Citrix Plans 'bare Metal' Desktop Hypervisor
Citrix Systems is working with Intel to develop a "bare metal" hypervisor for client PCs, which proponents say could broaden the use of desktop virtualization by overcoming some of the technology's shortcomings today.
Citrix plans to deliver the hypervisor in the second half of the year with the first release of a new product code-named Project Independence, which Citrix says will make it easier to create and centrally manage virtual desktop images for PCs used in the workplace.
A bare metal hypervisor should improve on today's desktop virtualization by providing better security, because the hypervisor runs independently of the client OS, and better performance for end users, because it allows applications to run on the local client instead of a remote server, the companies said.
"What this product will do at a high level is address some of the core challenges and core barriers that have kept client virtualization solutions and usage models from being broadly adopted in the past," said Gregory Bryant, a vice president and general manager at Intel, during a conference call for press and analysts on Friday.
The hypervisor is the layer of software that manages interaction between a virtual machine and the underlying hardware. Most products for the client today are "Type 2" hypervisors, which are installed on a PC's host OS. Type 1 hypervisors are installed with the firmware beneath the OS, directly on the computer's "bare metal."
The new hypervisor should help Citrix keep pace with VMware, which announced its own Type 1 hypervisor at the VMworld conference last October. VMware's product is also due in the second half of this year, a spokeswoman said.
Virtualization has been widely adopted on servers but its use on desktops has been limited. Proponents say it can offer big savings for IT departments because it allows them to create and manage desktop images centrally, instead of on each client individually.
But today's products have drawbacks. In one model, used by XenDesktop and VMware View, desktop images are stored in virtual containers on a server and streamed to end users. That model can create performance issues for end users, since data is constantly shuttled back and forth over a network. It also doesn't allow users to work offline.
Another model, used by VMware ACE, installs the desktop image on a Type 2 hypervisor on the client OS. That provides better performance and the ability to work offline, but critics say security is weaker because it is dependent upon the security of the client OS.
"The Type 2 hypervisor provides no security to stop the host from snooping on what the virtual machine is doing. It can arbitrarily corrupt it and steal data from it," said Ian Pratt, founder of the open-source Xen project and a Citrix vice president.
Bare metal hypervisors aim to combine the best of both worlds. They will also allow companies to install two separate desktop images side by side on a PC, meaning an employee could have one environment for work use and another for personal use, said Andi Mann, a research director with Enterprise Management Associates, in Boulder, Colorado.
"It really enables this fundamental and clear separation of the corporate and the personal, and that's very significant," he said. "From a usability point of view it makes my personal desktop environment really my own, and from the corporate standpoint it allows them to lock down their desktop. So it satisfies both parties' desires."
Citrix said its Project Independence product will allow companies to centrally manage one copy of Windows, one copy of each application and one copy of each employee's user data and profile. It will then assemble and deliver those elements as an "on-demand service" to a virtual machine on each user's local machine.
Citrix believes employees will increasingly use the same computer for work and personal use, so having a way to isolate work and personal environments on a PC will be a big benefit, said Calvin Hsu, director of product marketing for Citrix's desktop delivery group.
Used with XenApp and other Citrix products, Project Independence will also be able to automate data back-up and recovery, as changes to the "virtual desktops" on local machines are synchronized with the data center, the company said.
VMware dominates the server virtualization market, but Citrix may have an advantage on the desktop because it has focussed much of its efforts on application delivery, Mann said. "My feeling is that Citrix is better poised to manage the virtual client environment," he said.
Claims that a Type 1 hypervisor is inherently more secure because it runs independently of the host OS need to be tested, however, Mann said. A skilled hacker could potentially gain access a Type 1 hypervisor from another part of the machine. "We can't tell until we do some penetration tests how secure it really is," he said.
The work with Intel makes use of the virtualization technology in its vPro business-class chipsets. The hypervisor will be able to run on existing Intel PCs that have that technology, and applications will not need to be rewritten to run on the new software, according to Pratt.
The hypervisor will be based on software developed through the open-source Xen Client Initiative announced last year, and Citrix expects to release an open source version of the hypervisor along with its commercial product. It is not discussing pricing yet for Project Independence.