About two years ago, we penned a review of a virtual desktop infrastructure (VDI) solution comprised of Scale Computing for the hardware and Leostream for the VDI software. Since writing that article, the world has radically changed, and in effect, so have virtual desktops. Over the last two years, we have seen the largest migration of workers to date from office to remote work. During this time, we also saw more and more employees using remote desktops and companies hosting these desktops in the cloud rather than on-premises. In this paper, we will look at how easy or difficult it is to set up a VDI environment in the cloud using Leostream.
About two years ago, we penned a review of a virtual desktop infrastructure (VDI) solution comprised of Scale Computing for the hardware and Leostream for the VDI software. Since writing that article, the world has radically changed, and in effect, so have virtual desktops. Over the last two years, we have seen the largest migration of workers to date from office to remote work. During this time, we also saw more and more employees using remote desktops and companies hosting these desktops in the cloud rather than on-premises. In this paper, we will look at how easy or difficult it is to set up a VDI environment in the cloud using Leostream.
Leostream is an interesting company, as although it targets enterprises with thousands of users, its product is flexible enough that it can be deployed successfully by small and medium-sized businesses (SMBs), state and local governments, educational institutions, and large institutions that want to test the waters with VDI and then grow their environments larger at a later time. To date, their largest deployment manages desktop connections for nearly 5000 users and Leostream currently counts companies such as Pearson VUE, Fox Entertainment, and Carbon VFX as satisfied customers.
In this paper, we will be deploying a Leostream VDI environment on Amazon Web Services (AWS). We will then see if the environment can be managed and maintained without the help of specialized staff and look at the economics of deploying a VDI environment on a public cloud.
Why Virtual Desktops in the Cloud?
While Leostream has, in the past, had a reputation for being an on-premises VDI solution, the company is seeing a huge uptick in organizations deploying its product on public clouds, specifically AWS and Azure.
It needs to be noted here that Leostream is not new to cloud computing. In fact, over a decade ago in 2010, it released Leostream Cloud Desktops, a solution for Desktops–as-a-Service (DaaS). Although the company discontinued that offer, it demonstrates experience, interest, and expertise in deploying VDI in a public cloud.
Leostream customers are able to set up Leostream environments by only using cloud resources, and many are doing so. One of the software’s defining features is its agnostic nature towards VDI. Whereas other VDI solutions are closely invested in providing desktops and the infrastructure on which they run, Leostream is all about the connection broker; that is, the mechanism that authenticates users and then presents the virtual desktops that they are entitled to access. This gives Leostream wide latitude in terms of where it can be deployed.
Since the start of the pandemic, companies and institutions are turning to cloud deployments of VDI for a variety of reasons, including:
- Cost – In many cases, a VDI deployment using a public cloud can be less costly than an on-premises deployment as a large outlay of capital is not needed to do the deployment, and virtual desktops can be powered off when not in use. This lack of initial investment is also appealing to those who want to test the water with VDI or need to set up a remote desktop solution quickly without first having to procure the hardware to do so.
- Infrastructure – One of the main issues that many organizations have faced is not only the increased time it is taking vendors to deliver hardware, but finding the support staff to set it up and manage it. With cloud-based deployments, however, the infrastructure required for a VDI environment can be procured in minutes, and the cloud provider handles its ongoing maintenance.
- Flexibility – Closely coupled with cost and infrastructure is the benefit of flexibility with cloud deployments of VDI. If you find that you need more desktops, they can be instantly acquired, or conversely, if your needs change and you do not need as many desktops, they can be eliminated without having to deal with the unused hardware on which they previously resided.
In its basic form, a VDI user uses a client to connect through a gateway to a connection broker, which then associates the user with a desktop. When Leostream is being deployed in a public cloud, all the components, other than the VDI client, run on hardware inside the cloud.
Why Leostream Virtual Desktops?
