configuration for a user role). However, when a user uses a particular remote desktop and begins to define the desktop by, for example, changing wallpaper, adding music, saving local documents, etc., this information is stored to the virtual profile or VHD, and then every time the user connects to a standard remote desktop, it is populated with data from the virtual profile or VHD to provide the look and feel of the custom user experience.
Any combination of user types (i.e., desktop types) may be defined within the bounds of a single cloud service boundary. For example, cloud service boundary 1410 may define a single service boundary, as defined, and configured to provide a set of services to a particular company and accessible using a predetermined URL, which, when entered via a browser, may provide a web interface for logging into the service and accessing a desktop configured for the service.
In one embodiment, upon requesting a user session, a connection to a connection broker may be initially requested. The connection broker may determine an indicia associated with the requested user session and select a virtual machine that is hosting the user session within the identified indicia. For example, if the request indicates that a user session is required, the connection broker may search a database including IP address port number combinations or network identifiers for the appropriate virtual machine being hosted on the cloud server. The connection broker may generate a redirection request that associates the user session with the identified virtual machine.
With reference to the embodiment described in FIG. 17, the endpoint may be notified 1700 that the user has logged into the system. The system searches the virtual profile 1701 and determines that the user's virtual profile already exists 1702. If a virtual profile does not exist for the user, a virtual profile 1703 is created. If the user's virtual profile already exists or if a virtual profile is created, the user virtual profile is moved to the endpoint 1704. A user desktop session may be initiated 1705. When it is determined that the user has logged out 1706, the virtual profile is unloaded 1707 from the endpoint and saved for subsequent use.
Desktop service provisioning
In one embodiment, a mechanism is described for creating and deploying computing infrastructure in a cloud computing environment. A user, such as an administrator, who typically determines the computing needs of a company, may be provided with an interface for defining various company computing needs and typical user desktops.
Such mechanisms may allow for the replacement of real-world corporate infrastructure provisioning processes, at least in part, with automated cloud-based services that provide virtual corporate infrastructure in the cloud. For example, in a typical corporate computer system setup, an administrator may determine that a company should have a project desktop with a given set of applications (e.g., Outlook, Word, Visio, AutoCad, etc.) and a financial desktop with a slightly different set of applications (e.g., Outlook, Word, Excel, etc.). The administrator may then determine how many users are to be provisioned with a given desktop (i.e., each of the project department obtains a desktop image based on the project desktop, and each of the finance department obtains a desktop image based on the finance desktop). The administrator may also determine that the back-end server needs to support such users and applications. For example, the administrator will determine how many servers are needed to support an email server, how many servers are needed to support a document repository, and so on. The server hardware then needs to be built in the company and the various applications installed on the server, desktop or notebook computer will need to be purchased and provisioned with the various desktop images, and so on.
It is an aspect of the present invention to provide a cloud-based infrastructure provisioning tool that removes the need for most manual processes by replicating and virtualizing aspects of the infrastructure in the cloud. To this end, the automated process allows an administrator to define the infrastructure as a cloud service, thereby reducing the need to determine the hardware and software infrastructure required within a company. Accordingly, a web interface for subscribing to cloud computing services may be provided to a user. Through the web interface, the user may define an initial typical user role and select an operating system environment and application. The user may also select the number of role instances to provide. The cloud computing environment automatically deploys the requested environment in a load balanced and scalable manner. The deployed environment is accessible via the internet using a URL or IP address. The underlying provisioning of the infrastructure in a cloud computing environment is transparent to the user.
Another aspect of the present invention provides a mechanism for scalably creating and deploying a network of virtual computers having a common desktop image in a cloud computing environment. A user is provided with an interface for defining a user computing environment and applications for placement on a virtual desktop. The user may also enter the number of characters or remote users. Based on this information, the system creates a golden image or master template of the character and propagates the image in the cloud platform. The underlying provisioning of virtual machines in the cloud is transparent to the user. The same automated mechanism used to create the golden image is also used to update the golden image whenever there is an update to the OS or any application and settings. The system automatically propagates the new image in the cloud platform.
Referring to fig. 5, a user at a user computer 304 is shown accessing cloud services provided by a data center 308 via a network 306. The user may select a desktop configuration 501 that includes an operating system, applications, policies, and storage options.
FIG. 15 depicts an exemplary operational procedure for scalably deploying virtualized computing infrastructure, including operations 1500, 1502, 1504, 1506, and 1508. Referring to FIG. 15, operation 1500 begins the operational procedure and operation 1502 shows causing a user interface to be presented to a user. In an embodiment, the user interface may be implemented as a web page accessible to the user via the internet. The user interface may also be used to allow a user to input computing infrastructure configuration parameters. The configuration parameters may include an operating environment and a software application to be included in the operating environment.
