All Client Hypervisor Device Driver Models are not Created Equal

By Chad Jones | Vice President, Product Management

An article came across my email the other day titled “VMware, Citrix struggle with bare metal hypervisor”. (Article can be seen here: http://ow.ly/1rbAp).  The biggest issue that was hampering the efforts was the device driver model, and I can understand why this is a big issue.

One of the biggest misunderstandings in the market is that a client hypervisor is simply a server hypervisor that is running on a client PC with some bells and whistles for distributed management.  This misperception comes from many places but mainly because you can, in fact, run Hyper-V, XEN Server or ESXi right on your laptop with a single Windows client instance and have it essentially work.  However, when we look at the practical requirements of Enterprise computing, there are a wide range of use cases that require specifically tailored configurations for local client computing, which a client hypervisor is specifically designed to handle and a server hypervisor is not.  This is most clearly personified in the device driver model.

Server hypervisors interact with a finite and known set of devices.  Typically, servers have no requirement for a rich UI experience or multimedia capabilities, let alone a monitor in its lid like a laptop.  It also does not have batteries and the power management concerns that accompany portable computing, nor does a server typically sleep.  Most importantly, the server doesn’t have a random set of USB devices that connect to it and are expected to simply work without special IT intervention.  Device diversity and performance are very big concerns when it comes to maintaining the rich user experience of client computing.  In most client hypervisors (as in server hypervisors), there are typically two device driver models: emulation and paravirtualization.  However, Neocleus has productized a third model, known as pass-through, which utilizes the native Windows device driver in conjunction with the client hypervisor.  This model is critical for reaching the broadest set of client computing use cases in the Enterprise.   

I put together a comparison white paper on the three device driver models and how they can work independently or together so IT can reach their desktop goals.  It’s entitled “Client Hypervisor Device Driver Overview” and can be found here.

The Client Hypervisor “Band of Brothers”

By Chad Jones | Vice President, Product Management

In the blog post entitled “Client Hypervisor Management: Evolution NOT Revolution”, I went through a bit of the history of the server hypervisor and management.  When we looked deeper into the rise of the hypervisor in the data center, it really wasn’t until the central management capabilities came to being that the true management potential of hypervisors could be realized.  However there was an additional dimension to this story.  Once an API was made available to the hypervisor, a whole new realm of start-up companies came into being.

It was at this point that the next wave of innovation came to bear through a number of start-up and established companies. Through these companies’ expression of their own management logic on top of the hypervisor, the hypervisor platform benefits moved from hardware consolidation with a management trade-off to a truly transformative management paradigm, despite being based on a closed source hypervisor.  The result was a tremendous rising tide that floated many boats.

This unlikely “Band of Brothers”, although in competition for customer dollars, produced and continues to produce an innovative wave in how the data center is designed and managed.  Now, with Microsoft pushing the hypervisor to commoditization and Citrix XEN Server being open source, the benefit to IT in the form of downward price pressure, with ever increasing capabilities, continues to be a huge win for the customer. 

When looking at the client PC, the industry is at the same inflection point.  There is tremendous management and security TCO reduction potential in separating the management environment from the user application environment and is the next logical progression for PC architectures.  There are currently only a handful of companies that are working on changing the fundamental architecture of a PC through a client hypervisor.  This new virtualization “Band of Brothers” includes Neocleus, VMware, Citrix and Virtual Computer.   If we dig a little deeper though, you’ll find that VMware has been working on CVP (which still remains to be seen), while Neocleus and Virtual Computer both use XEN, which is an open source project managed by Citrix.  Citrix also has their own XEN based open and closed source client hypervisor projects called the XCI project.  The availability of the XEN hypervisor as an open source project has further accelerated the ability for third parties to innovate on the PC Hypervisor and more rapidly bring the next evolution in PC architecture to market in unprecedented time when compared to their server counterparts.   This innovation path is already stretching to a party beyond the direct players with the visionary BigFix, OEM’ing Neocleus NeoSphere (announcement seen here). 

While each company might have a different vision for how management and security logic is expressed, we all share this common vision that the client based hypervisor will be the driving force that transforms PC architecture to the next logical architectural evolution and will drive client side innovation in a whole new dimension.  It will be the combined ideas, perspectives and approaches of these innovative companies, working together to build a strong XEN client hypervisor foundation, which will drive this next great PC evolution.  In the end, a rising tide floats all boats and the customer will be the real winner.

Client Hypervisor Management: Evolution NOT Revolution…

By Chad Jones | Vice President, Product Management

Virtualization has forever changed the server room and it’s about to do the same on the desktop.  Whether it is virtualization in a macro context (servers, storage, networks, desktops (VDI), Server Based Computing (SBC), etc.) or in the microcosm of a single machine (user settings, registry, files, applications (which has a fond place in this author’s heart)), virtualization now plays a first order and indispensible role in providing the necessary flexibility for next generation computing stacks.  In the Enterprise data center today, the question of “will I deploy a physical or virtual server?” is almost non-existent.  How else would a cloud be pragmatically possible except through the coalescing of multiple virtualization technologies?

