With the dramatic cost savings and management benefits that server virtualization delivers for enterprises, just about every IT problem area is starting to be cast as yet another nail to be driven by the hammer of virtualization.
The IT industry’s largest vendors are scrambling to outfit enterprises with a virtualization tool for every occasion. And, as illustrated by Microsoft’s recent purchase of Kidaro, these vendors are betting that the desktop is the next IT trouble area to receive the virtual treatment.
Sure enough, desktop management is one of the thorniest and most thankless tasks with which IT departments are charged. Administrators must provide their users with secure, reliable access to a desktop environment that includes the applications that users require to get their work done.
This application security and availability mandate requires that administrators keep a motley assortment of hardware and software platforms up-to-date and in proper working order. Worse, these systems may reside outside the company premises, lack reliable network connectivity or even belong to partner companies, part-time contractors or individual workers.
I’m defining desktop virtualization as the products and services that separate the client software environment from the client hardware environment-whether that’s through server-based computing on Microsoft’s Terminal Services or Citrix Systems; running multiple operating system instances on something such as VMware ESX Server; or running a desktop environment in a virtual instance within your client hardware, which is the approach that Kidaro pursues.
Each of these three major classes of desktop virtualization comes with its own benefits, drawbacks and level of maturity.
However, considering the differences among typical servers and desktops, it’s unlikely that desktop virtualization-in any of its forms-will deliver the same breadth of management benefits that server virtualization products such as VMware ESX Server and Citrix XenServer offer.
With servers, network connectivity is a given-a disconnected server is practically worthless-but no such assumption can be made with client hardware, which is useful even when it’s offline. What’s more, servers tend to follow a one-application-per-machine model, which typically results in the sort of low use that lends itself well to consolidating multiple servers onto a single piece of hardware. Desktops and notebooks, on the other hand, carry multiple applications and arguably less predictable use patterns.
But, while desktop virtualization is not a cure-all, the current crop of desktop virtualization products can, if used properly, help solve some tricky desktop management problems.
While the buzz around desktop virtualization has grown recently, the trick of separating a user’s desktop session from his or her local hardware has been around for some time now in the form of server-based computing products such as Terminal Services and Citrix’s Presentation Server (now called XenApp). These familiar products enable administrators to divvy a server or cluster of servers residing within their companies’ premises into managed desktop environments for multiple users.
Server-based computing products offer a number of benefits for desktop virtualization, including a high desktop environment-to-server density ratio and, since application data remains server-side, a good story around data protection.
Another important benefit of server-based desktop virtualization is the maturity of these products. Since Citrix began pushing this form of application delivery, vendors, resellers and administrators have encountered and overcome various implementation issues. These include providing users with printer and peripheral access and enabling users sharing a common environment to access different sets of applications.
The biggest downside of desktop virtualization via server-based computing is the network connectivity that it requires. Without a reliable link to the back-end presentation servers, users cannot access their desktops. Also, certain applications do not install or run happily within a server-based computing environment, which obviously does not work well for users requiring these applications.
Finally, since server-based computing users are sharing a common environment under a single machine, users requiring fuller control over their operating environments-??ísuch as developers who must be able to reboot their systems–will find the model an unsatisfactory fit.
Virtual Desktop Infrastructure
Virtual Desktop Infrastructure
For users requiring more control over their desktop environments than is possible with server-based computing, there’s virtual desktop infrastructure-a route to desktop virtualization that basically works the same way server virtualization does. One or more pieces of server hardware running a hypervisor product such as VMware ESX Server or Citrix XenServer host multiple desktop virtual machines, which users then access through a remote desktop technology such as VNC (Virtual Network Computing) or Microsoft’s RDP (Remote Desktop Protocol).
Because each user gets his or her own VM image, each person can run different operating system versions and-system performance permitting-whatever applications those operating systems support. What’s more, the VM separation that virtual desktop infrastructure offers means that if one user’s virtual instance crashes or must be restarted, it won’t affect other users on the host system.
The downside of this additional isolation and control is much lower user-per-host density than you can squeeze out of a server-based computing solution.
In addition, the fact that each user gets his or her own image can result in the sort of management chaos that administrators are looking to avoid. However, virtual desktop infrastructure may be teamed with so-called application virtualization products-such as the Ardence Desktop product that Citrix recently acquired-to smooth management by enabling administrators to layer customized application sets atop a generic virtual machine image.
VMware’s virtual desktop infrastructure offering combines the ESX Server with a virtual desktop management product to help coordinate administration and provisioning. Citrix offers a virtual desktop infrastructure product of its own, called XenDesktop, that combines the XenServer virtualization host with the company’s technology around remote desktop delivery.
Other vendors-such as Sun Microsystems and Quest Software, through its recent Provision Networks acquisition-work with third-party hyper??ívisor providers to knit together a desktop virtualization solution.
The third, and least mature, form of desktop virtualization is the sort of client-side virtualization approach evinced by recent Microsoft acquisition Kidaro, VMware’s ACE, Sentillion’s vThere and Qumranet’s SolidICE.
Where virtual desktop infrastructure and server-based computing products focus on connecting users to desktop environments hosted on a back-end server, client-side virtualization products move the focus to individual users’ hardware.
The biggest advantage of this desktop virtualization route is that it works in offline scenarios and adds some interesting deployment flexibility-with the ability to, for example, deploy a virtual desktop on a USB key.
However, client-side virtualization requires beefier user hardware than does virtual desktop infrastructure or server-based computing, both of which can operate over thin-client hardware as well as over standard desktop or notebook hardware.
But the biggest concern surrounding client-side virtualization is security.
Unlike the server-based computing and virtual desktop infrastructure models, in which data resides on a remote server, the client-side route places potentially sensitive information on much more easily lost or stolen hardware.
What’s more, with user systems-including, potentially, systems that fall outside the control of one’s IT department-playing host to virtual environments, a company’s potential attack surface increases significantly.
Looking forward, the availability of thin, secure hypervisors running atop client hardware might enable IT departments to carve out a secure piece of a user’s system while allowing users to do as they wish with their own isolated portions of these systems.