Parallels could hold the key to user-installed applications

Happy "User-installed Application Week," everyone! On Monday, Brian wrote an article about a solution he sees for enabling user-installed applications in a VDI scenario.

Happy "User-installed Application Week," everyone! On Monday, Brian wrote an article about a solution he sees for enabling user-installed applications in a VDI scenario. The article received over 30 comments, and there is quite a bit of good information in them. If you haven't taken the time to read through them, I suggest you take a look.

Brian's solution involved using a hypervisor on the client (type 1 or type 2) for the user-installed applications, managing them with any of the various methods available.  This solution, while technically dealing with the problem, is more of a workaround than a solution.  It is inefficient and consumes more resources and admin time than I think is necessary.  Still, if you really need to have user-installed apps, it's definitely an option.

What I want to know, and what I hope someone can answer, is whether or not Parallels can provide a real solution to this problem. We've heard of Parallels Virtuozzo Containers (formerly just Parallels Virtuozzo), which creates what it calls "containers" on a single installation of Windows Server. Each container is 100% isolated from another and from the base OS using what Parallels calls "OS Virtualization" (as opposed to Platform Virtualization and Application Virtualization).

My thought, and the question that I'm posing to the community and to Parallels, is this:

Is it possible to make a version of Parallels Virtuozzo Containers that runs on Windows 7 that would enable users to install their own apps and have (manageable) control over one container, while leaving the other container fully managed by IT?

Obviously, there's more to it than that run-on sentence.  You'd need to be able to manage that other container to some degree--anti-malware, anti-phishing, antivirus, file/driver/service access, and so on all need to be taken into consideration, but can't that already be done with the server product?

The benefits over running an entire second virtual machine are enormous. A second VM will consume gigabytes of memory and a sizable chunk of the hard drive, not to mention the resources shared between the first VM. That's a performance tax on both machines that results in more inefficiencies for each machine from both a user's standpoint and from an IT perspective. With Virtuozzo, each container would consume 50MB of resources and would not require a large chunk of disk space to be dedicated to the supporting files for the second OS. The end result would be a two environments, one user-controlled and one IT-controlled, with the only loss being about 50MB of memory.

Now, can Parallels do it? Windows 7 and Windows Server 2008 R2 share the same code base, and I would imagine that they're working on a version of Virtuozzo that supports R2 right now. Does that mean that it's not too much of a stretch to port it to Windows 7?

I think this counts as an actual solution to user-installed apps, as opposed to a workaround.  The buzzword of the season (besides "cloud," of course) is "layering," and this could be viewed as a sort of user-controlled layer.  What do you think?

 

Join the conversation

12 comments

Send me notifications when other members comment.

Please create a username to comment.

I think the vendor needs to chime in with the answer about client OS support.


That said I had issues with the VC RC for X64 Svr 08 and the desktop theme. It wouldnt stick...


Maybe I was missing something... but It was an RC i guess.


Cancel

Gabe you wrote "Is it possible to make a version of Parallels Virtuozzo Containers that runs on Windows 7 that would enable users to install their own apps and have (manageable) control over one container, while leaving the other container fully managed by IT?" and it will give you only Svr08 desktop not Win7.


Just to note, even though isolated, I have experienced issues where a reboot of the host server is required to free up "isolated" containers.


AV is installed and managed only on the host, not the individual containers.


Cancel

Rumour has it that AppSense are bringing something out that addresses this issue.  Unsure what it is exactly, but it is something like users can install applications in to a VDI image, but instead of installing it, it essentially packages it up in a "streamed" package and it is attached somehow to the user profile.  Then on each install the application comes back, so it is a user managed application.


Trying to find out more details on it though.


Cancel

@Jason - That's great! I was just telling Brian in a webcast we were recording how I think that some sort of intelligent packaging could be the solution to all of this. The key is that it is a 100% hands-off solution that requires no admin intervention.  


