Friday, August 19, 2016

Making the Impossible, Possible


Through the years of conversations with friends and curious client interviews, they ask for stories of difficult situations and amazing achievements.

After some encouragement, I am going to note down some of these stories and share it with you all here.

This was a curious time at VCE Company, which started as a different name, Acadia, which was a joint venture between the V, the C, and the E companies. VMware, Cisco and EMC.

I was brought in as the Virtualization Technology Lead, and it was an intriguing time. A new architecture was brewing. It was a mashup of things we've been doing for the past 30+ years of putting systems together.

A company would have to select a storage vendor, networking vendor and server (compute) vendor, spend up to a year (if not more) in integration of these parts to have a functional system for the next 3-5 years, then rinse and repeat.

VCE envisioned a new way to approach this cycle, with a new converged architecture, where storage, compute and networking were pre-integrated in a platform that was a product. Fully tested and functional, you get white-glove service, and one company to call for support.

This was the dawn of the converged infrastructures that soon speckled the startup scene in various incarnations.

First there was the product, the Vblock. This took some R&D. The VCE team and I had the challenge of figuring out what made up a Vblock as the joint venture companies rallied to put more of their wares into the product. This took some time.

Next, solutions engineering. The challenge was to develop solutions on top of our new product and its differently sized brethren.

After some more time, product engineering. Purpose built appliances, in particular for the hard problem of virtual desktop infrastructure, or VDI.

Why VDI is hard is for another set of stories, but suffice it to say it was not a neatly solved problem by a long shot.

The project was to develop a Vblock VDI appliance that could easily deploy a set of virtual desktops within hours, instead of weeks or months as was typical. This came with some immediate showstoppers. Security was one of them.

To support a multitude of desktops, one needs to enable a multitude of users to log in and use them, which means authentication and the preferred method of managing such a thing in the enterprise is LDAP or Active Directory (AD).

For our team to ship such an appliance that just works upon delivery, would mean we would have to ship an AD with it. That's one of the showstoppers right there. It's a security issue and no company cares to have another AD introduced into their environment.

Chicken and the Egg #1. How do we ship an appliance that needs an AD to work, but can't have one shipped? Without AD, the VMware View VDI software cannot even be installed! It's not possible.

Chicken and the Egg #2. If we can't ship an AD, we can't even install our software! How can we have any virtual desktops? It's not possible!

Now we're in a tough spot, between a rock and a hard place. With more rocks all around.

I took some initiative and decided I was going to find solutions for this.

First, I developed a concept that would work around issue #1. It was elegant, new and clever. Basically it involves blind AD federation, where temporary users are assigned and granted access to a restricted level of resources until the full identity is confirmed. The federation comes through a piece of software that is not a full AD, yet enables us to install VMware View, users to log in and mitigates the security concerns as it eventually 'federates' those from the customer AD. It's possible!

The second front was me digging through VMware contacts to find a way to automate the install of VMware View, since it would not continue installing unless an AD server was manually specified in the beginning of the installer. After some months, I was fortunate to track down the original team that wrote VMware View, who knew of some undocumented parameters of the installer that would let us pre-empt the setup with a directive for an AD server. This allowed us to specify an AD server in an automated fashion. It's possible!

Whew! Now it was decision time, use concept #1 or concept #2. It was decided to go with concept #2, which meant we needed to build out a development team to write a custom installer that would wrap the VMware View installer and automate it through the newly discovered undocumented methods. This also meant we could collect all necessary information during the sales process and have minimal amounts of things to do during the install process. It was all pre-configured. Neat.

Once we finished up our installer, and ran our beta program, the customer experience was unparalleled.

0 to 100 desktops in 73 minutes! It's Possible.


No comments:

Post a Comment

Comments are encouraged and respected. Be great, reciprocate. -- RM