Client-side virtualisation improves desktop management

The infrastructure for vastly improved desktop management is being rolled out right now. It’s client-side virtualisation and it looks just like a nice new PC, says Citrix Systems’ Peter Brockhoff as he explains the technical details.

The PC refresh cycle has largely recovered to its usual pace, having slowed recently as companies scrambled to react to difficult economic conditions and delayed new PC purchases for the release of Microsoft Windows 7.

The influx of new PCs highlights the continual headache of managing a large estate of PCs, which constitutes a far larger proportion of the PC budget than the initial purchase of hardware and software.

Desktop virtualisation is increasingly seen as the most effective way to centrally manage PCs across an enterprise, which is an umbrella term for a number of technologies that affect the end-user computing environment. The main technologies to date have been hosted virtual desktops, streaming desktops, application virtualisation (through hosting or streaming), local virtualisation of desktops (guest OS on installed desktops) and user-profile management.

Many of the new generation of PCs (both desktops and laptops) currently being deployed are laying the foundations for client-side virtualisation, generally regarded as the final - and most sophisticated - piece of the desktop virtualisation jigsaw. The crucial difference being that these PCs incorporate a chipset containing a built-in hypervisor.

A type 1 or bare metal hypervisor is a thin layer of software that runs right on top of the hardware and is responsible for splitting the physical hardware resources and providing isolation between the virtual machines. The effect of this virtualisation is to break the link between the PC’s hardware and its operating system (and applications), enabling each layer to easily attach and detach, a little like velcro, rather than being ‘hard-wired’ in a permanent state.

The more PCs with these ‘type 1’ hypervisors that are deployed, such as those built on the Intel vPro chipset, the faster the infrastructure for much improved PC management is built and the quicker organisations will embrace desktop virtualisation to manage their desktop estate.

That is a crucial change for four main reasons:

The mobilised workforce

To date, desktop virtualisation has revolved around a slew of technologies supporting different types of virtualisation, with a particular emphasis on hosting and streaming. This has meant that most organisations have only been able to manage the proportion of desktops that are always network connected through virtualisation (which brings significant control and efficiencies in terms of centralised management); and as a result, many organisations have side-stepped desktop virtualisation for fear of ending up with too many desktop management strategies.

Client-side virtualisation is the final part of the desktop virtualisation jigsaw as it enables true client virtualisation, even when the machine is not network connected. This is critical for use with laptops, usually used by highly mobile workers - often the most senior within an organisation - enabling them to use their virtualised work laptop in just the same way as a regular laptop; having access to all required applications offline and simply synching when reconnected to the network.

Through a mix of virtualisation technologies, a company can now realistically manage its entire PC estate through a single highly centralised and very cost-efficient approach. To make the case even more compelling, much of the initial investment can be offset by extending the life of the organisation’s oldest PCs, potentially converting them into ‘thin clients’ that simply support hosted desktops and/or applications.

The impact of consumerisation

The separation of the hardware, operating system and applications also enables a single PC to operate as several different machines. The velcro quality provided by virtualisation allows the machine to support multiple operating systems and configurations.

The huge growth of consumer technology, combined with a new generation of tech-savvy workers and an increasingly blurred distinction between work and personal life, is leading many organisations to reconsider the way it supplies the workforce with personal computers. Companies increasingly acknowledge that, like a company car, employees will use a work laptop for personal activity. In recognition of this, many companies are looking to benefit from bare metal virtualisation on the PC by creating two separate environments on one machine.

A single PC can carry a work environment, with access to required applications, networks and data, as well as a personalised environment for non-work computing. The two ‘virtual machines’ can run simultaneously, and yet are completely separate. As far as the technology is concerned, one machine can be totally unaware of the other virtual machine to the extent that even the cut and paste facility will not work from one virtual machine to the other. Similarly, therefore, a computer virus contracted through the personal environment cannot infect the work environment virtual machine.

Simplified deployment

Perhaps the most fundamental benefit of PC hypervisors is that - in separating the hardware, operating system and application layers of the PC - it enables single image management across the enterprise, significantly simplifying deployment and enabling related benefits such as ease of recovery.

PC hardware changes constantly, and every change in hardware creates a ripple effect through the related operating and application layers (for example, an upgraded graphics card demands a new software driver to interact with the operating system). Not a problem for a single PC used in the home, but for a large enterprise it becomes a problem of exponential proportions.

To even out its budget, a large organisation typically has a three-year refresh cycle, renewing the oldest third of its PCs every year. Usually, the PC purchases will be spread equally across each quarter. Even if an organisation bought the same model from the same vendor for three years, there would still be hundreds of different configurations across its estate of PCs. In the real world, the issue is further complicated as PCs also enter the estate through mergers or acquisitions, different vendors or specific departmental requirements. It soon becomes apparent why managing PCs makes up 70-80% of the PC budget. Even a simple software update creates hundreds of permutations as it is rolled out across a number of differently configured PCs.

As virtualisation separates the interdependencies between PC hardware, operating systems and applications updates can be easily applied without any need to consider different hardware set-ups between each PC, while user environments can be recovered quickly and delivered on demand to hypervisor capable machines.

Security and services

The final major driving force behind the adoption of client-side virtualisation is linked to support for the increasingly mobile workforce. From full-time employees venturing out of the office with a company laptop filled with sensitive data, through to contract and temporary workers, the mobile workforce creates new and considerable security challenges.

Again, the separation of a PC’s hardware, operating system and applications provides a fundamental new approach. With a bare metal hypervisor, the first and only thing to boot up is the hypervisor itself, which provides a powerful line of defence before the operating system or any applications are available. Should a laptop be reported stolen, for example, the next time it is booted up and connected (to, say, a public Wi-Fi network) the organisation’s synchronisation server can recognise it as stolen and disable the virtual machine.

Similarly, a PC with a type 1 hypervisor can benefit from a ‘service virtual machine’ approach. Service VMs add shared or unique functionality to local VM desktops providing, for example, advanced security in the form of VPN connectivity, network acceleration and scanning at a hypervisor level to search for viruses within all its virtual machines.

Without a doubt, hypervisors are coming to PCs. End-user organisations want the improved isolation and manageability they can bring to PCs. Employees are demanding the improved IT support hypervisors can deliver.

PC hypervisors will deliver significant benefits for the manageability and security of enterprise PC deployments, supporting mobile working and other modern ways of working (such as notebooks owned by employees, contractors or partners).

Perhaps most significantly, PCs are already shipping ‘hypervisor ready’ and will therefore soon reach a tipping point at which an organisation can no longer ignore the benefits they offer. Combined with other forms of desktop virtualisation, the management of all client devices across organisations will revolve around virtualisation.

* Peter Brockhoff is the Area Vice President, Australia and New Zealand of Citrix Systems, responsible for the strategic development and direction of Citrix Systems across Australia and New Zealand (ANZ). He provides marketing and sales leadership throughout the region, including a focus on partner relationships and channel programs. Brockhoff has been with Citrix for more than seven years and has held a number of leadership roles within Citrix across channel marketing and sales.