Operation 1504 shows receiving, via the user interface, at least one computing infrastructure comprising one or more user remote desktop configurations comprising an operating environment and a software application to be included in the operating environment. The remote desktop configurations may each correspond to a user role. For example, an administrator may use such a user interface to define two desktop environments for a medium-sized company. The administrator may define a first desktop environment for the engineer and may select an operating system and version, an email and calendar application, a browser application, an office application, and a drawing application. The administrator may further specify that up to fifty such desktops may be used at a time. The administrator may also define a second desktop environment for financial personnel and may select an operating system and version, email and calendar applications, browser applications, office applications, and database applications. The administrator may further specify that up to twenty-five such desktops may be used at a time.
The remote desktop configuration may be accessed via the internet using a URL. For example, after configuring the desktop environment, the desktop environment may be accessed by various users through inputs such as www.company.com/tech and www.company.com/find.
In an embodiment and as described above, an instance of a remote desktop accessed by a user may be instantiated by a virtual machine.
Operation 1506 shows creating a user configuration template for scalably propagating the remote desktop configuration in the virtualized computing environment based on the remote desktop configuration. In one embodiment and as also described above, a user configuration template may be created and propagated as a master image or golden image corresponding to the configuration and used to create additional instances of the configuration for each user as desired. Typically, the administrator will also provide a list of user identities that are authorized to access a particular desktop configuration.
In one embodiment, a three-step process for creating a desktop based on a master image or golden image may be implemented. First, the virtual profile includes a build virtual profile that contains code to build the desktop based on the appropriate OS. Second, the virtual profiles include a base desktop virtual profile that is updated periodically and includes code for downloading application installers, installing code, and making necessary changes to the OS configuration. The construct desktop is created based on constructing the virtual profile. Next, the application is installed based on the base desktop virtual profile. Finally, the constructed desktop becomes available for image storage.
Operation 1508 shows automatically instantiating, via the remote network connection, a virtualized computing infrastructure that includes the one or more user remote desktop configurations by propagating the user configuration template and making the one or more user remote desktop configurations available to the plurality of users. The virtualized infrastructure essentially implements the configured computing infrastructure.
FIG. 16 depicts an exemplary system for scalably deploying a virtualized computing infrastructure as described above. Referring to fig. 16, system 1600 includes a processor 1610 and a memory 1620. Memory 1620 further comprises computer instructions configured for scalable deployment of a virtual computing infrastructure. Block 1622 illustrates causing a user interface to be presented to a user for allowing the user to input computing infrastructure configuration parameters including an operating environment and a software application to be included in the operating environment. Block 1624 illustrates receiving, via the user interface, at least one computing infrastructure comprising one or more user remote desktop configurations comprising an operating environment and a software application to be included in the operating environment. Block 1626 illustrates creating a user configuration template for scalable propagation of remote desktop configurations in a virtualized computing environment based on the remote desktop configurations. Block 1628 illustrates automatically instantiating a virtualized computing infrastructure that includes one or more user remote desktop configurations by propagating user configuration templates and making the one or more user remote desktop configurations available to multiple users via a remote desktop connection, the virtualized infrastructure substantially implementing the configured computing infrastructure.
Any of the above-mentioned aspects may be implemented as a method, system, computer-readable medium, or any type of article of manufacture. For example, a computer-readable medium may store thereon computer-executable instructions for scalably deploying a virtualized computing infrastructure. This medium may include a first subset of instructions for causing a user interface operable to allow a user to input computing infrastructure configuration parameters to be presented to the user, the configuration parameters including an operating environment and a software application to be included in the operating environment; receiving, via the user interface, a second subset of instructions of at least one computing infrastructure comprising one or more user remote desktop configurations, the one or more user remote desktop configurations comprising an operating environment and a software application to be included in the operating environment; a third subset of instructions for creating a user configuration template for scalably propagating remote desktop configurations in a virtualized computing environment based on the remote desktop configurations; and a fourth subset of instructions for the user to: a virtualized computing infrastructure that includes one or more user remote desktop configurations is automatically instantiated via a remote desktop connection by propagating user configuration templates and making the one or more user remote desktop configurations available to multiple users, the virtualized infrastructure substantially implementing the configured computing infrastructure. Those skilled in the art will appreciate that additional instruction sets may be used to capture various other aspects disclosed herein, and that the four presently disclosed subsets of instructions may differ in detail in accordance with the present invention.
