Amrit Williams, BigFix CTO, discusses current limitations and new possibilities of virtualization with Chad Jones and Bill Corrigan of Neocleus.

Subscribe in iTunes:

Subscribe with XML:

FULL TRANSCRIPT

Amrit Williams: Welcome! This is Amrit Williams, your host on Beyond the Perimeter. Today I am joined by Bill Corrigan, CMO of Neocleus, and Chad Jones, Vice President of Product Marketing. Guys, thanks for joining me today.

Bill Corrigan: No problem. I am glad to be here.

Chad Jones: Thank you Amrit.

Amrit Williams: So just a little background on you guys. Bill and Chad and some other members of the team were with a company called Softricity, and Softricity provided virtualization technology that was acquired by Microsoft in about the 2006 time frame. A good chunk of the team went over to Microsoft and a lot of you guys left recently to join a company called Neocleus.

And Neocleus, which we will talk about in a little while, basically provides a bare-metal, Type 1 hypervisor technology and a management framework on top of that and some pretty exciting stuff.

Before we dig into that guys, I know virtualization in general, especially client side or client virtualization, is a very needy topic. There are so many different aspects of that. So let’s start by providing the audience just a quick high level cliff notes, a primer on what is desktop virtualization and what are the various permutations. If you guys could just take the audience through, this is what people mostly think about what desktop virtualization, the VDI Models, talk a little bit about the Type 2 style, and then drill into, what does Type 1 mean?

Bill Corrigan: Sure. I will start it and then I will turn it over to Chad. Yeah, so there is multiple levels of virtualization on the client. At Softricity, we approached it purely from an application virtualization perspective, which was putting a layer in between the applications and the Operating System, so that applications did not conflict with each other.

We were able to solve a lot of problems with that, but we also saw there were other additional problems that haven’t been solved. Some of them pertain to abstracting the Operating System away from the actual hardware, and that’s sort of what we are doing now.

There are two flavors of that. One is called Type 2, which is basically when you have an installed Operating System sitting on the bare-metal and then you install a program that is a Type 2 hypervisor, like a Parallels or Microsoft Virtual PC, and then you run an Operating System as a guest inside of that.

Then there is Type 1, which is what we have been focusing on at Neocleus, and that is bare metal. That is, underneath the Operating System, you put on a thin layer of technology called a hypervisor, and then you are able to run multiple Operating Systems on top of that.

Some of the OSs may be a very small little OS that doesn’t even have a face to the user, so it could just be a small little Linux Operating System or it could be two full blown copies of Windows. You have a lot of different choices there.

A lot of people have talked about client virtualization and they equate it with what’s called VDI or Virtual Desktop Infrastructure. VDI is basically the next generation of terminal services which is remoting of computing. So the computing is happening in the data center. You are basically taking a picture of that computing environment and presenting it at a presentation level or layer to the end-user on a computer, whether it’s a thin client device or a thick client device.

So we are very much — we see a need for VDI for certain aspects of computing, but that’s not really where we have been focusing on, we have been focusing on solving a lot of the client management, client stability problems, and user stability problems that we see on the client, on the thick client, so being able to use that Type 1 type of virtualization.

I will turn it over to Chad to take it a little bit further.

Chad Jones: Sure. Amrit, if you look back at the history of virtualization, virtualization is really the abstraction of computing resources from each other so that you can easily move them around, group them together in logical units, and gain functionality with a much higher level of management.

You look at server virtualization that happened on the data center side, and really the hypervisor being introduced was a revolution in how the data center was being able to manage. Instead of individual servers on a one to one basis, you end up having consolidation of multiple servers into one physical box, that’s great.

But a lot of the benefits in TCO really showed up when you started to be able to apply management capabilities to those servers, being able to easily move around virtualized server entities across different physical servers and count them, inventory them, do backup and disaster recovery and all those types of things.

