In this post we are going to show how to leverage OpenNebula’s edge computing features to easily setup a fully open source, pay-as-you-go Virtual Desktop Infrastructure (VDI) at the edge using on-demand bare-metal resources from providers like Packet or AWS. The automatic provisioning of dedicated Virtual Desktops at the edge can be especially useful when there is an urgent need for a company to respond to an unexpected WFH demand—like the one created by the current COVID-19 crisis.

VDI solutions provide end-users with ubiquitous access from a variety of devices and places to desktops and applications that are centrally managed and curated by their company’s IT staff. In this way, companies can ensure that these environments are properly managed and configured for securely accessing corporate resources and sensitive data.

A decentralized Edge Cloud model is especially suitable for companies that need to extend the VDI paradigm in order to be compliant with local data protection regulations (like GDPR) or whose employees require low-latency remote access to corporate applications. Imagine, for instance, the following scenarios:

• A company needs to manage in an efficient and secure way the Virtual Desktops and corporate applications its employees use from different branch offices.
• An urgent need arises for a company to deploy a corporate Virtual Desktop platform to respond to an unexpected and abrupt increase in WFH demand.
• A company wants to reduce the infrastructure costs associated with the deployment of a large VDI environment by adopting a pay-as-you-go model, while avoiding vendor lock-in.
• A multi-national company needs to ensure it is compliant with data protection regulations affecting those employees working remotely from different locations around the globe.

The OpenNebula Approach to VDI

OpenNebula can be used to set up a stable, easy-to-deploy open source VDI solution at the edge, as an alternative to complicated VDI legacy stacks or expensive cloud solutions. The use of on-demand bare-metal resources at the edge offers a powerful mechanism for companies to make sure that they observe local data protection regulations while, at the same time, improving the end-user experience and reducing costs associated with cloud infrastructures.

Let’s start then by having a look at the different components one need to combine in order to deliver an end-to-end VDI solution at the edge:

• A cloud infrastructure for resource virtualization (i.e. computing, storage and networking) in order to deploy Virtual Desktops at the edge.
• A private catalog of customized Virtual Machine images that can be used for the provisioning of corporate Virtual Desktops to employees, based on the company’s internal needs (i.e. specific operating systems, access to corporate applications, integration with LDAP/Active Directory for authentication, etc.).
• A user-friendly system that allows end-users to connect through a graphical interface to available Virtual Desktop resources at the edge using different display protocols (i.e. RDP, VNC, Spice).

OpenNebula, thanks to its edge computing features, can be used to provision cloud-based on-demand Virtual Desktops and applications at specific edge locations. This model reduces latency by provisioning resources closer to the corporate users, branch offices, and employees working from home. To do so, OpenNebula can incorporate available resources offered by third-party bare-metal providers like Packet (now part of Equinix) or AWS.

OpenNebula also provides the necessary tools for IT staff to build corporate VM images by defining the contextualization of both Linux and Windows images, as well as to set up a private Marketplace from which to provision corporate Virtual Desktops at the edge. For the Proof of Concept shown at the screencast below, for instance, we’ve previously created a Windows 10 Image for KVM following this step-by-step tutorial.

Once the VM images are ready, OneFlow—OpenNebula’s advanced component for running multi-VM applications based on dependencies and auto-scaling policies—offer the possibility to deploy and manage pools of specific Virtual Desktops. Through OneFlow, cloud admins can adapt the VDI environment to the company’s real needs by defining automated capabilities for its infrastructure. Some of these options include, for instance, scheduling the creation of a specific amount of virtual resources to be available only at working hours, or the dynamic scaling of the virtual resources in case there’s some unexpected peak in demand.

OpenNebula + Apache Guacamole

In some sense, a default OpenNebula instance already provides a simple, ‘out-of-the-box’ VDI solution: it offers to end-users the possibility of connecting to their Virtual Machines via VNC/Spice and also via RDP files (that can be downloaded and used with external RDP clients). This is done through the so-called “Cloud View” that comes with Sunstone, OpenNebula’s WebUI:

For such a basic model to work, an OpenNebula front-end should to be installed at the central location from which the VDI deployment will be managed. This frontend can be located on-premises or on a public cloud or bare-metal provider. From that central location, OpenNebula can then provision on-demand the necessary physical nodes at the edge, depending on the company’s needs. After that, the cloud admin will only have to create dedicated Virtual Machines for the end-users by instantiating on their behalf the appropriate VM image from the corporate Marketplace. Through the Sunstone portal, end-users will be able to access their Virtual Desktops and manage by themselves the life-cycle of their Virtual Machines.

However, although this VDI model might work for some organizations, some others might benefit from making things even easier for their employees. This is where our integration with Apache Guacamole comes into play. Guacamole is a powerful open source software that supports standard protocols like VNC, RDP and SSH, and provides access to Virtual Desktops through HTML5 browsers without the requirements of plugins or desktop clients.

By integrating OpenNebula with Guacamole, an end-user can access a corporate Virtual Desktop belonging to a pool of Virtual Machines that are created and destroyed dynamically according to the company’s internal policies and real needs. As opposed to dedicated VMs managed by the end-users, these Virtual Desktops are conceived as ephemeral resources, used mainly to provide a secure access to corporate resources deployed at the edge (i.e. sensible data or internal applications).

This integration is possible thanks to the OneFlow component, which can be used by cloud admins to deploy and manage Virtual Machines in an automated way, creating and destroying them dynamically according to predefined rules of elasticity and scheduling. It also makes use of OpenNebula’s Hook subsystem, the component that enables the execution of custom scripts tied to a change in state in a particular resource (i.e. a Virtual Machine).

The Power of Open Source at the Edge

Thanks to this integration of OpenNebula with Apache Guacamole—and with the proper configuration of Guacamole and your corporate VM images so that they all use the same authentication system—your end-users will be able to login with their regular corporate credentials into the web portal provided by Guacamole and get immediate access to a Virtual Desktop, and all that through a simple web browser!

If we combine this OpenNebula + Guacamole integration with the proper configuration of the corporate storage to make sure that both the Virtual Desktops and the user data always remain at the edge, we’ll get a fully open source VDI solution that can be compliant with any relevant data regulation that your company might need to observe. Isn’t that cool? 🤓

Contact us if you want to know more!

We have recently published a blog post on how to reproduce the VDI solution based on the integration of OpenNebula and Apache Guacamole. Don’t forget to check it out and provide your valuable feedback 🤓