VDI Infrastructure: Citrix vs. VMware
Whether you're a CIO performing a cost-benefit analysis or a systems engineer looking at switching another platform, one task that often proves challenging is deciphering the differences between solutions. In the VDI space, this can be quite cumbersome.
Oftentimes, marketing teams change solution names as soon as the market gets acquainted with the previous name. Add on top of that new features being introduced semi-annually, and quickly, you see the VDI market experiences a high rate of change.
To assist with this challenge, I'll be guiding you through the basic infrastructure components of VMware and Citrix's VDI solutions — and discuss how they match up against one another.
Architectural Core Components
Regardless of whichever solution is discussed, the VDI space typically requires five base components:
- A hypervisor that allows access to the benefits of virtualization
- A brokering service to delegate the available resources to the end user
- A provisioning technology to scale the environment by copying an existing machine's setup
- A web-front end to provide authentication and access to the resources
- An external gateway to ensure secure external access to the internal resources
Each vendor product is obviously a little different, but functionally they accomplish the same goals. Collectively, these five components integrate to provide a solution whose end goal is to provide access anywhere, anytime, on any device. That's the entire VDI pitch in five words.
Terminology to Know
We'll want to start with establishing some terminology for synonyms often used in the VDI space. Let's get the product name cleared up as both have undergone a renaming in the past few years. What was previously known as VMware View got a brief name change to VMware Horizon View, and is now labeled relabeled as VMware Horizon.
Similarly, Citrix XenApp and XenDesktop have been redubbed Citrix Virtual Apps and Desktops. Version numbers are normally included at the end of these naming conventions with VMware following a typical numbering pattern (ex. 7.11) and Citrix following Microsoft's lead with the concatenated year-month model (ex. 1912).
Consider the chart below your pre-appendix for any comparable terms and use it as reference as we continue on.
|Broker Service||Delivery Controller||Connection Server|
|Provisioning Tech||Machine Creation Services||Linked Clone|
|Web-Front End||Storefront||Connection Server|
|Gateway||NetScaler Gateway||Security Server or|
Universal Access Gateway
|Administration Console||Citrix Studio||View Admin Console|
|Base Images||Master Images||Replicas|
|Group of Machines||Machine Catalogs||Pools|
|Group of Publishing Servers||Delivery Groups||Application Pools|
|Machine Types||Random Non-Persistent|
Citrix Virtual Apps and Desktops
Citrix's documentation touts an impressive list of compatible hosting solutions. For on premise deployments, this list includes Citrix Hypervisor (formerly XenServer), VMware vSphere, Microsoft Hyper-V, and the up-and-coming Nutanix Acropolis. In the realm of cloud competitors, Citrix supports the two big 800-pound gorillas in the market: Amazons AWS and Microsoft Azure.
The brokering service for Citrix comes in the form of the Delivery Controller. The Delivery Controller is responsible for:
- Communication with the hypervisor to create and update machines
- Communication with the database to store and retrieve assignments and entitlements of resources
- Communication with the downstream servers to ensure availability of the resources
Administrators interact with the Delivery Controller through either (1) Citrix Studio (a GUI-based console) or (2) Citrix Powershell SDKs. This is where roughly 80 percent of a citrix administrator's time is spent.
Citrix's long-standing provisioning technology is known as provisioning services, more commonly referred to as PVS. PVS is a solution that provides great scalability by enabling virtual machines created on the hypervisor to network boot via a separately installed Citrix Provisioning Server that streams the requested boot image across the wire.
To give an example of how this may be beneficial, consider that a machine could essentially boot without any disk attached and store all its changes in cached memory, effectively consuming zero disk space (note: this is an extreme case, often PVS VMs include an attached disk for disk writes or overflow of disk writes from memory cache).
The secondary option for Citrix provisioning comes in the form of Machine Creation Services (MCS). MCS allows users to effectively duplicate an existing VMs configuration by using a combination of the base image, a snapshot, and some MCS magic to create and re-roll an effective new machine with the same configuration, but a new independent identity. To do this MCS effectively takes a copy of the combined base image and snapshot, combining it into a master image and it copies that master image to each storage repository that the hosting environment has access.
