Intel to bring server-style virtualisation to desktop chips

Partition magic

  • alert
  • submit to reddit

IDF Intel will bring server-style operating system partitioning to its mainstream processors, company COO Paul Otellini told Intel Developer Forum attendees today.

The technique, codenamed 'Vanderpool', will allow a single Pentium processor to run multiple OSes - or more likely multiple instances of the same OS - simultaneously. Think of it as multiple virtual machines running on a single physical one. You can do this now using software, but Vanderpool will bring it onto silicon.

It's hard to see how valuable this is to the mainstream space. Sure, it makes the use of multi-user PCs more robust - one of Intel's design goals, said Otellini - if user A crashes their virtual machine, it won't affect user B.

However, will multi-user be a common consumer phenomenon? Arguably not - lowering prices and the upgrade cycle are likely to the PCs proliferating in the home. Parents like to have one machine for their own use and a separate machine for the kids, for example.

That said, as the home takes on more of server role, perhaps streaming digital content to a variety of mobile terminals, TVs and so on, the ability to run multiple virtual machines may become more important. Perhaps more importantly, it will allow users to run Outlook in a separate partition, so when a next-generation Blaster tools the system, it can be swapped out with a clean version without interruption the operation of other partitions running the remaining apps.

We'd note, though, that consumers can get confused enough when they need to restart a single OS, let alone reboot one instance of an OS while another is running. Making all this simple to administer is going to require as much work as implementing Vanderpool in silicon. And we'd say that surely a more solid, multi-tasking, multi-user operating system that crashes less frequently would perhaps make for a better solution.

Whatever, this virtualisation concept comes out of HyperThreading, Intel's Simultaneous Multi-Threading (SMT) implementation, and its shift toward multi-core processors, both of which provide the chip infrastructure necessary to support virtualisation.

With Xeon going dual-core, it's hard to imagine that Pentium won't too in due course, and beyond touting improved performance - increasingly less of an issue for most mainstream users - it needs some other carrot to tangle before would-be buyers. Greater system stability is clearly perceived by consumers to be desirable, and if Microsoft won't build a more robust OS, Intel will just have to compensate for it by running multiple instances of Windows on the same chip.

More sophisticated users will make more of all this than consumers. It will allow them to run multiple system configurations simultaneously, said Otellini. However, it's going to be around five years before Vanderpool comes to market and they get a chance to do so. By then, Intel will be trotting out 45nm chips, which should allow them to bring multi-core designs to its consumer processors, which it today committed itself to delivering:

"We're driving it down to PCs and notebooks," said Otellini. "We'll go from putting HyperThreading in our products to putting dual-core capability in our mainstream client processors over time."

Vanderpool's security implications will benefit Intel's LaGrande technology, its implementation of the hardware needed to support Microsoft's trusted computing initiative.

LaGrande - also demo'd by Otellini today - protects against crackers by blocking many of the tactics used to gain access to confidential information. Attempts to track keystrokes and transfer graphics buffer memory contents are bypassed, said Otellini, and it will be a lot more difficult to find critical data from main memory dumps.

Of course, the demo showed that LaGrande merely limits what crackers can get out of their probes - it doesn't eliminate those attacks in the first place. Searching for a name in a memory dump is still possible, and if it's no longer sitting alongside a credit card number, thanks to LaGrande's obfuscation, that doesn't mean the credit card data isn't present. The cracker just has to look harder for it. And it assumes that applications are well-behaved enough to use the protection facilities in the OS that LaGrande underpins.

LaGrande will become available in two to three years' time, said Otellini. But users will have to wait for Vanderpool to make the most of it, by allowing them to ring-fence an OS instance and a potentially vulnerable app from critical data. ®


Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.