VDI and Leostream Connection Broker

For those that aren’t familiar with this latest TLA (three-letter acronym), VDI stands for “Virtual Desktop Infrastructure” and it’s an alternate way of utilizing virtualization in the datacenter.  Instead of virtualizing server instances, we virtualize desktop instances, and then provide a means for users to connect in to one of these available instances.  (You can learn more at VMware’s Virtual Desktop Infrastructure web page.)

VDI isn’t a perfect fit in all situations; in some cases, a more “traditional” approach such as Citrix Presentation Server or Microsoft Windows Terminal Services may be a better fit.  However, in some cases, VDI is a good fit.  That’s the kind of situation I’m working in right now, where a customer of mine needs to deploy an application that needs fast access to corporate data, but can’t use Citrix (for a variety of reasons).  So we’re looking at VDI.

Part of any VDI solution is a connection broker.  The connection broker, at its most basic level, performs the following tasks:

  • Accepts incoming connection requests from clients
  • Finds an available hosted desktop
  • Brokers the connection between the client and the available hosted desktop

There are a number of connection brokers (CBs) out there from a variety of vendors.  I haven’t had the opportunity to use all of them; only Propero and Leostream.  I found Propero’s product to be much too complicated; it seemed as if the application was really designed for something else and acting as a VDI connection broker was kind of an afterthought.  Leostream’s product, on the other hand, seems really streamlined and really focused on the CB market.  With Leostream’s product, I was able to fairly quickly setup and test the following functions:

  • Integrate CB authentication with Active Directory, so that users authenticated to the CB using their AD username and password
  • Make policy assignments within the Leostream CB based on AD group memberships, so that members of different groups were assigned to different policies
  • Control access to different pools of hosted desktops based on policy assignment
  • Create pools of hosted desktops by assigning “tags” to them; these tags create pools of hosted desktops by collecting instances with similar characteristics
  • Integrate the CB into VirtualCenter, so that the CB could suspend a VM when a user disconnected, then resume the VM when another user needed it

It may be that some of the other CBs out there also work as well as Leostream; I don’t know since I haven’t had the opportunity to work with all of them (note to vendors:  I will delete blatant marketing pitches in the comments).  I do know that the Leostream product works well thus far.

It took me a little bit of time to get accustomed to how the Leostream broker works (different terminology, I suppose), but once I understood how it works I found it pretty easy to make it do what I wanted it to do.  The pieces are all interconnected, though, so allow me to walk through a set of steps in the event you find yourself using the Leostream product in the future.

Let’s say you wanted to create a pool of workstations running Windows XP Professional, and you only wanted members of the “Hosted XP Users” group in Active Directory to have access to that pool of hosted workstations.  The process is actually pretty straightforward:

  1. Configure the VC integration, so that the CB can automatically retrieve the list of available VMs from VirtualCenter and import them automatically.
  2. Tag the VMs running Windows XP Professional with a tag, such as “WinXP”.
  3. Create a policy, perhaps called “WinXP Policy”, that defines the pool by selecting all systems with the “WinXP” tag.  (If you wanted further limit the VMs inside that pool, you could add additional tags and use the “AND” logic to say that all VMs must have all selected tags.)
  4. Configure the AD authentication server to assign members of the “Hosted XP Users” group to the “WinXP Policy” using the Assignments section of the authentication server configuration.

That’s it!  When an AD user who is a member of the selected group authenticates to the CB, he or she will automatically be brokered to an available system in the pool of systems with the selected tag(s).  Further, since this is WinXP (and of course we selected RDP as our connection protocol), sign-in to the hosted XP desktop is automatic—the user will not get prompted again for credentials.  Cool, eh?

Tags: , , , ,


  1. Jared Hoover’s avatar

    Citrix Also has a CB. The cool think is that it integrates with Web Interface so you can have your published apps next to your hosted desktops(physical or virtual).

  2. slowe’s avatar


    I haven’t had the chance to work with the Citrix CB yet but I do like what I’m hearing about it’s integration with the rest of the Citrix suite, such as Presentation Server and the Web Interface. Unfortunately, at last check, the Citrix CB only supported Windows XP hosted desktops, which puts it a bit behind some of the other CBs that are available on the market currently.

  3. ProperoCustomer’s avatar

    I agree the Propero product is too complicated. It’s heritage is a Citrix Metaframe / Secure Gateway style product, which they seem keen to move away from. Clever guys, but look elsewhere.

  4. Professor’s avatar

    Have you had a chance to look at Provision Networks? They have a pretty cool approach to managing an enterprise desktop infrastructure consisting of VMs (vdi), terminal servers and blade PCs. I’ve found it to be very intuitive.

  5. slowe’s avatar


    I haven’t yet, but would like to have a look at their product. Thanks for the suggestion!

  6. Andrew Miller’s avatar

    Hmm…it is rather interesting to see that VMware acquired Propero given your comments (and others I’ve read).

  7. jason’s avatar

    Do you all know how to configure leostream to work with thinclient? I was not able to change the refresh rate on my thin client remote access. Please help….Thanks Millions.

  8. David’s avatar

    Hey all,

    There is also a connection broker by Ericom. I saw it when looking at their website for Terminal Server stuff. Here’s the page to their VDI product (http://www.ericom.com/virtual_desktops.asp)

  9. Patrick Rouse’s avatar

    Scott, we’ve created a connection broker comparison document to commpare/contrast the features and pricing of VMware VDM2, Citrix XenDesktop and Quest Software’s Provision Networks Virtual Access Suite. I don’t have details on Leostream, but perhaps someone can look at my document and provide me with the details to expand it to cover Leostream, Ericom…

    The document is located on this blog post, and will be continually updated as we receive feedback from the vendors and community:


  10. slowe’s avatar


    Thanks for the heads-up. It’s funny–I had just seen a reference to your broker comparison pass through my RSS reader, and then this comment appears!

    I’ll definitely have a look, and if there is any useful information I can share I’ll be happy to do so.

    Thanks for reading and commenting!

  11. Jewels’s avatar

    We don’t use Active Directory. Is it required for Leostream CB?

Comments are now closed.