On-demand Windows clients but not VDI?
February 19, 2018 10:55 AM   Subscribe

My developers need a way to keep fully-configured Windows environments available, and to use them as needed. One might be set up for .Net development (e..g., Visual Studio and a particular .Net version), while another could be ready for Java work (e.g., Eclipse & a specific JDK). They want to be able to swap among them with minimal notice (i.e., less time than a wipe of their laptop), and to share the if needed when a system breaks or a new project is approved.

VDI is out due to cost.

We thought of virtual machines on our VMware cluster, but that wastes CPU & memory.

We thought of Virtual Box VMs, but then wondered if they could each grab a copy of a given .vbox file without having conflicts among AD machine accounts or something.

What options are we ignorant of or not thinking of?

(For the record, we're a couple of the Unix sysadmins, and we get all the oddball questions. Yes, we will be handing this over to the desktop crew and the Windows sysadmins as soon as we can finish the discussions. :7)
posted by wenestvedt to Computers & Internet (9 answers total) 1 user marked this as a favorite
What's the latency of "as needed", seconds or several minutes. An AWS or Azure cloud system "spun down" most of the time is pretty low cost.Minutes or less to wake up. AWS has rules that allow forcing a system to shut down after a period, not sure about Azure.
posted by sammyo at 11:16 AM on February 19, 2018

We use VMs on the VMWare cluster for most of this. It may seem like too much overhead, but it's simple and they can get all their patches pushed by the University so we don't take on any extra work of keeping them secure.
posted by advicepig at 11:16 AM on February 19, 2018 [1 favorite]

How much time are do ya'll want to invest in this ? You can use a number of different technologies to provision and configure a VM (baremetal the VM and use puppet or ansible etc to configure it).

If you'll be churning out multiple *identical* copies, you definitely want to automate the heck out of it. (and I cringe at "copy a .vbox" - if you automate it, can tear down and start up new instances that are identical. If a change is needed, you make it in the code/description for the setup, no unicorns, no special boxes, no "bob's box is bad, but sally's box works, use that one" kinda stuff.. )

CPU and memory are cheap, and heck, AWS instances are cheap too -- can do AWS to spinup and configure as well (it's been a while, but I thought they had a handful of pre-configured VMs that meet most needs and can be spun up quickly).
posted by k5.user at 11:17 AM on February 19, 2018 [1 favorite]

This is pretty much literally what Vagrant is for. The website is fairly Linux-focused but it absolutely works for Windows guests running on Windows hosts too. It's basically an automated version of the "grab a .vbox off a central share" solution you mentioned and it works really well. It can get a bit hungry for disc space, because you're dealing with VM clones, but beyond the initial clone it's all copy-on-write.
posted by parm at 11:30 AM on February 19, 2018 [3 favorites]

AWS Workspaces *might* be good for what you need, or you could configure a few base images in Amazon's AMI, and spin them up as needed and pay for runtime.

You'd really want to just price it out based on how much you're going to store in images, and how long you expect to run them per user per month.
posted by odinsdream at 11:40 AM on February 19, 2018 [1 favorite]

At different orgs, I have used Vagrant, OpenStack with tons of custom scripts, VMWare, and Skytap for exactly this purpose. Skytap is really intended for doing this (but costs $$$).
posted by miyabo at 12:41 PM on February 19, 2018 [1 favorite]

Ooooh, Vagrant! I will look into that.

We thought about AWS, but they said they want to use one pretty much full time as long as a project lasts, then shelve it until either there’s a support issue, or the Upgrade Project Merry-Go-Round gets back to that app. In the mean time, those AMIs would get a liitle stale, patch-wise, methinks.

They don’t want a reproducible build, they want to build it up once and then clone/maintain it moving forward. I am a unix admin so for us it’s all done via Ansible. *shrug* This all seems a kind of madness.
posted by wenestvedt at 3:44 PM on February 19, 2018

If you're familiar with Ansible, then looking at Puppet may also be useful - it does config management and can be used in combination with Vagrant to provision machine images into a known state declaratively. You're necessarily going to have to get your hands a bit dirty with Windows admin stuff, but it's come a long way in the last couple of years.
posted by parm at 2:02 AM on February 20, 2018 [1 favorite]

It really depends on the scale. If it's just a few shared "machines" running on your VM cluster, the memory situation shouldn't be too bad as long as you have memory dedupe running.

Unless there was a particularly good reason why it isn't feasible in this specific instance that's what I'd do, anyway. Obviously if the plan is to have a copy of several different environments for each developer all running and in use at once it's less feasible without significant resource planning. In that case you probably would be better off using AWS or whatever you prefer and automate it.

It sounds more like they want the former, in which case you really probably are best off building them the initial image and then making updates their problem as long as you have some user facing way of starting and stopping individual VMs and can ensure they won't run on the same server as other security sensitive VMs. That way from their perspective it's just a regular computer that just happens not to be on their desk.

If for some reason you don't have any spare capacity on your existing cluster you could always make them buy a cheap ThinkServer and run KVM on it with one of its many libvirt based frontends (there are a few decent web based ones) and let it be their pet. Assuming policy allows for such a solution and you have someone on staff who can get it up and running and make sure it remains patched the additional ongoing workload shouldn't be an issue.

I get the advantages of the cattle/herd paradigm, but sometimes pets should just be pets. ;)
posted by wierdo at 9:54 AM on February 22, 2018

« Older Italian medical marijuana shortage -- hope us!   |   How do you find synonyms for expressions? Newer »
This thread is closed to new comments.