Feeds

Three flavours of client-side virtualisation

Set your operating systems free

SANS - Survey on application security programs

Talk about virtualisation often centres on virtually hosted desktops, in which the entire desktop is run on a back-end server. But this is by no means the only way to operate.

Amid all the other options, such as application virtualisation and offloading computational tasks onto rich clients, there is one model that is altogether different: client-side virtualisation.

Many users want the features offered by different operating systems. Perhaps your users’ favourite office apps are Mac-based but one integrated development environment is available only on Windows.

Forensics experts might be happy with Windows but may need some vital tools that are available only with BackTrack, the ethical hacker’s Ubuntu distro. Developers may need to have access to IE6 in addition to IE9.

Hacked off

These people need portability and performance. Your ethical hacker will find sitting in a car outside a client’s office cracking a WiFi network very difficult if all his tools are hosted on his company’s server.

Sometimes you need the combination of flexibility and the performance benefits of running things locally

Sometimes you need the combination of operating-system flexibility and the performance benefits of running things locally.

Client-side virtualisation does this, and it comes in three main flavours: type one and type two hypervisors and application-layer virtualisation.

A type one hypervisor sits directly atop the hardware, with no operating system underneath it. The hypervisor serves as the interface between the virtualised operating systems on top of it and the hardware.

Conversely, a type 2 hypervisor requires an operating system to sit below it and controls the virtualised operating systems sitting on top of it.

King of the jungle

Type 1 hypervisors are relatively rare beasts. Citrix offers XenClient, a bare metal hypervisor, but most client-side hypervisors are type 2.

Microsoft’s type 2 client-side virtualisation solution is Virtual PC, which enables users to run multiple versions of Windows on a host PC. It also features Windows XP Mode, which helps XP-based applications run more easily on Windows 7.

Virtual PC officially only supports versions of Windows 7, although users have been known to install other operating systems with it. Its real benefit comes with MED-V, the enterprise desktop virtualisation product that just went into version 2. This enables administrators to better control the use of virtualised desktops on a Virtual PC platform, including managing policies for virtual machines.

Ian Moulster, product manager at Microsoft, says that client-side virtualisation can be a useful way to delineate access to desktops for security or compliance purposes, or if employees want access to their personal PCs and corporate desktops on the same machine.

Mean machine

"It works well if the machine is supplied by the employer. But it needs to be quite a powerful machine for it to work," he says.

There are alternative client-side virtualisation products. Sun Microsystems (now Oracle) offers its client-side virtualisation system VirtualBox for free under a GPL licence. This provides the ability to install any operating system atop the hypervisor platform and runs on Windows, Linux, Mac and Solaris.

VMWare offers VMWare Player, a hypervisor designed to play virtual machines on a Windows desktop, while its VMWare Fusion supports Mac users.

Competitor Parallels makes extensive use of common files in virtualised containers. A developer running multiple copies of Windows in Parallels, for example, will find many files common to the base operating system shared between the different containers.

How is all this stuff licensed?

Moulster explains that organisations with software assurance can have up to four copies of Windows running in virtual machines on a single qualifying PC. Otherwise, they need to buy Virtual Desktop Access (VDA) at $100 a year.

"People expect that if they buy a machine with Windows 7, or have volume licensing, it gives them the ability to run Windows 7 on a virtual machine but it doesn’t," he warns. "You need VDA."

Shim shimmy

Now for the third option. Application or software virtualisation keeps the operating system on the desktop and abstracts the applications.

Symantec's Endpoint Virtualisation Suite, which includes software virtualisation technology acquired from Altiris, uses virtual software packages to insert a software shim between the application and the system registry, leaving the operating system unchanged. It enables users to install different versions of the same browser, for example.

Microsoft’s answer to this is App-V, which came from the acquisition of Softricity. This streams applications to the desktop and leaves them installed in a virtualised package so they can be easily removed or replaced.

Overall, client-side virtualisation can be an interesting prospect for corporate users who require flexibiity and power in one package.

After all, what is the point of walking around with that funky, shiny, high-performance laptop if all you are ever going to be running on it is an RDP session? ®

SANS - Survey on application security programs

More from The Register

next story
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Leaked pics show EMBIGGENED iPhone 6 screen
Fat-fingered fanbois rejoice over Chinternet snaps
Oh no, Joe: WinPhone users already griping over 8.1 mega-update
Hang on. Which bit of Developer Preview don't you understand?
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Rounded corners? Pah! Amazon's '3D phone has eye-tracking tech'
Now THAT'S what we call a proper new feature
Feast your PUNY eyes on highest resolution phone display EVER
Too much pixel dust for your strained eyeballs to handle
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
US mobile firms cave on kill switch, agree to install anti-theft code
Slow and kludgy rollout will protect corporate profits
Sony battery recall as VAIO goes out with a bang, not a whimper
The perils of having Panasonic as a partner
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.