If Symantec buys a client hypervisor, they could own the desktop virtualization market in two years

We've spent the past year or so talking about when (or whether) desktop virtualization will take off and replace most corporate desktops. (And just a reminder, the term "desktop virtualization" on BrianMadden.

We’ve spent the past year or so talking about when (or whether) desktop virtualization will take off and replace most corporate desktops. (And just a reminder, the term “desktop virtualization” on BrianMadden.com includes ALL methods of separating OS management from the client device, including VDI, client hypervisors, OS streaming, server-based computing, etc.)

Today’s full-on desktop virtualization successes are limited, with most people using Citrix or Terminal Server SBC solutions, and then a much smaller number of people using OS streaming and VDI.

So if you consider that there are something like 500-700 million corporate laptop and desktops in the world, we probably only have, what, 20 million virtualized today? (I’m saying 20 million even though Citrix has over 70 million ICA licenses sold because the vast majority of Citrix are traditional fat desktops or laptops connecting to seamless apps via XenApp. So in those cases, the end user's desktops are not virtual desktops.)

How does the world grow from 20m to 500m virtual desktops?

Since there's still so much growth ahead of us for virtual desktops, it's interesting to think what it will take to get us there. Certainly there’s a technology component that needs to be considered, in that today's technology just flat-out isn't good enough to handle the myriad of different use cases needed to get these other 480 million users onto virtual desktops.

Then there’s the fact that despite the technology not being ready, the vendors are talking about it like it is ready. And so far a lot of people are being disappointed. (Just to be clear, again, the disappointment is when people try to use this stuff for things it can’t really do. But there are lots of cases where it all works fine.) This notion led to that interesting conversation we had last week about desktop virtualization (or at least “VDI”) being in the “trough of disillusionment.”

But getting back to the question about how we grow this technology from 20m desktops to 500m desktops, the real challenge is going to be convincing “regular” desktop admins that it’s ok to do. The easiest way is to follow Jerry McGuire’s advice and “Show them the money!” Show them a reason to switch that is believable and demonstrable and makes good financial sense. We have a lot of examples of this already, even in the desktop virtualization industry.

For instance, remember how skeptical people were of Citrix and Terminal Server before seeing it for the first time? But both technologies are tremendously popular because they solve a slew of real problems. And remember how skeptical people were of server virtualization before seeing it for the first time? Again, server virtualization was so successful because it just plain worked and the ROI was so simple. In both cases the technologies first won with easy use cases, and then spread from there. (See “killer app.”)

So what’s the easy win for desktop virtualization? What’s it going to take to convince the administrators of the 480 million traditional desktops to switch? It’s not VDI. VDI is a nice use case, but VDI is nothing more than server-based computing with a bit more compatibility. So Citrix and Terminal Server already got the easy win on server-based computing a few years ago, and the incremental advantages of VDI are not interesting enough to reach the other 480 million users.

One potential easy win for desktop virtualization could be around client hypervisors. As I’ve written in the past, I’m most excited about client hypervisors because they provide a common piece of “hardware” for admins to deploy to. So if the worlds’ existing desktop admins can embrace client hypervisors, I think we have an easy way to bring 480 million additional users in the world of virtual desktops.

How do we get client hypervisors to the "other" 480 million desktops?

I generally frame the desktop virtualization industry in terms of five “big” vendors: Microsoft, Citrix, and VMware are the Top 3 (in terms of importance), with Symantec and Quest rounding out the Top 5. With regards to client hypervisors, I wrote about everyone last week. But as a refresher, Citrix and VMware are working on their own offerings, as are two small start-ups, Neocleus and Virtual Computer.

Of those “Big 5” desktop virtualization vendors, only Citrix and VMware are talking about client hypervisors. While I think they’ll both make quality products, I don’t think either one of them will make a dent in the 480 million traditional PC markets.

The problem with Citrix is that their users only know them as delivering Terminal Server-based server-based computing apps. So while that’s worked well for them, Citrix is not the “go to” company people think of outside of their existing niche. VMware has a similar problem, in that they're thought of as a "virtualization" vendor and not a "desktop" vendor. So both Citrix and VMware have to really work hard to get the regular admins who control the 480m remaining desktops to think of them.

