Yesterday Microsoft bought desktop virtualization vendor Kidaro for an undisclosed amount (although rumors suggest as much as $100M). Kidaro makes virtualization software and management tools that "package" Windows desktop images into VMs that can run locally on users' computers. It's a lot like VMware's ACE product, although Kidaro has much better management capabilities.
First, why would anyone want this technology?
Kidaro is a desktop virtualization vendor, although not in the most traditional "VDI" sense. Whereas the de-facto definition of "VDI" means users connecting via server-based computing protocols to desktops running in a datacenter (VMs, blades, or Terminal Servers), a more broad (and more correct in my opinion) definition of "desktop virtualization" would include ANY technology that separates the OS image from the client computing device. Based on that definition, Kidaro (as well as OS streaming solutions like Citrix Provisioning Server) also play in the VDI space.
So Kidaro is a desktop virtualization vendor. In their system, a user's "desktop" is packaged up into a single file which includes the hypervisor, the Windows OS, applications, and settings. Then this single file can be ported / copied / streamed / executed from just about any computing device. The idea is the user can have an unmanaged computer, and they can visit a Kidaro-based portal and click a link to run their "desktop," which will copy / stream the Kidaro desktop down to their device. Alternatively the Kidaro desktop could be deployed via DVD or even USB stick. (The USB option is a cool concept. Instead of giving your employees PCs, just give them a stick. They can pop it into any Windows PC and run their completely locked-down and managed VM from anywhere. The hypervisor ensures a proper security barrier exists between the VM and the host.
Kidaro is perfect for the whole "Employee-owned PC" thing that I've written about in the past. It lets IT deliver a secure, controlled, locked-down desktop that also works offline (the big FAIL of traditional VDI so far), while leveraging many of the benefits of single-image control and per-user personalization and software streaming.
Note: Please please please remember that one of my "soap box" issues is that there is no single desktop delivery solution or technology that will EVER work for 100% of users. I think the future will see a blend of some local desktops and some remote, some shared (TS) and some single instance, some local apps and some streamed, some online and some offline. To me, the "holy grail" is not a single technology that can be used for all, but a single product (or suite) that's INTEGRATED that lets all of these various technologies work together to truly provide any app, to any device, over any connection. But that is still a dream at this point.
Why did Microsoft buy Kidaro?
The real reason? I think they're scared. They're scared of losing control of how Windows is used and deployed. Windows is [one of] Microsoft's cash cows. They will do anything to protect it. This is why they "pooh-poohed" virtualization until it was apparent that their competitors could actually slide in between Windows and the hardware and control how Windows worked. This is why they ignored application virtualization until they absolutely needed it to help Vista's sales.
I think Microsoft is truly starting to "get it" with regards to virtualization. I don't mean in the big ways because of stupid press releases with a million "look how cool we are" bullets. I mean in the little ways that are not obvious at first, like the fact that they combined the virtualization, SoftGrid, and Terminal Server MVPs into a single "virtualization" group. I think they're starting to finally understand that the world is changing, and if they want to continue to sell very high numbers of Vista licenses (and Software Assurance) to businesses, they have to change too.
So Microsoft has Terminal Services. They add all sorts of cool new features to it in Windows 2008. They buy SoftGrid. They buy Calista. They change their long-held licensing policy and start legally allowing people to run Vista in a VM.
If you take a step back and think about about the entire application and desktop delivery space, how many different technologies / techniques are there?
- Remote Terminal Server-based desktops
- Remote single-instance desktops (Blades or Vista / XP VMs)
- Streamed desktop disk images running locally on native hardware
- Desktop images running in VM wrappers on local hardware (This is what we're talking about in this article)
- Traditionally-installed local applications
- Streamed / virtualized / isolated local applications
- Remote Terminal Server-based applications
- Remote single-instance based applications
If you look at these eight items, where does Microsoft play today? They have something to offer in most of these spaces. And the places they don't have, you can bet they will either (a) partner, (b) build / acquire this capability, or (Secret Option "C") partner until they decide the market is right, then buy a competitor the the company they've been partnering with up until that point.
