Successful client virtualization environments are those that meet the goals set by IT and the business consumer at the outset.

At a high level, solutions must be:

• Secure – From the compute infrastructure that hosts end-user sessions to the networks that carry the protocol by which end users receive their experience, security should be top of mind for any implementation of Citrix Workspace Suite or Citrix Cloud.
• Manageable – Migrating new end-user resources into the data center means insuring that the platforms that host those resources are highly manageable.
• Performant – The experience of the end user must be good in order for the implementation to succeed and that means the underlying platforms must be performant.

With the introduction of the HPE ProLiant DL380 Gen10 and HPE ProLiant DL360 Gen10 servers, Hewlett Packard Enterprise has released platforms that provide the security, manageability and performance demanded by client virtualization workloads. This document focuses on helping Hewlett Packard Enterprise’s customers understand these platforms and the related options in the context of a client virtualization deployment. It seeks to highlight the features these platforms bring to market that help address the requirements for a successful client virtualization implementation.

This section describes the platforms and software that will power your client virtualization environment including an overview of the functions and benefits of Citrix’s suite of products.

HPE ProLiant Servers

Hewlett Packard Enterprise has launched three new HPE ProLiant Gen10 servers which are a strong fit for a variety of client virtualization environments. Whether your concern is providing high end graphics to remote workers in order to keep data local or you are looking for the most secure platform on which to host your users, HPE ProLiant Gen10 is the right fit.

HPE ProLiant DL380 Gen10 Servers

The HPE ProLiant DL380 Gen10 servers platform offers the ultimate flexibility for client virtualization workloads. With a choice of CPUs offering a balance between core counts and core frequencies, very large memory footprints, a broad array of graphics options and a mix of HDD, SSD and NVMe drives with up to 26 disks per host, the HPE ProLiant DL380 Gen10 servers is an optimal choice for all client virtualization workloads. The HPE ProLiant DL380 Gen10 supports all graphics users from those with simple video needs to workstation class users and does so with support for the NVIDIA Quadro P2000 (x4), Quadro P4000 (x4), Quadro P6000 (x3) ,Tesla M10 (x2), Quadro RTX6000/8000 (x2).

In this section, an overview of platform option selections as well as common criteria used in system design are provided. The actual choices might be driven by individual installation factors and a PoC is recommended.

HPE ProLiant Platform Options

Traditional conversations around the selection of two socket versus four socket systems have centered on a scalability/cost mix, risk mitigation and overall manageability. As client virtualization addresses more graphics centric use cases, the conversation must now include graphics scalability.

HPE ProLiant Gen10 CPU choices are based on a single standard development by Intel® which suggests that overall compute scalability will remain a dead heat between two and four socket platforms. Combine this with cost scalability between the two and four socket platforms is discussed in this document and it points to price/performance being on par across platforms. In selecting a platform, Hewlett Packard Enterprise sales representatives or authorized Hewlett Packard Enterprise reseller can provide a solution with optimal TCO.

As with prior generation platforms, HPE ProLiant Gen10 server systems are managed by HPE iLO. This ensures that each platform mentioned in this Reference Configuration is as easy to manage and own as the next. Given the common nature of the management tools, overall manageability refers to the desire to manage as few systems as is feasible for a given workload. If this is a priority within your IT environment and the remaining criteria discussed in this section are met then strong consideration should be given to the HPE ProLiant DL560 Gen10 platform as a client virtualization server resource.

Risk mitigation has traditionally involved discussions of minimizing the amount of risk placed on any one system if a hardware failure occurs. When risk aversion is a priority, deploying two two-socket servers versus one four-socket server is prudent.

Majority of systems today deploy graphic intensive applications as well as hypervisor requirements. With VMware® vSphere, there are three modes in which graphics hardware may be utilized by the end user. These modes, Virtual Shared Graphics Acceleration (vSGA), Virtual Graphics Processing Unit (vGPU) and Virtual Direct Graphics Acceleration (vDGA). These modes target different users and use cases. vSGA utilizes a VMware graphics driver that abstracts the GPU from the end-user VM. This allows a large number of end users who require occasional acceleration capabilities to utilize onboard cards without requiring direct access. vMotion is preserved when vSGA is utilized, but only a limited set of graphics APIs are supported. vGPU allows multiple advanced graphics users to share a single graphics card using native graphics card drivers. OpenGL, OpenCL, DirectX and NVIDIA CUDA are supported and the selection depends on the solution provided. Instant Clones may be utilized to maximize manageability but vMotion is not available. vDGA makes a GPU available directly to the end-user’s VM. This offers the best performance for end users that utilize the graphic intense applications and offers the broadest range of API support.

In all HPE ProLiant DL servers mentioned here, it is possible to support both vDGA users and non-graphics (or CPU only graphics users). For both vGPU (Microsoft) and vSGA (VMware) solutions, the HPE ProLiant DL380 Gen10 is the optimal rack mount solution.

