I just happened across a video which showed how the product ‘ILIO’ from Atlantis Computing (yet another startup in the Desktop Virtualization space) is being used for User State Personalization (see below).

Now my impression was that Atlantis’ angle was to reduce storage costs in the VDI environment so that you could work with only a single base image but now their messaging seems to be squarely positioned in the user personalization space.  However, I wonder how they would do outside of the VDI environment, the other technologies like AppSense may have a distinct advantage here….

One of the biggest pain points for IT organizations today is the ongoing management of Desktops. A significant issue with Windows is that over the life-cycle of the Desktop, the cost of supporting the desktop increases. This is caused because of a variety of reasons such as: Registry bloat, improperly uninstalled applications, driver conflicts, conflicting applications etc. As the state of the desktop evolves over a period of time, so does its supportability cost.

IT managers would love to be able to create a fresh fully supportable desktop for their customers each time someone logs in.  This is especially relevant for the Education and Call Center verticals. An expensive but lame way to do this would be to have a golden image that the user is booted to each time they log in. Issues with this approach:

• Different users need different Apps  so many images may need to be created, leading to an image management nightmare
• It is simply not possible to have every permutation of Application and user in the image so IT may need to create images with a super-set of applications that would really be needed for the end user leading to image bloat and excessive license costs

Interestingly, technologies are now in place to allow the Dynamic Desktop to be built up without the penalties I was referring to above. I am going to be going into some of these technologies in future posts.

I had a chance to spend some time with RingCube co-founder, Kiran Kamity who took me through a nice demo and Q&A session on the product. I had posted earlier about the differences between Client Side Virtualization and VDI that you can read about here. This is a follow-up article where I delve deeper into  vDesk, the Client side Desktop Virtualization product of one of the more interesting vendors in this space, RingCube.

RingCube’s approach to Desktop Virtualization is unique because they have gone the route of virtualizing all required OS and network resources rather than use a client side Hypervisor. This gives the product some key differentiators the most compelling of which are high performance and light-weight deployment.

A Type 3 Hypervisor?

The company has had to go to some length to develop IP that allows them to  enable a complete Virtual Desktop without a Hypervisor. Kiran mentioned that some folks have been referring to vDesk as Type 3 Hypervisor and I think it is very appropriate given that the product can enable a fully virtualized desktop without requiring an underlying Hypervisor  (notable differences MokaFive and VMWare ACE).

Here’s a look at some of the features and underlying technology:

Security:

While vDesk does not support running an Anti Virus inside the virtualized desktop, it supports a mode that all I/O is scanned by the AV running in the host OS.   The product also supports a mode where a specified criteria with respect to security (e.g is it running AV?, when did the last scan run? ) can be checked before launching the virtual desktop.  While this level of security is enough for many verticals and use cases, it should be noted that any virtualized desktop that runs on a host to which the end user has Admin access can always be compromised.

vDesk is also capable of running inside an encrypted VHD file or a filesystem that may have been encrypted with a technology such as TrueCrypt

Networking:

vDesk implements a virtualized network adapter distinct from the physical adapters on the host.  In addition, it supports bridged/NAT and auto modes of networking.  Most Hypervisors support this mode, so desktop virtualization vendors that are based on Hypervisors get this for free. It is quite impressive that RingCube developed the IP to do this since it is non-trivial.

Driver Support:

Much of the virtualization magic in a product like this comes by virtualizing OS resources including FileSystem and Registry at a driver level.  Because, of the way drivers are implemented on Windows, it is hard to virtualize drivers. Despite this, vDesk supports some applications that install drivers. The most critical ones that need to be supported are VPN Clients.  vDesk supports most, including Cisco.

Enterprise Readiness:

Since the product is squarely targeted at the Enterprise customer, I thought it would be useful to talk about features that would be must-haves for a product like this in the Enterprise environment:

Active Directory Integration:

vDesk is fully integrated with Active Directory. This means it has a machine account in AD and vDesks can be managed using AD Group Policy (GPO) like a Windows desktop.

vDesk users can be authenticated against an AD domain much like a typical windows desktop.  It should be noted that vDesk does not talk to AD natively, user credentials are  passed to the vDesk server which acts as a proxy and  authenticates against AD.

Another impressive feature that I did not expect for a product like this is support for a virtualized Secuity Account Manager (SAM). vDesk supports creating local as well as Domain users and groups.

Management:

vDesk comes with a management interface that allows IT Administrators to control all aspects such as Desktop provisioning, Versioning and updating the base desktop.

Updating the desktop is a pretty simple operation.  For example, if the base desktop needs to be updated with a new version of an application. The Admin would simply need to install the application in the base template and create a new version.  When the end users launch the desktop, only the deltas from the previous desktop are applied making the update process very efficient and painless.

