Can you use a bare metal Client-Side Hypervisor to Manage your Desktops?

Virtual Computer recently announced the availability of their NxTop product for free for up to five users. NxTop combines centralized virtual desktop management with a “bare-metal” client-hypervisor to make managing many desktops as easy as managing one. But, you may ask, what can a client side hypervisor do for me?

It’s likely you’re one of the 46,000 who have, apparently, downloaded Citrix’s XenClient. Maybe you took one look at the depressingly short hardware compatibility list and thought “it’s not going to work for us”: or maybe, like me, you ignored pretty much all the documentation when you downloaded it and only referenced that list when the XenClient failed to install on the third device. In which case its likely you’re asking ‘it sounds an interesting concept, but I don’t have the hardware to support it’. Maybe you’re one of the many who were expecting VMWare to release something.. sometime… maybe.

We’ve taken a look under the hood of a simple NxTop installation and put together a white-paper, A Look Under the Hood of Virtual Computer’s NxTop, to help you understand the installation requirements and the process of setting up clients and servers. In it we’ve considered the benefits, and issues, of a client-side hypervisor solution and how you can use such a service to manage your environment.  How do you license such a service and indeed, how does a client-side hypervisor solution compare to VDI?

A barrier to introducing VDI is often the complexity and high initial costs such a solution can involve. Can you use a bare metal client-side hypervisor to manage your desktops? Should you?

What Client-Side Hypervisors Can Offer You

A client-side hypervisor is, quite simply, a hypervisor running locally on a client device. The name does somewhat give it away.  A Client Side Hypervisor (CSHv) allows you to:-

  • Deploy a standardized image to end devices – regardless of that device – be it a laptop, a standard desktop, a blade – your devices can be managed from a central location with common builds across the estate.
  • Monitor and manage a workspace outside of the operating system – it’s all very well having an agent that operates  within the OS to provide updates and management when the OS is working; but having a bare metal hypervisor allows you to offer management functions in the event of a failed OS, possibly to allow re-deployment, or restored deployment to a new device
  • Run multiple workspaces on one device – excellent for testing, or development, providing access to different services (e.g. two workspaces during a merger) from the same device..
  • Enable virtualization without a data-centre – hosting desktop sessions in a data-centre can be a costly undertaking – a bare metal hypervisor allows you to utilize distributed computing while making use of the management and reliability savings virtualization is able to deliver.

A bare-metal client side hypervisor is a CSHv that needs to run its own operating system in order to manage and all access to the virtualized images. NxTop is one of three products I’m aware of – the others being Citrix’s XenClient and Neocleus’ NeoSphere. Feel free to pop a comment in if you know of others.

It is important to note a bare-metal CSHv will not run on all devices. A key success factor in deploying a bare-metal CSHv is “do your existing (or about to be purchased) devices support this feature”?

A bare-metal CSHv service isn’t a solution for reinvigorating older devices. Citrix XenClient’s release was to a very restrictive set of hardware. However, Virtual Computer’s NxTop Engine hardware support on the other hand is far wider and although it currently only supports Intel VT-x and Intel or NVIDIA graphics this is set to be extended to include AMD processors and ATI graphics card support by Q3 2010. The number of devices supported by NxTop is therefore much higher – and if your devices are 1-2 years old, likely to be supported already.

Are there advantages in deploying a CSHv that sits on an OS – such as those by MokaFive, RingCube or Wanova for example? While device support will be wider, bear in mind that you are now reliant on the stability and security of the locally installed operating system, and that the device needs to run not only the image(s) that you’ve deployed – but the local OS itself. Will the demands of that local operating environment impact on the performance and security of your deployed image? Such issues are less likely a concern with a bare metal client-side hypervisor.

In our white-paper, we discuss this further.

At its core, a CSHv makes each end device consistent; with fewer images to support, this makes it easier – and so cheaper – to manage your devices. In addition, you are using almost the full resources of each device to run that workspace image: no need for servers to host devices in your data centre. In turn this can mean a cheaper desktop service – as your server costs and storage costs will not be as high as, say, a VDI solution.

