A few weeks ago, I sat on a webcast panel that was essentially a repeat of a session the same panel we all gave at Citrix Synergy. We managed to get to a lot of questions, but there were a few left over that I jotted down to address later. My intent is to get a comment conversation started about the answers, but I’ll also chip in my two cents to get the ball rolling.
By no means is this meant to be a comprehensive list of all the questions that were asked, and there are many, many more that people have (like how can you maintain a “secured” corporate image in a Type 2 hypervisor on an unsecured host). These are just some of the interesting questions that we didn’t get to answer.
Question 1: How does the client side hypervisor bridge the gap between the different teams in the IT organization?
I've written about this "IT department drama" before, specifically dealing with how management is divided between physical desktops, virtual desktops (TS & VDI) and servers. It’s not an easy question to answer, and I’m not sure that client side hypervisors do anything to help bridge the gap.
In fact, in “simpler” (it’s in quotes because I can’t think of a better word) situation like standardizing the HAL for imaging or running a “work” VM, I think that bringing the virtualization to the client side will have almost no effect. In a traditional IT department with a “Desktop Team” and a “Server Team”, the server guys wouldn’t care one bit what the desktop people are doing. Even if we add in the desktop composition or layering pieces, the server team would be pretty hands-off.
For more complex environments, such as offline VDI, there might be a fair amount of conversation going on between the desktop team (assuming they manage the hypervisor on the client) and the server team (assuming they manage the hypervisor on the server).
Then again, it might even spur an organization to realign the departments to accommodate the “new desktop” or to put in place a more comprehensive workflow for who owns which pieces.
Question 2: When will the client hypervisor support a Linux Image?
If you look at the big picture of ALL client hypervisors, several already do, especially in the Type-2 world. I’m assuming, however, that this question is related to just Type-1 hypervisors, in which case there are two that can do it today—Virtual Bridges VERDE LEAF (which is part of VERDE 4), and Virtual Computer NxTop.
Most people don’t look at LEAF as a Type-1 client hypervisor, but if you boil it down to the basics (hardened Linux kernel designed to run on desktop hardware for the sole purpose of running VM’s), I think it fits. Brian wrote a great article on this very topic about a month ago with some great comments
As for when Citrix and VMware will support a Linux image, I think the answer is something like “when enough of their customers ask for it.” So, whoever asked that question, get two or three hundred of your closest friends to start asking!
Question 3: I can't hear the audio…
Question 4: It seems like the majority of the focus is on managing the "OS Container" - where is the integration with the management within the OS?
The direction to take this answer depends on WHY you’re using client virtualization.
If you’re using client virtualization as a local-only solution to standardize your images, run Windows on a Mac, or provide people with multiple VM’s for one reason or another, you’re probably going to be managing the VM’s the same way you manage your PC’s.
If you’re using it as a deployment mechanism for a shared image (as in offline VDI), then you need to look at the bigger picture of “desktop composition.” OS patches and core applications would be handled by whatever provisioning system you use. Other applications might be streamed to the desktop, in which case managing/updating them is handled by whatever streaming product you choose. Security, user data, and profiles also fall in the same line.
It boils down to that client virtualization is just one piece of giving a user a locally executed desktop OS in a managed, isolated, secure, but ultimately flexible, way.
Question 5: What is the evolving standard to maintain the custom user application settings from virtual hypervisors or virtual applications?
This one is tough because the industry is so young. Admittedly, Type 2 client virtualization has been around in one shape or another for a long time, but using virtualization on the client side for the purpose of deploying the primary desktop of a user is a relatively young concept. We’re finding new challenges (and solutions to those challenges) all the time, so there’s no one-size-fits-all standard yet.
I asked Brian to take a stab at this one, too, and this is what he came up with:
No “standard” yet, and I’m not sure this question is specifically related to the hypervisor per se. To me this is more about layering. Yes we need a solution to maintain the user app settings separately from the app binaries and the OS settings and binaries, but we need that regardless of whether the desktop is running in a VM or on bare metal or in the datacenter or on the endpoint... Right now no one is in the lead. Citrix has some basic profile management stuff but recommends AppSense. VMware bought RTO. You also have RES Software, Scense, triCerat, and others doing this. Plus there are “layering” solutions that attempt to abstract user settings (I’m thinking MokaFive and Unidesk). And then many of the app virtualization vendors themselves are starting to talk about isolating and virtualizing app settings along with app binaries (I’m thinking Symantec, InstallFree, and ThinApp). So really there are a lot of ways this could happen, and nothing is even close to being a standard yet.
Question 6: How will independent VMs on a client owned PC address the issue of corporate versions of software (e.g. XP with Office 2008) and client versions of the same software (e.g. Win7 with Office 2010) on a single PC potentially confusing many users?
I suppose this kind of thing is unavoidable, at least to some degree. There are (or could be) ways to standardize an application set so that documents in one VM are opened with an app from the other, but there’s some security tradeoffs there that a lot of companies wouldn’t be willing to make. Also, in the case of different versions, there might be licensing considerations, too.
In the end, I think a lot of this has to do with education. Perhaps, as more and more people enter the workforce with more computer savvy, it won’t be as big of an issue going forward, but that’s probably wishful thinking. Realistically, I think users need to be educated about what is actually happening on their box. They don’t need to know about Ring 0 or memory allocation or anything, but the simple fact of being aware that there is a “work computer” and a “home computer” both running on the same piece of hardware can go a long way.