Leostream was an early entrant into the VDI market. It was founded in 2002 by two entrepreneurs who recognized important gaps in the evolving server-virtualization and remote-access market. They pioneered technologies such as a patented physical-to-virtual machine converter and a virtual machine controller, which evolved into the enterprise Connection Broker that currently lies at the heart of the Leostream Platform.
In 2010, Leostream turned to the public cloud, spearheading AWS VDI. By automating capacity and providing remote desktop connection management for AWS alongside on-premises environments, Leostream became the first platform to offer enterprise VDI for hybrid cloud environments. In 2016, Leostream added the Leostream Gateway to the Leostream Platform, expanding the platform to provide secure remote access from any device, including through a built-in HTML5 client.
Today, the Leostream Platform embodies two decades of research and development in supporting customers with hosted desktop environments, including on-premises VDI and workstations, hybrid cloud, and high-performance display protocols. The Leostream Platform has proven to be one of the world’s most robust desktop-connection management platforms with a remote-access feature set that allows today’s enterprises to choose the best-of-breed components to satisfy complex security, cost, and flexibility needs. With the recent launch of the Leostream RESTful API, the company provides additional ways to customize its software and furthered its commitment to Solutions Providers and DevOps teams. Despite this track record of success, Leostream is not content to sit on its laurels and is continuing to evolve. Its roadmap includes closely collaborating with current and potential customers to meet their present and future needs.
The Role of AWS in Cloud-Based Desktops
Founded in 2002 as a subsidiary of Amazon, AWS provides on-demand cloud, pay-as-you-consume computing and storage for companies, governments, and individuals. Perhaps the best-known service that is offered by AWS is Amazon Elastic Compute Cloud (EC2) which provides the virtual machines (VMs) and desktops (instances) that we will be using to craft our VDI environment in this article. These instances can comprise a variety of CPUs, GPUs, RAM, storage, operating systems (OSes), and networking. Some instances even have pre-loaded application software on them.
At a glance, AWS has over 440 different EC2 instance types, ranging from a t.1 instance with a single i386 vCPU and 0.5 GiB of memory to a u-12tb1.112xlarge with 448 vCPUs and 12,288 GiB of RAM. The main takeaway here is that you can choose the hardware and software profile that best fits your budget and your VDI users’ needs.
The figure below shows the location of 25 datacenters that AWS has around the world, and 9 more that they have announced will be opening soon. This geographic dispersion means that companies can choose the location to deploy Leostream closest to their end-users to minimize latency or in countries that meet their corporate or governmental requirements.
Leostream can be deployed on all of the major public clouds, but we chose to go with AWS as it is the behemoth in cloud computing. In April 2021, AWS reported 32% year-over-year (YoY) growth and claimed a third of the cloud market.
Requirements for Leostream on AWS
To install Leostream on AWS, we followed the Leostream Quick Start Guide with AWS and worked with the folks at Leostream on installing and configuring it. The guide breaks the process of installing Leostream on AWS into a few different steps:
- Configuring AWS for use with Leostream
- Installing connection broker and gateway instances
- Preparing AWS desktops
- Integrating directory services
- Provisioning desktops
- Connecting users to their remote desktops
As these steps are well-documented in the guide, we will not be taking you through each step of the installation process here, but only commenting on the process in general. At the end, we’ll provide our overall thoughts on the installation process.
The AWS resources and services required for a Leostream VDI environment are:
- AWS EC2 – These are the compute instances that Leostream uses for the gateway, connection broker, and virtual desktops.
- Amazon Virtual Private Cloud (VPC) – Leostream needs an isolated private network for the desktops and connection broker to reside and communicate within. A Leostream gateway will allow secure access from the outside world to the connection broker and virtual desktops in the VPC.
Optional AWS resources and services for a Leostream VDI environment are:
- Amazon Directory Services – AWS has two different domain service offerings to manage domain users and computers: AWS Microsoft Active Directory (AD) or Simple AD. We will be using Simple AD in this article.
- NICE DCV – This is the proprietary remote display protocol for AWS, which we will use to connect to our desktops. This is included in the price of EC2 instances.