From there the new VMs are spun up referencing that master image as a read-only disk and additional disks are attached. The first additional disk is known as an identity disk and serves the purpose of providing the machine with its static new identity (think computer name, SID, etc.). The other disk attached is a differencing disk which serves as the temporary repository for any changes made to the VM for its existence.
Both of these technologies have their merits, but beware, both also have their drawbacks. For PVS, yes you can save on the storage I/O and it scales beautifully — but you will be essentially putting all your hopes on the network not hiccupping one bit. Whereas with MCS, you will have increased resiliency from network hiccups, but may not be able to scale to the proven 2500 VMs that PVS can due to I/O constraints.
Every application needs some way for its users to interact with it. For Citrix this is known as Storefront, which is responsible for
- Handling user authentication
- Communication with the delivery controller to enumerate user assignments
- Storing users' resource subscriptions.
Individual configurations of Storefront are called Stores, which are configured to pull assignments from one or many delivery groups. Citrix supports various access methods via Stores, including; anonymous authentication, domain authentication, domain + security token, SAML authentication, smart cards, and certificates.
After users authenticate, they are presented with a listing of their available resources, as pulled from the delivery controller's records. As they frequent certain resources or manually favorite them, a memory of their selections is cached as a subscription to provide a consistent experience.
Citrix's external gateway is known as Citrix Gateway (formerly Netscaler Access Gateway). The Citrix Gateway is a component of the Citrix ADC (formerly Netscaler ADC) and serves as a hardened web-proxy for authenticating external access requests and relaying connections to internal resources. More than your typical web-proxy, the ADC combined with the Gateway are often considered the proverbial Swiss-army knife of networking. They perform a range of tasks including: (1) content switching, (2) load balancing, (3) web-app firewall, (4) SSL offloading, and (5) VPN services. The gateway comes in a variety of packages including a virtual appliance with a software license to scale it's throughput to physical appliances similarly scaled to size with an optional FIPS compliant configuration.
Overall, the external gateway is a beast and often requires a Network/Security Administrator or someone with skills outside your typical Citrix Administrator's role.
VMware Horizon View
Considering VMware serves as the leading virtualization platform in the market, it's nice that with VMware Horizon View you're allotted free licenses for vSphere. With that being said, it's really the only option you have for on premise deployments as other hypervisors are not supported.
On a bright note, VMware does have a Horizon Cloud offering which does provide some flexibility by enabling Microsoft Azure, Amazon AWS and IBM Cloud as public cloud vendors.
In Horizon View, the View Connection servers are the brains of the operation. Similar to the delivery controllers of Citrix, the View Connection servers perform the following roles:
- Handling and Storing of the entitlements of resources
- Communication with the downstream resources to ensure resource availability.
You'll likely notice we left off the communication with the hypervisor portion — and for good reason. Depending on which provisioning technology you choose, this piece may be handled by a different part of Horizon View. As a side note it's ideal that the View Admin console is completely HTML based, so there's no need to install a separate console for administration.
Horizon View comes with two provisioning technologies: linked clones and instant clones. Linked clones greatly resemble the same architecture outline of the aforementioned Citrix MCS provisioning technology. Similar to how Citrix MCS uses base images and snapshots to create read-only master images that are prepped and attached with additional disks to provide the VDI experience linked clones perform this same operation.
It does this via parent VMs and snapshots to create replica VMs with similarly attached disks for storing identity and tracking changes. It's important to note that Linked Clones are dependent on an additional software component known as view composer. View composer must be installed on a separate server from your View Connection servers, and serves as an intermediary between the View Connection server and the hypervisor. Its job is to ensure resource availability by controlling when resources are created, destroyed, and recomposed (a fancy term for being freshly wiped and rebuilt).
The internal web front-end is also handled by the View Connection server. Interestingly enough, this service supports domain authentication, SAML authentication, domain + token authentication, and smart cards.