If we look back just 10 years ago, the data center was an immobile collection of rack mounted servers, each with a specific purpose, chugging along at 10% utilization.  Then along came the hypervisor, forever changing the way IT utilized servers.  Dozens of physical servers could be consolidated to a few boxes, but all was not bliss.  Instead of looking at 25 pizza boxes and knowing you had 25 servers, all of a sudden it was a black box where dozens of inactive servers with a few active servers lived, all with unknown patch levels that required an admin to touch a reduced number of physical boxes but actually touch more servers due to the sprawl.

Yes, consolidated servers held tremendous benefit, however it wasn’t until the central management capabilities and exposed API came to being around the hypervisor that the true management potential of hypervisors could be realized.  Now, with Microsoft pushing the hypervisor to commoditization and Citrix XEN Server being open source, the benefit to IT in the form of downward price pressure, with ever increasing capabilities, continues to be a huge win for the customer. 

When looking at the client PC, the industry is at the same inflection point.  Although PC lifecycle management (PCLM) systems have reached an evolved state, they are limited by the reliance on Windows to be managed from within itself, either through a client or network available API (WSMAN, WMI, PowerShell etc.); and rely on a mini-OS to be deployed before Windows itself can be delivered.  Due to these challenges, the Windows OS is being forced into unnatural architectures, such as VDI, in hopes of alleviating some of the challenges with deployment and management.  However, VDI is falling into niche status since the TCO results in OPEX and CAPEX are not materializing for a broad set of desktop replacement use cases, despite many innovations and improvements.

This means the timing is right to replay the hypervisor movie at the client level.  There is tremendous management and security TCO reduction potential in separating the management environment from the user application environment by applying virtualization directly to the client, and is the next logical progression for PC architectures.  However, client hypervisors alone, just like their server counterparts, will not provide the management capabilities needed to truly transform the desktop.  The benefits in essentially extending VDI principles to distributed clients (simplifying device driver models, “golden image” OS deployment, disaster recovery, out of band management of Windows, etc.) only occurs when the hypervisor is managed by a robust centralized management system.  The good news is that the majority of Enterprises already have these in place in the form of the PCLM system.  Instead of reinventing the wheel, the future of PC management is bringing together the client hypervisor with the existing PCLM system.  This will drive a new level of management capabilities.   Neocleus has built the platform to manifest this vision and we are already seeing adopters embrace it such as BigFix (check out this Podcast with Amrit Williams, CTO of BigFix).

Just as the hypervisor is a standard on the server side and has moved to commoditization, the client side hypervisor will most certainly follow the same path in the future, but it will be the evolution of the existing PCLM that will drive it.  What if the PC came with a client hypervisor built in and ready for subscription to the existing management system?  The possibilities could be endless…

Podcast with Amrit Williams, BigFix CTO, on the future of PC management and security

We had a great conversation last week with Amrit Williams, the CTO of BigFix, about the future of PC  security.   The conversation focuses on the concept of moving the PC security software outside of Windows, to run in a protected virtual machine by leveraging a Type 1 (bare metal) Client Hypervisor.  Chad Jones takes it to a fairly technical level in this podcast, but look for future podcasts where he will go even deeper into the technology.

The podcast is posted to Amrit’s security blog, “Beyond the Preimeter“, here:

http://blogs.bigfix.com/beyondtheperimeter/2010/03/12/episode-80-finding-the-so-what-of-virtualization/

Also, Business Week picked up this story in this article.  Cool!

Meet the new desktop… not the same as the old desktop

This week, Neocleus and BigFix announced a joint collaboration where BigFix will embed the NeoSphere client virtualization platform into the BigFix Unified Management Platform. 

As astute analysts such as Fred Broussard, Rachel Chalmers, Doug Brown and Brian Madden have pointed out; this is a HUGE step forward for the industry.  I don’t think it’s hyperbolic to say that managing and securing your PC will never be the same because of it.  Why?  Simple.  This addresses the number one reason for instability on the current PC - the operating system and the fact that you are forced to manage it from within the OS itself.  In Windows today, there are anywhere from 8-50 software agents running all the time trying to manage and secure the OS, applications, user state, etc.  as depicted in the diagram below.  This creates problems for your security and management systems because they are forced to compete for resources at the hardware, OS and state levels.  They are also vulnerable to any attack or failure within Windows itself.  

Current Windows Architecture, with Agents embedded in the OS

In a terrific post today, Amrit Williams, the BigFix CTO, explains why moving the PC management and security system OUTSIDE of the core OS (in most cases Windows) into a protected layer creates the next-generation “enlightened” systems management and security tools.  We couldn’t agree more and have created the NeoSphere platform to allow ISVs such as BigFix a way to easily snap client virtualization into their broader offerings.  Our stance is that we are good at client virtualization and have the strongest platform on the market.  We understand that others, such as BigFix, have excellent products that customers have spent years deploying.  So, the goal was to create distruptive Type 1 Client Virtualization technology that didn’t disrupt IT.  The BigFix licensing deal and subsequent partnerships will help make this a reality. 

The "Enlightened" PC - Security, Management and Help Desk Agents running outside the OS