1. Deploy a virtual desktop infrastructure environment on Oracle Cloud VMware Solution
  2. Deploy a Virtual Desktop Infrastructure Environment on Oracle Cloud VMware Solution

Deploy a Virtual Desktop Infrastructure Environment on Oracle Cloud VMware Solution

Deliver and scale virtual desktop computing environments securely with scalable Oracle Exadata Database Service for a virtually unlimited Virtual Desktop Infrastructure (VDI) deployment. Exadata Services provides nearly unlimited scalability and the ability to merge and manage your considerable database resources within a single managed service, greatly decreasing both business cost and complexity.

Oracle Cloud Infrastructure is Oracle’s complete cloud infrastructure platform that offers over 100+ cloud native services. With Oracle Cloud’s distributed cloud offerings, customers can access these services in their data centers, across different clouds, and in various global cloud regions. Oracle Cloud Infrastructure offers enterprises flexible choices like multicloud, public cloud, hybrid cloud, and distributed cloud.

Oracle Exadata Database Service is an automated Oracle Database service that allows organizations to run databases with the highest performance, availability, security, and cost effectiveness. Databases run faster and with fewer resources on scale-out Exadata infrastructure that includes unique optimizations for transaction processing, analytics, and mixed workloads. Full compatibility with on-premises Oracle Database and Exadata environments makes it easy for customers to migrate workloads to the cloud.

Architecture

This architecture describes the technical process for deploying a virtual desktop infrastructure (VDI) environment with Exadata Database Services in Oracle Cloud Infrastructure (OCI). The following diagram illustrates this architecture:



Description of the illustration deploy-vdi-oci-horizon-arch.svg

deploy-vdi-oci-horizon-arch-oracle.zip

The architecture has the following components:
  • Region

    An Oracle Cloud Infrastructure region is a localized geographic area that contains one or more data centers, called availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or even continents).

  • Availability domains

    Availability domains are standalone, independent data centers within a region. The physical resources in each availability domain are isolated from the resources in the other availability domains, which provides fault tolerance. Availability domains don’t share infrastructure such as power or cooling, or the internal availability domain network. So, a failure at one availability domain is unlikely to affect the other availability domains in the region.

  • Virtual Cloud Network (VCN) and subnets

    A VCN is a customizable, software-defined network that you set up in an Oracle Cloud Infrastructure region. Like traditional data center networks, VCNs give you complete control over your network environment. A VCN can have multiple non-overlapping Classless Inter-Domain Routing (CIDR) blocks that you can change after you create the VCN. You can segment a VCN into subnets, which can be scoped to a region or to an availability domain. Each subnet consists of a contiguous range of addresses that don't overlap with the other subnets in the VCN. You can change the size of a subnet after creation. A subnet can be public or private.

  • Internet gateway

    The internet gateway allows traffic between the public subnets in a VCN and the public internet.

  • Route table

    Virtual route tables contain rules to route traffic from subnets to destinations outside a VCN, typically through gateways.

  • Compute

    The Oracle Cloud Infrastructure Compute service enables you to provision and manage compute hosts in the cloud. You can launch compute instances with shapes that meet your resource requirements for CPU, memory, network bandwidth, and storage. After creating a compute instance, you can access it securely, restart it, attach and detach volumes, and terminate it when you no longer need it.

  • Bastion host

    The bastion host is a compute instance that serves as a secure, controlled entry point to the topology from outside the cloud. The bastion host is provisioned typically in a demilitarized zone (DMZ). It enables you to protect sensitive resources by placing them in private networks that can't be accessed directly from outside the cloud. The topology has a single, known entry point that you can monitor and audit regularly. So, you can avoid exposing the more sensitive components of the topology without compromising access to them.

  • Load balancer

    The Oracle Cloud Infrastructure Load Balancing service provides automated traffic distribution from a single-entry point to multiple servers in the back end.

  • File storage

    The Oracle Cloud Infrastructure File Storage service provides a durable, scalable, secure, enterprise-grade network file system. You can connect to a File Storage service file system from any bare metal, virtual machine, or container instance in a VCN. You can also access a file system from outside the VCN by using Oracle Cloud Infrastructure FastConnect and IPSec VPN.

  • Object storage

    Object storage provides quick access to large amounts of structured and unstructured data of any content type, including database backups, analytic data, and rich content such as images and videos. You can safely and securely store and then retrieve data directly from the internet or from within the cloud platform. You can seamlessly scale storage without experiencing any degradation in performance or service reliability. Use standard storage for "hot" storage that you need to access quickly, immediately, and frequently. Use archive storage for "cold" storage that you retain for long periods of time and seldom or rarely access.

  • Block Storage

    Block Storage is available for the boot volumes for VDI desktops.