Claims (10)
1. A method for scalably deploying virtualized computing infrastructure, the method comprising:
causing a user interface to be presented to a user, the user interface operable to allow the user to input computing infrastructure configuration parameters, the configuration parameters including an operating environment and a software application to be included in the operating environment;
receiving, via the user interface, at least one computing infrastructure comprising one or more user remote desktop configurations comprising an operating environment and a software application to be included in the operating environment.
Creating a user configuration template for scalably propagating the remote desktop configuration in a virtualized computing environment based on the remote desktop configuration; and
automatically instantiating, via a remote network connection, a virtualized computing infrastructure comprising the one or more user remote desktop configurations by propagating the user configuration template and making the one or more user remote desktop configurations available to a plurality of users, the virtualized infrastructure substantially implementing the configured computing infrastructure.
2. The method of claim 1, wherein the one or more user remote desktop configurations each correspond to a user role.
3. The method of claim 1, wherein the at least one computing infrastructure further comprises a maximum number of users for each of the one or more remote desktop configurations.
4. The method of claim 1, wherein the user interface is available for presentation on a web browser.
5. The method of claim 1, wherein the one or more user remote desktop configurations are accessible via the internet using a URL.
6. The method of claim 1, wherein each instance of the configured remote desktop accessed by the user is instantiated by a virtual machine.
7. The method of claim 1, wherein the operating environment comprises data storage capacity.
8. A computing system, comprising:
a computing device comprising at least one processor;
a memory communicatively coupled to the processor when the system is run, the memory having computer instructions stored therein that, when executed by the at least one processor, cause:
presenting a user interface to a user, the user interface for allowing the user to input computing infrastructure configuration parameters, the configuration parameters including an operating environment and a software application to be included in the operating environment;
receiving, via the user interface, at least one computing infrastructure comprising one or more user remote desktop configurations comprising an operating environment and a software application to be included in the operating environment;
creating a user configuration template for scalably propagating the remote desktop configuration in a virtualized computing environment based on the remote desktop configuration; and
automatically instantiating, via a remote network connection, a virtualized computing infrastructure comprising the one or more user remote desktop configurations by propagating the user configuration template and making the one or more user remote desktop configurations available to a plurality of users, the virtualized infrastructure substantially implementing the configured computing infrastructure.
9. The computing system of claim 8, wherein the one or more user remote desktop configurations each correspond to a user role.
10. A computer-readable storage medium having stored thereon computer-executable instructions for scalably deploying a virtualized computing infrastructure, the computer-readable storage medium comprising:
instructions for causing a user interface to be presented to a user, the user interface operable to allow the user to input computing infrastructure configuration parameters, the configuration parameters including an operating environment and a software application to be included in the operating environment;
instructions for receiving, via the user interface, at least one computing infrastructure comprising one or more user remote desktop configurations comprising an operating environment and a software application to be included in the operating environment;
instructions for creating a user configuration template for scalably propagating the remote desktop configuration in a virtualized computing environment based on the remote desktop configuration; and
instructions for performing the following: automatically instantiating, via a remote network connection, a virtualized computing infrastructure comprising the one or more user remote desktop configurations by propagating the user configuration template and making the one or more user remote desktop configurations available to a plurality of users, the virtualized infrastructure substantially implementing the configured computing infrastructure.
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US13/232,844 | 2011-09-14 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| HK1179066A true HK1179066A (en) | 2013-09-19 |
Family
ID=
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US12107674B2 (en) | Multi tenancy for single tenancy applications | |
| US10838775B2 (en) | Load balancing by endpoints | |
| US9807153B2 (en) | Managing user state of cloud desktops | |
| US9361080B2 (en) | Multi tenant access to applications | |
| US8438635B2 (en) | Single sign-on for remote desktops | |
| US20130067345A1 (en) | Automated Desktop Services Provisioning | |
| US20130074064A1 (en) | Automated infrastructure provisioning | |
| US20130073670A1 (en) | Geo-Migration Of User State | |
| US9083604B2 (en) | Information processing apparatus, client management system, and client management method | |
| US20140096208A1 (en) | Automated system and method for provisioning and managing cloud desktop services | |
| HK1179066A (en) | Automated desktop services provisioning | |
| HK1180059A (en) | Automated infrastructure provisioning | |
| Padhy et al. | Architecture & Design of Affordable and Highly Available Enterprise Cloud Service | |
| Ward | SQL Server on Azure Virtual Machine | |
| HK1183386A (en) | Geo-migration of user state | |
| Csibi | Integration of Virtual Machine Technologies for the support of Remote Development Units | |
| Barnier et al. | Virtualization and Its Benefits |