Logon times -- what is reasonable for a 300 person remote VDI environment?

Discussion in 'Networking & Security' started by Cerulean, Oct 8, 2013.

  1. Cerulean

    Cerulean [H]ardForum Junkie

    Messages:
    9,238
    Joined:
    Jul 27, 2006
    Greetings,

    Right now with the current set of GPOs (like three dozen or so) and configuration it takes approximately 1-3 minutes for users to login. Our old computer system with terminal servers would take 2-3 minutes for users to login, or if about the same time -- there were other issues such as horribly under-specced and overloaded servers with 40 users per terminal server.

    With a brand new set of GPOs (about a dozen or less) and OU structure that I carefully made and designed after spending several hours analyzing the existing GPOs and OU structure, it takes on average 16 seconds to login (best being 12 seconds, worst being 22 seconds). This uses VMware View Persona management storing profiles at \\srv-persona1\EXP_Profiles$\%username%. This is currently not being used by our North American environment.

    If we use a persistent local profile through VMware View, login time is 2 seconds flat. Our Asian environment of at least 100 users uses this + the brand new set of GPOs and OU structure I created, but without VMware View Persona management (again -- persistent local profile).

    At minimum, my supervisor is wanting to get the login time below 10 seconds -- aiming for 2 seconds, while using Persona management. He told me he would like to get rid of all of the GPOs (or as much as possible). I responded saying this is unrealistic and wrong, defeating the purpose of why GPOs as a feature exists and would also result in higher maintenance time and more frequent reprovisioning of hundreds of automated floating pools (something that from my understand is a pain in the butt and takes a very long time to do).

    I don't think 2 seconds is a realistic goal. I think 10-20 seconds is fine. By industry standards / typical login times "at best" -- what is actually reasonable, why, and what company (or what is the size of the company)?
     
  2. NetJunkie

    NetJunkie [H]ardForum Junkie

    Messages:
    9,701
    Joined:
    Mar 16, 2001
    Under 5 seconds. To me 10 to 20 is too long. There are ways to get that down and better tools for VDI environments.
     
  3. Mackintire

    Mackintire 2[H]4U

    Messages:
    2,891
    Joined:
    Jun 28, 2004
    I'd shoot for 5 seconds, but 10 seconds is about the limit I'd accept.
     
  4. /usr/home

    /usr/home [H]ardness Supreme

    Messages:
    6,170
    Joined:
    Mar 18, 2008
    We had an issue with redirecting favourites and it took about 2 minutes just for that one GPO. I don't remember the exact details as it was two years ago.
     
  5. shade91

    shade91 Guest

    It should be equal or better when compared a standard desktop.
     
  6. Cerulean

    Cerulean [H]ardForum Junkie

    Messages:
    9,238
    Joined:
    Jul 27, 2006
    On the current live GPO scheme (of like three or so dozen GPOs and fudged up chaos) and OU structure where it takes 1-3 minutes to login, both Windows-based Folder Redirection and VMware View Persona management is enabled (yes, whoever set this up did it incorrectly x2, double whammy).

    On the new GPO scheme and OU structure that I setup where I get login times between 10-20 seconds, we are using VMware View Persona management with the "Persona repository location" set to \\srv-persona1\EXP_Profiles$.

    According to the VMware technician I worked with, the "Persona repository location" (when Persona management is enabled) actually rides on top of Windows-based Folder Redirection, only that it takes care of everything else for you and you only have to set the VMware-related options in the ADM GPO template. (And what else it does is that by behavior it synchronizes files + only fully loads files you request for so that it doesn't actually load the whole profile but makes it look like it, rather than load a profile from whatever you specify when using Folder Redirection).
     
  7. Dogs

    Dogs [H]ard|Gawd

    Messages:
    1,141
    Joined:
    Aug 7, 2012
    I'd say anything under 15 seconds is serviceable. It might be a little irritating to wait that long, but nobody should be disgruntled about it. When you start talking about login times that make sense in terms of minutes (half a minute, a minute, two minutes, etc.), that's generally something that isn't good enough. People will hate you, people will complain, and often actions will be taken or decisions will be made that might not necessarily help or be the right thing to have done. Under 10 seconds would be nice, and I definitely think that's a goal you should shoot for. Under 5 seconds could be pushing it, depending on your particular infrastructure. If you can get it below 5 seconds, that'd be excellent, but I don't think your boss should crucify you for not being able to reach that goal. You definitely shouldn't crucify reliability or maintainability in your quest for under-5-second logins, that's for sure.

    You want to go as low as you can go without repercussions. If you're introducing problems to shave an extra 2-3 seconds off of login times, you're going to need to talk some sense into your boss.
     
  8. Cerulean

    Cerulean [H]ardForum Junkie

    Messages:
    9,238
    Joined:
    Jul 27, 2006
    So those of you who replied here -- do you guys use VMware View Persona management, or how are your user profiles stored and loaded? I think your responses to this will make a huge difference that might explain why you guys are saying 2-10 seconds is standard.
     
  9. BigBadAl

    BigBadAl Limp Gawd

    Messages:
    349
    Joined:
    Sep 16, 2010
    Haha,

    I worked on a system in a brand new build situation a year or so back, no expense was spared, I mean none.

    They had users who were used to logging in then going for a coffee and coming back to the desktop still loading. I laughed, this one guy told me seriously that it quite regularly took him over 20 minutes and he had actually timed it on more than one occasion at 22 minutes from hitting the return/enter key to his desktop being loaded.

    Apparently that was commonplace and things like day of the week and even time of day played a large part in how quick people could log in.

    We never got into any of the DC's, server rooms or comms rooms, apparently we weren't allowed:eek:

    But this was a newly built site, 4 buildings fibred together, I cannot convey in words how much money was spent on this project, I don't think words go up that far, but they clearly didn't spend it on people and their know how.