Bare-metal Desktop Hypervisors: A Primer
Desktop virtualization is hot -- ask any IT pundit. But it can also be confusing, because the market contains a variety of server- and client-based technologies for creating virtual desktops.
Virtual desktop infrastructure (VDI) may be the best-known model, but a new entry into the desktop virtualization mix is the bare-metal desktop hypervisor. Proponents say bare-metal will revolutionize the world of corporate PCs, with desktop images that are secure, portable, and offer offline access. But the technology is in its infancy -- even big players such as Citrix and VMware are struggling to get bare-metal hypervisors out of the conceptual phase and into production.
This article will explain what bare-metal hypervisors are, which vendors are making them, and why they are different from previous virtual desktop technologies.
What is a bare-metal hypervisor?
Simply put, the bare-metal hypervisor, also known as a Type 1 hypervisor, is virtualization software that is installed directly onto the PC's hardware. A Type 1 hypervisor controls both the hardware and one or more guest operating systems. A machine running a desktop hypervisor could run multiple operating systems, but there are benefits even when only one operating system is required.
How is this different than existing types of desktop virtualization?
Today's client hypervisors -- such as VMware Player, Parallels Desktop and Windows Virtual PC -- are of the "Type 2" variety, meaning they are not installed directly on the machine's hardware. Instead, they run within the computer's host operating system, allowing guest operating systems to run in a third layer above the hypervisor and native OS. While Type 2 hypervisors have control over the virtual desktop images installed on the computer, the underlying hardware is still directly managed by the host OS, whether it be Windows, Linux or Mac. Type 2 desktop hypervisors are typically used by IT in test and development, rather than for business-wide virtual desktop deployments, Burton Group analyst Chris Wolf says.
Virtual desktops can also be created without installing hypervisors onto user devices. In the server-hosted model, commonly called VDI, desktop images are hosted on servers inside the data center, and accessed remotely by laptops, desktops and thin clients. This model may involve use of a server hypervisor, but the desktops themselves would need only a method for accessing the virtual machines, such as a web browser or a light software client.
Which vendors make bare-metal desktop hypervisors?
Citrix has unveiled a test version of its bare-metal hypervisor, known as XenClient, and says major PC vendors will ship new desktops with the hypervisor pre-installed. But it's not clear exactly when that will happen.
Citrix's hypervisor was originally due out last year, and while the product was plagued by delays Citrix is still ahead of rival VMware, which was promising a hypervisor last year and now says there is no timeline for the release.
How mature is the technology today?
"It's not robust at all," says IDC system and virtualization analyst Ian Song. "I guess that's the short answer. The long answer would depend on your specific use case. It's really a very niche technology at this point."
Song believes the most mature product on the market today is Virtual Computer's NxTop, a Xen-based bare-metal hypervisor that is integrated with an extensive set of management tools.
Song and other analysts agree that the early Type 1 hypervisors are not as robust as the Type 2 hypervisors, but he says bare-metal could become the tool of choice for client virtualization scenarios within 12-18 months. A similar progression was seen on the server front, in which the market has shifted from Type 2 to Type 1 hypervisors.
Citrix and VMware are both looking to shift the bare-metal market into high gear, but VMware has acknowledged that building a client hypervisor is "not an easy computer science problem to solve."
Compatibility with PC hardware is one issue. But the problems could be more on the business than the technical side, Wolf says.
Convincing OEM vendors like HP, Dell and Lenovo to ship a device with a bare-metal client hypervisor pre-installed is tricky because of the vendors' relationships with Microsoft, he says. "If I'm adding another layer of software, Microsoft
Citrix has a tight partnership with Microsoft and may therefore find this process to be a bit less daunting than VMware, which has a somewhat antagonistic rivalry with Microsoft.
Even for Citrix, Wolf says shipping a bare-metal hypervisor with PCs probably won't happen until the first quarter of next year. "If VMware doesn't even have a product in beta by that point, you would have to say VMware is at least a year behind," Wolf says.
While Virtual Computer and Neocleus have promising technology, they are still in the early stages. Virtual Computer's hypervisor today works only in conjunction with the company's management tools, which require customers to install Microsoft's Hyper-V server virtualization platform. Virtual Computer will include a standalone hypervisor in its next release in September, it says.
Neocleus, meanwhile, struck a licensing agreement with management vendor BigFix in March, but BigFix's recent acquisition by IBM could make customers doubt the long-term viability of that arrangement.
What are the benefits of bare-metal hypervisors?
Virtual Computer marketing director Doug Lane argues that, with the right management tools, client hypervisors will deliver the same benefits as server-hosted desktops without requiring major data center upgrades.
"You're not going to save money by replacing PCs with servers," Lane says. Client hypervisors "can deliver the same benefits without turning the whole PC model on its head."
Like VDI, client hypervisors can be coupled with management tools that make it easier to distribute patches and updates, and replace an employee's desktop in the event that it gets lost or damaged. Plus, running the desktop locally eliminates performance lags caused by latency and allows more offline access. Once the technology is more mature, Type 1 desktop hypervisors should allow faster performance than Type 2, because running a hypervisor on top of a host operating system creates another layer of overhead.
Security is one of the main arguments in favor of a Type 1 hypervisor. Although the security model hasn't been perfected, in theory the bare-metal hypervisor will provide greater isolation between desktop images, while eliminating the attack surface of the host operating system. Neocleus has argued that bare-metal hypervisors let each operating system run in a protected "bubble," which, if infected, could simply be deleted, preserving the integrity of the machine as a whole.
Another argument in favor of bare-metal is that it will enable bring-your-own-PC scenarios, in which an employee has two desktops, one for personal use and another for corporate use. The employee can easily switch between personal and corporate environments, while ensuring that data (and, potentially, viruses) from personal applications don't impact corporate systems.
But client hypervisors can deliver benefits even when they're not used in tandem with multiple guest operating systems. For example, the technology encapsulates each desktop image in a virtual machine that can be moved to another device, with relative ease, in the event that a user's computer is damaged. Moreover, if client hypervisors introduce significant security and management benefits, those benefits will exist regardless of whether a user is running more than one guest operating system.
What are the cons?
Type 2 hypervisors, at least for now, are more mature and easier to deploy than their bare-metal counterparts, according to Song of IDC. Today's bare-metal technology also does not work with Macs, and typically does not work with 64-bit operating systems, he says. (Windows 7 comes in both 32-bit and 64-bit versions). While it's technically possible to install bare-metal hypervisors on Macs, "licensing is a gray area," Lane says.
Calculating TCO with a bare-metal project is also a challenge, as it is with any virtual desktop deployment. While a client hypervisor might deliver management efficiencies, and limit the need for major data center upgrades, the technology would prevent companies from replacing PCs with less expensive thin clients.
Security is still a concern with bare-metal hypervisors, according to Wolf. Although the technology may provide security benefits in the long run, today "it's a work in progress," he says. More must be done to ensure complete isolation of desktop images, and integration between software like a McAfee security appliance and Citrix's XenClient isn't there yet, he says.
Virtual Computer says it has 50 or so paid customers, and several hundred in pilot mode, with most deployments in the 50- to 100-seat range. But most customers see client hypervisors "as more of a 2012 initiative," Wolf says.
Even when the technology matures, it may be most suitable for small deployments targeted at specific users, according to Song. "In terms of long-term adoption I'm seeing it as more of a complementary technology to VDI, rather than a stand-alone product," he says.
Follow Jon Brodkin on Twitter: www.twitter.com/jbrodkin
Read more about data center in Network World's Data Center section.