- AWS Relational Database Service (RDS) – As we will be using a built-in PostgreSQL database provided by Leostream, we will not be using RDS. RDS is necessary if you are building a high-availability (HA) Leostream cluster or have a large number of users.
- AWS Elastic Load Balancing – This routes users to different connection brokers to provide HA and failover. We will not be using this.
- Amazon Route 53 – This routes users to a Leostream login portal and provides DNS load-balancing servers. We will not be using this.
Directory Services on AWS
Unless a company only has a few desktops, they will want to use AD services for their Leostream deployment. Amazon provides different methods for these services.
For organizations that only need basic AD services, such as user accounts and group memberships, Amazon offers Simple AD, which is Samba 4 that runs in AWS with Amazon handling the monitoring, management, as well as daily snapshots. Simple AD has two sizes available: small, which supports 500 users; and large, which supports up to 5,000 users. We will be using a small-sized Simple AD service for our deployment.
For those that need an actual Microsoft Windows Server AD instance, AWS offers AWS Directory Service for Microsoft Active Directory (also known as AWS Managed Microsoft AD). As with Simple AD, Amazon handles the monitoring, daily snapshots, and recovery aspects of it in this instance. AWS Managed Microsoft AD is available in two editions: Standard and Enterprise. The Standard Edition supports up to 30,000 directory objects (i.e., users, groups, and computers), and is designed for organizations with fewer than 5,000 users. On the other hand, the Enterprise Edition is the most expensive AD option and is designed to handle up to 500,000 directory objects or about 80,000 users.
AWS also offers AD Connector. This is a gateway between an on-premises Microsoft AD and your AWS environment. These offerings cost the same as a Small Simple AD and much less than AWS Managed Microsoft AD.
As noted above, we will be using Simple AD since we will be deploying only a few desktops.
Installing Leostream on AWS
As with all other AWS deployments, Leostream requires an Identity and Access Management (IAM) user with permissions to access and manage EC2 resources. By following the instructions in the quick start guide, we didn’t encounter any issues creating an IAM user, giving it the required permissions, and squirreling away its Secret Access key. You do not need a dedicated IAM user for Leostream and can use an existing user if you have one available.
We set up a security group to allow the connection broker and desktops to communicate with each other and then configured a VPC in which they would reside.
We then instantiated a Small Simple AD service and created the VDI users on it.
The Leostream Connection Broker can be installed using a pre-configured image in AWS Marketplace, or you can install it on a CentOS or RHEL 7.x image. We were tempted to install the connection broker on CentOS as it is so trivial to do, but we opted to use the Marketplace image instead.
We searched for and selected the Leostream Connection Broker image in the AWS Marketplace.
We then did the same for the Leostream Gateway.
At this point, we had the infrastructure in place and could start to deploy virtual desktops.
After enabling Connection Broker forwarding in the Leostream Gateway, we entered the public IP address of the Leostream Gateway in our web browser and were redirected and connected to the Leostream Connection Broker. We licensed and configured it to use our Simple AD instance.
Preparing Virtual Desktops
Leostream can provision new AWS Windows or Linux instances using a base image once the image has had the Leostream Agent installed on it.
We spun up an MS Windows image, and then installed the Leostream agent onto it and powered it down.
At this point, we had three instances: the connection broker, the gateway, and the master desktop image.
We then created an AMI image from the master desktop image by selecting Actions -> Image and Templates -> Create Image.
Within a minute, we saw our new image. This would serve as the basis for the desktop in our desktop pool.
We finally had all the pieces in place to start provisioning desktops.
Creating a Virtual Desktop Pool
Leostream has the ability to provision desktops on demand; in other words, whenever there are not enough desktops for the number of users, a new one will be created automatically. This not only ensures that new users will have desktops when needed, but it also ensures that you will not be paying for resources (desktops) before they are used.