Provisioning can be accomplished by the desktop creator interface that allows the Admin to create desktops with varying applications installed in them

Policy control: This is a must have for a product like this. Admins can set various policies that can control what the user can/cannot do with the virtual desktop. It is possible to lock-down the desktop completely if required.

Examples of some of the policies that can be set are:

• Whether or not printing is allowed?
• Should the user be able to switch to the host desktop when vDesk is running
• How long can the desktop be authenticated against when AD is not available (offline usage)
• Can the end-user use the desktop offline?
• Should the desktop expire after a pre-determined time?
• Should USB access be disabled/enabled
• Should printing be allowed etc.

This gives IT the ability to control the desktop at a very granular especially useful when the workforce has task workers and contractors.

Closing thoughts:

Client side virtualization can be a simpler and cheaper alternative to VDI especially if it is possible to give up some level of control.  Amongst the few client side desktop virtualization technologies that exist differentiators for vDisk are:

Performance: Since vDesk runs natively without requiring a Hypervisor, the performance is very close to running on the host system.  Consider a situation where an employer wants to provide a virtualized desktop to it’s Call center workers who may need to run VOIP applications for telephony.  Unless the hardware is high-end (unlikely because of cost concerns in such an environment), the VOIP applications are likely to have choppy audio when run inside a virtualized desktop running in a Hypervisor.  This may go away with vDesk

Light weight deployment:

Since vDesk does not require a full Hypervisor, the entire size of the desktop is should not be much different from the size of the applications installed in it. This can be difference of several GB. Deploying smaller images makes it much easier to deploy.

“There’s a lot of buzz in the industry about Desktop Virtualization but what does that really mean to most. Thanks to the great marketing machines that the big Virtualization players have (most noticeably VMWare for this one). Most people associate Desktop Virtualization with with VDI.

VDI or Virtual Desktop Infrastructure refers to running your desktop as a VM in a Data Center on a hypervisor (such as Xen or ESX) and accessing it remotely using a remote display technology such as RDP. Given that server virtualization has been such a big success for VMWare, it is no surprise that they are pushing the server based computing paradigm to service the desktop world.

However, they are missing some key elements that users are looking for in this paradigm:

• Not using our powerful laptops: Despite all the hype of cloud computing, we cannot deny the fact that the average laptop keeps getting faster and more capable and the compute power for the same amount of money has been doubling every 2 years.  With all the raw power available to the average person, why would you not want to use that to give yourself a rich client experience rather than a limited one over RDP to a remote Desktop using VDI
• Management: The biggest challenge that enterprise IT is really trying to solve is the management of these desktop and the thought is that running them in the desktop under control of IT is the way to do it.  The issue is that VDI doesn’t really solve the management issues, it simply moves it to the VMs running in the Data Center
• Untethered access: Needless to say that VDI requires you to be tethered always having a high speed bandwidth connection available to use.

So what are the other options available for someone trying to solve the use cases that drove them to VDI in the first place.  There are a couple of interesting companies out there that merit a look., MokaFive and RingCube.

Both of these have taken a different stance and have created a client side Virtualized desktop that runs locally rather than in a Data Center.  In addition they claim to be able to handle management, deployment, security, application updates etc. Now I haven’t played with these technologies but if they do whatever they claim, it is going to be very interesting.

MokaFive recently closed a round of $21M, so that should be taken as some validation that the technology is working. I will give further updates as I find out more about the technologies.

Many organizations are caught up in the VDI hype and cannot wait to implement it. However,  despite the buzz and the rapid rate of innovation in solutions surrounding VDI, there’s still a lot of complexity and expense required to make a VDI solution successful. 

On the other hand, boring old Terminal Services is more often than not a more than adequate solution for most.  It is well understood, simpler and cheaper because of lower licensing costs and the much higher density that can be supported (compared to VDI).

So are there any situations when you should absolutely use VDI? I think there are only 2 circumstances:

• User needs Administrator access:  For a user who needs full control of their desktop so the desktop cannot be locked down.  I think this is mainly for knowledge workers in the technology industry. For most task workers, a locked down desktop is adequate
• Legacy Application support: Many legacy applications just don’t run on Terminal Servers since they were not designed for a multi user environment. If some of these applications are business critical, VDI may be necessary. Even in this scenario, it may be possible to run legacy apps on a TS by using an Application Virtualization technology such as App V or Symantec Workspace Virtualization (SWV)

Bottom line, think hard and really make sure that you need it before jumping on the VDI bandwagon despite the VMWare and Microsoft Kool-Aid.

