Citrix and Intel Take Major Step on the Path Toward a Client Hypervisor

Today Citrix and Intel announced a partnership that will bring embedded client hypervisors to market by the end of the year. This is part of the Citrix “Project Independence” client solution.

Those that attended our Catalyst Europe conference last October saw Citrix’s Ian Pratt conduct a live demonstration of a Xen-based client hypervisor. Following the demonstration, I asked Ian about Citrix’s plans to bring such a solution to market. Ian proceeded to make his best poker face and replied “We currently have no plans for a client hypervisor.” Members of the audience (which included VMware CTO Steve Herrod, Neocleus CTO Etay Bogner, and Virtual Computer CEO Dan McCall) weren’t convinced, and neither was I.

Here’s a basic view of the client hypervisor architecture.

The idea is pretty simple (in theory) - run a hypervisor on the client device that allows you to partition it into multiple virtual desktop systems. I say “in theory” because getting the hypervisor to work with a myriad of client-side wireless adapters, video adapters, and sound cards, for example, is no easy feat. Also, “getting the hypervisor to work” with devices like video adapters alone isn’t enough. A user with the latest video adapter may want to leverage its full power to run games in his personal VM, for example. It’s important to note that the Citrix-Intel announcement involves running a bare metal Xen hypervisor, which is far different than a hosted (Type II) hypervisor such as VMware ACE, VMware Workstation, or Virtual PC. With the hosted hypervisor model, the hypervisor runs on a host operating system (e.g., Windows XP), and unless the endpoint OS is fully trusted, questions of risk will always arise. With the bare metal hypervisor, the only code between a corporate (IT-owned) VM and the hardware is the hypervisor. TPMs could also be leveraged to validate the authenticity of the hypervisor.

Users can maintain a personal virtual desktop VM and would be free to install personal software on it as well. Furthermore, IT could implement policies that only allow the corporate VMs to connect to the organization’s internal LAN. You could get creative with personal VMs as well, such as giving them wireless access to Internet resources via an isolated network subnet (similar to how visitors may be granted Internet access today).

The client hypervisor also opens doors to employee-owned PCs, where employees can receive vouchers and select from a list of allowable laptops, for example. In such cases, hardware and personal VM support could be turned over directly to the laptop OEM. This frees the IT staff to only have to worry about the corporate VM.

Let’s take this a step further and include a synchronization component within the desktop hypervisor. This could allow a user’s personal VM data to synchronize with a replica VM in the cloud. That would allow a user to access his personal VM from any browser-based device, including a PC, iPhone, Blackberry, or smart phone. Replication could be configured to allow file recovery and desktop VM rollback (in the event of corruption or configuration error) as well. IT could follow a similar model by allowing the user’s corporate VM to synchronize with a duplicate copy hosted on a server in the organization’s “internal cloud.” Unlike traditional VDI models, with the client hypervisor, the virtual desktop would execute locally on the endpoint system, hence reducing the number of servers required to maintain the virtual desktop environment.

If you haven’t already noticed, I’m very high on client hypervisors. Still, we do need to keep the hype in check. For starters, I see the client hypervisor as something that all desktop and laptop vendors will eventually ship on a flash chip on most desktop and laptop systems. I’m optimistic that laptop and desktop vendors will offer the ability to change hypervisors with a simple flash update. VMware first mentioned their work on a desktop hypervisor at VMworld North America last September, and I think it’s a safe bet that they will be bringing a desktop hypervisor (as a downloadable package and as a vendor OEM) to market as well. To not make such a move would all but concede the desktop space to their main rivals.

To me, the embedded client hypervisor is an inevitable part of our future, with several options available by early 2010. When Citrix acquired XenSource in 2007, Citrix CEO Mark Templeton confidently stated “The virtual desktop market is ours to lose.” The Intel partnership, without a doubt, gets Citrix closer to Mark Templeton’s assertion. Still, the game’s far from over. Burton Group clients with substantial VDI deployments have been evenly divided between Citrix and VMware. However, the majority of our clients with VDI plans remain undecided, and they are looking for vendors to give them concrete reasons to commit to a particular solution. As with their server virtualization investments, our clients view client virtualization as a long term strategic commitment and want to choose the platform they can confidently move forward with over the next several years. Many of our clients have interest in leveraging employee-owned PCs, and today’s Citrix announcement plays right into those plans.

Now I’d like to hear what vendors with competing solutions have to say. So VMware, Neocleus, and Virtual Computer, what do you think? For our clients and interested readers, I would also love to hear your thoughts. Is the client hypervisor part of your 2-5 year strategic plan for desktops?

http://www.chriswolf.com/?p=212