We set policies so that newly provisioned desktops would join our domain and that they would use RDP as the display protocol. To save money, we configured the power control plans of the desktops to power off after either being disconnected or sitting idle for more than 15 minutes. And when a user logs off, the desktop will be powered off immediately.
We set our provisioning to always have a minimum of one desktop available (pre-provision) and a maximum of five. When we do mass testing of desktops, we will change these values.
Although Leostream supports more display protocols than any other VDI solution that we know of, we configured the desktops to use RDP since RDP clients are available from a wide variety of devices and most firewalls allow them to be passed through. You can use RDP to display by either using an RDP client or an HTML5 web browser.
Connecting to a Virtual Desktop
To test our environments, we connected to a desktop using the web browser, an RDP client, and the Leostream client.
To use the web browser, we simply pointed the web browser at the IP address of the gateway that was being hosted in AWS. This brought up a sign-in dialog.
After selecting the pool of desktops that we wanted to connect to, we were presented with a Windows desktop in the browser tab.
By looking at the Leostream logs, we could see that it took 1 minute 45 seconds to provision a second desktop. We verified that the desktop had been created by navigating to Resources > Desktops where we saw the desktop that we currently use as well as the pre-provisioned desktop.
We downloaded the Leostream Connect client for Windows (they also have clients for macOS and Linux). We installed Leostream Connect on a laptop running Windows 10. We were given the option to specify what other options we wanted the client to perform, such as being able to connect USB devices on the client, and virtual desktop accessibility.
After specifying the IP address of the gateway, we were presented with a user login dialog.
We connected to our virtual desktop from our Windows 10 laptop and tested how well the virtual desktop behaved by using various Office applications, streaming videos, and playing music on the virtual desktop. The virtual desktop was very responsive in all our tests. We found that we could even play videos in the background while working on Office documents with only a minimal amount of jerkiness and dropped video frames. We did not experience any slowdown in our Office applications during this test.
We then connected another user from an Atrust t176L VDI client. The Atrust t176L is a small form-factor thin client with 4 USB and 2 DisplayPort ports and is powered by an Intel CPU. It runs a bespoke Linux operating system. We used RDP during our testing with this device. The thin client connected without any issues, and we had the same virtual desktop experience as when using Leostream Connect from our laptop.
Performance – PCMark 10
To get a better idea of the performance of the virtual desktops that we were using (a t2.medium EC2 instance), we ran PCMark 10 on it.
We did get a warning when we launched PCMark 10 that our GPU may not be compatible with it. We chose to ignore this warning as we were not doing definitive testing but just trying to get a sense of how well this EC2 instance would perform.
We monitored it during the testing. Although some of the tests were a tad jerky, none were unacceptable.
Not all the tests were run (which didn’t surprise us due to the GPU warning), but below are the results of the tests which did run. This system rates as a good PC for doing common office tasks.
It needs to be stressed that this does not reflect on the Leostream Connection Broker, but is instead due to the performance of the instance. If a user needs more power, you can easily assign them an instance with more performance. This is one of the beauties of Leostream on AWS: you can cater the instances to literally any user’s needs.
AWS NICE DCV
In 2016, AWS acquired NICE, a purveyor of a high-performance remote display protocol (DCV) that lets you securely and efficiently deliver remote desktops to a NICE DCV client. There is no charge when using NICE DCV with EC2 instances. Among its many features are H.264-based encoding, lossless video compression, and adaptive compression levels.
We set up a protocol plan in Leostream to use DCV.
We then created a desktop image by selecting an AMI from the AWS Marketplace with NICE DCV preinstalled on it. Specifically, we chose the “NICE DCV for Windows (non-graphics-intensive instances)” AMI with a t.2 medium hardware profile. We powered it up and installed the Leostream agent on it.
We then verified that we could connect to the instance using the native NICE DCV client, which we did without any issues.
We then shut down the instance and added it to our new DCV desktop pool and connected to it using the Leostream Connect client.
We did notice a slightly better user experience with smoother video playback when using DCV, and we would recommend using DCV whenever possible.
