Virtual Computer collaborates with Lenovo-NxTop the industry’s best enterprise-class type 1 client hypervisor?

Virtual Computer are to optimize their NxTop client virtualization and management solution to operate with select models of Lenovo laptops and desktops PC platforms. For their part, Lenovo will allow customers to have Virtual Computer’s NxTop client loaded onto their custom images, direct from the factory. This announcement was an interesting for organisations considering changing their PC management model to use a client hypervisor. It not only promotes confidence in client hypervisors supporting a wider range of devices, it also demonstrates that device vendors themselves are willing to embrace client hypervisors as a deployment technology.

Less than a week later, Citrix’s Simon Crosby harumphed that analysts didn’t fully understand the fact that “XenClient is the industry’s only enterprise-class type 1 client hypervisor“. A bold statement. Dell and HP had utilised Citrix’s Synergy  conference in 2010 to promote new laptop models that supported Citrix’s XenClient client hypervisor solution. Dell, HP and Lenovo all make reference to XenClient as part of their ‘secure solutions’. Yet, in those announcements there was no emphasis on “collaboration”: no factory installation of XenClient; no optimisation. I’d suggest that it was more of an exercise of promoting high-end laptops than advancement of an enterprise ready client hypervisor solution. What perhaps is more useful here about Simon’s statement is that it was about the hypervisor, not the hypervisor as a PC management solution.

What is “an enterprise class hypervisor”? What “type 1” solutions are available to you and why (if at all) are they useful? How will other hardware vendors respond to Virtual Computer’s Lenovo collaboration?

What Are Client Hypervisors?

There are two types of client hypervisors. Client hypervisors that rely on an operating system (such as Microsoft’s Windows) being present are typically referred to as ‘type 2’ client hypervisors. ‘Type 1’ on the other hand, also known as ‘bare metal client hypervisors’, are installed directly onto the hardware. Type 1 hypervisors offer business greater control over the end-device, and improved performance and security for virtual machines running on that device.  Type 1 hypervisors have tend to have more specific hardware requirements than Type 2 hypervisors and will likely need to have the existing operating system (OS) removed. Type 2 hypervisors require more resources than a traditional OS (typically, they perform better with greater memory, CPU and disk size) yet they offer wider hardware support than Type 1, and don’t require you to remove the existing OS.

Why is a Type 1  Client Hypervisor Useful?

An excellent question and I’m glad you asked: really, you’re the type of reader I’ve got time for. Client hypervisors have typically been deployed to create a secure environment on a device: allowing you to safely operate workspaces with different trust levels on the same image. That’s useful, but has tended to be a requirement for a small set of users and/or organisations. As businesses look to create more flexible and mobile working opportunities for users the question arises – how do we manage these distributed devices?

A problem with traditional deployment methods is – either you’ve no central image or build process at all or, if you do, the deployment and management process is bonded to a device: each type of device has it’s own workspace image. Laptop and a desktop – that’s two images. Two laptop models  and a desktop – three images.. and so on and so on. Both models –  the unmanaged method (also known as the ivenotgottimeforthisimtoobusy deployment method)  and a device per image method are costly to maintain. The greater cost savings for desktop management come from improving the management, and reducing  the build instances.

A client hypervisor enables centralisation but it doesn’t run in the data centre, it runs on the user’s device: allowing image centralisation like hosted desktops, but without the large infrastructure costs and the need for every user  to work on-line. This allows for reduced and more effective administration (one image, multiple devices); it also enables remote backup and recovery of user data because user data can be separated from the operating system environment. Client hypervisors can use resources of the local device, they can be used off-line and hypervisors can allow users access to multiple workspaces from the same device.

Is there only an up-side to client hypervisors?


Ha ha!

Only joking.

Of course not.

When considering a client hypervisor for PC management, especially a type 1 client hypervisor,  you need to understand three fundamentals:

  • All Devices Are Not Equal: on a standard PC, the OS runs directly on the hardware. With any client hypervisor solution your devices run multiple operating systems. There is an overhead for this. Many Type 1 hypervisors have a restrictive hardware support list in that the core client side hypervisor (which is itself a stripped down operating system) will not run on every device. Type 2 have a wider device support, but performance can degrade without upgrading memory, device disk capacity and performance can also sometimes be an issue. You may not be able to simply re-use existing devices.
  • If you virtualize Bad Management, it is still Bad Management: If you don’t have a workspace management/desktop management service in place, if your environment is unmanaged – deploying and managing client hypervisors may separate the environments you are working with – but it adds complexity and may make problems worse. Before client hypervisors the users could only wreck one operating environment. Now they can break lots – at the same time. You now have another environment to support and maintain – the client hypervisor.
  • Microsoft Needs to Be Paid: As we discussed in our article on licensing – default OEM device licenses aren’t compatible with client hypervisor solutions. If you’re deploying Microsoft desktop OSes – you need to upgrade your device licenses in some way.

What Type 1 Client Virtualization Solutions are available?