Actually, of the Big 5 companies, only two have desktop influence over large swaths of those 480m desktops: Microsoft and Symantec.

So far Microsoft has no plans for client hypervisors. And when you ask them about client hypervisors, they kind of laugh them off, (probably because they want to protect themselves a bit, and let's face it, client hypervisors are disruptive, and existing monopolies are not exactly known for their ability to disrupt themselves).

So that leaves Symantec.

Here's how Symantec can extend desktop virtualization to the other 480m users

First, Symantec needs to buy one of the smaller client hypervisor vendors--either Neocleus or Virtual Computer.

Next (and this is the key part), Symantec needs to integrate the client hypervisor with their Altiris product line, and NOT focus on their Endpoint Virtualization Suite. Why? Let's take a step back before digging deeper into Symantec.

Symantec is huge now, with a lot of products spread across several groups. I want to focus on two right now: the "endpoint virtualization" group and the "Altiris Client Management Suite."

The “endpoint virtualization” group was just formed a few months ago. It owns four products:

  • Symantec Workspace Virtualization (app virtualization, formerly Altiris SVS)
  • Symantec Workspace Streaming (app streaming, formerly AppStream)
  • Symantec Workspace Corporate / Workspace Remote (connection broker, formerly nSuite)
  • Symantec Workspace Profiles (profile and user environment virtualization, an OEM version of RTO Virtual Profiles)

The "endpoint management" group, which owns several products, among them:

  • Client Management Suite (the old Altiris stuff)
  • Ghost
  • Package Studio

In the endpoint management group, I'm mostly interested in the Client Management Suite. If you're not familiar with it, it's a lot like Microsoft SMS (now called System Center Configuration Manager) in that it combines software and hardware inventory, automated OS installation, software installation and patching, and remote support capabilities. So imagine if Symantec buys a client hypervisor and sticks that into the Client Management Suite product. That would be like saying, “Ok customer, you manage all these different computer configurations now. What if let you manage these things just like you do today, except every user magically hard the exact same hardware configuration."

Back in March when Symantec announced the new version of their Client Manaement Suite, I wrote a snarky article sort of laughing at them for focusing on this “old” way of managing desktops. And I was even sort of joking with the endpoint desktop virtualization guys about this “old way” and how crazy it was. But since then I’ve realized the “old way” is the perfect path to get to the new way.

The problem with VDI (or with moving an entire desktop to Terminal Server) is that these things are VERY disruptive. I've been talking and talking and talking about how "desktop virtualization" is different and it's hard and game changing.

And then it occurred to me:

As long as desktop virtualization is hard and game changing, no one is going to do it!

So that got me thinking about the easy wins that would apply to the environments of the other 480 million users. And imagine... I don't know how many Client Management Suite seats are deployed, but if Symantec gets a client hypervisor in there, then you'd have tens of millions of regular non-virtualization geeks adopting a form of desktop virtualization without even knowing it.

Then think about how Symantec could take the other assets and capabilities of the Enpoint Virtualization Suite and integrate them into the Client Management Suite. The Client Management Suite already includes the new Workspace Virtualization (their term for "app virtualization"). If they added profile virtualization and app streaming into the mix--wow! Actually the only thing from the Endpoint Virtualization Suite they wouldn't need would be the connection broker (although that might be cool if they wanted to bridge the gap between traditional desktops and server-based remote desktops).

This sets up Symantec for the ultimate solution

Client Management Suite plus a client hypervisor is all Symantec needs to really put a hurt on Citrix and VMware in the traditional client space. But just imagine how they could pull even more ahead.

Even though I like client hypervisors more for the hardware "white washing" than I do for the ability to run mutiple side-by-side VMs, a lot of people have been talking about how it would be cool to run utilities and stuff in parallel VMs on a client device. So for example, instead of installing and running antivirus software on top of Windows, you could download an antivirus virtual appliance that you're run on your client out-of-band. The same can be true for firewall services or for backup software.