When we look at the client side, the need for that same type of capability is even more prevalent problem, and being able to deploy Operating Systems as a simple file, like you did in the server side, all those things can extend to the client side as long as you have the management capabilities to be able to do that.

And at Neocleus, really we are looking to help bring that along. But virtualization is the key here that allows all levels of management to become to that next evolved level.

(00:05:02)

Amrit Williams: Let me do this. Let me abstract the conversation itself to a higher level, because I think a lot of people may be listening to this that are not familiar with virtualization and they may be thinking, yeah, yeah, I get it, virtualization provides me a lot of benefits on the server side, that it’s about consolidation.

But consolidation is not really a killer app for virtualization on the desktop side, I think the killer app that people are looking for is standardization, and through standardization they get more effective, more efficient cost reduction, and on and on and on through systems management and some of the things you talked about, the better ability to effectively control these abstracted resources.

Why do we care? And I would like to pose something out there, which is from a different perspective, my background is in security and operations. I have spent a lot of time, almost two decades now, looking at the evolution of security threats and security impact on large enterprises, as well as how they deal with those on a systems management side, and I think one thing is pretty clear, the current computing paradigm is broken.

The reason I say that is because we continue to put more emphasis on more tools and more technologies and more methods to improve security and to maintain the health of computing systems, but everything is beholden and a slave to the Operating System itself. We rely on the integrity of the Operating System for these tools to function. If I compromise the OS, if I install a rootkit, then no manner of endpoint security technology is going to bypass or prevent me from basically owning the box. And there is a direct correlation between the Operating System and the device hardware itself.

So what really attracted me to the Type 1 client virtualization technologies is the ability to abstract management and security technologies outside of the Operating System. It means that it doesn’t matter what happens to the Operating System itself, if it has been compromised, if it has had an operational failure, you still have, as an IT organization, out-of-band management, you can still look at ingress and egress traffic, you still have control of the device, no matter what state the underlying Operating System resides in.

So I want to talk about two things real quick. One is, I imagine what a lot of people who aren’t that familiar with virtualization would say, so I don’t get it, what’s the difference between a server virtualization and client virtualization? Can’t you just take a server hypervisor, like Hyper-V or VMware or Citrix and just put that on a PC and make it work? And we know you can’t do that.

Why don’t you guys talk a little bit about the difference between and the requirements for PC hypervisors and server hypervisors in the context of, really, you are not doing consolidation of computing resources, like you are not going to run 12 OSs on a PC. That’s not the point. So there are different demands on what that hypervisor provides, and I want to get you guys to provide the audience a little bit of feedback on what’s the difference, what’s the real key to PC hypervisors?

Bill Corrigan: Yeah, absolutely Amrit, you made some really good points there. From a management standpoint, it is a little crazy to think that the management of Windows is actually done from inside of Windows in and of itself. I mean, that’s kind of like the surgeon trying to operate on himself and fix himself. I mean, it just doesn’t really work out that way.

But really hypervisors provide that extra layer, where you can provide a management system outside of the OS and gain those types of benefits, certainly in security as well.

But you are absolutely correct, the differences between a server hypervisor and the requirements of the client are very different things. On a server side, you have a very limited amount of devices that you have to deal with. Video performance really is of paramount importance when you are thinking of an exchange server or any other type of server that’s out there.

Servers don’t have lids with monitors in them. They don’t sleep. They don’t have five million devices, the random Logitech Camera that you have to plug-in. Those are all things that a server hypervisor just does not have to deal with. They have device models inside of server hypervisors that are focused around emulated drivers, which is creating hardware and software, so that you have a generic driver set and you can move those servers around, no problem.

But then there is also a requirement to have a little bit higher level performance in some of those drivers, and that’s where a parent virtualized device driver model comes up on the serve hypervisor side as well, and that’s where you need a Linux driver coupled with a Windows driver, they work together to be able to give you a higher level performance with those devices.

