Which Client Hypervisor Is Better: 1 or 2?
Recently, one of my customers was trying to decide whether or not to use type-1 or type-2 client hypervisor.
For those of that are not familiar with the technology, type-1 is a bare-metal install. You intall a thin software layer (the hypervisor) that then allows you to create virtual machines. It's very similar to VMware ESXi, Citrix XenServer and Microsoft Hyper-V, except instead of installing on server class hardware, you install it on laptops or desktops. Type-2, on the other hand, is installed on top of an operating system. An example is VMware Workstation, Fusion, Microsoft Virtual PC and Parallels.
Before I examine the pros and cons of each, I have to disclose that I am a bit biased towards type-1 client hypervisors. That being said, here's why:
Thin layer of software that abstracts the hardware. This is huge: In any environment you typically have several images that you use to deploy to different hardware profiles. These images are needed because of driver incompatibilities, chipsets, etc. With a type-1 hypervisor abstracting the hardware, you can deploy 1 VM to all hardware profiles.
Restoring user machine is fast. Speed is my second favorite feature. If a user corrupts his OS or for whatever reason it is deemed necessary to rebuild the user’s machine or replace it, it traditionally would take days. With a type-1, it takes minutes: Copy over the VM, run your scripts to configure the apps and printers, and the user is back online.
The ability to offer multiple VMs, with differing permissions. I can provide one that's locked down with no admin rights whatsoever, and another one with full admin rights that they can use for their personal use.
The ability to initiate a kill pill. This one is also huge: I have heard endless times how users lose their laptops with confidential information, etc. Well, if you could remotely initiate a kill pill and wipe it out, that data remains safe.
Performance is excellent with this type of client hypervisor. You should expect performance similar to what you see in its server counterpart.
Of course, with every gem there are cons. With type-1, the biggest con is limited hardware support. In some cases it might not be ideal for graphics-intensive applications (although we have seen significant strides and progress here). What I like about this approach is the hypervisor almost becomes ike a BIOS. Sure, you still patch and update your BIOS from time to time and you will most likely need to patch and update your type-1 client hypervisor from time to time as well. But you have just created another layer of security which makes breaking into the VM a bit harder.
For 98 percent of enterprise users, type-1 client hypervisors are perfect and by the time you are done deploying this to everyone, the issues and challeneges facing the remaining 2 percent will be resolved as well. This approach is perfect for scenarios where companies want to adopt BYOPC or just to provide better overall end point management. My favorite companies for providing this solution are Citrix XenClient, Virtual Computer and mokaFive.
Next time, I'll discuss the pros and cons of type-2 client hypervisors. But for now, I am eager to hear your thoughts on my analysis of type 1.
[Editor's Note: Corrected name of mokaFive.]
Posted by Elias Khnaser on 04/12/2011 at 12:49 PM