VMware View comes with two options for the external gateway: the traditional security server and the newly released Universal Access Gateway (UAG). The Windows-based security server is the legacy solution that requires a one-to-one pairing to each View Connect server.
The alternative is a Linux-based virtual appliance known as the UAG. The UAG can be set up to connect to multiple View Connect servers, eliminating the need for the one-to-one mapping. As with VMware's vCenter, the market trend is moving toward Linux-based appliances that can be more easily deployed. Expect new feature sets to be limited to the UAG, ultimately leaving the legacy security servers in the dust.
Citrix vs VMware: Which to Choose
Now that the stage has been set, let's get to the fun part, comparing the Citrix and VMware VDI infrastructures.
Citrix clearly does a better job in catering to a more diverse pool of hosting solutions, however, do consider that this is a calculated tactic by VMware. VMware's target here is twofold; to gain market share with its sector-leading technology, ESXi, and ensure stability and consistency within the VDI experience.
For the most part a brokering service is a brokering service. The only caveats to this would be potential add-on alternatives or services that can be attached that would make a significant impact. For Citrix there is Citrix Director, which provides a single web-based administration page for both helpdesk- and administrator-level tasks.
Think of this as a basic environment health status page combined with some helpful troubleshooting tools to diagnose and interact with user sessions. In addition to this load index evaluation can be figured via Citrix Policy, which gives Director Insight into a machines resource strain and potential overutilization.
As for add-ons, Horizon View doesn't come bundled with a comparable toolset. However, if you consider a combination of two alternative resources; internally developed Horizon Helpdesk Utility and vRealize for View; you'll have your solution.
Each solution comes with two options in this arena, but in terms of making a decision we can disregard Citrix's MCS and VMware's Linked Clone solutions, as they are relatively identical in approach. That leaves us with PVS versus Instant Clones, two very different technologies. As with any decision of this sort, the answer will always come down to two simple words "it depends."
In terms of speed-consistency-scalability, both of these solutions have been proven to handle the workloads thrown at it. The real consideration here still remains of whether you want to rely on your network or your storage.
While very similar I'd have to give the blue ribbon to Citrix as Storefront provides more granular control of just how you want your user experience to look and feel. To add to this, Citrix has an administration console dedicated to the configuration of Storefront, whereas, making changes to the View Connection interface follows a more primitive approach of locating and editing configuration files. Not a big deal, but it'd be nice to see some advances here.
This is a hard one. With Citrix you get more than just an external gateway, but the drawback is that those features may cost you in additional licensing, manpower, and training. On this note, NetScaler's learning curve is quite steep and doesn't exactly lend itself to non-network individuals. So, beware.
On the other hand, VMware's Security Server is pretty straight-forward for even newcomers. Similarly, the UAGs are even easier to deploy with a few clicks to import the appliance and answering a few Hogwarts-level wizard questions. It's one of those double-edged swords: do you require complexity or simplicity?
The Final Verdict
Choosing between these two solutions always comes down to what's most important to your business. Citrix was the first-to-market in the application virtualization space and for many is considered the tried-and-true application virtualization solution. With this, comes years of development which has afforded Citrix with a plethora of configuration options that will most certainly meet whatever need you come across. When they decided to take on desktop virtualization, those years of experience transitioned well as Citrix Virtual Desktops are a robust solution that can certainly meet any need you throw at it.
On the other hand, VMware wouldn't have jumped in the market if they didn't clearly see a gap that Citrix wasn't filling. VMware recognized that the complexity introduced by all those options could prove to be a limiting factor for those that just wanted to do VDI, quickly and simply. With Horizon View there is very little maintenance or toying with in-depth configuration options that would otherwise have you scratching your head between the impact of selecting lossless or lossy graphics.
In my mind, I can't help but think this is a conscious decision by VMware to reduce the complexity of VDI and one of the leading reasons for their growing market share in this space. Forgive the expression that we all hear from vendors every now and again, but Horizon View just works. And sometimes, that's all we want as IT professionals.