Microsoft's strongest partner in this new age-y desktop and application delivery space is Citrix. Up until yesterday, Microsoft+Citrix could do 7 of the 8 things on that list. What was missing? Item # 4, "Desktop images running in VM wrappers on local hardware." Could Microsoft ignore that? Sure. Except for the fact that VMware had an offering (ACE), and VMware is Microsoft and Citrix's #1 competitor in this space.
(If it was so obvious, then where was my article about this two months ago? Um... It's around here somewhere I think! :) Ahh, hindsight! I'm an analyst, not a predictor of future trends apparently.) Regardless, you had to know something was coming in this space. There's just too much juice for Microsoft not to take a sip. (And then to punch and kick everyone else sipping from the same pitcher, and then to take over the juice factory and fruit growing operation, and then to offer people all the juice they want for $250 per year while stopping the sale of juice in one-off cartons.)
What Microsoft will do with Kidaro
Unlike the Calista aquisition (where Calista didn't actually have any shipping products), Kidaro has something for sale today. Microsoft is changing the name of the Kidaro product to "Microsoft Enterprise Desktop Virtualization," and instead of selling it as a stand-alone product, they're bundling with the "Microsoft Desktop Optimization Pack" (or "MDOP"). MDOP is sort of a random hodge-podge collection of cool software that Microsoft has bought from other companies over the years. As of now it includes:
- Microsoft SoftGrid Application Virtualization (SoftGrid)
- Microsoft System Center Desktop Error Monitoring
- Microsoft Asset Inventory Service (AssetMetrix)
- Microsoft Diagnostics and Recovery Toolset (Winternals Administator’s Pak)
- Microsoft Advanced Group Policy Management (DesktopStandard GPOVault)
- And today, Microsoft Enterprise Desktop Virtualization (Kidaro)
The price of the MDOP is only $8 per user, so it's essentially free. The catch is that you can't just go out and buy an MDOP. It's only available for people to do a multi-year desktop software "lease" via Microsoft's Software Assurance program. And you can't just lease MDOP. You have to be paying for SA on desktops first, and then you can add-on MDOP. And if you ever stop paying, you lose access to these technologies and products. (With Windows 7 looking more and more like a 2010 release, you gotta have something to offer customers who pay for SA!)
Then again, if people are subscribing to SA with MDOP already, it's just another product for free!
(Thanks Tim for suggesting some clarifications to the MDOP description.)
How will this impact VMware?
Like I said, VMware has a product that competes with Kidaro: VMware ACE. It seems that Kidaro has more manageability than ACE, and with it being bundled into the MDOP, this could be trouble for them.
Rumors have been circulating that VMware was going to cancel ACE because it hasn't really taken off like they expected. (Of course virtual appliances haven't really taken off either, but this didn't stop them from dedicating a whole conference to them in France a few weeks ago, so who knows?) Will this speed ACE's demise, or will this "validate" the technology and reinvigorate those who like the concept but love VMware even more?
One of the coolest features of Kidaro is the ability to hide the desktop window of the guest OS, creating a very cool user experience where guest application windows run seamlessly within the host's desktop. This is a feature (called "Unity") that VMware offers in their Mac version of VMware Workstation (called "VMware Fusion). If VMware wants to keep ACE, they're going to need to create a Unity-like features.
More importantly, though, is that VMware also will need to do something to improve the administration and management experience of ACE. They need to make it just as simple and easy to deploy desktops via ACE as it is via VDM2. Actually, they should just combine these into a single product, allowing a single desktop image via a single management tool to be used for remote (VDI) and local (ACE) use.
How will this impact Citrix?
Some people have suggested that Citrix missed the boat on this--that Citrix should have bought Kidaro. But I don't think that's true. Citrix really has a lot of the elements they need to offer something similar. They have Provisioning Server which can stream images down to a workstation. They have some experience in Xen which can maybe be used to re-purpose the Xen hypervisor so it will run in Windows.
But most importantly, Citrix has a friendship with Microsoft. With Microsoft buying Kidaro, I think there's a plausible case to be made that now Citrix doesn't have to "worry" about ACE at all. They can let Microsoft roll-out Kidaro, and then Citrix can "embrace and extend" it by integrating with Provisioning Server, Citrix XenApp, etc. (Pete, when is Provisioning Server going to let users take images offline?)
If Microsoft really did pay $100M for Kidaro, then that's all the more reason that Citrix made the right move by letting them go to Microsoft.