We have been talking about layering now for the better part of a year, and while it's an interesting technology, it's sort of an ambiguous concept to a lot of people. There are a number of vendors out there with layering solutions--MokaFive, Wanova, and RingCube, to name a few. But what is layering, and why is it important?
What is Layering?
Conceptually, layering is a method of controlling a user environment by breaking Windows down into separate, manageable pieces called layers. Typically, the base layer is the corporate OS image, with maybe a few fundamental things like access control or antivirus apps. Then, on top of that, ride other layers, like corporate applications, user data, non-persistent data, user installed applications, and so on. Layers can be managed independently and by different groups, giving very granular control to users' workspace.
(from John Whaley's presentation at BriForum 2009 entitled: "Use of Layers in Desktop Virtualization Management")
In a way, layering is like silk screening a t-shirt. Each layer builds upon the one before it to ultimately produce was we all see. In this way, each layer is a separated out component of the users workspace, and can be anything from low level executables and settings to a user's mouse pointer or background picture. All of these layers combined completes the picture and presents a single unified workspace to the user.
Layering can offer many benefits, including:
- Simplified image management. A simple base image with multiple, small layers, rather than many large base images.
- Backups and snapshots. Layers can be backed up individually, making rollbacks easy.
- Easy application provisioning and de-provisioning. Application layers are either turned on or off. Conflicts can be resolved via policies.
- User installed applications. UIA's can exist in their own layer that can be turned on/off, or restored should something bad happen (which, since it's a UIA layer, will surely happen).
How is it done?
How it's done is a question without a single answer, unfortunately. How each vendor does it's thing would take a much longer article, but each has it's use cases in a relatively young marketplace. Still, I was once a consultant and should be able to weave together an general answer to that question :) Here goes nothing:
There are quite a few techniques to layering, some of which have been around for as long as we have. Fundamentally, things like roaming profiles and folder redirection can be considered a type of layering. Inserting users' configurations, files, and other information into a base OS is one of the key aspects of layering, so these certainly qualify.
Of course, profiles and folder redirection have their drawbacks (none of which are new to anyone), so other methods have also been invented. Application virtualization products, of which there have to be a dozen now, have been adding applications on top of base images for many years. I remember my "I don't install apps" Softricity pin from a Swan & Dolphin iForum in 2002 or so, so it's been at least that long. Of course, that became App-V, and we also have Citrix XenApp Streaming, ThinApp, InstallFree, XenoCode, Symantec Workspace Streaming, and many more.
Application Virtualization doesn't work in all environments or with all applications, though. And even when it does, applications are typically isolated from one another, which means tweaking things to make them more usable. That's left an opening for a new breed of workspace management that relies on the use of some of the tactics and methods brought on by the widespread use of virtualization. This is where the ambiguity of the current layering philosophy begins to appear. There are several companies, MokaFive, RingCube, and Wanova to name a few, that have workspace management solutions that are based on some sort of layering, but each uses different methods to accomplish the same goal.
The general idea is that the layers are applied to a base OS image. Each layer is a piece of the whole workspace, where one layer might be the configuration for domain membership and unique machine identification information, another might contain kernel components, and still more layers that might each contain applications or other configurations.
Some vendors accomplish this with virtual machines on a client side hypervisor (Type 2, not Type 1) and multiple disk images, with each disk image representing a layer (MokaFive). Others have solutions that ride on top of the existing OS (no hypervisor needed) while still using disk images as layers (RingCube). Others stream the layers to the client, enabling more efficient backups and updates over the WAN and for remote users (Wanova). And while one may not work as well in your situation as another, they all present a new way of compartmentalizing the user environment into individually provisioned components that can be managed separately. In fact, the separation of management alone might be a qualifying use case, given that it allows for a division of ownership with relation to the desktop (as I wrote about last month).
How does it fit into VDI?
Even though layering is pretty young, it's easy to see how it fits into VDI. Layering the user environment on top of a small base image is a pretty valuable method of workspace management.
This is one of the reasons that both Symantec and VMware have OEM'd RTO Software's Virtual Profiles--it allows them to layer in the user's settings, data, and policies--to go along with their respective application virtualization solutions. Sure, it's not layering in the "new" sense, but obviously the big players see the potential and want to make sure they have some sort of comparable workspace management solution.
The reason it's becoming so popular now is because VDI has become a hot topic. With SBC solutions, workspace management was spent trying to achieve a balance so that all your users could coexist together on the same box. Since one of the attractions of VDI is removing (or at least dulling) that constraint, it opens the industry up for solutions to problems that we didn't really have before, or that weren't really identified as fixable problems. Application Virtualization is about as close as we got to layering in an SBC environment.
Layering should come into its own along side of the other client virtualization technologies over the next year or so. Virtual Computer and Neocleus already have client hypervisor products on the market, and with Citrix and VMware set to release theirs in the coming months, there should be more opportunities for layering solutions to grow in popularity. I wouldn't be surprised to see some layering vendors either teaming up with or being acquired by the big guys.
I also think that Microsoft could help the layering concept along. Currently, the layering vendors are more or less getting under the hood of Windows and rewiring it to do their bidding. This is why we have so many different methods and approaches. If Microsoft were to "layerize" Windows more to allow more development effort to be spent on the actual workspace management and less on rewiring Windows and working around any shortcomings, it would be a boon to the concept and allow it grow much faster than it has been.
So, are you using or evaluating any layering solution now? Share your thoughts, please!