Well guess what? Symantec just happens to sell antivirus, online backup, firewall, configuration management, and a host of other capabilities that would fit right into a client hypervisor. And since they'd make the hypervisor and the virtual appliances, they could hook-in via some cool methods, without having to create watered-down VMsafe-like interfaces.

Actually, heck, that would rock. Maybe they need a new CTO to make it all happen! ;)

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Brian, I have to say I completely agree with your analysis.

In my view, ease of management is an increasingly important factor in the adoption of new technologies. As emerging technologies make managing an IT infrastructure more complex and dispersed, vendors _need_ to put much greater focus on how to simplify management and ease integration.

Microsoft is doing a great job at this with ther System Center line and by unifying their Management consoles and interfaces (MMC3 & PowerShell)

Citrix has been slowly moving in the right direction as well (moving XenApp management into MMC) and I hope Citrix further unifies their Xen* management tools.


Brian I have to agree with you here also.  I have been using Altiris for about six years now...and I think Symantec has to do something like this or they will loose many of their customers over the next few years as the VDI solutions mature and become more affordable.  This may be their second grasp of wind.

It would also be cool if they could finally come out with a anti-virus/anti-malware virtual appliance, removing the need to install these into the virtual machines inwhich it could monitor.  I think you may have been getting at this in your last paragraph, but then I lost you when you said "without having to create watered-down VMsafe-like" because it is the technology like VM-safe that they'll need in order to pull this off.


I agree that running virtual appliances out-of-band on the desktop has great value, but the vendor can't be sloppy. They must leverage it so that the hardware resources are used more efficiently when doing this.

Another thing Symantec needs is to gain trust from the general set of professionals managing desktops. I gather from your wink after suggesting a new Symantec CTO that you would be willing to take on that role, Brian? Certainly having you as their CTO would result in an immediate trust from large numbers of IT professionals.


Great analysis and pretty consistent with what we see and hear. One item seems to be left out  - the biggest barrier to adoption. We hear about  on a consistent basis from every sized organization --- "What do I do with the client hardware devices I already have?" Our answer REGARDLESS of VDI vendor or hardware is Thin Desktop. Check out thinlaunch.com to see why???



Regarding what I said about VMsafe.. what I meant is that VMware is trying to protect their hypervisor in some ways, so VMsafe doesn't quite have everything in it that people need. So maybe Symantec can't do everything they want to in an AV virtual appliance for VMware, for example.

But if Symantec has their own hypervisor that they can access with their own virtual appliances, they can expose whatever they want.


I really liked your article but I disagree about Symantec. While they have done well getting good products in the past few years, they have not done well sustaining or integrating those technologies or keeping core talent. If I had a choice of similar products from VMWare or Citrix, or at mitigating risk by using pieces from other vendors, it would be a no-brainer.  


Brian Quote

Then there’s the fact that despite the technology not being ready, the vendors are talking about it like it is ready. And so far a lot of people are being disappointed..


I can't think of any product or technology that hasn't gone through this period. Some people jump on board and the find the pitfalls pretty quick.. then the buzz wears off. It's not magic just more technology. I remember the buzz around terminal server products years ago. People pumped it up time and time again only to have a meltdown when it didn't deliver absolutely everything for every user.

So is there any indication of a single VD product going for the goal of gaining wide audience popularity? One that uses a framework such as the one was stated by Brian...I don't think one vendor has it or even has it coming soon.

Maybe this is because of the industry itself, inevitable incremental updates to existing tech.

Is this a paradox situation? where you must kill the fat windows pc and some legacy tech to make a leap forward, but you can't because this level of technology is what users and admin staff are sure of.

I hope the clouds save us :)


Nice analysis - I would recommend also a deeper look into HP's vision of managing the physical and virtual clients (Client Automation - former Novadigm Radia product); this suite already integrates partly with VMware & Citrix virtualization products...

And why shouldn't they also looking after Neocleus or Virtual Computer - there was a rumor as well over the last years about HP taking over Symantec ...


