Recently, one of my customers was trying to decide whether or not to use type-1 or type-2 client hypervisor.
For those of that are not familiar with the technology, type-1 is a bare-metal install. You install a thin software layer (the hypervisor) that then allows you to create virtual machines. It’s very similar to VMware ESXi, Citrix XenServer and Microsoft Hyper-V, except instead of installing on server class hardware, you install it on laptops or desktops. Type-2, on the other hand, is installed on top of an operating system. An example is VMware Workstation, Fusion, Microsoft Virtual PC and Parallels.
Before I examine the pros and cons of each, I have to disclose that I am a bit biased towards type-1 client hypervisors. That said, here’s why:
A very thin layer of software that abstracts the hardware and breaks away from the Microsoft monopoly . This is huge: In any environment you typically have several images that you use to deploy to different hardware profiles. These images are needed because of driver incompatibilities, chipsets, etc. With a type-1 hypervisor abstracting the hardware, you can deploy one VM to all hardware profiles.
Restoring user machine is fast. Speed is my second favorite feature. If a user corrupts his OS or for whatever reason it is deemed necessary to rebuild the user’s machine or replace it, it traditionally would take days. With a type-1, it takes minutes: Copy over the VM, run your scripts to configure the apps and printers, and the user is back online.
The ability to offer multiple VMs, with differing permissions. I can provide one that’s locked down with no admin rights whatsoever, and another one with full admin rights that they can use for their personal use.
The ability to initiate a kill command. This one is also huge: I have heard endless times how users lose their laptops with confidential information, etc. Well, if you could remotely initiate a kill command and wipe it out, that data remains safe.
Performance is excellent with this type of client hypervisor. You should expect performance similar to what you see in its server counterpart.
Of course, with every gem there are cons. With type-1, the biggest con is limited hardware support. In some cases it might not be ideal for graphics-intensive applications (although we have seen significant strides and progress here). What I like about this approach is the hypervisor almost becomes like a BIOS. Sure, you still patch and update your BIOS from time to time and you will most likely need to patch and update your type-1 client hypervisor from time to time as well. But you have just created another layer of security which makes breaking into the VM a bit harder.
For 98 percent of enterprise users, type-1 client hypervisors are perfect and by the time you are done deploying this to everyone, the issues and challeneges facing the remaining 2 percent will be resolved as well. This approach is perfect for scenarios where companies want to adopt BYOPC or just to provide better overall end point management. My favorite company for providing this solution is Virtual Computer which is currently being beta tested by us now.
Virtual Computer’s NxTop runs on any PC with VT-x technology, or roughyl 95% of all business PC’s . From a patch perspective, NxTop is the only true bare metal Type 1 hypervisor with a management console on the market today. Patching is 100% effective since you create/test a patch on the server and deploy to PC’s with their common NxTop foundation. If it worked in the management console, it will work on the client workstation. Centralised management and remote support are two of the most common use cases among their customers.
If you would like to learn more about this please contact Webster Consulting and fill in the box below.