Selecting options in client virtualization platforms

This section provides guidance for performance, security, reliability and efficiency selection criteria of VDI.

CPU selection

CPU selection for VDI requires an understanding of the workload or workloads you will support in your environment. Core count, core frequency and processor price point are all consideration factors. Because environments vary greatly, each organization has to look into the number and types of users, types of workloads and various methods used to utilize apps and desktops, to select the right CPU. The following general VDI guidelines are based on lab testing, customer inputs, or partner feedback:

• Heavy graphics users with CPU intensive applications will benefit from higher core frequencies even at the expense of lower core counts. This type of use case is not density optimized on a per server basis due to the nature of heavy graphics users, so the tradeoff is generally advisable to insure the best performance for the user.
• Knowledge workers without requirements for graphics tend to benefit from maximum core counts even at the expense of core frequency.
• Applications with limited graphics requirements that do not drive high CPU utilization should be balanced between core count and frequency with an eye toward maximizing cumulative compute capacity.

Storage

End-user computing implementations offer a broad array of local storage options. In a scenario involving SAN connectivity, the local host may have nothing more than a local SD or USB boot device for the hypervisor to reside on. IN contrast, a boot LUN may be presented creating a server with no local boot media (i.e. a disk free server). A more common scenario involves the implementation of Software Defined Storage (SDS). When utilizing SDS it is important to insure you are choosing the right storage from the right vendor.

For VDI scenarios, all flash or tiered storage with at least one flash layer are the best storage options. Boot, virus scan, and user logins are all I/O (read from media) intensive and the storage subsystem has to keep up. However, runtime caching of OS and applications could be heavily write biased. The selection of a write-intensive or mixed-use drive based on the cumulative amount of I/O as well as the underlying RAID configuration of the disks must be considered in the storage architecting phase.

Whichever drive is chosen, Hewlett Packard Enterprise offers features that make it a compelling choice for end-user computing:

• HPE solid-state drives (SSDs) are backed by over 3.35 million hours of the industry’s most rigorous testing.
• HPE Smart SSD WearGauge monitors and reports on the lifespan of the SSDs you have implemented.
• Full path error detection checks for data correctness between host interface to the SSD and back.
• All HPE SSDs on Gen10 platforms include Digitally Signed Firmware and best-in-class firmware security features. This prevents malicious firmware modifications that could result in data destruction, manipulation and theft as well as protection from counterfeit drives.

HPE SSDs come in a number of form factors including PCIe based, large form factor and small form factor SAS and SATA with capacities up to 6.4TB. This comprehensive portfolio is designed to meet all customer needs. The HPE SSD Selector Tool (ssd.hpe.com) dramatically reduces the time and complexity of selecting just the right SSD for demanding workloads.

In addition to drive selection, the controller you choose for your end-user computing implementation should be a focal point when choosing your platform. HPE Smart Array controllers offer features that support a successful end-user computing experience:

• Mixed Mode – Software defined storage is frequently at the core of end-user computing implementations. Many of the SDS vendors require a controller in HBA mode. HPE Smart Array Gen10 controllers offer the ability to use both HBA and RAID mode simultaneously which means using one controller. This frees up a PCIe slot for other uses such as graphics cards.
• Better Performance – When all-flash is the design goal, disk performance is critical. HPE Gen10 controllers deliver up to 65% more performance compared to HPE Gen9 controllers. This can mean faster boot, quicker time to recovery and improved user experience – all of which are used to define a quality end-user computing implementation.
• Less Power – End-user computing implementations move much of the user experience from the desk into the data center or server room. This can mean net new equipment in places where power matters. The Gen10 controllers use up to 45% less power than the Gen9 controllers which means lower power requirements for your implementation.
• Security – Healthcare, Government and Financial Services are big adopters of end-user computing technology and for these entities, security matters greatly. HPE Smart Array SR Secure Encryption is a FIPS 140-2 Level 1 validated enterprise class controller-based encryption solution for data-at-rest on all SAS/SATA drives and provides customers with data security to comply with regulations for sensitive data such as HIPPA or Sarbanes-Oxley.

For the majority of end-user computing scenarios involving software defined storage, including tiered or all flash disk layouts, the HPE Smart Array 400 series of array controllers will be an ideal choice.

Platform security

Reliability and security have been hallmarks of the HPE ProLiant brand and one of the many reasons Hewlett Packard Enterprise continues to lead the industry in quality. HPE Gen10 servers are a continuation of that brand promise with more security features than ever before so you can continue to be confident and in control of your secure server environment within your deployment.

HPE Integrated Lights-Out (iLO) 5 and new Gen10 upgrades allow Hewlett Packard Enterprise to deliver premium security through key innovations that protect your HPE servers from attacks, detect potential invasions and allow you to recover your firmware to the last known good state.