Now, on the client side that’s problematic, because on the client side you already have tens of thousands of PCs in some of these enterprises that are already deployed, number one. Number two, have over five million possible devices that can connect to them with their associated device drivers, and those are things that need to be taken into consideration when you roll up a hypervisor.

So the emulated device driver model on the client side is difficult, because an emulated device driver pretty much dumps everything down to the lowest common denominator.

(00:09:59)

So to give you an example for that, every mouse has at least one button, but not every mouse has five buttons. So if I use an emulated device driver model, well, I am only going to get to use just that one or two buttons on the mouse, not all five of those buttons.

So really a lot of the value in an OEM device is expressed through the device driver. If you don’t have that device driver working, well, then you are not going to get the full value of that device.

Now, the next part of that is that the parent virtualized model on the client side is also problematic, because you need a Linux back-end driver coupled with a Windows front-end to make those things work. And yeah, you get better performance and more specific capability, but you still have to maintain that Linux driver and that Windows driver that’s different than what comes from the manufacturer themselves. There’s not a lot of Linux drivers for all of the devices that are possible on the client out there.

So those things are problematic when it comes to dealing with the device drivers, but there is a third option out there that actually Neocleus is really focused on, and that’s called PassThrough Virtualization. So that allows the native device drivers and the Windows device drivers that come with the devices right out of the box to actually work inside of Windows, pass to the hypervisor, and still control those devices as they natively would if the hypervisor wasn’t there.

So now you are really being able to still maintain all of the devices that you want to be able to use, all five million of them, and be able to use the native drivers and get the performance without having to do anything special. That’s a very big importance to note when you are looking at the client side, that you just don’t have as an issue on the server side.

You then look at all the rest of it with power management, how you deal with lids and sleep and all of those types of things, and those are all very specific to the client and very different from the server.

Amrit Williams: There is one really big one, this concept of PassThrough, and how important this is. And let me break this down to the guys in the audience, because I know many of you listening to this podcast like to play video games, you like to watch movies.

Well, guess what? If you are using Windows 7, for example, you want to do 3D modeling, you want to play Counter-Strike, and you want to watch a high quality DVD, you are not going to be able to do that with a generic video card driver, you are not going to be able to do that if you are trying to emulate or paravirtualize some type of generic video card performance against a high end video card. So if you want to do that you need PassThrough, and that to me is one of the major keys here.

And if you look at server virtualization, you really don’t need video card performance and a lot of the other things Chad talked about, because most of that stuff is executing on the clients, it’s not executing on the server. Most people are not playing Counter-Strike on their servers, well, not all people, I know some of you do, but most people don’t.

By the way, am I the only one who still plays Counter-Strike, is it just me, because I love that game, but maybe it’s just me.

Bill Corrigan: I have Unreal Tournament, Game of the Year still.

Amrit Williams: So PassThrough. Can you dig into PassThrough and what that means and why it’s so darn difficult, because I mean, you are talking about something here, which is you are abstracting hardware from the OS through a hypervisor, but then you are trying to allow and gain the same performance you would get so that the end-user doesn’t know. At the end of the day, the end-users should know whether they are sitting on a hypervisor or not, and if they have a high end video card, they need to be able to use it. So talk a little bit more about PassThrough and what that means.

Chad Jones: Sure. So PassThrough really, as you said, is critical for all of the performance reasons you are talking about, and for especially the cases that you can’t even imagine. So those USB picture frames that do the rotating pictures that you get randomly for Christmas, I mean, you want to be able to plug those in and have those work. Well, PassThrough is a big part of that, because you want to be able to have that random driver be able to work, without having to worry about anything special.

So in PassThrough, the native Windows driver is still being used and still shows up inside of the Device Manager. When the calls are made down to the hypervisor, they are allowed to pass through the actual hypervisor itself, and those calls are making the control points at the devices directly.

So they are still hitting the same memory mapping points. They are still able to — you have every type of button and all those types of things and the devices actually work without any special drivers.