Creating 100 Virtual Desktops
We were curious as to how quickly AWS could spin up 100 desktops simultaneously, so we modified our pool provisioning to provision up to 100 desktops and have 90 of them available to connect to immediately.
We then went to Resources > Desktops and watched them being provisioned. We saw them go through the various states of being deployed (i.e., deploying, joining the domain, starting, etc.).
By the time it took us to get a drink (about five minutes) we had 71 of the 90 virtual desktops available, and the rest came online shortly afterward. Note: We opted not to re-use desktop numbers, so the name of the desktops (WinPool-xx) do not actually reflect the number of the instances currently running.
We verified that they had been created in EC2 and did, in fact, see the desktop instances listed.
We used a wide variety of our VDI clients (HP and Dell thin clients, Windows, and Linux systems) to attach to them without any difficulties. We even connected to one desktop using a tablet and web browser.
Using the tablet, we were able to enter text from the device’s pop-up on-screen keyboard and a Bluetooth keyboard we paired with the tablet. The applications were responsive and usable but, as expected, we would not want to use a tablet with such a small screen to do heavy document editing. For quick on-the-go desktop access, however, a tablet would be convenient.
Just as important, and perhaps more so, is the ability to remove instances when they are not in use as this can save a company money. We changed the pool policy back to only having a single desktop pre-provisioned and a maximum of five desktops.
We then used the Leostream console to delete the unused desktops and confirmed that the desktops would be removed.
After clicking OK, the desktops started to be deleted immediately and were completely deleted within 5 minutes. At that point, we stopped being charged for them by AWS. Although we found that desktops were provisioned very quickly, you can use Leostream to set time policies for when virtual desktops are to be powered on and off. This can ensure that users have desktops when they report for work, but that you will not be charged when they are inactive.
Virtual Desktop Management
Leostream’s agonistic stance extends to the management and patching of their desktops. For example, for profile management on Windows desktops, you could use FSLogix (which is now owned by Microsoft and is free) or any other third-party product.
Final Thoughts
In this paper, we wanted to experience what it takes to set up Leostream on AWS. More specifically, we wanted to see if it could be done by a general IT staff with only minimal experience with AWS and if it is cost-effective to do so. The short answer to the first two questions is yes – it took us less than two hours to set up and have a fully functional VDI environment that VDI end-users could connect to. The question around cost, however, is more difficult to ascertain as so many variables are involved.
We worked with our Leostream environment for two weeks and our AWS bill was less than $150 USD. To be fair, we were very judicious during that time with our resources, and we powered off EC2 instances whenever we could, but we had over 100 desktops powered on at one point. By no means do we suggest that a fully-functional production system or even medium-term POC could be run this inexpensively, but setting up a POC on-premises would have cost an order of magnitude of two more.
Using AWS, we could easily expand our VDI environment in minutes. We literally added 100 new desktops in less than five minutes and could have increased it to thousands in a minimal amount of time if we decided to do so. The lead time for new physical servers is weeks, and with the current supply-chain issues, it could be much longer. We could also specify the types of desktops we wanted. For example, if we had a user that required a high-powered desktop with many vCPUs, a GPU, and loads of RAM, we could have created a desktop for them with just a few clicks. We also had the ability to remove unused desktops with just a few clicks as well.
Using AWS as a platform for Leostream can be cost-effective, but not in all cases. For example, if you are running desktops 24×7 or have underutilized hardware that has been fully depreciated, then yes – it is probably less expensive to run Leostream in-house. The beauty of Leostream is that you will be using the exact same VDI management platform and many of the same workflows regardless of whether you are running it in the cloud or on-premise.
This report is sponsored by Leostream Corporation. All views and opinions expressed in this report are based on our unbiased view of the product(s) under consideration.
Engage with StorageReview
Newsletter | YouTube | Podcast iTunes/Spotify | Instagram | Twitter | Facebook | TikTok | RSS Feed