Cancel

We (AppSense) have been working on this area for sometime now, and actually only announced the technology back at the BriForum event - see the video where one of our Product Managers, Chris Oldroyd demonstrated the early wares during the event - www.brianmadden.com/.../briforum-2009-demo-lab-appsense.aspx


As Gabe states, this is absolutely about seamless integration to ensure it just works - however this needs a form of management wrapped around it - ensure that the admin can get involved if required.


There will be more information around our approach available publicly soon, but in the mean time, please do take a quick look at the video.


Cancel

Just use RingCube if that is what you want to do. They install most apps on a Desktop OS. A decent product with management and policy. No need to wait for Parallels to address this, who's approach is not as robust as RingCube.


That said this whole approach will fail outside of very simply implementations. Too hard to patch, keep up with MS, vendor risk etc.


To me, anybody who uses the term user installed apps is naive about how to mange a real IT environment.


Cancel

Viewfinity, also do at install time encapuslation at the endpoint.


Cancel

Hi, Parallels here.  


The simple answer to your question is yes, it is possible to make a version of Parallels Virtuozzo Containers that runs on Windows 7 that would enable users to install their own apps and have (manageable) control over one container, while leaving the other container fully managed by IT.


Essentially you provision two containers for each employee.  One container is locked down (restricted user rights) and with the other you grant admin rights or limited rights to the user, which effectively doubles your VDI implementation. This is where the Containers approach to VDI really shines as by going down the hypervisor route, which has much lower density, and therefore supports fewer desktops, it becomes a much more expensive proposition.


We will definitely support this feature in the next version of Parallels Virtuozzo Containers designed to support Windows server 2008 R2 and due out in the first half of next year. With this version, virtual desktops will be easily and seamlessly converted to Containers with even higher density then we have today.


Cancel

I don't doubt Parallels can accomplish the task.  They are not always the fastest at supporting the latest OS versions, but their virtualization products have seen significant gains in features & perfomance over the last year to two.  


The sticking point is Microsoft Licensing.  Does Windows 7 allow a 'container' model of virtualization without requiring VECD?  I doubt it, and that recurring cost alone would be prohibitive.


Additionally, I may be naive, but under what circumstances does a corporation (small, medium or large) allow users to install applications at all, much less without prior approval.  I certainly don't allow it for our small company, but then we're regulated by HIPAA. Maybe Gabe or Brian could offer substantive evidence for needing such a feature in the first place.


Cancel

@Jase: I totally forgot about this SafeSpace from AppSense. I tried it 2 years ago and I remember it was really slow. I hope they made it perform better. And then there's always the relatively high cost of AppSense products.


Cancel

I think that all of this depends on what the actual requirement is for user-installed applications.  I would like to clarify how AppSense perceive this requirement and what type of solution we are bringing to market.  


This is the AppSense approach.  Check it out at  https://bit.ly/HyODd


Cancel

So here are my thoughts, and I do not pretend to know everything, or how everybody operates. For the small percentage of users that do need to be able to install applications (and I do think overall this ia a very small percentage of users, perhaps less than 10%), why not just persistently assign them to virtual desktops like they currently are to a physical desktop?  I have however always suscribed to the IT should manage desktops in "most" environments, and think that IT providing access to an available library of virtualized applications with App-V (for example) is a great solution.


Anytime users are allowed to do "whatever they want", i.e. installing their own software, you require more IT staff to fix the problems they create, open yourself to liability for what they install (as companies are legally responsible for what is installed on corporate assets) and user profiles bloat.


I think that except for the small percentage of users that "require" a do whatever you want/need, users are better off with something that IT controls so they don't huirt themselves (and others).


Perhaps another approach would be to allow users to have software installations create a request that is forwarded to IT for authorization, and/or assistance?


My 2 cents.  The more options that are available the better, as no one solution is perfect for everyone.


Cancel

-ADS BY GOOGLE

SearchVirtualDesktop

SearchEnterpriseDesktop

SearchServerVirtualization

SearchVMware

Close