Client virtualization solutions have been available for a number years, typically as a solution for secure environments where need to run different systems on same device. More recently vendors, such as Virtual Computer, have used a client hypervisor as a tool to offer organisations an improved PC management experience. Type 1 solutions include:

  • Citrix XenClient:  Citrix’s XenClient consists of two components – the client hypervisor, which is installed on each device and a server component which is a virtual appliance that can be run on XenServer. XenClient’s client hardware compatibility list is currently restricted to Intel processor and graphic chipset. The server component allows users to copy their virtual machine to a central file store, and receive a pre-configured virtual machine. You can enable and disable a device’s environment. Note, there is no integration with XenDesktop services with XenClient – you can connect to a XenDesktop environment if your VM has the Citrix Receiver installed but with the current release XenClient is an independent service.
  • Integrity Global Security:  the most secure client virtualisation environment, with a hypervisor specifically designed and built to be highly secure. In collaboration with Dell, the INTEGRITY Secure Consolidated Client was the first and is the only operating system to be certified by the United States’ National Information Assurance Partnership to EAL6+ High Robustness.  However in order achieve this, the device is a specific Dell PC, with separate hard drives and network cards  for each environment: a laptop version is planned for later in 2011. There is no device management function offered – other solutions would be required to deploy and manage the images running on the highly secure client hypervisor.
  • Secunet – SINA Virtual Workstation: Secunet have a suite of products under the SINA brand to provide organisations with secure distributed environments. The SINA Virtual Workstation is a client hypervisor that can provide for a secure separation of virtual machines on a client device. Again, there is no management function of the operating systems within the virtual machines, and the solution is only supported on specific Thinkpad laptop models.
  • Virtual Computer NXtop. NxTop  is made up of two components – the NxTop Engine is the client hypervisor and NxTop Center is the management service. Together the Engine and the Management service provide the components for the NxTop Enterprise architecture, Virtual Computer’s  PC management solution. The Virtual Computer hypervisor has the widest hardware support of vendors listed here supporting Intel and AMD chipsets and Intel, NVIDIA or ATI graphics. The Nxtop Center does require a Microsoft 2008R2 server as virtual images are created and maintained using Microsoft’s Hyper-V: which means this server cannot be virtualised. NxTop Centre is the component that the other vendors don’t have – with that, you are able to create, deploy and manage virtual machines to users, backup and recover user data, manage peripheral access, update the engine and enable/disable access to a device.

Given MokaFive’s recent video release it would appear that they will also be able to join this list soon. MokaFive’s  Type 2 client hypervisor solution is very impressive: I expect their first Type 1 offering to fit between Virtual Computer’s NxTop and XenClient in terms of accessibility, management functions and device support. The key factors will be, how wide is the hardware compatibility list and ‘how are virtual images managed’. Will you, for instance, be able to switch users between Type#1 and type#2 solutions? At present Virtual Computer offers a rich Type 1 pc management environment and has the wider hardware support – it will be interesting to see how MokaFive endeavour to match and exceed that.

Key Challenges

Client hypervisors have typically been used to either provide development and test environments, or to provide an environment to access to workspaces with different security requirements from a single device. A key challenge for those considering client hypervisors is to answer “how does it make what I’ve got better?”

You can use it to allow access to different environments. But in doing so, how do you manage the environments that the client hypervisor supports?  How do you provide image  management and deployment; user backup and recover, control of the device’s hardware functions and peripherals? Do you restrict users to specific devices, or give a broad choice – the greater the hardware support of the client hypervisor, the greater your flexibility in getting the right device to meet the user’s needs and your department’s budget.

The client hypervisor itself is the means of  hosting an image on a device.  To be part of a solution that offers “better” ideally that secure environment gives access to a central management service for the distributed devices to connect to. That management service needs to not only be able to distribute images, but track the versioning, updating and control of them too. It also needs to be able to do the same with the user’s settings and data.

Key challenges for client hypervisor PC management solutions include:

  • How to deploy images to distributed users: new virtual machines can be large – how are these large files sent to users, how are updates tracked and sent in a timely fashion? How do you validate that the remote updates are being sent to the right user and device, and that the user is receiving their updates from the correct source?
  • How to authenticate remote users how to authenticate remote users to the local virtual machines.
  • How to keep up with hardware changes: there is an issue with device manufacturers changing hardware components and those components not being supported by the client hypervisor. In addition, device manufacturers have developed a number of ways to add value to their products – hot-key or function key access, power saving software, additional encryption and security features. A challenge is, how are these transitioned into a virtualised environment that can be run on any device?

Device vendors like Dell, HP and Lenovo see client hypervisors as beneficial in two ways. Firstly, as a means of driving new device sales; but also as a way of  providing additional services. Simon Bramfitt commented that HP will be shipping webOS with all devices.

Having a client hypervisor offers opportunity to sell not only the device, but the ability to manage that device. This offers an interesting opportunity not only for businesses, but for the general consumer market – sell a device with OS and data support; the ability to move data to new device making upgrades to newer model easier and the ability to offer additional services – such as OS rental, as long as the OS provider had a license model that suited such a service.

Ready for the Enterprise?

There are a number of client hypervisor solutions that can be used by enterprises today. The focus for these have been on security. If it is about ensuring that environments are isolated the “best” in this instance would be those with recognised accreditations, such as those from Integrity Global Security and Secunet: but this in turn set limitations on device types. If your enterprise can doesn’t require such stringent security, then NxTop offers the client hypervisor with the widest hardware support. Like XenClient – the NxTop Engine is free to download and install. If you wanted to explore how you can use client hypervisors as part of a PC management solution, you can manage up-to five devices using NxTop Express for free. At moment, the only vendor offering an enterprise ready PC management solution based on client hypervisor is Virtual Computer. The partnership with Lenovo is likely first in number of  announcements. Nxtop is Enterprise ready, with such deals enterprises will be better ready for NxTop.