Application Virtualization as a technology has been around for some time. All the biggies have acquired companies in this space Microsoft, Citrix, Symantec and VMWare all have this technology in their portfolio.

Despite this, the footprint and the knowledge of why to use virtualized applications in the enterprise is relatively small as compared to traditional applications. For those on the fence or don’t quite know the benefit, I will list them here.

• Supportability
  • Reduced Application conflicts: Virtualized applications run in their own sandbox (think of it as a bubble surrounding the app). Virtualized applications typically have their own copies of shared DLLs and other shared files. This reduces their dependency on the system and also makes it so that don’t conflict with other applications on the system.  The benefit to the enterprise is reduced support costs because of conflicts leading to malfunctioning Apps
  • Reduced regression and testing time for applications: Since the applications run Sandoxed,  IT departments don’t have to spend the same level of time certifying compatibility between different applications
  • Portability of Application packages between OSes: I should clarify right at the outset, that it not possible to port Virtualized applications between different types of OSes, such as OS X to Windows or Windows to Linux. However, most vendors support Virtualized Application packages to be ported between same flavors of the OS such as between XP, Vista and Windows 7.  This is a huge time-save for IT departments since it is not required to re-package apps for every flavor of OS in the enterprise
  • Packaging costs: Typically, it is easier to package virtualized applications than building msi applications since in general their is no requirement for run-time logic. For traditional applications, the installation typically inspects the state of the system at run-time to determine  what files/registry entries should be laid down on the machine. This is not typically an issue with virtualized apps since each one has it’s own copy of all shared files

• Running multiple application versions concurrently
  • It is sometimes required to run multiple versions of an application concurrently, examples would be the requirement to run different versions of MS Office on the same system or different versions of Java on the same machine to maintain backward compatibility with legacy application
  • Support for legacy applications on Terminal Server: This is the use case, where Softgrid (now AppV by Microsoft), really made a name for itself. Typically if an application is not well behaved with respect to writing it’s per-user setting or configurations in a per user area, we could run into a situation that multiple users cannot run that application in a Terminal Services environment. Consider a legacy application that writes it’s settings to an old style *.ini file in the Windows System directory.  Multiple users using this app could start over-writing each others settings since there’s a common shared file.  App Virtualization can solve this issue by having a per-user version of the config file thus making it Terminal Server friendly. All of a sudden, that legacy app that you couldn’t run on the Terminal Server can be run that way.

• Dynamic Desktop: Many IT organizations are moving towards a ‘Dynamic Desktop’ model. At a high level, this is a desktop that is constructed ‘On-Demand’ or ‘Just-In-time’ as the user needs it.  This type of desktop greatly simplifies management since there should only be a single gold base image to maintain. The user specific Applications and personality are delivered on demand.  I have listed below some environments where dynamic desktops are relevant and how App Virtualization helps there.
  • VDI:  These environments are very well suited to the Dynamic Desktops. To reduce resource requirements from a compute and storage point of view, it is desirable to not have a persistent desktop that is spinning waiting for a user to come in and use it. It is best to construct such a desktop as and when the user needs to use it. This is where a Virtualized application that is delivered via streaming can ge the job done. Currently, the best combination of streaming and Virtualization is from Symantec and Microsoft.
  • Shared Cache: This is again relevant for Dynamic Desktops in general and VDI in particular.  It should be possible to create a shared cache of Virtualized applications that are mounted using a SAN partition or a network share to multiple VMs or desktop. Since Virtualized applications are portable across desktops, it is possible to support such a model which would be impossible to pull of with traditional apps. The shared cache can dramatically reduce storage costs as well start-up time for a dynamic desktop

• License savings:
  • On Demand provisioning:  Since it is typical to deliver Virtualized Applications streamed, it lends very well to an on demand, self service provisioning model. The advantage for enterprises here is that not all applications have to be installed on all desktops. Users just install the apps they need.  This leads to substantial license savings for the enterprise
  • License Management capabilities in streaming products: This part is especially true for the Symantec Workspace Streaming product.  It is possible to get even more cost savings because of the ability to reclaim licenses based on policies set by the Administrator. For example, there could be a policy to remove the application if an application is not used for 2 weeks thus reclaiming the license.

“I had a chance to spend some time with RingCube co-founder, Kiran Kamity who took me through a nice demo and Q&A session on the product.  I had posted earlier about the differences between Client Side Virtualization and VDI that you can read about here.  This is a follow-up article where I delve deeper into  vDesk, the Client side Desktop Virtualization product of one of the more interesting vendors in this space, RingCube.