Having only one side of the puzzle adds limited value for me, infact it increases my costs by having more management infrastructures. The whole concept of VDI as termed by the vendors is just confusing people.  I laugh when I hear a call center has just done VDI, what a $$$$ use case that costs more with VDI that plain old SBC (insert fav vendor) could solve easily with or without thin clients, and enable resue of exisiting PCs. No need for a thinlaunch, it's 2 weeks work to build it yourself. Also the article completely misses the point about session mobility as a huge reason for VDI or SBC in the first place. I'd ask the question without the benefits of VDI/SBC how much value is there really in pure client side virt? You just end up managing more fat distributed desktops instances even if it's single mage, increasing risk on laptops and complexity in management, Marry the three SBC/VDI/Client plus apps virt, user stuff etc and you have a real solution to address broad use cases making the cost vs. benefit easier to justify at scale and a more powerful cloud solution.

As for Symantec, yeah I hate how they have made so little progress with their Altiris suite over th years, the A-client still sucks and the managment concole is a joke. Can't wait to get rid if it with WIM or something else much more enterprise ready. Symantec a desktop company? Come on, they are a secuirty company, so this whole boo hoo thing that desktop guys will never get it is just an insult to desktop guys... If my desktop guys were that stupid I'd fire them and hire real systems engineers who are not vendor biggots. I'd position MS and Citrix far stronger as desktop guys, and VMWare at least the places I have seen is run by backwards minded datacenter dinasaurs, who don't get it.

I do agree that VDI as incorrectly positioned by the vendors today is hard and $$$ and won't catch on en mass until it's simple. That to me means it has to go hand in hand with hosted and local use cases, i.e a unified management system. Not point solutions from 10 different vendors to support 10 different desktop use cases. Virtual Computer is much better positioned to do this looking at their technology. Moka 5 has a better management aproach then any of them today also, granted Type 2, but the myth of Type 1 is here now is exactly that a myth fanned by vendors and bloggers who don't understand the cost and real time of hardware refresh cycles. Neoclues is just a security (to a point, note type 1 has been hacked) and does nothing to manage the OS in the VM.

On the Hypervisor side, I don't buy that virtual appliances can do everything or perform as well as doing something from the OS layer. Pehaps Symantec is better positioned to build a hybrid solution, but again the management of all this will be yet another disconnected layer.

I think what's really interesting here, is that Xen (not XenSource) is very well positioned to be become the defacto standard for the Client. Their open nature is enabling a client ecosystem, and I can't see what VMWare will do there. Perhaps VMWare will have to opensource their Client Hypervisor.....Perhaps KVM will make a play here as a open source play.


Definitely the solution to virtualize the other 480 million desktops should not be “hard and game changing” but rather a non-disruptive approach, as you noted “without even noticing it.”  Moving the user environment including applications  and settings  between a standard image OS should be a seamless process.  A method we’re looking at is low touch and has the desktop being virtualized on-the-fly  including existing applications,  user customizations and data.  Such approach does not change the user’s experience or day-to-day IT operations.  The end result is a hypervisor-like features virtualized desktop and has features to manage a distributed desktop environment.  


Symantec has the best technology to beat all the others. We developed VirtualStorm on top of Symantec software and that brought the most compeling solution in years.

1.2Gb full clones.

Single point of management.

One image fits all. Not only the office workers, but with Appstreams technology also the offline laptops. And all on top of Vmware or Xensource hypervisor.

Symantec saw it and loves it.


I agree with the overall analysis but not necessarily with the vendor. I would say that Microsoft have actually taken some timid steps toward virtual machines for the desktop in the form of MEDV, its rebrand of Kidaro. Although originally created for applications that wouldn't work in Vista, MEDV does provide a means for streaming virtual images to the desktop with a decent level of policy based management. While not as low level and as comprehensive as the likes of Virtual Computer it is only in its first release and integration with Systems Center Configuration Manager, (ConfigMgr), is certainly much closer than anything Symantec could hope to achieve with the Altiris Client Management Suite, that thing's a total mess, a patchwork of poorly put together purchases.

It may not be the direction Microsoft is heading but I think MEDV, along with App-V, both part of the MDOP suite, if integrated into ConfigMgr could provide for a compelling client management solution.