Intel is eyeing a plan for using software to boost a PCs ability to fight hackers, talk on the phone and even capture television programs in the future.
The chip maker, which launched its security and manageability-focused vPro brand on April 24, is contemplating mounting an effort to establish a standard method for adding virtual appliances—purpose-built software applications that run on top of their own miniature operating systems inside virtualized partitions—to PCs, a company executive said.
The effort would propose to change the manner in which PCs use virtualization—technology that can divide up a computer to run different software—by allowing manufacturers as well as businesses and consumers to turn to the technology to add one or more virtual appliances to their PCs to boost security, add communications capabilities or even add personal video recorders or other entertainment features.
The approach could prove more popular than using virtualization to run two or more operating systems simultaneously on a PC, something virtualization makes possible today.
Thus, it might also speed up the adoption of virtualization in the PC space. Today, the machines have little in the way of virtualization software available to them.
“The virtual appliance model has one OS, which you interact with, and a separate partition with an embedded appliance. Its a specifically-built [software] device to be able to do a very narrow set of functions,” said Mike Ferron-Jones, director of Intels Digital Office Platforms Division in Santa, Clara, Calif.
“The way were setting it up is youd just go to one vendor…and they would provide you everything youd need” for an appliance to do a job like enhancing security.
vPro desktops, due in the third quarter of 2006, will be capable of handling virtualization software such as VMware workstation or Xen by XenSource. However, the numbers of businesses that will actually put them to use, broadly, are likely to be small, Ferron-Jones said.
Even at a company like Intel, probably less than 5 percent of PC users need multiple OSes, as scenario costs can add up fairly quickly when accounting for virtualization software costs, in addition to those for extra operating systems and applications, he estimated.
“The virtual appliance model is designed to be much lower cost,” he said.
The first security and manageability appliances designed specifically for vPro PCs will come from Symantec and Altiris, Intel has said.
But Intel isnt the only company looking to virtualization or even pitching virtual appliances to augment PCs. PC maker Lenovo Group and Astaro, based in Burlington, Mass., have both crafted virtual management and security appliances.
Astaro introduced its Security Gateway for VMware, which it claims to be the worlds first network security virtual security appliance, on May 10.
The appliance, Astaro executives said, offers the same features as a separate hardware-based security appliance by running the firms applications on top of virtualization software from VMware.
“Its a pretty natural evolution when you consider that virtualization started on the mainframe and were only now just seeing it in the x86 PC world, as with many different technologies before it,” said Alex Neihaus, vice president of marketing for Astaro.
“There are a lot of benefits that companies can realize by applying this approach to security, from the ability to respond to attacks and infrastructure changes more rapidly, to the cost savings related to buying fewer devices.”
Lenovo, for its part, is nearing the introduction of a virtualization appliance-like software module designed to augment its Rescue and Recovery software.
Virtualization to the Rescue
The module, to be unveiled along with a new version of Rescue and Recovery on May 16, is one of Lenovos ThinkVantage Technologies. The manufacturer bundles the add-ons in its PCs in an effort to help cut management costs for businesses.
Rescue and Recovery 3.1, like its predecessors, will serve to back up a PCs data and then restore it upon a crash or after a malware attack.
A feature dubbed Antidote Delivery Engine, which works to patch software before its restored on a PC to ensure that a machine wont become immediately reinfected, will gain a virtualization module, said Lee Highsmith, program manager for ThinkVantage Technologies at Lenovo in Raleigh, N.C.
The module will turn Antidote Delivery Engine into a virtual appliance of sorts, allowing the application to reside in its own partition, making it more resistant to crashes and ensuring it can still be reached by IT managers even if the PCs operating system has been compromised, Highsmith said.
The engines virtualized state can also allow it to act as a gateway of sorts for network traffic and, among other things, allow it to ensure that an infected PC does not get back on to a companys main network without having been patched and rendered safe, Highsmith said.
Thus, the “virtualization Module is the way to improve the ability to lock down systems and extend the ability to recover them,” he said.
However, “For what we do, the lack of standards wasnt an issue. I look at technologies like this as a kind of a ball of clay. What can you shape from it that saves customers money…or makes them more productive?”
But not everyone is sold on virtual appliances, yet.
Virtualization has been heralded as inherently safe. However, at least one analyst said that while Intels work around virtualization could provide major benefits for security, theres still some question about whether the appliance approach couldnt be exploited as an entry point for hackers.
“If someone did breach the device on this level, theyd have fresh access to the processor, and theres a good chance that you might never know that someone has gotten in there,” Andrew Braunberg, analyst for Current Analysis, based in Port Washington, N.Y.
Braunberg also said that since Intels plans only allow for one partition and hence one virtual appliance, some companies may hold off on adopting the approach.
Symantec, for one, would support a virtualization standard effort by Intel, given the work its already undertaking for vPro, a company official said.
Symantec “always attempts to support industry standards,” said Leo Cohen, vice president of architecture at Symantec in Cupertino, Calif.
But getting other industry players onboard with a standard virtual appliance approach might take some time, Astaros Neihaus said.
“Virtualization provides a standard environment in that it is already an abstract of a perfect machine. So really the hardware involved in creating that scenario is irrelevant,” said Neihaus.
“There is a need to push virtualization into the physical hardware, but part of the beauty of this approach is that its not really a necessity.”
Intel, no stranger to creating industry standards in both hardware and software, will seek to foster a broader crop of virtual appliance if it moves forward with the effort, according to Ferron-Jones.
Much of the companys work would then be in areas such as illuminating ways that developers could pair their software with its Intel Virtualization Technology, or on-chip virtualization support, all in the name of streamlining development.
Intel has also created its own software to establish partitions for virtual appliances—it uses that software to set up partitions for vPro.
The chip makers vPro Professional platform will be the only one to offer a security or a manageability appliance at first. Later on, Intel has indicated, it expects other companies will create virtual appliances for vPro PCs as well.
But, machines outside of the vPro Professional platform might not gain appliances in the near future, Ferron-Jones indicated.
Generally, Intel aims to keep more advanced features paired with its premium products. Although theres nothing to prevent PC makers like Lenovo from adding their own appliances to just about any model.
“Virtualization is a bit of a brave new world,” Highsmith said. “There will be a lot of experimentation” early on. But standards will emerge over time, he predicted.
“Id imagine, over time, youll see standards emerge and more platforms emerge from folks like Intel and Microsoft and others,” Highsmith said.
“I think that will only help virtualization. Itll low the bar for entry into the arena.”