  • VMware Horizon VDI Server

    VMware Horizon is a modern platform for running and delivering virtual desktops and applications across the hybrid cloud. For administrators, this means simple, automated and secure desktop and app management. For users, it provides a consistent experience across devices and locations. VMware Horizon both provisions and allocates desktops for client usage. For more information on VMware Horizon, please visit the product page.

  • Exadata Database Service
    • Exadata Database Service on Dedicated Infrastructure

      Oracle Exadata Database Service on Dedicated Infrastructure runs on Oracle Exadata Cloud Infrastructure on OCI. For those who want to run in the public cloud, this is the ideal solution for running enterprise-class databases as a service in the cloud. You get all the power and functionality of the Oracle Database, plus that of the Exadata Platform. It is dedicated to you while still providing all the cloud benefits of Oracle managing the infrastructure, extensive cloud automation, and pay-for-use cloud economics.

    • Exadata Database as a Service

      Oracle Exadata Database Service is an automated Oracle Database service that allows organizations to run databases with the highest performance, availability, security, and cost effectiveness. Databases run faster and with fewer resources on scale-out Exadata infrastructure that includes unique optimizations for transaction processing, analytics, and mixed workloads. Online scaling of compute resources enables customers to quickly adjust consumption to match workload demands without interrupting operations while efficient database consolidation lowers total costs. Full compatibility with on-premises Oracle Database and Exadata environments makes it easy for customers to migrate workloads to the cloud.

Recommendations

Use the following recommendations as a starting point whewn deploying a VDI with high-performance computing (HPC) on Oracle Cloud InfrastructureYour requirements might differ from the architecture described here.
  • VCN

    When you create a VCN, determine the number of CIDR blocks required and the size of each block based on the number of resources that you plan to attach to subnets in the VCN. Use CIDR blocks that are within the standard private IP address space.

    Select CIDR blocks that don't overlap with any other network (in Oracle Cloud Infrastructure, your on-premises data center, or another cloud provider) to which you intend to set up private connections.

    After you create a VCN, you can change, add, and remove its CIDR blocks.

    When you design the subnets, consider your traffic flow and security requirements. Attach all the resources within a specific tier or role to the same subnet, which can serve as a security boundary.

    As a best practice, use regional subnets.

  • Security lists

    Use security lists to define ingress and egress rules that apply to the entire subnet.

  • Cloud Guard
    • Clone and customize the default recipes provided by Oracle to create custom detector and responder recipes. These recipes enable you to specify what type of security violations generate a warning and what actions are allowed to be performed on them. For example, you might want to detect Object Storage buckets that have visibility set to public.
    • Apply Cloud Guard at the tenancy level to cover the broadest scope and to reduce the administrative burden of maintaining multiple configurations.
    • You can also use the Managed List feature to apply certain configurations to detectors.
  • Security Zones

    For resources that require maximum security, Oracle recommends that you use security zones. A security zone is a compartment associated with an Oracle-defined recipe of security policies that are based on best practices. For example, the resources in a security zone must not be accessible from the public internet and they must be encrypted using customer-managed keys. When you create and update resources in a security zone, Oracle Cloud Infrastructure validates the operations against the policies in the security-zone recipe, and denies operations that violate any of the policies.

  • Bastion node

    Since the node is used as a bastion host for host management, it doesn’t require locally attached storage or GPU processing.

  • Virtual Desktop Infrastructure (VDI) Server
    • As a best practice, use the VM.GPU3.X Compute shape because this node is used for desktop visualization and is likely installed with a graphic-intensive application. A GPU adapted shape is required in order to perform pass-through and shared GPU intensive workloads.
    • For high density, non-GPU intensive workloads an additional hypervisor you can use the DVH.Standard.E4.X shape type.

Considerations

When deploying a VDI with high-performance computing (HPC) on Oracle Cloud Infrastructure, consider the following:

  • Performance

    To get the best performance, choose the correct compute shape with appropriate bandwidth.

  • Security
    • Use policies to restrict who can access the Oracle Cloud Infrastructure resources that your company has, and how they can access them.
    • Encryption is enabled for Oracle Cloud Infrastructure Object Storage by default and can’t be turned off.
  • Availability

    Consider using a high-availability option based on your deployment requirements and region. Options include using multiple availability domains in a region and using fault domains.

  • Cost

    A bare metal HPC instance provides the necessary CPU power for a higher cost. Evaluate your requirements to choose the appropriate compute shape.

Deploy

The Terraform code for deploying high-performance computing (HPC) for virtual desktop infrastructure (VDI) is available as a stack in Oracle Cloud Marketplace.

A Terraform stack to deploy this reference architecture is available in Oracle Cloud Marketplace.

  1. Go to Oracle Cloud Marketplace.
  2. Click Get App.
  3. Follow the on-screen prompts.

Explore More

Learn more about the features of this architecture.

Acknowledgments

Authors: Nicole Ghalwash, Wei Han, Michael Rutledge