Client Side Hypervisor, But Really, it’s all About Management

It is important to understand that the hypervisor itself is effectively only going to enable the running of the hosted images on the end device. The goal of utilizing that functionality is to provide your organization with the tools to efficiently manage devices and the user data stored on them.

A CSHv service needs to include:-

  • Centralized Management – your service needs to allow you to have a central console for all desktop management activities. IT teams create and maintain a single virtual machine per operating system that can be published to all of your users and these machines need to be able to be updated, to be patched in a reliable and timely fashion.
  • Policy Controls – a thin client solution – such as VDI or Presentation Virtualization  is “secure” because  no data is stored on the end device. Obviously, this is not the case with a CSHv.  Organizations need to be able to protect against data leakage and unauthorized use through a robust set of policy controls. These controls should restrict access to hardware such as USB ports and network interfaces based on centrally defined policies at global, group, and individual-user levels. You’d also benefit from having the facility to have a time-based expiration on-demand remote disablement of images – giving a greater flexibility for those who you provide access to for desktop services.
  • Security – those policies need to be built on a secure platform. It needs to guard against tampering and should have disk encryption enabled. In the event of a device being lost or stolen you need to be confident that if you can remotely, and securely, remove the data on that device.
  • Backup and Restore – a benefit of centralization is improved backup and restore capabilities – reducing downtime and lost productivity. A CSHv needs not only to be able to deploy images, but be able to protect the user data’s on the device. In addition, it should be able to allow users to easily recover and restore their environment in the event of hardware failure or loss.

NxTop Center is the management component of Virtual Computer’s offering and this is the most visible part that differentiates it from Citrix’s XenClient release – in our white-paper we’ll walk through the features available in the console and compare this against the Citrix equivalent.

Is a Client-Side Hypervisor a Viable Device Management Tool?

The answer, as ever, is “it depends”. “No!” I hear you cry “what a cop out…”. Let me explain.

It’s not all about the Benjamins – it’s all about the data.

Server Based Computing – and for this we’ll encompass both VDI (hosted desktops) and PV (Presentation Virtualization) – offers you a centralized, secure mechanism for giving users a workspace to have access to their data. If you’ve a distributed environment – remote offices for example, home workers, outsourced contractors –  providing remote access to a centralized workspace can reduce the need for expensive WAN networks and enable access via the Internet. Great.

However, two things are at issue here. Firstly, when the user’s workspace is running on a “remote” device what’s the user experience like? More importantly, what happens for off-line access – i.e. what happens when you don’t have a network connection?

Use Client Resources Better

In the first instance – the applications are running locally on the device –using the local client resources. The impact of remote protocols in this instance are less.Not only is the user experience different, your administrators mindset, tool-set and skill-set needs to be updated – for now they are not only managing “the desktop” – they need to consider the management of the servers that host those desktops. Moreover, VDI solutions can often rely on client-side components  – with Citrix’s XenDesktop for instance, you need to effectively manage a local Windows install to provide full HDX compatibility. If you’ve to deploy a local OS – even Zero Clients will have a minimal OS – you’ll need to manage that.  How is moving to VDI that relies on a local OS an advantage? Where is your cost saving? Why not simply manage the local OS better? And, obviously, SBC cannot deliver an off-line environment.

A bare metal CSHv allows you to create a working environment that can be deployed to devices easily – (almost) regardless of that device type. But, from a capital expenditure point of view, the server capacity in the data-center can be less, as each user has a device running the image.

A CSHv can be used to deliver desktop services throughout your environment: it is not just a solution for laptops. A factor to focus on is the transportability of the image across end devices – you’re less likely tied to a particular device hardware vendor. Easier to deploy different devices, so easier to accommodate different devices: if Dell (picking a hardware vendor at random) decides to change the chip-set, it doesn’t necessarily throw a spanner in the works. You can shop for the best value devices, not the devices that suit your build.

Granted, there is a server cost for management, but that server cost is much lower  than Server Based Computing (SBC) solutions – as you’re utilizing the computing power of the end devices not making demands of the server to host the user’s sessions. In addition, CSHv is more akin to the management that your admins are used to  – using existing tools such as pre-prepared images but now, potentially, its just one image independent of the hardware.