The detection inside of plug-and-play inside of Windows as well, fully works with PassThrough, and you can see when you plug in that new USB device and its actual identifiers, so that you can go out to Windows update and get the right driver. That system remains intact.

So that means that when I take an OEM laptop right out of Staples, let’s say, and I want to be able to apply the management of a hypervisor underneath, well, you don’t have to call the IT group and say, oh, I have got this new Dell system I got from Staples and then list off all of the different devices and have to switch those things out. No. IT doesn’t have to worry about that. You simply install the hypervisor, the same Windows device drivers continue to work, and those devices work as they would before.

(00:15:05)

And it’s a completely transparent operation to the user, which as you said Amrit, it really should be. It’s about managing in a way that helps IT without being intrusive to the user and PassThrough is specifically key to that.

There is one other side to this as well, and there is a whole emerging movement in part of business that’s looking at this, bring your own PC model, where you can pay a user to bring in their own PC and then have a secondary work environment, is some of the things these enterprises are talking about.

Well, if you are allowing someone to bring in their own PC, you can’t go through and mess with all the device drivers and all that sort of stuff, and why to replace the system and all of that, because that’s that user’s personal environment that you are adding on to. With PassThrough, you are able to allow that environment to remain intact and then add on additional business things in management without being intrusive.

Amrit Williams: You mentioned something very interesting and I am going to get to that in one second. I want to refresh everybody here with the different types of client side virtualization. You have VDI, which I think most people are familiar with; this is what VMware and Citrix have been pushing primarily. This is really the next evolution of terminal services. It’s basically remoting an OS to a device, and it could be a thin client, fat client, almost doesn’t matter.

Very inappropriate for large scale, highly distributed environments, very inappropriate for your knowledge worker who requires PC, computing power. Pretty much inappropriate for anybody who still wants to play Counter-Strike.

The second method is what we referred to as a Type 2 hypervisor, and essentially this is very similar to what XP mode is inside of Windows or VMware Fusion or Parallel, something like that, or Virtual PC from Microsoft. This is basically, you still require the OS to have the integrity to be operational, and you put a virtual container inside of it. This is very similar to workspace virtualization or even what application virtualization is. You still require the OS to be operational and you are providing a virtual container to it.

Then there is what we have been talking about, which is the Type 1, bare-metal client side PC hypervisors, which is a hypervisor layer that sits on top of the hardware. It does not require an Operating System to be there, but can communicate and facilitate communications between an Operating System or multiple Operating Systems in the hardware. I wanted to talk about that.

The reason I wanted to bring that up is just to make sure we are all on the same page, but I wanted to bring it back to something you said, which is very interesting. When I was at Gartner, we had lot of conversations about bringing your own PC to work and consumerization of IT. I have to tell you, the security guys and the IT apps guys were radically opposed to it, but the reality is, it’s happening.

One of the things is, is if you look at like European countries, for example, or even here in the United States, there is a lot of concern about privacy. And if I own my own PC and the company says, well, the only way you can access computing resources is, I have to put something inside of your Operating System. Well, I would be quite nervous about that, because it means that you guys can see what I do at 3 in the morning when I am playing with my laptop, or you can see my banking activity, or there is a potential for you to do all types of things no matter how much you tell me it’s isolated and segmented.

I think a lot of people would be less concerned about a PC hypervisor that shims underneath the Operating System and brings up another Operating System or another environment that people can access.

There is an easier story there about segmentation and isolation. So I think you are right on there, that there really is an opportunity to facilitate this concept of a stipend or bring your own PC or consumerization play here that most enterprises have a hard time dealing.

Guys, I really appreciate the information. On our next podcast, we will continue the conversation.

Announcer: You have just listened to Beyond the Perimeter, sponsored by BigFix Inc. Views expressed on this Podcast are the personal opinions of Podcast participants and do not reflect official positions of their employers or BigFix.

Thanks for listening.