Intel to bring server-style virtualisation to desktop chips
IDF Intel will bring server-style operating system partitioning to its mainstream processors, company COO Paul Otellini told Intel Developer Forum attendees today.
The technique, codenamed 'Vanderpool', will allow a single Pentium processor to run multiple OSes - or more likely multiple instances of the same OS - simultaneously. Think of it as multiple virtual machines running on a single physical one. You can do this now using software, but Vanderpool will bring it onto silicon.
It's hard to see how valuable this is to the mainstream space. Sure, it makes the use of multi-user PCs more robust - one of Intel's design goals, said Otellini - if user A crashes their virtual machine, it won't affect user B.
However, will multi-user be a common consumer phenomenon? Arguably not - lowering prices and the upgrade cycle are likely to the PCs proliferating in the home. Parents like to have one machine for their own use and a separate machine for the kids, for example.
That said, as the home takes on more of server role, perhaps streaming digital content to a variety of mobile terminals, TVs and so on, the ability to run multiple virtual machines may become more important. Perhaps more importantly, it will allow users to run Outlook in a separate partition, so when a next-generation Blaster tools the system, it can be swapped out with a clean version without interruption the operation of other partitions running the remaining apps.
We'd note, though, that consumers can get confused enough when they need to restart a single OS, let alone reboot one instance of an OS while another is running. Making all this simple to administer is going to require as much work as implementing Vanderpool in silicon. And we'd say that surely a more solid, multi-tasking, multi-user operating system that crashes less frequently would perhaps make for a better solution.
Whatever, this virtualisation concept comes out of HyperThreading, Intel's Simultaneous Multi-Threading (SMT) implementation, and its shift toward multi-core processors, both of which provide the chip infrastructure necessary to support virtualisation.
With Xeon going dual-core, it's hard to imagine that Pentium won't too in due course, and beyond touting improved performance - increasingly less of an issue for most mainstream users - it needs some other carrot to tangle before would-be buyers. Greater system stability is clearly perceived by consumers to be desirable, and if Microsoft won't build a more robust OS, Intel will just have to compensate for it by running multiple instances of Windows on the same chip.
More sophisticated users will make more of all this than consumers. It will allow them to run multiple system configurations simultaneously, said Otellini. However, it's going to be around five years before Vanderpool comes to market and they get a chance to do so. By then, Intel will be trotting out 45nm chips, which should allow them to bring multi-core designs to its consumer processors, which it today committed itself to delivering:
"We're driving it down to PCs and notebooks," said Otellini. "We'll go from putting HyperThreading in our products to putting dual-core capability in our mainstream client processors over time."
Vanderpool's security implications will benefit Intel's LaGrande technology, its implementation of the hardware needed to support Microsoft's trusted computing initiative.
LaGrande - also demo'd by Otellini today - protects against crackers by blocking many of the tactics used to gain access to confidential information. Attempts to track keystrokes and transfer graphics buffer memory contents are bypassed, said Otellini, and it will be a lot more difficult to find critical data from main memory dumps.
Of course, the demo showed that LaGrande merely limits what crackers can get out of their probes - it doesn't eliminate those attacks in the first place. Searching for a name in a memory dump is still possible, and if it's no longer sitting alongside a credit card number, thanks to LaGrande's obfuscation, that doesn't mean the credit card data isn't present. The cracker just has to look harder for it. And it assumes that applications are well-behaved enough to use the protection facilities in the OS that LaGrande underpins.
LaGrande will become available in two to three years' time, said Otellini. But users will have to wait for Vanderpool to make the most of it, by allowing them to ring-fence an OS instance and a potentially vulnerable app from critical data. ®