Allowing Remote Data Management

CSHv can deliver an off-line environment. Importantly, your CSHv solution shouldn’t just provide tools to manage the applications and OS – but the user data as well. A common problem with remote workers is that their devices aren’t

Granted – if they never connect to a network – you’re going to have to rely on some other backup solution. However, CSHv can provide you with an option to allow remote backups, centrally stored on your network which in turn lets you recover data to your remote users in the event of a problem.

There is always a “but“..

That’s not to say CSHv is not without its caveats. We discuss these in more detail in the white-paper but consider :-

  • Where are your users in relation to your data: will they need to backup and restore a large amount of data?
  • How you license the service for each device: OEM licences don’t support can’t be used to support a bare-metal CSHv?
  • How application deployment is integrated: do you layer applications in or build those applications as part of the image?
  • How you  plan to migrate from your existing environment to a CSHv managed one?
  • A bare metal CSHv isn’t a Bring Your Own Computer enabler: even though NxTop supports a ‘dual-boot’ instance for their NxTop Engine the users may well baulk at the fact they need to either replace their existing operating system with a ‘corporate managed’ core OS, or repartition their existing hard drive.

Do these issues mean that a bare metal CSHv can’t be considered as a viable solution?

Not necessarily.

Bare-metal CSHv, such as Virtual Computer’s NxTop, offer an alternative and workable solution. If you have devices capable of supporting the bare metal CSHv, and you have an environment that needs to support off-line working bare metal CSHv solutions could well be for you. I’d even suggest Nxtop, could negate VDI/PV in some LAN based environments – primarily as the initial infrastructure costs are lower.

Can Client-Side Hypervisors replace VDI in every instance?

No. No because there situations where having the application and the data hosted on the same device is not practical – SQL database access from a remote office for instance. Now, this may change in the future as services become more web-based; but at the moment this is not the case. There are still a vast amount of client/server based applications – on a windows desktop platform –  and as such that style of data access is far better served with an SBC solution if you’ve got remote users. It is interesting to understand that Virtual Computer are working on Nxtop Connect – which will be a “thin” provisioned VM allow remote access to SBC service – marrying the two environments together. Or, use a CSHv to manage the end environment and have a SBC application deployment mechanism.

However, laptop/off-line access aside, LAN based desktop management case is interesting one. If your hosts are LAN based “data access” is moot – you’re on the LAN. At the same time the centralization that CSHv offers doesn’t require servers to run the images – it requires a server to manage the images. Infrastructure costs are potentially far less, and of course, there is no need for the licensing costs for each of the services to support VDI. You can indeed centralize without the expanding your data-center needs.

Can a bare metal Client Side Hypervisor Deploy and Manage Workspaces?

Note here I’ve included both those CSHv that have their own OS (like NxTop and XenClient) and those that sit on a host’s OS (such as MokaFive or RingCube).

The short answer – yes. Yes, because although there is room for improvement, there is a core functional service available that can be utilized now.

Of the two bare-metal CSHv I’ve seen (Virtual Computer’s NxTop and Citrix’s XenClient)- NxTop, as a tool for management of your devices is the more feature rich and viable for production. XenClient is however, still only a release candidate. What I haven’t had chance to have a look at is Neocleus’ Neosphere solution – but then there’s always a chance to have a look under the hood of that product – and hosted client-side hypervisors.

Interestingly, Neocleus Neosphere is that their solution has been utilized by BigFix, a leading provider of managed services for client systems to leverage its management platform for heterogeneous client systems without requiring customers to opt for a VDI infrastructure. CSHv is not a simple point solution for remote users: it can support an entire infrastructure.

Bare-metal hypervisors, such as Virtual Computer‘s NxTop can be utilized to effectively manage your desktop environment, provided they have a functional management interface. That said, bear in mind this is a developing technology, but it is a technology that offers you the opportunity to manage your desktops with virtualization without the larger infrastructure requirements of VDI but, that doesn’t mean to say it wholly replaces SBC solutions: but it is a useful option to consider not only for laptop users, but for your entire desktop estate.

If you’d like to read more our white-paper A Look Under the Hood of Virtual Computer’s NxTop is free to download after a quick registration.