RingCube’s approach to Desktop Virtualization is unique because they have gone the route of virtualizing all required OS and network resources rather than use a type 2  hypervisor (notable differences MokaFive and VMWare ACE). This gives the product some key differentiators the most compelling of which are high performance and light-weight deployment.

Here’s a look at some of the features and underlying technology:

Security:

While RingCube’s recommendation is to run Anti-Virus on the host desktop rather than inside vDesk (perhaps because of supportability concerns), it is possible to run AV inside vDesk and some of their customers are doing just that.  vDesk supports a mode that all I/O is scanned by the AV running in the host OS.   The product also supports running a host-checker  where a specified criteria with respect to security (e.g is it running AV?, when did the last scan run?) can be checked before launching the virtual desktop.

vDesk is also capable of running inside an encrypted VHD file or a filesystem that may have been encrypted with a technology such as TrueCrypt

While this level of security is enough for most verticals and use cases, it should be noted that any virtualized desktop that runs on a host to which the end user has Admin access can always be compromised. This limitation should be present on other type 2 hypervisor  based products  as well and vDesk may actually be more secure.  Consider  for example,  a screen capture application in the host that could normally be used to record the activity in the virtualized desktop session.  Such an application can be prevented from running at all inside vDesk which may not be possible with other products.

Networking:

vDesk implements a virtualized network adapter distinct from the physical adapters on the host.  In addition, it supports bridged/NAT and auto modes of networking.  Most type 2  hypervisors support this mode, so desktop virtualization vendors that are based on type 2 hypervisors get this for free. It is quite impressive that RingCube developed the IP to do this since it is non-trivial.

Driver Support:

Much of the virtualization magic in a product like this comes by virtualizing OS resources including FileSystem and Registry at a driver level.  Because, of the way drivers are implemented on Windows, it is hard to virtualize drivers. Despite this, starting in vDesk 2.0, RingCube says they can support almost any application that installs a driver. With the exception of a few Antivirus products, there are not any known applications that vDesk can not support.

Enterprise Readiness:

Since the product is squarely targeted at the Enterprise customer, I thought it would be useful to talk about features that would be must-haves for a product like this in the Enterprise environment:

Active Directory Integration:

vDesk is fully integrated with Active Directory. This means it has a machine account in AD and vDesks can be managed using AD Group Policy (GPO) like a Windows desktop.

vDesk users can be authenticated against an AD domain much like a typical windows desktop.  It should be noted that vDesk does not talk to AD natively, user credentials are  passed to the vDesk server which acts as a proxy and  authenticates against AD.

Another impressive feature that I did not expect for a product like this is support for a virtualized Secuity Account Manager (SAM). vDesk supports creating local as well as Domain users and groups.

Management:

vDesk comes with a management interface that allows IT Administrators to control all aspects such as Desktop provisioning, Versioning and updating the base desktop.

Updating the desktop is a pretty simple operation.  For example, if the base desktop needs to be updated with a new version of an application. The Admin would simply need to install the application in the base template and create a new version.  When the end users launch the desktop, only the deltas from the previous desktop are applied making the update process very efficient and painless.

Provisioning can be accomplished by the desktop creator interface that allows the Admin to create desktops with varying applications installed in them

Policy control: This is a must have for a product like this. Admins can set various policies that can control what the user can/cannot do with the virtual desktop. It is possible to lock-down the desktop completely if required.

Examples of some of the policies that can be set are:

• Whether or not printing is allowed?
• Should the user be able to switch to the host desktop when vDesk is running
• How long can the desktop be authenticated against when AD is not available (offline usage)
• Can the end-user use the desktop offline?
• Should the desktop expire after a pre-determined time?
• Should USB access be disabled/enabled
• Should printing be allowed etc.

This gives IT the ability to control the desktop at a very granular especially useful when the workforce has task workers and contractors.

Closing thoughts:

Client side virtualization can be a simpler and cheaper alternative to VDI especially if it is possible to give up some level of control.  Amongst the few client side desktop virtualization technologies that exist, differentiators for vDesk are:

Performance: Since vDesk runs natively without requiring a type 2  hypervisor, the performance is very close to running on the host system.  Consider a situation where an employer wants to provide a virtualized desktop to it’s Call center workers who may need to run VOIP applications for telephony.  Unless the hardware is high-end (unlikely because of cost concerns in such an environment), the VOIP applications are likely to have choppy audio when run inside a virtualized desktop running in a type 2  hypervisor.  This may go away with vDesk

Light weight deployment:

Since vDesk does not require a full type 2 hypervisor, the entire size of the desktop is should not be much different from the size of the applications installed in it. This can be difference of several GB. Deploying smaller images makes it much easier to deploy.

“