Protect

Remove vulnerabilities that expose infrastructure firmware to malicious attacks with HPE’s exclusive silicon root of trust. HPE Secure Start uniquely ensures that only HPE-signed firmware will boot by validating through HPE’s silicon root of trust so you can be confident that your booted firmware is safe. New with Gen10 servers, HTTP/HTTPS boot also offer a secure and reliable replacement for PXE. Exclusively available on Gen10 servers, the new iLO Advanced Premium Security Edition license brings together a unique combination of our iLO Advanced management capabilities and new, premium security features like Commercial National Security Algorithm (CNSA) mode.

Tamper-proof updates also authenticate that firmware updates are accessible only though iLO and are digitally validated.

Detect

Run time firmware validation ensures that your firmware is checked every 24 hours to identify any potential intrusions that may occur post-boot.

Recover

Avoid lasting damage to your business by quickly restoring firmware to the factory settings or the last known authenticated safe setting in the unlikely event of a breach.

Server networking adapters

With client virtualization workloads network choices come down to a need for networking performance, redundancy, security and choice, all at an affordable price. HPE’s broad portfolio of standard Ethernet adapters addresses the needs of client virtualization workloads with the efficiency for today’s data center workload needs. HPE 10GbE and 25GbE adapters offer secure root of trust for authenticating signed firmware.

HPE offers an array of networking options including network interface controllers supporting 1, 10, 20 and 25GbE; converged network adapters (CNA) supporting 10 and 25GbE while supporting Ethernet and Fibre Channel; and host bus adapters (HBA) supporting 8, 16 and 32Gb Fibre Channel. Ethernet connectivity selection may be driven by bandwidth, redundancy and performance. The security needs of IT add to the selection criteria. Storage connectivity drives the selection of the storage adapters. For environments where VM to VM communication needs to be as performant as possible, NICs that enable RDMA over Converged Ethernet (RoCE) can be utilized.

Performance

Implementations of VDI such as those for trader workstations and high end graphics bring requirements for low network latency. For these environments adapters featuring Single Root I/O Virtualization (SR-IOV) capabilities are recommended. SR-IOV offloads the creation of Virtual Functions for access by user VMs which bypasses the hypervisor and virtual switch. This yields lower CPU utilization as well as improved VM performance from a network perspective. Implementing Network Partitioning on an HPE Converged Network Adapter (CNA) can provide QoS at the VM level and further reduce CPU utilization for increased overall performance.

Bandwidth and redundancy

While not mutually exclusive, the trade-off between bandwidth and availability via redundancy is a frequent decision point for design. Many client virtualization workloads, especially those that are not dense from a per server perspective, perform well with a cumulative bandwidth of 10Gb for all functions (storage, production nets, vMotion). But for those IT departments that are looking for always available bandwidth for the various functions within client virtualization environments, HPE 25Gb Ethernet network adapters in HPE ProLiant Gen10 servers can achieve up to 750Gbps max I/O throughput for the highest performance. Frequently these environments are looking to place all traffic on a pair of redundant wires to minimize cost and complexity. For environments where discomfort with risk may drive IT decisions, choosing multiple 10Gb adapters to distribute risk across a number of physical connections may make more sense.

Memory

HPE server memory combines performance, reliability and efficiency to provide the compatibility, capacity and bandwidth to productively manage your expanding workload regardless of computing and budget requirements. Properly sizing memory capacity is important to the success of Citrix Workspace Suite implementations. With HPE ProLiant Gen10 platforms, system memory capacities allow for dense implementations that prevent underutilized memory resources. Individual DIMM capacities are available up to 128GB with speeds of up to 2666 MT/s. With maximum memory bandwidth that is 66% greater than that found in HPE ProLiant Gen9 systems memory performance and sizing issues should be preventable.

Balancing the requirements between CPU and memory requires knowledge of your environment. For environments that are new to end-user computing or migrating to a new operating system contact HPE Pointnext services to discuss HPE Advanced Client Virtualization Services. For existing environments with in-depth knowledge of user and application behaviors HPE recommends utilizing that data to properly size memory. Selecting the fastest memory available per platform for end-user computing environments is recommended.

HPE Client Virtualization Reference Architectures, hpe.com/info/clientvirtualization-ra

HPE Pointnext Services, https://www.hpe.com/us/en/services/pointnext.html

HPE Servers, hpe.com/servers

HPE Server Storage, hpe.com/us/en/servers/server-storage.html

HPE Server Networking, hpe.com/us/en/servers/networking.html

HPE Server Memory, hpe.com/us/en/servers/memory.html

HPE Server Power Supplies, hpe.com/us/en/servers/server-power-supplies.html

HPE Rack, Power and Cooling, hpe.com/us/en/integrated-systems/rack-power-cooling.html

To help us improve our documents, please provide feedback at hpe.com/contact/feedback.